Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/99dd6e-0856-4a27-aecd-d8928f5e1b40/1/d83ici4op6wAIPdioL0RZloWJq0.roa
File:                     d83ici4op6wAIPdioL0RZloWJq0.roa (raw, json)
Hash identifier:          p+Fuso6xM2OOGZii2AU2+50XZVj7kw0nNIGINPK3MsU=
Subject key identifier:   77:CD:E2:72:2E:28:A7:AC:00:20:F7:62:A0:BD:11:66:5A:16:26:AD
Certificate issuer:       /CN=6a9d6d26e56c132ddbbc005ac424fb536acba020
Certificate serial:       018CC3494590451AF950AF7FC68E81BED14B
Authority key identifier: 6A:9D:6D:26:E5:6C:13:2D:DB:BC:00:5A:C4:24:FB:53:6A:CB:A0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ap1tJuVsEy3bvABaxCT7U2rLoCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/99dd6e-0856-4a27-aecd-d8928f5e1b40/1/d83ici4op6wAIPdioL0RZloWJq0.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        193.5.152.0/22 maxlen: 22
                          193.247.182.0/24 maxlen: 24
                          193.246.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/99dd6e-0856-4a27-aecd-d8928f5e1b40/1/ap1tJuVsEy3bvABaxCT7U2rLoCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/99dd6e-0856-4a27-aecd-d8928f5e1b40/1/ap1tJuVsEy3bvABaxCT7U2rLoCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ap1tJuVsEy3bvABaxCT7U2rLoCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:45:90:45:1a:f9:50:af:7f:c6:8e:81:be:d1:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a9d6d26e56c132ddbbc005ac424fb536acba020
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77cde2722e28a7ac0020f762a0bd11665a1626ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:09:28:ca:99:89:8a:51:4f:33:cc:ec:d5:40:
                    72:84:f2:2f:90:ef:ff:de:d5:24:a0:c1:92:ab:93:
                    7d:f6:0b:1d:3d:ec:3d:f8:59:32:81:05:3a:dc:1a:
                    5f:a1:bb:37:5d:8a:17:59:79:30:d7:3b:62:0d:f7:
                    2e:5c:5f:c2:67:6e:84:8a:28:7a:40:16:0b:ce:d7:
                    3a:40:fc:81:1c:cb:a0:20:d6:7e:6d:da:b7:fa:10:
                    be:36:9f:1d:4e:3d:bc:2a:73:bb:8c:2e:4d:0e:24:
                    af:78:51:5b:5c:19:bd:ed:da:76:8b:ee:f0:81:65:
                    d1:39:9c:1f:34:3a:da:25:a0:e9:ef:96:ce:e8:5d:
                    8c:97:0d:3f:10:ff:4c:ce:7b:2b:bb:86:75:fa:74:
                    cd:04:84:90:bc:eb:49:a0:91:95:5f:d9:0f:6e:d1:
                    7f:17:fa:c8:39:d3:be:11:f8:90:29:37:b2:b5:ae:
                    a3:f3:fe:67:ce:76:48:bd:a6:3f:13:0d:c4:04:74:
                    54:3c:d3:94:12:fc:84:8f:b2:4e:5e:72:4c:47:92:
                    f8:39:10:81:87:01:2a:b0:2d:cf:3c:a5:8d:e3:fe:
                    58:88:ae:e3:cb:12:eb:cc:80:d1:15:f1:01:2f:55:
                    02:9f:61:67:2d:e8:94:35:a4:1c:fb:7b:40:62:56:
                    6d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:CD:E2:72:2E:28:A7:AC:00:20:F7:62:A0:BD:11:66:5A:16:26:AD
            X509v3 Authority Key Identifier:
