Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/9f9aa9-09c0-48cc-b0a1-887331efb715/1/mMapmEdHukRlUNw7gLygKtPwVA0.roa
File:                     mMapmEdHukRlUNw7gLygKtPwVA0.roa (raw, json)
Hash identifier:          3gGZnqmUEddBmlxASfoEGD7Q1NxuNJwGbZ6GTIPvk8g=
Subject key identifier:   98:C6:A9:98:47:47:BA:44:65:50:DC:3B:80:BC:A0:2A:D3:F0:54:0D
Certificate issuer:       /CN=3f172439599d7da525797899bf213b8e63554914
Certificate serial:       018CC8015FE2360EF6E07E2341EBB513E91A
Authority key identifier: 3F:17:24:39:59:9D:7D:A5:25:79:78:99:BF:21:3B:8E:63:55:49:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PxckOVmdfaUleXiZvyE7jmNVSRQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/9f9aa9-09c0-48cc-b0a1-887331efb715/1/mMapmEdHukRlUNw7gLygKtPwVA0.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1930
IP address blocks:        192.68.221.0/24 maxlen: 24
                          192.104.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/9f9aa9-09c0-48cc-b0a1-887331efb715/1/PxckOVmdfaUleXiZvyE7jmNVSRQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/9f9aa9-09c0-48cc-b0a1-887331efb715/1/PxckOVmdfaUleXiZvyE7jmNVSRQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PxckOVmdfaUleXiZvyE7jmNVSRQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5f:e2:36:0e:f6:e0:7e:23:41:eb:b5:13:e9:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f172439599d7da525797899bf213b8e63554914
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98c6a9984747ba446550dc3b80bca02ad3f0540d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:21:9f:90:6f:dc:25:9a:03:4e:72:1d:00:92:
                    b6:bf:2e:2d:fa:ab:a7:8e:d2:5a:cb:8f:96:21:66:
                    cf:7e:61:f7:39:03:7b:c3:05:01:0c:99:2b:0d:b9:
                    60:85:5a:d1:0b:78:ae:04:cb:37:15:6c:b2:cd:54:
                    d2:88:bf:2d:78:81:94:c9:bc:54:18:db:8d:6b:8a:
                    6d:5d:d6:fb:ed:5a:38:4b:cc:58:01:00:66:ab:60:
                    2b:79:96:a0:aa:78:b2:a2:f4:48:2b:12:85:b5:55:
                    aa:a2:ff:94:4a:73:d6:b7:6a:fc:61:c0:54:16:ec:
                    07:56:57:09:92:5f:63:26:3e:1b:46:a1:66:8e:f5:
                    d1:45:6d:f7:22:8b:f0:23:ff:3d:80:d5:f2:f7:84:
                    f5:48:9c:f5:8a:2e:7b:a2:fc:1a:f3:59:7d:ed:1c:
                    2b:da:c5:01:30:d3:2c:26:49:c0:a3:a5:f3:db:56:
                    88:7a:02:5f:e1:bc:e7:29:f4:1d:a6:9b:ce:d8:0f:
                    63:08:58:a4:6c:85:22:54:1f:f5:66:e4:14:e9:42:
                    60:a6:9d:75:ef:39:15:93:f3:c5:90:59:06:58:99:
                    bc:37:85:31:03:4f:e7:5a:dc:93:74:cc:9b:7b:01:
                    20:7b:77:ec:53:8e:4e:47:95:e6:27:60:0f:b6:7b:
                    81:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C6:A9:98:47:47:BA:44:65:50:DC:3B:80:BC:A0:2A:D3:F0:54:0D
            X509v3 Authority Key Identifier:
