Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/o6U8cf4IAHUhzjukkymhlYh-D1g.roa
File:                     o6U8cf4IAHUhzjukkymhlYh-D1g.roa (raw, json)
Hash identifier:          F+55N/KHjLo7Y2Wx3UEkCLzuj6kDUK5mbDOtCsMWrms=
Subject key identifier:   A3:A5:3C:71:FE:08:00:75:21:CE:3B:A4:93:29:A1:95:88:7E:0F:58
Certificate issuer:       /CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
Certificate serial:       018CC3488C844ACE46364028033F387B8AD1
Authority key identifier: 92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/o6U8cf4IAHUhzjukkymhlYh-D1g.roa
Signing time:             Mon 01 Jan 2024 04:29:20 +0000
ROA not before:           Mon 01 Jan 2024 04:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59545
IP address blocks:        92.63.163.0/24 maxlen: 24
                          92.63.162.0/24 maxlen: 24
                          92.63.160.0/24 maxlen: 24
                          92.63.160.0/21 maxlen: 24
                          92.63.161.0/24 maxlen: 24
                          109.205.199.0/24 maxlen: 32
                          185.69.100.0/22 maxlen: 24
                          178.20.248.0/21 maxlen: 24
                          141.138.144.0/21 maxlen: 24
                          141.138.145.0/24 maxlen: 24
                          141.138.151.0/24 maxlen: 24
                          141.138.148.0/24 maxlen: 24
                          141.138.149.0/24 maxlen: 24
                          141.138.146.0/24 maxlen: 24
                          141.138.147.0/24 maxlen: 24
                          2a01:a680:a1::/48 maxlen: 64
                          2a01:a680::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/kkGtDn_CK_urVnvon2PZgF5euao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/kkGtDn_CK_urVnvon2PZgF5euao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8c:84:4a:ce:46:36:40:28:03:3f:38:7b:8a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9241ad0e7fc22bfbab567be89f63d9805e5eb9aa
        Validity
            Not Before: Jan  1 04:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3a53c71fe08007521ce3ba49329a195887e0f58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:87:ac:ce:97:5e:23:02:fa:df:d1:f7:b7:51:
                    5e:df:92:d5:fd:18:3c:6e:94:30:fd:57:bf:9b:68:
                    c6:73:82:84:ac:e9:15:62:45:bd:97:dd:f6:9d:1c:
                    8f:26:b3:fb:22:7e:87:04:76:dd:5f:5f:17:e4:c4:
                    f2:ee:2c:21:a5:80:72:e1:40:be:f6:e7:fc:4a:60:
                    0b:c5:b0:6d:b8:80:64:6e:5a:38:33:e8:d5:57:8a:
                    0e:09:47:03:15:1d:e3:93:2d:ba:d6:99:9f:10:99:
                    69:52:f0:c7:25:38:49:ce:fe:96:ec:b7:28:67:d4:
                    d5:c2:da:02:8e:53:af:b0:e1:11:6a:7c:15:b8:e7:
                    9d:ba:a7:7c:53:4d:d4:24:43:65:0f:39:55:2b:c4:
                    c1:34:86:c2:e1:c9:1c:22:5e:21:53:45:1a:cf:7e:
                    b3:fe:50:1c:8c:45:7c:6f:6f:c4:4a:36:5a:a3:68:
                    5e:95:03:29:b7:9b:f2:18:a5:e0:90:da:ca:df:ba:
                    1b:d1:e5:ad:72:78:fc:c0:5c:ef:d4:31:ef:81:cf:
                    bd:a8:3c:96:17:2b:3e:c3:a8:78:a7:c0:0b:a2:76:
                    8c:31:f9:39:fd:c5:e2:c9:e1:07:ce:2b:20:0e:0a:
                    dd:62:dd:e3:63:31:95:3e:2e:2b:84:90:7c:40:94:
                    43:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A5:3C:71:FE:08:00:75:21:CE:3B:A4:93:29:A1:95:88:7E:0F:58
