Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/ARZe-UB5Yhnf8Ip3SWkfTTSsPjs.roa
File:                     ARZe-UB5Yhnf8Ip3SWkfTTSsPjs.roa (raw, json)
Hash identifier:          AbMi0rC9MeHXn46z4RzsiB/TG3D3djjcWWVbu9MN750=
Subject key identifier:   01:16:5E:F9:40:79:62:19:DF:F0:8A:77:49:69:1F:4D:34:AC:3E:3B
Certificate issuer:       /CN=aaebc9bfef2b4d23f19513bfd4d60bb798f5a59d
Certificate serial:       018CCA990D5CA211042FE47910F0DAEF1AFB
Authority key identifier: AA:EB:C9:BF:EF:2B:4D:23:F1:95:13:BF:D4:D6:0B:B7:98:F5:A5:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/ARZe-UB5Yhnf8Ip3SWkfTTSsPjs.roa
Signing time:             Tue 02 Jan 2024 14:34:37 +0000
ROA not before:           Tue 02 Jan 2024 14:34:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34081
IP address blocks:        84.33.16.0/23 maxlen: 24
                          217.70.144.0/20 maxlen: 24
                          193.188.28.0/22 maxlen: 24
                          31.14.163.0/24 maxlen: 25
                          172.83.81.0/24 maxlen: 25
                          84.33.192.0/18 maxlen: 24
                          84.33.0.0/18 maxlen: 24
                          2001:1a38::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:0d:5c:a2:11:04:2f:e4:79:10:f0:da:ef:1a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaebc9bfef2b4d23f19513bfd4d60bb798f5a59d
        Validity
            Not Before: Jan  2 14:34:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01165ef940796219dff08a7749691f4d34ac3e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2a:54:63:cf:24:bd:c5:7a:96:b4:90:2c:64:
                    d1:f3:91:75:66:a4:29:86:f9:05:bc:1b:57:31:40:
                    ea:23:dd:99:4c:8c:be:53:57:e4:0f:9a:fd:c3:a4:
                    ad:91:85:f2:ac:1a:24:a6:48:4f:ca:73:0e:9c:48:
                    28:0c:bd:b2:88:03:10:de:2b:ea:db:1a:e1:ba:df:
                    65:50:1e:b7:8e:08:14:df:a8:02:69:9b:57:a6:b8:
                    09:69:0d:10:7b:3b:fe:4a:24:28:cc:e1:b7:8d:cb:
                    85:3f:18:98:ea:5a:0e:08:92:07:c2:fd:df:00:62:
                    1b:f4:36:1a:18:8f:24:d5:73:1b:72:c1:5c:3a:0f:
                    35:28:d7:06:83:30:40:a4:ab:16:6a:8f:86:91:0c:
                    2c:16:fc:3d:df:fd:18:bd:31:d5:0d:08:76:83:e2:
                    73:9b:c3:29:fa:0c:7b:9e:0f:e8:2b:64:c6:89:10:
                    d4:98:39:b0:c2:03:39:24:88:05:ec:ff:9f:9f:7f:
                    33:92:a2:f8:78:e7:b9:be:fb:84:e8:42:78:57:1a:
                    3c:1b:0a:f0:18:2f:26:d8:0f:de:9c:77:93:40:63:
                    38:00:b5:45:6d:bc:0b:5a:3b:35:27:8d:70:73:c3:
                    72:14:bd:5c:01:ac:41:64:5f:49:d9:b4:d4:5f:9e:
                    65:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:16:5E:F9:40:79:62:19:DF:F0:8A:77:49:69:1F:4D:34:AC:3E:3B
            X509v3 Authority Key Identifier:
                keyid:AA:EB:C9:BF:EF:2B:4D:23:F1:95:13:BF:D4:D6:0B:B7:98:F5:A5:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/ARZe-UB5Yhnf8Ip3SWkfTTSsPjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.163.0/24