                keyid:3F:17:24:39:59:9D:7D:A5:25:79:78:99:BF:21:3B:8E:63:55:49:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PxckOVmdfaUleXiZvyE7jmNVSRQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/9f9aa9-09c0-48cc-b0a1-887331efb715/1/mMapmEdHukRlUNw7gLygKtPwVA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/9f9aa9-09c0-48cc-b0a1-887331efb715/1/PxckOVmdfaUleXiZvyE7jmNVSRQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.68.221.0/24
                  192.104.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:af:97:59:b3:14:6a:71:de:84:8f:03:39:29:f8:27:8a:5f:
         7a:1a:24:1a:dd:65:b6:8c:a4:31:8f:1f:bb:ea:25:5b:a6:ca:
         b4:b5:3b:11:03:e3:b4:18:bf:6c:2b:92:c3:06:d8:b9:a8:f9:
         f6:de:74:0c:03:04:a7:e2:19:06:bd:9a:41:2e:cc:8e:2d:92:
         b6:49:90:ca:dc:f1:bd:00:28:5d:cc:b6:4e:5e:e4:84:6a:72:
         7b:75:b8:f9:88:ed:cf:cb:de:a8:04:f2:26:e2:63:9f:67:1c:
         91:7a:44:41:7b:9c:dc:77:61:50:8a:7c:d7:dc:19:7a:b5:7a:
         5e:3f:1f:10:bf:01:08:4e:21:c2:6b:89:f7:e9:0f:3c:9b:96:
         b7:ef:45:62:0a:68:9e:67:68:f9:d5:29:18:da:be:32:2b:3f:
         d0:42:3c:3e:93:e9:05:69:c9:6f:05:c9:c5:98:91:91:4a:ab:
         17:1c:53:e5:05:f8:9c:b3:1a:87:85:4c:12:7b:b1:90:d4:ee:
         bd:ff:84:92:61:b3:7c:5d:15:ee:d0:cf:76:28:14:50:4e:2a:
         0d:39:f6:5a:c3:7a:69:c7:ac:4b:13:53:b6:8b:bc:81:da:27:
         37:d6:57:d1:24:f7:9e:db:20:ea:a0:d6:0b:7c:bd:6f:28:b8:
         10:36:27:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAV/iNg724H4jQeu1E+kaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMTcyNDM5NTk5ZDdkYTUyNTc5Nzg5OWJmMjEzYjhlNjM1
NTQ5MTQwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGM2YTk5ODQ3NDdiYTQ0NjU1MGRjM2I4MGJjYTAyYWQzZjA1NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiGfkG/cJZoDTnIdAJK2vy4t+qun
jtJay4+WIWbPfmH3OQN7wwUBDJkrDblghVrRC3iuBMs3FWyyzVTSiL8teIGUybxU
GNuNa4ptXdb77Vo4S8xYAQBmq2AreZagqniyovRIKxKFtVWqov+USnPWt2r8YcBU
FuwHVlcJkl9jJj4bRqFmjvXRRW33IovwI/89gNXy94T1SJz1ii57ovwa81l97Rwr
2sUBMNMsJknAo6Xz21aIegJf4bznKfQdppvO2A9jCFikbIUiVB/1ZuQU6UJgpp11
7zkVk/PFkFkGWJm8N4UxA0/nWtyTdMybewEge3fsU45OR5XmJ2APtnuBewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJjGqZhHR7pEZVDcO4C8oCrT8FQNMB8GA1UdIwQY
MBaAFD8XJDlZnX2lJXl4mb8hO45jVUkUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHhja09WbWRmYVVsZVhpWnZ5RTdqbU5WU1JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi85ZjlhYTktMDljMC00OGNjLWIwYTEt
ODg3MzMxZWZiNzE1LzEvbU1hcG1FZEh1a1JsVU53N2dMeWdLdFB3VkEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi85ZjlhYTktMDljMC00OGNjLWIwYTEtODg3MzMxZWZiNzE1
LzEvUHhja09WbWRmYVVsZVhpWnZ5RTdqbU5WU1JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwETdAwQA
wGgwMA0GCSqGSIb3DQEBCwUAA4IBAQCVr5dZsxRqcd6EjwM5Kfgnil96GiQa3WW2
jKQxjx+76iVbpsq0tTsRA+O0GL9sK5LDBti5qPn23nQMAwSn4hkGvZpBLsyOLZK2
SZDK3PG9AChdzLZOXuSEanJ7dbj5iO3Py96oBPIm4mOfZxyRekRBe5zcd2FQinzX
3Bl6tXpePx8QvwEITiHCa4n36Q88m5a370ViCmieZ2j51SkY2r4yKz/QQjw+k+kF
aclvBcnFmJGRSqsXHFPlBficsxqHhUwSe7GQ1O69/4SSYbN8XRXu0M92KBRQTioN
OfZaw3ppx6xLE1O2i7yB2ic31lfRJPee2yDqoNYLfL1vKLgQNidG
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:39:45 2024 by rpki-client on console-ams.rpki-client.org