            X509v3 Authority Key Identifier:
                keyid:92:41:AD:0E:7F:C2:2B:FB:AB:56:7B:E8:9F:63:D9:80:5E:5E:B9:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkGtDn_CK_urVnvon2PZgF5euao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/o6U8cf4IAHUhzjukkymhlYh-D1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/fb1a6d-4138-4c4f-aed9-4544c6109729/1/kkGtDn_CK_urVnvon2PZgF5euao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.160.0/21
                  109.205.199.0/24
                  141.138.144.0/21
                  178.20.248.0/21
                  185.69.100.0/22
                IPv6:
                  2a01:a680::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:58:45:fa:c2:9f:cd:86:37:04:03:6a:81:f0:81:ae:f7:6c:
         3c:58:8d:dd:3d:66:40:d1:cd:91:23:14:02:8c:97:26:8b:b3:
         54:23:30:13:ba:66:b5:1e:8c:ef:c3:ab:8d:da:d3:b8:e7:aa:
         16:3a:81:80:d2:4b:f1:1a:a1:2a:ac:40:c3:21:d3:2f:4a:1b:
         bb:ec:0d:93:7b:a0:87:ed:63:4b:ff:bf:9c:f8:0c:ad:82:4e:
         c3:2f:ef:f4:27:77:8d:f7:9b:7a:ad:e2:eb:98:7c:f6:1a:94:
         2f:11:9c:45:8f:96:60:a1:30:f1:e8:c0:35:a8:b6:c5:58:d7:
         f4:9c:b2:d5:01:a7:25:27:ae:53:ae:97:9a:4c:44:ba:fc:7e:
         4f:d4:ba:62:15:5c:0c:c2:3c:b7:f2:f9:94:c5:21:f5:54:84:
         dc:19:e1:b8:90:43:4c:fe:8e:3a:b1:a4:e7:3b:a7:90:0d:79:
         6c:a8:88:66:80:83:8e:12:7a:8c:11:7d:6d:b7:65:6e:e7:fb:
         74:71:ae:11:8e:55:05:e0:bf:4f:8e:29:ca:14:eb:63:1c:c1:
         2f:18:61:c6:5f:86:93:62:a0:7a:46:69:13:7c:01:ce:0e:da:
         dd:a4:59:14:9a:7b:2e:10:7c:13:73:57:21:c4:9b:26:5a:30:
         59:c4:9e:2a
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzDSIyESs5GNkAoAz84e4rRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDFhZDBlN2ZjMjJiZmJhYjU2N2JlODlmNjNkOTgwNWU1
ZWI5YWEwHhcNMjQwMTAxMDQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2E1M2M3MWZlMDgwMDc1MjFjZTNiYTQ5MzI5YTE5NTg4N2UwZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoeszpdeIwL639H3t1Fe35LV/Rg8
bpQw/Ve/m2jGc4KErOkVYkW9l932nRyPJrP7In6HBHbdX18X5MTy7iwhpYBy4UC+
9uf8SmALxbBtuIBkblo4M+jVV4oOCUcDFR3jky261pmfEJlpUvDHJThJzv6W7Lco
Z9TVwtoCjlOvsOERanwVuOeduqd8U03UJENlDzlVK8TBNIbC4ckcIl4hU0Uaz36z
/lAcjEV8b2/ESjZao2helQMpt5vyGKXgkNrK37ob0eWtcnj8wFzv1DHvgc+9qDyW
Fys+w6h4p8ALonaMMfk5/cXiyeEHzisgDgrdYt3jYzGVPi4rhJB8QJRDIwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKOlPHH+CAB1Ic47pJMpoZWIfg9YMB8GA1UdIwQY
MBaAFJJBrQ5/wiv7q1Z76J9j2YBeXrmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDkt
NDU0NGM2MTA5NzI5LzEvbzZVOGNmNElBSFVoemp1a2t5bWhsWWgtRDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9mYjFhNmQtNDEzOC00YzRmLWFlZDktNDU0NGM2MTA5NzI5
LzEva2tHdERuX0NLX3VyVm52b24yUFpnRjVldWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDXD+gAwQA
bc3HAwQDjYqQAwQDshT4AwQCuUVkMA0EAgACMAcDBQAqAaaAMA0GCSqGSIb3DQEB
CwUAA4IBAQBuWEX6wp/NhjcEA2qB8IGu92w8WI3dPWZA0c2RIxQCjJcmi7NUIzAT
uma1Hozvw6uN2tO456oWOoGA0kvxGqEqrEDDIdMvShu77A2Te6CH7WNL/7+c+Ayt
gk7DL+/0J3eN95t6reLrmHz2GpQvEZxFj5ZgoTDx6MA1qLbFWNf0nLLVAaclJ65T
rpeaTES6/H5P1LpiFVwMwjy38vmUxSH1VITcGeG4kENM/o46saTnO6eQDXlsqIhm
gIOOEnqMEX1tt2Vu5/t0ca4RjlUF4L9PjinKFOtjHMEvGGHGX4aTYqB6RmkTfAHO
DtrdpFkUmnsuEHwTc1chxJsmWjBZxJ4q
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:14:33 2024 by rpki-client on console-ams.rpki-client.org