Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/Dn1Isf9bKIqcJ4BR11CuWo4XTuI.roa
File:                     Dn1Isf9bKIqcJ4BR11CuWo4XTuI.roa (raw, json)
Hash identifier:          zkX/ZAGg2huHG5AgOPH2Jab+ATSxqIgMYggxrTLIdP0=
Subject key identifier:   0E:7D:48:B1:FF:5B:28:8A:9C:27:80:51:D7:50:AE:5A:8E:17:4E:E2
Certificate issuer:       /CN=77eda8f726a69b504de994943b0a5f2308c2a96b
Certificate serial:       018CC348C3A8374E3B2F26B77E00E1784EFD
Authority key identifier: 77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/Dn1Isf9bKIqcJ4BR11CuWo4XTuI.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36351
IP address blocks:        193.56.217.0/24 maxlen: 24
                          2a05:a880:dc20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c3:a8:37:4e:3b:2f:26:b7:7e:00:e1:78:4e:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77eda8f726a69b504de994943b0a5f2308c2a96b
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e7d48b1ff5b288a9c278051d750ae5a8e174ee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:48:6b:46:b8:8b:a7:e3:7f:a4:7c:9d:69:1d:
                    e7:43:db:7b:6e:f0:7f:9e:1c:22:d1:32:d2:23:d1:
                    ae:37:b2:36:be:24:42:e4:19:99:d9:5b:8d:7f:a2:
                    25:ac:d8:25:e0:93:72:a7:52:0a:49:b2:a6:c6:4f:
                    cc:28:e8:e0:41:25:ff:e9:9b:e4:0b:fd:3f:55:6f:
                    55:e6:6a:7a:7e:b5:6a:7e:da:28:29:b5:bb:e3:2d:
                    76:fc:dd:45:11:d8:c6:7d:17:1e:20:14:1a:cf:37:
                    c5:07:fa:3a:ad:56:e3:ab:46:78:bf:cc:22:81:c9:
                    18:eb:b4:3e:21:7b:17:d9:11:ad:cd:ca:84:ff:0c:
                    b0:b0:1e:f7:e2:2a:dc:7c:a2:25:77:13:74:ec:a9:
                    8e:56:85:6a:e0:23:60:52:22:1f:90:b6:c4:ac:1d:
                    32:7a:75:da:07:0b:e8:20:e2:5b:f1:4b:5f:b9:a9:
                    6e:ad:87:a5:30:c7:1b:c2:87:00:b7:1d:01:ab:68:
                    5c:86:1e:dd:91:29:b7:99:85:54:62:89:83:82:55:
                    3b:35:4a:ed:ab:80:d4:87:43:6a:cf:d1:12:c3:d3:
                    4e:88:a8:78:cc:60:b6:e8:73:91:d9:3f:57:40:ac:
                    93:64:2e:6e:24:7a:b1:ed:88:76:56:56:9a:d4:80:
                    03:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:7D:48:B1:FF:5B:28:8A:9C:27:80:51:D7:50:AE:5A:8E:17:4E:E2
            X509v3 Authority Key Identifier:
                keyid:77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/Dn1Isf9bKIqcJ4BR11CuWo4XTuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.217.0/24
                IPv6:
                  2a05:a880:dc20::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:0d:bc:ef:08:00:2d:c0:82:87:d2:e4:6c:dd:17:cd:6d:22:
         34:a7:70:03:ab:4d:14:e5:6e:7f:14:63:21:d4:8a:3b:42:af:
         22:63:94:ff:cf:ac:6e:3f:ad:70:dc:d3:55:70:95:de:95:4e:
         e6:48:34:ad:ca:c8:ba:51:19:af:35:44:25:1f:c7:99:db:7c:
         a3:66:79:b6:c4:d8:db:9d:d1:73:7b:49:b8:a7:71:e7:63:9d:
         83:a3:82:ce:a0:c3:82:83:2b:6a:68:23:b7:e8:2a:d8:22:41:
         20:8e:b2:4b:49:4f:fc:65:85:4d:1e:e6:26:90:79:9e:a4:7a:
         26:52:52:5f:aa:a3:26:8f:51:6e:dc:3f:8f:60:09:46:ca:85:
         11:af:57:f4:0d:bb:83:e9:51:af:b2:80:3f:3d:cb:46:da:3d:
         88:b6:4c:14:50:25:96:d2:ec:8b:70:0d:9e:4c:f4:8e:d1:b0:
         a3:be:df:4a:65:c6:db:b6:76:f3:9f:a9:28:c9:36:cc:69:8e:
         fb:0b:f7:5d:11:33:49:09:42:cd:7d:30:07:d6:c7:e6:c2:1b:
         66:a0:6b:fe:b7:ea:52:04:ad:eb:c5:83:95:69:c3:ec:72:93:
         6a:b2:b5:9d:97:04:fa:05:47:e5:bf:fa:1f:8e:f2:d8:f1:5b:
         15:12:58:ea
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSMOoN047Lya3fgDheE79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZWRhOGY3MjZhNjliNTA0ZGU5OTQ5NDNiMGE1ZjIzMDhj
MmE5NmIwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTdkNDhiMWZmNWIyODhhOWMyNzgwNTFkNzUwYWU1YThlMTc0ZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUhrRriLp+N/pHydaR3nQ9t7bvB/
nhwi0TLSI9GuN7I2viRC5BmZ2VuNf6IlrNgl4JNyp1IKSbKmxk/MKOjgQSX/6Zvk
C/0/VW9V5mp6frVqftooKbW74y12/N1FEdjGfRceIBQazzfFB/o6rVbjq0Z4v8wi
gckY67Q+IXsX2RGtzcqE/wywsB734ircfKIldxN07KmOVoVq4CNgUiIfkLbErB0y
enXaBwvoIOJb8UtfualurYelMMcbwocAtx0Bq2hchh7dkSm3mYVUYomDglU7NUrt
q4DUh0Nqz9ESw9NOiKh4zGC26HOR2T9XQKyTZC5uJHqx7Yh2Vlaa1IADqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA59SLH/WyiKnCeAUddQrlqOF07iMB8GA1UdIwQY
MBaAFHftqPcmpptQTemUlDsKXyMIwqlrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTkt
NjA4NGNmYzZlNGM0LzEvRG4xSXNmOWJLSXFjSjRCUjExQ3VXbzRYVHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTktNjA4NGNmYzZlNGM0
LzEvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwTjZMA8E
AgACMAkDBwAqBaiA3CAwDQYJKoZIhvcNAQELBQADggEBAKwNvO8IAC3AgofS5Gzd
F81tIjSncAOrTRTlbn8UYyHUijtCryJjlP/PrG4/rXDc01Vwld6VTuZINK3KyLpR
Ga81RCUfx5nbfKNmebbE2Nud0XN7SbincedjnYOjgs6gw4KDK2poI7foKtgiQSCO
sktJT/xlhU0e5iaQeZ6keiZSUl+qoyaPUW7cP49gCUbKhRGvV/QNu4PpUa+ygD89
y0baPYi2TBRQJZbS7ItwDZ5M9I7RsKO+30plxtu2dvOfqSjJNsxpjvsL910RM0kJ
Qs19MAfWx+bCG2aga/636lIErevFg5Vpw+xyk2qytZ2XBPoFR+W/+h+O8tjxWxUS
WOo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:30:05 2024 by rpki-client on console-fra.rpki-client.org