Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/DAZZ70kyHQ4fmQYlrltvrKqFVFc.roa
File:                     DAZZ70kyHQ4fmQYlrltvrKqFVFc.roa (raw, json)
Hash identifier:          L5V/qK1dsmS3PJOOJrRXeTpjoB/eMclziqjIxjMndMk=
Subject key identifier:   0C:06:59:EF:49:32:1D:0E:1F:99:06:25:AE:5B:6F:AC:AA:85:54:57
Certificate issuer:       /CN=007e6b5aa437d3693151502a211496e37d4ae2c5
Certificate serial:       018CC64B72999BF1F927A48DF78751EFDBF5
Authority key identifier: 00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/DAZZ70kyHQ4fmQYlrltvrKqFVFc.roa
Signing time:             Mon 01 Jan 2024 18:31:22 +0000
ROA not before:           Mon 01 Jan 2024 18:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8677
IP address blocks:        193.58.80.0/21 maxlen: 24
                          160.92.0.0/16 maxlen: 24
                          193.16.186.0/23 maxlen: 24
                          193.16.188.0/22 maxlen: 24
                          193.201.76.0/23 maxlen: 24
                          192.136.30.0/24 maxlen: 24
                          89.106.184.0/21 maxlen: 24
                          193.56.46.0/24 maxlen: 24
                          2a01:20:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:72:99:9b:f1:f9:27:a4:8d:f7:87:51:ef:db:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=007e6b5aa437d3693151502a211496e37d4ae2c5
        Validity
            Not Before: Jan  1 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c0659ef49321d0e1f990625ae5b6facaa855457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3a:13:21:fa:27:dd:a4:f7:59:90:2c:10:05:
                    24:e0:70:bf:88:37:fb:8e:7e:f3:45:12:11:03:99:
                    58:22:8c:40:c8:06:0b:74:f0:24:46:25:f8:f9:4c:
                    47:b6:71:5e:15:0f:b6:d8:f7:fc:24:f3:75:81:0e:
                    ca:e2:7c:1a:fc:aa:48:4d:76:b3:fd:f8:c5:69:6b:
                    59:82:a2:6a:80:ef:9e:70:44:91:60:77:3b:ba:52:
                    44:57:a5:f3:67:f3:42:da:07:a8:9e:8e:e0:7a:e3:
                    9b:9f:32:aa:77:d7:06:d2:33:f6:42:22:12:c7:36:
                    b7:8b:8d:65:3f:67:db:32:5e:6c:78:dd:ff:65:2b:
                    f5:16:79:a2:7a:6c:a3:ab:ed:7e:c5:d6:e8:25:6c:
                    b6:ee:56:3f:aa:c3:58:a9:c1:bd:85:1f:91:4a:5c:
                    e7:52:0e:0b:70:c5:16:d8:e9:8c:07:0b:b3:12:35:
                    3b:19:7d:04:5e:20:09:3b:ef:14:13:e8:c0:7b:ae:
                    8e:e5:0e:39:70:8b:f7:e0:f1:9b:4f:a1:a8:be:eb:
                    14:69:40:c9:1f:55:af:7d:cd:b5:b8:e0:42:aa:62:
                    dd:6d:83:d3:31:21:36:f3:b6:5f:80:b0:34:57:94:
                    80:bd:fd:c0:8a:29:7e:47:9b:ec:7e:fc:ed:68:20:
                    33:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:06:59:EF:49:32:1D:0E:1F:99:06:25:AE:5B:6F:AC:AA:85:54:57
            X509v3 Authority Key Identifier:
                keyid:00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/DAZZ70kyHQ4fmQYlrltvrKqFVFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.184.0/21
