Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/16eb59-68a3-4215-809f-79b2e40e2bd8/1/_FVhtpW3yg7Nu064bbFxDRYhv_A.roa
File:                     _FVhtpW3yg7Nu064bbFxDRYhv_A.roa (raw, json)
Hash identifier:          s9nRSedGfElNfa0/ThipFsfMkpisigo8mcDdKS8sHuc=
Subject key identifier:   FC:55:61:B6:95:B7:CA:0E:CD:BB:4E:B8:6D:B1:71:0D:16:21:BF:F0
Certificate issuer:       /CN=a9be16ce7db3be6905b1abef8be21a2319b0e43e
Certificate serial:       018CC9BC4879E0569CC0F2469559D44CBE0C
Authority key identifier: A9:BE:16:CE:7D:B3:BE:69:05:B1:AB:EF:8B:E2:1A:23:19:B0:E4:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qb4Wzn2zvmkFsavvi-IaIxmw5D4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/16eb59-68a3-4215-809f-79b2e40e2bd8/1/_FVhtpW3yg7Nu064bbFxDRYhv_A.roa
Signing time:             Tue 02 Jan 2024 10:33:28 +0000
ROA not before:           Tue 02 Jan 2024 10:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        192.107.51.0/24 maxlen: 24
                          192.107.56.0/21 maxlen: 21
                          192.107.52.0/22 maxlen: 22
                          192.107.64.0/19 maxlen: 19
                          192.107.96.0/22 maxlen: 22
                          192.107.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/16eb59-68a3-4215-809f-79b2e40e2bd8/1/qb4Wzn2zvmkFsavvi-IaIxmw5D4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/16eb59-68a3-4215-809f-79b2e40e2bd8/1/qb4Wzn2zvmkFsavvi-IaIxmw5D4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qb4Wzn2zvmkFsavvi-IaIxmw5D4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:48:79:e0:56:9c:c0:f2:46:95:59:d4:4c:be:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9be16ce7db3be6905b1abef8be21a2319b0e43e
        Validity
            Not Before: Jan  2 10:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc5561b695b7ca0ecdbb4eb86db1710d1621bff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:00:98:fa:a9:77:0f:1a:f4:25:6f:fb:1b:4c:
                    3d:67:d8:58:b3:cc:48:b2:65:4c:2e:f3:c9:21:a3:
                    62:4f:ca:ee:b3:7c:48:c6:50:e3:1d:f4:f0:90:d7:
                    dc:00:39:2d:d1:24:47:45:0c:68:db:11:bb:0a:fb:
                    41:41:17:82:8a:47:27:d7:71:c6:34:f8:0e:07:93:
                    74:90:75:0d:85:c1:d4:23:06:31:4d:e6:31:b2:2c:
                    04:26:6e:fd:cb:50:ff:3c:93:42:26:f8:d2:9b:04:
                    0b:d8:2b:5e:7f:a1:0c:99:cf:9f:77:b0:d0:9d:a9:
                    e3:70:5e:40:1d:ef:2b:b9:9b:fe:69:1d:e3:6a:63:
                    71:ab:48:ee:57:ed:60:73:f2:d2:38:7d:dc:f5:3a:
                    a7:b0:0b:20:c7:c2:f2:f4:2b:bc:62:4f:13:b2:d1:
                    e2:76:0e:2a:25:0a:46:08:59:16:ba:3e:3b:49:bb:
                    06:13:2e:65:f0:66:7c:a1:4e:16:cc:18:34:3b:1f:
                    22:b3:2e:08:99:52:56:20:cc:eb:c2:cd:13:97:c6:
                    df:1b:1f:75:02:61:1a:e1:46:38:ff:62:d1:e2:52:
                    94:b4:b4:2d:d3:1d:9c:19:b4:a2:6c:47:49:48:63:
                    9b:52:1b:f9:82:78:69:bb:6e:88:61:33:e4:ca:50:
                    14:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:55:61:B6:95:B7:CA:0E:CD:BB:4E:B8:6D:B1:71:0D:16:21:BF:F0
            X509v3 Authority Key Identifier:
                keyid:A9:BE:16:CE:7D:B3:BE:69:05:B1:AB:EF:8B:E2:1A:23:19:B0:E4:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qb4Wzn2zvmkFsavvi-IaIxmw5D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/16eb59-68a3-4215-809f-79b2e40e2bd8/1/_FVhtpW3yg7Nu064bbFxDRYhv_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/16eb59-68a3-4215-809f-79b2e40e2bd8/1/qb4Wzn2zvmkFsavvi-IaIxmw5D4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.107.51.0-192.107.100.255

    Signature Algorithm: sha256WithRSAEncryption
         04:40:95:60:f6:15:33:f0:1f:b2:b4:a0:46:2d:2d:e3:72:13:
         74:b1:19:08:d6:a7:41:2d:db:23:70:52:61:76:34:b1:04:bd:
         5b:67:8e:13:d8:7e:f1:5d:24:96:12:13:28:fc:af:b6:08:f2:
         b1:12:28:61:03:54:d1:92:a6:ed:a0:de:ac:6c:14:b3:c3:c5:
         60:57:07:72:76:5d:70:8f:bb:85:0e:1a:a0:9f:74:63:38:52:
         40:b0:02:69:2b:1a:d1:20:c5:2c:98:52:16:21:80:b5:12:9d:
         15:1d:d8:c5:a9:04:72:b4:94:3d:aa:6f:60:f4:1a:a5:21:dc:
         58:2c:b2:49:b0:69:ee:1e:98:20:f1:67:d4:c4:c8:f4:2b:a1:
         b0:fc:64:fb:d0:c6:46:ff:d7:41:d3:8b:f2:6a:e1:dd:83:9c:
         3a:19:9d:8f:15:ac:d5:69:e5:5e:c1:e6:ce:05:e2:f6:c5:2a:
         a9:32:11:fb:ef:0e:a1:b7:4a:d8:4b:ef:86:3a:7a:5f:0a:35:
         84:76:59:b4:c2:ec:05:bf:2a:43:07:1d:25:6a:48:73:07:54:
         9c:48:6e:ba:35:5f:af:44:83:c2:2d:41:57:32:a2:d8:0d:05:
         3c:57:04:62:fa:a0:02:db:cc:d8:57:fc:4e:bf:55:d0:a5:4e:
         b1:d8:49:42
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJvEh54FacwPJGlVnUTL4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YmUxNmNlN2RiM2JlNjkwNWIxYWJlZjhiZTIxYTIzMTli
MGU0M2UwHhcNMjQwMTAyMTAzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzU1NjFiNjk1YjdjYTBlY2RiYjRlYjg2ZGIxNzEwZDE2MjFiZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoACY+ql3Dxr0JW/7G0w9Z9hYs8xI
smVMLvPJIaNiT8rus3xIxlDjHfTwkNfcADkt0SRHRQxo2xG7CvtBQReCikcn13HG
NPgOB5N0kHUNhcHUIwYxTeYxsiwEJm79y1D/PJNCJvjSmwQL2Ctef6EMmc+fd7DQ
nanjcF5AHe8ruZv+aR3jamNxq0juV+1gc/LSOH3c9TqnsAsgx8Ly9Cu8Yk8TstHi
dg4qJQpGCFkWuj47SbsGEy5l8GZ8oU4WzBg0Ox8isy4ImVJWIMzrws0Tl8bfGx91
AmEa4UY4/2LR4lKUtLQt0x2cGbSibEdJSGObUhv5gnhpu26IYTPkylAUkQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPxVYbaVt8oOzbtOuG2xcQ0WIb/wMB8GA1UdIwQY
MBaAFKm+Fs59s75pBbGr74viGiMZsOQ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWI0V3puMnp2bWtGc2F2dmktSWFJeG13NUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8xNmViNTktNjhhMy00MjE1LTgwOWYt
NzliMmU0MGUyYmQ4LzEvX0ZWaHRwVzN5ZzdOdTA2NGJiRnhEUllodl9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8xNmViNTktNjhhMy00MjE1LTgwOWYtNzliMmU0MGUyYmQ4
LzEvcWI0V3puMnp2bWtGc2F2dmktSWFJeG13NUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADAazMD
BADAa2QwDQYJKoZIhvcNAQELBQADggEBAARAlWD2FTPwH7K0oEYtLeNyE3SxGQjW
p0Et2yNwUmF2NLEEvVtnjhPYfvFdJJYSEyj8r7YI8rESKGEDVNGSpu2g3qxsFLPD
xWBXB3J2XXCPu4UOGqCfdGM4UkCwAmkrGtEgxSyYUhYhgLUSnRUd2MWpBHK0lD2q
b2D0GqUh3Fgsskmwae4emCDxZ9TEyPQrobD8ZPvQxkb/10HTi/Jq4d2DnDoZnY8V
rNVp5V7B5s4F4vbFKqkyEfvvDqG3SthL74Y6el8KNYR2WbTC7AW/KkMHHSVqSHMH
VJxIbro1X69Eg8ItQVcyotgNBTxXBGL6oALbzNhX/E6/VdClTrHYSUI=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:34:02 2024 by rpki-client on console-ams.rpki-client.org