                keyid:6A:9D:6D:26:E5:6C:13:2D:DB:BC:00:5A:C4:24:FB:53:6A:CB:A0:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ap1tJuVsEy3bvABaxCT7U2rLoCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/99dd6e-0856-4a27-aecd-d8928f5e1b40/1/d83ici4op6wAIPdioL0RZloWJq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/99dd6e-0856-4a27-aecd-d8928f5e1b40/1/ap1tJuVsEy3bvABaxCT7U2rLoCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.152.0/22
                  193.246.121.0/24
                  193.247.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:b1:5a:59:25:e7:69:aa:3b:70:fd:47:62:a7:59:fd:3b:42:
         d5:23:84:ed:74:52:20:ab:90:d6:72:b4:85:e7:01:78:0c:07:
         31:07:6c:a3:7b:19:31:fc:3e:45:6d:cb:9f:96:96:0e:ee:e6:
         2e:6b:67:67:4f:20:3b:40:f4:cf:29:58:29:43:eb:0b:b9:69:
         4b:1d:4b:f6:e8:cb:1a:8f:dc:be:3e:d2:b0:04:00:84:7f:ec:
         7f:9c:34:27:ae:d6:9f:8a:46:d3:60:ba:4c:aa:bb:9f:00:56:
         88:ea:71:2a:71:e9:39:2a:8b:db:e6:95:9f:c4:d5:f3:26:48:
         18:58:02:ae:43:e0:6a:be:0b:6a:3a:74:38:32:19:88:4a:42:
         3f:39:d9:18:60:fb:79:b2:ac:24:b4:2f:13:11:db:80:e1:ba:
         db:75:6f:aa:60:fd:2d:32:2f:30:08:1d:67:dc:02:0b:06:e0:
         57:be:92:47:6b:c8:2b:e9:d2:63:2f:7d:3f:2f:30:d1:5c:a6:
         f6:65:76:91:98:68:b0:aa:28:fe:64:e9:a2:00:ad:ff:b1:5c:
         6c:2f:26:b9:d4:80:31:00:5a:89:87:da:80:05:35:68:8f:a2:
         99:1a:49:13:fc:35:1a:9c:1f:4a:ec:86:95:bf:6f:a9:16:d7:
         40:e9:69:ba
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSUWQRRr5UK9/xo6BvtFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOWQ2ZDI2ZTU2YzEzMmRkYmJjMDA1YWM0MjRmYjUzNmFj
YmEwMjAwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2NkZTI3MjJlMjhhN2FjMDAyMGY3NjJhMGJkMTE2NjVhMTYyNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwkoypmJilFPM8zs1UByhPIvkO//
3tUkoMGSq5N99gsdPew9+FkygQU63Bpfobs3XYoXWXkw1ztiDfcuXF/CZ26Eiih6
QBYLztc6QPyBHMugINZ+bdq3+hC+Np8dTj28KnO7jC5NDiSveFFbXBm97dp2i+7w
gWXROZwfNDraJaDp75bO6F2Mlw0/EP9Mznsru4Z1+nTNBISQvOtJoJGVX9kPbtF/
F/rIOdO+EfiQKTeyta6j8/5nznZIvaY/Ew3EBHRUPNOUEvyEj7JOXnJMR5L4ORCB
hwEqsC3PPKWN4/5YiK7jyxLrzIDRFfEBL1UCn2FnLeiUNaQc+3tAYlZtAQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHfN4nIuKKesACD3YqC9EWZaFiatMB8GA1UdIwQY
MBaAFGqdbSblbBMt27wAWsQk+1Nqy6AgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXAxdEp1VnNFeTNidkFCYXhDVDdVMnJMb0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85OWRkNmUtMDg1Ni00YTI3LWFlY2Qt
ZDg5MjhmNWUxYjQwLzEvZDgzaWNpNG9wNndBSVBkaW9MMFJabG9XSnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85OWRkNmUtMDg1Ni00YTI3LWFlY2QtZDg5MjhmNWUxYjQw
LzEvYXAxdEp1VnNFeTNidkFCYXhDVDdVMnJMb0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCwQWYAwQA
wfZ5AwQAwfe2MA0GCSqGSIb3DQEBCwUAA4IBAQBRsVpZJedpqjtw/Udip1n9O0LV
I4TtdFIgq5DWcrSF5wF4DAcxB2yjexkx/D5FbcuflpYO7uYua2dnTyA7QPTPKVgp
Q+sLuWlLHUv26Msaj9y+PtKwBACEf+x/nDQnrtafikbTYLpMqrufAFaI6nEqcek5
Kovb5pWfxNXzJkgYWAKuQ+BqvgtqOnQ4MhmISkI/OdkYYPt5sqwktC8TEduA4brb
dW+qYP0tMi8wCB1n3AILBuBXvpJHa8gr6dJjL30/LzDRXKb2ZXaRmGiwqij+ZOmi
AK3/sVxsLya51IAxAFqJh9qABTVoj6KZGkkT/DUanB9K7IaVv2+pFtdA6Wm6
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:42:50 2024 by rpki-client on console-fra.rpki-client.org