                  160.92.0.0/16
                  192.136.30.0/24
                  193.16.186.0-193.16.191.255
                  193.56.46.0/24
                  193.58.80.0/21
                  193.201.76.0/23
                IPv6:
                  2a01:20:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:5b:dd:81:98:ba:82:28:b7:e0:51:5f:6b:ee:be:cf:8e:25:
         0b:aa:01:5b:b3:ff:42:94:0f:74:a7:97:60:9d:59:be:50:57:
         4c:1b:f3:42:01:65:b2:2f:6b:52:01:c2:b8:1d:03:16:b0:8d:
         5c:85:f9:45:d2:16:94:3d:70:ef:7a:5e:a2:07:90:cd:41:28:
         0b:72:c3:0f:67:75:71:3d:d8:8d:e5:b9:a3:08:f6:6f:ff:e0:
         a1:c8:af:3f:a3:06:e1:7b:94:4c:31:2e:b5:5b:f0:9d:06:fc:
         96:8b:e8:53:03:9d:4e:ec:fb:8d:84:59:64:54:ea:9a:5d:79:
         06:1d:5c:15:44:1b:01:28:77:54:bd:da:d9:d5:4b:a1:85:71:
         7b:49:31:f5:62:26:64:bd:d3:04:ee:25:63:7a:6a:41:84:71:
         a0:09:3c:80:c5:8e:29:39:eb:41:cb:61:4c:ea:80:6f:36:26:
         41:ab:82:b0:80:14:34:b2:bf:77:f0:d2:58:88:54:67:f0:7e:
         57:ef:7c:86:78:00:e3:7c:b1:67:aa:20:ca:91:a1:30:5d:3b:
         6e:b8:71:53:73:5f:13:5f:bd:62:17:99:2f:4b:61:2c:e4:a4:
         e5:d8:53:4d:77:58:f1:b5:be:cf:8e:79:da:1e:18:b0:9d:0f:
         fc:f6:3f:60
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYzGS3KZm/H5J6SN94dR79v1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwN2U2YjVhYTQzN2QzNjkzMTUxNTAyYTIxMTQ5NmUzN2Q0
YWUyYzUwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzA2NTllZjQ5MzIxZDBlMWY5OTA2MjVhZTViNmZhY2FhODU1NDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjoTIfon3aT3WZAsEAUk4HC/iDf7
jn7zRRIRA5lYIoxAyAYLdPAkRiX4+UxHtnFeFQ+22Pf8JPN1gQ7K4nwa/KpITXaz
/fjFaWtZgqJqgO+ecESRYHc7ulJEV6XzZ/NC2geono7geuObnzKqd9cG0jP2QiIS
xza3i41lP2fbMl5seN3/ZSv1Fnmiemyjq+1+xdboJWy27lY/qsNYqcG9hR+RSlzn
Ug4LcMUW2OmMBwuzEjU7GX0EXiAJO+8UE+jAe66O5Q45cIv34PGbT6GovusUaUDJ
H1Wvfc21uOBCqmLdbYPTMSE287ZfgLA0V5SAvf3Aiil+R5vsfvztaCAzgQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFAwGWe9JMh0OH5kGJa5bb6yqhVRXMB8GA1UdIwQY
MBaAFAB+a1qkN9NpMVFQKiEUluN9SuLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYt
NWE4YzY3ODQyMzg5LzEvREFaWjcwa3lIUTRmbVFZbHJsdHZyS3FGVkZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYtNWE4YzY3ODQyMzg5
LzEvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjA3BAIAATAxAwQDWWq4AwMA
oFwDBADAiB4wDAMEAcEQugMEBsEQgAMEAME4LgMEA8E6UAMEAcHJTDAPBAIAAjAJ
AwcAKgEAIAAGMA0GCSqGSIb3DQEBCwUAA4IBAQCiW92BmLqCKLfgUV9r7r7PjiUL
qgFbs/9ClA90p5dgnVm+UFdMG/NCAWWyL2tSAcK4HQMWsI1chflF0haUPXDvel6i
B5DNQSgLcsMPZ3VxPdiN5bmjCPZv/+ChyK8/owbhe5RMMS61W/CdBvyWi+hTA51O
7PuNhFlkVOqaXXkGHVwVRBsBKHdUvdrZ1UuhhXF7STH1YiZkvdME7iVjempBhHGg
CTyAxY4pOetBy2FM6oBvNiZBq4KwgBQ0sr938NJYiFRn8H5X73yGeADjfLFnqiDK
kaEwXTtuuHFTc18TX71iF5kvS2Es5KTl2FNNd1jxtb7PjnnaHhiwnQ/89j9g
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:36:33 2024 by rpki-client on console-ams.rpki-client.org