Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/1-upAXjCdzhtwSf9y_qsHaBaibl8.roa
File:                     1-upAXjCdzhtwSf9y_qsHaBaibl8.roa (raw, json)
Hash identifier:          //J5b3fnyj9zijz8WXV/tqJTpuEWAhIcoEpC7RrOzig=
Subject key identifier:   FA:EA:40:5E:30:9D:CE:1B:70:49:FF:72:FE:AB:07:68:16:A2:6E:5F
Certificate issuer:       /CN=66ec789976d3b584016cac19f34bbede966cd230
Certificate serial:       018CC2DB44CFD00D7D9693BEFA9E847C1FB8
Authority key identifier: 66:EC:78:99:76:D3:B5:84:01:6C:AC:19:F3:4B:BE:DE:96:6C:D2:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zux4mXbTtYQBbKwZ80u-3pZs0jA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/1-upAXjCdzhtwSf9y_qsHaBaibl8.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203201
IP address blocks:        171.22.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/Zux4mXbTtYQBbKwZ80u-3pZs0jA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/Zux4mXbTtYQBbKwZ80u-3pZs0jA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zux4mXbTtYQBbKwZ80u-3pZs0jA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:44:cf:d0:0d:7d:96:93:be:fa:9e:84:7c:1f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ec789976d3b584016cac19f34bbede966cd230
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faea405e309dce1b7049ff72feab076816a26e5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:b7:a1:2b:0e:df:f4:78:87:25:ae:87:c6:61:
                    7c:88:80:97:ea:55:2d:a0:e1:af:c5:8c:d1:0a:4b:
                    1b:52:48:dd:d3:b9:34:85:31:be:11:66:65:78:dc:
                    11:79:4a:b2:b8:19:75:7e:8d:21:c0:58:5a:98:6c:
                    09:22:59:59:28:70:66:d4:3c:4f:5e:9e:a3:1b:40:
                    9c:16:88:00:78:be:73:a2:e3:4c:0e:e6:1a:64:0d:
                    0d:3e:ca:53:6b:2b:5c:22:78:e4:d3:15:8e:26:e6:
                    02:78:dc:a9:ff:22:98:e9:a2:0a:4a:68:e6:12:67:
                    37:3b:e7:af:8b:2e:00:0e:c9:15:82:4d:11:32:3b:
                    45:a1:94:31:76:2b:f2:32:f1:24:6a:a3:ee:f2:e8:
                    e4:7a:c8:b4:f1:34:91:65:c7:07:f5:c0:88:ae:d5:
                    c5:68:f9:82:52:b7:46:a9:e2:ff:6e:fe:8d:3c:49:
                    cb:15:e3:ca:95:29:5d:49:8f:2a:f5:26:ba:c4:4a:
                    2e:47:e3:bf:cc:4f:4d:61:8b:64:bf:a7:b0:f0:33:
                    7c:e3:2b:62:37:a2:35:12:b3:cb:80:5b:bc:7f:55:
                    07:f8:d8:9b:b0:fe:21:4d:10:f7:59:d4:3e:1a:8c:
                    6a:6d:84:87:b1:db:ae:98:74:75:0b:ec:6a:28:23:
                    29:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:EA:40:5E:30:9D:CE:1B:70:49:FF:72:FE:AB:07:68:16:A2:6E:5F
            X509v3 Authority Key Identifier:
                keyid:66:EC:78:99:76:D3:B5:84:01:6C:AC:19:F3:4B:BE:DE:96:6C:D2:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zux4mXbTtYQBbKwZ80u-3pZs0jA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/1-upAXjCdzhtwSf9y_qsHaBaibl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/Zux4mXbTtYQBbKwZ80u-3pZs0jA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:d8:89:c0:46:49:af:97:6a:09:f4:e5:ab:08:9e:86:63:18:
         90:34:35:1f:e1:ca:e6:5d:32:fc:ec:bb:30:3e:84:43:04:d9:
         ec:21:6c:b1:50:63:35:5c:2b:6a:2a:fe:75:d3:89:60:5e:88:
         3e:63:f5:48:80:3b:dd:68:a9:13:d8:4b:09:8a:1d:c8:6d:9f:
         58:ce:ea:e7:2d:a2:3d:06:24:48:6d:a8:b4:bd:4d:44:52:f9:
         95:3a:82:2b:b4:34:55:d0:e9:a9:93:aa:e8:d4:f7:3d:6f:02:
         9f:ea:b0:ed:de:91:f0:81:4e:80:95:fb:4b:06:2a:bf:bd:8c:
         06:09:20:a5:d1:ea:03:2c:3c:30:2d:d3:56:4b:ab:a6:fe:d1:
         db:a0:36:2b:25:11:23:c1:6e:fa:ea:8c:9d:ea:5b:6e:29:4f:
         cc:40:3a:ea:ed:3e:04:ab:e4:2d:94:3f:a3:c1:14:c8:5c:df:
         b5:18:3a:20:3c:2b:f1:73:75:92:f0:d6:3f:bc:f9:2c:de:dd:
         ce:47:c8:dd:21:60:99:ec:f9:ab:82:60:74:28:85:d9:d7:01:
         ef:23:c4:f2:22:b5:45:93:74:ff:4d:7a:d7:cb:59:d3:f9:a1:
         98:a1:36:4d:20:61:3c:f8:2c:ad:19:ae:c0:dc:2a:ca:f3:92:
         66:d7:7b:12
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC20TP0A19lpO++p6EfB+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZWM3ODk5NzZkM2I1ODQwMTZjYWMxOWYzNGJiZWRlOTY2
Y2QyMzAwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWVhNDA1ZTMwOWRjZTFiNzA0OWZmNzJmZWFiMDc2ODE2YTI2ZTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6behKw7f9HiHJa6HxmF8iICX6lUt
oOGvxYzRCksbUkjd07k0hTG+EWZleNwReUqyuBl1fo0hwFhamGwJIllZKHBm1DxP
Xp6jG0CcFogAeL5zouNMDuYaZA0NPspTaytcInjk0xWOJuYCeNyp/yKY6aIKSmjm
Emc3O+eviy4ADskVgk0RMjtFoZQxdivyMvEkaqPu8ujkesi08TSRZccH9cCIrtXF
aPmCUrdGqeL/bv6NPEnLFePKlSldSY8q9Sa6xEouR+O/zE9NYYtkv6ew8DN84yti
N6I1ErPLgFu8f1UH+NibsP4hTRD3WdQ+GoxqbYSHsduumHR1C+xqKCMpnQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrqQF4wnc4bcEn/cv6rB2gWom5fMB8GA1UdIwQY
MBaAFGbseJl207WEAWysGfNLvt6WbNIwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnV4NG1YYlR0WVFCYkt3WjgwdS0zcFpzMGpBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8wN2JmNWItMDM0MC00MzRlLWE0NDQt
ZjA3NjFlMjllNmM0LzEvMS11cEFYakNkemh0d1NmOXlfcXNIYUJhaWJsOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGIvMDdiZjViLTAzNDAtNDM0ZS1hNDQ0LWYwNzYxZTI5ZTZj
NC8xL1p1eDRtWGJUdFlRQmJLd1o4MHUtM3BaczBqQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAqsWLDAN
BgkqhkiG9w0BAQsFAAOCAQEAqNiJwEZJr5dqCfTlqwiehmMYkDQ1H+HK5l0y/Oy7
MD6EQwTZ7CFssVBjNVwrair+ddOJYF6IPmP1SIA73WipE9hLCYodyG2fWM7q5y2i
PQYkSG2otL1NRFL5lTqCK7Q0VdDpqZOq6NT3PW8Cn+qw7d6R8IFOgJX7SwYqv72M
BgkgpdHqAyw8MC3TVkurpv7R26A2KyURI8Fu+uqMnepbbilPzEA66u0+BKvkLZQ/
o8EUyFzftRg6IDwr8XN1kvDWP7z5LN7dzkfI3SFgmez5q4JgdCiF2dcB7yPE8iK1
RZN0/01618tZ0/mhmKE2TSBhPPgsrRmuwNwqyvOSZtd7Eg==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:34:14 2024 by rpki-client on console-ams.rpki-client.org