                  84.33.0.0/18
                  84.33.192.0/18
                  172.83.81.0/24
                  193.188.28.0/22
                  217.70.144.0/20
                IPv6:
                  2001:1a38::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:ae:14:37:8f:0f:4a:d7:8c:0c:f0:9e:ed:65:30:40:ac:f9:
         32:be:9b:09:95:c3:00:d8:4f:61:78:af:d5:db:58:ea:dc:de:
         dd:c7:99:73:bb:61:9b:69:d4:f6:9f:85:86:64:f0:08:38:4b:
         fc:db:4c:64:c7:7b:d8:b7:a8:5c:5b:a3:f2:da:9e:09:09:68:
         99:21:ba:74:65:59:9a:88:36:11:80:68:fd:61:f2:ae:f8:6f:
         ba:98:3d:67:41:75:7c:c6:9b:b2:8e:b8:9c:a4:ed:7b:8a:41:
         2c:ca:93:15:9a:56:a9:01:6f:e5:20:1b:90:a0:92:d6:29:be:
         b6:f0:7e:19:89:9b:01:3d:bd:9e:5a:5f:29:b1:96:ee:f5:ab:
         d4:2f:71:45:2b:10:8b:de:8a:57:28:22:8a:f5:e5:14:43:23:
         59:30:4b:18:dd:a1:96:99:de:4f:6f:13:a1:35:77:3d:ec:13:
         85:fe:57:65:d0:4a:be:77:9a:7f:80:8e:7c:9b:72:e2:fc:c5:
         33:0b:c0:41:50:f7:7d:02:d7:79:3b:9e:b1:19:de:a3:ce:09:
         ba:42:24:82:ea:c4:23:8c:ff:86:16:0a:a0:59:2e:d4:aa:16:
         95:cc:a4:1b:07:d6:4c:48:07:0b:dd:03:ee:d6:76:b3:8c:aa:
         df:c4:7d:29
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzKmQ1cohEEL+R5EPDa7xr7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZWJjOWJmZWYyYjRkMjNmMTk1MTNiZmQ0ZDYwYmI3OThm
NWE1OWQwHhcNMjQwMTAyMTQzNDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTE2NWVmOTQwNzk2MjE5ZGZmMDhhNzc0OTY5MWY0ZDM0YWMzZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApipUY88kvcV6lrSQLGTR85F1ZqQp
hvkFvBtXMUDqI92ZTIy+U1fkD5r9w6StkYXyrBokpkhPynMOnEgoDL2yiAMQ3ivq
2xrhut9lUB63jggU36gCaZtXprgJaQ0Qezv+SiQozOG3jcuFPxiY6loOCJIHwv3f
AGIb9DYaGI8k1XMbcsFcOg81KNcGgzBApKsWao+GkQwsFvw93/0YvTHVDQh2g+Jz
m8Mp+gx7ng/oK2TGiRDUmDmwwgM5JIgF7P+fn38zkqL4eOe5vvuE6EJ4Vxo8Gwrw
GC8m2A/enHeTQGM4ALVFbbwLWjs1J41wc8NyFL1cAaxBZF9J2bTUX55l8wIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFAEWXvlAeWIZ3/CKd0lpH000rD47MB8GA1UdIwQY
MBaAFKrryb/vK00j8ZUTv9TWC7eY9aWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXV2SnYtOHJUU1B4bFJPXzFOWUx0NWoxcFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9mYjEyODktNGQxNC00MGYwLTk2Nzkt
MTFhZmI0OTkyZWVmLzEvQVJaZS1VQjVZaG5mOElwM1NXa2ZUVFNzUGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9mYjEyODktNGQxNC00MGYwLTk2NzktMTFhZmI0OTkyZWVm
LzEvcXV2SnYtOHJUU1B4bFJPXzFOWUx0NWoxcFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAHw6jAwQG
VCEAAwQGVCHAAwQArFNRAwQCwbwcAwQE2UaQMA0EAgACMAcDBQAgARo4MA0GCSqG
SIb3DQEBCwUAA4IBAQAKrhQ3jw9K14wM8J7tZTBArPkyvpsJlcMA2E9heK/V21jq
3N7dx5lzu2GbadT2n4WGZPAIOEv820xkx3vYt6hcW6Py2p4JCWiZIbp0ZVmaiDYR
gGj9YfKu+G+6mD1nQXV8xpuyjricpO17ikEsypMVmlapAW/lIBuQoJLWKb628H4Z
iZsBPb2eWl8psZbu9avUL3FFKxCL3opXKCKK9eUUQyNZMEsY3aGWmd5PbxOhNXc9
7BOF/ldl0Eq+d5p/gI58m3Li/MUzC8BBUPd9Atd5O56xGd6jzgm6QiSC6sQjjP+G
FgqgWS7UqhaVzKQbB9ZMSAcL3QPu1nazjKrfxH0p
-----END CERTIFICATE-----
Generated at Mon Nov 25 11:21:56 2024 by rpki-client on console-fra.rpki-client.org