Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/999r0NWrPfvR3_rZH1SqP_hOOfU.roa
File:                     999r0NWrPfvR3_rZH1SqP_hOOfU.roa (raw, json)
Hash identifier:          v1n10El5aCqGaEq9W1kjPgP/b/caVobxI/OHO6kE1zI=
Subject key identifier:   F7:DF:6B:D0:D5:AB:3D:FB:D1:DF:FA:D9:1F:54:AA:3F:F8:4E:39:F5
Certificate issuer:       /CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
Certificate serial:       018CC4938870C66C524B0A77850FFB5953D9
Authority key identifier: 23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/999r0NWrPfvR3_rZH1SqP_hOOfU.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201701
IP address blocks:        185.66.192.0/22 maxlen: 22
                          185.66.193.0/24 maxlen: 24
                          185.66.195.0/24 maxlen: 24
                          185.66.194.0/24 maxlen: 24
                          2a03:2260:1000::/36 maxlen: 36
                          2a03:2260:3000::/36 maxlen: 36
                          2a03:2260:2000::/36 maxlen: 36
                          2a03:2260::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:88:70:c6:6c:52:4b:0a:77:85:0f:fb:59:53:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7df6bd0d5ab3dfbd1dffad91f54aa3ff84e39f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:32:a7:08:d3:c9:2c:24:03:d8:d6:3f:3a:99:
                    03:ed:4c:60:92:19:c2:54:04:ef:65:fb:f2:d8:b1:
                    11:82:67:86:9d:66:1a:70:3b:37:42:74:a8:0d:bc:
                    c1:a7:36:a4:1b:5b:6b:5c:b4:a6:de:32:25:fc:36:
                    a1:93:7b:22:9f:74:90:f5:6f:7b:ca:e9:12:be:05:
                    78:ea:36:f9:15:7f:a6:10:79:ab:8f:86:19:cb:0b:
                    41:af:41:00:07:92:3f:ea:91:79:3f:c0:ca:6a:3e:
                    25:8d:3f:8e:4f:16:9f:70:28:8a:17:6a:08:6e:e1:
                    9c:0b:e8:ad:ee:4c:cd:99:a7:76:e8:43:4c:27:37:
                    a9:95:0f:d4:09:a2:92:a7:24:65:44:f1:59:8e:bb:
                    04:c2:e8:53:56:f3:7a:60:46:ae:50:55:5a:4b:aa:
                    81:96:b4:a4:e4:57:80:b8:b4:37:95:24:07:0c:41:
                    7e:5e:65:dc:20:a7:03:d8:b3:a1:0c:8d:6f:fb:62:
                    26:84:2f:38:1c:13:50:c9:83:bb:75:27:c2:09:ca:
                    e9:e3:d0:2d:fb:a2:c8:93:8b:ed:b3:ea:1d:c7:5b:
                    f2:de:57:cf:4c:7c:0b:4c:1c:0d:37:05:6b:22:90:
                    ce:47:2b:f6:d2:b5:39:0a:ce:8d:7a:e8:22:13:28:
                    da:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:DF:6B:D0:D5:AB:3D:FB:D1:DF:FA:D9:1F:54:AA:3F:F8:4E:39:F5
            X509v3 Authority Key Identifier:
                keyid:23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/999r0NWrPfvR3_rZH1SqP_hOOfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.192.0/22
                IPv6:
                  2a03:2260::/30

    Signature Algorithm: sha256WithRSAEncryption
         77:02:08:56:93:64:f2:67:b4:f8:7a:27:84:4a:da:df:9d:87:
         64:b4:2f:f9:1a:6c:2f:8e:ec:f8:02:82:65:16:16:31:ae:19:
         68:ea:fb:04:92:3e:d9:d9:a9:55:f1:3e:2e:44:b8:a6:fe:a7:
         38:6f:3f:55:5d:1b:b8:1d:ae:92:f6:93:35:77:e9:01:46:3f:
         b5:62:41:68:8c:4f:d5:07:cc:07:9e:c2:af:9e:19:89:da:df:
         4b:c7:a5:4c:b1:7e:1a:ea:40:7c:e5:5f:80:da:07:04:f0:5e:
         d8:39:5c:fb:a6:45:d9:43:10:2e:06:88:c5:6f:58:76:c8:70:
         60:3f:84:49:a3:e3:ca:ce:82:31:2f:64:68:47:7d:5e:a6:28:
         bc:2b:21:1d:79:d7:81:e3:41:66:72:6b:dc:a1:a5:bf:69:53:
         09:65:51:f0:03:fc:68:36:59:f2:cf:d0:45:50:08:d1:ad:6a:
         c8:e4:e9:fe:be:a4:c1:af:de:42:5e:08:ea:73:e5:ce:6e:6d:
         35:f0:c2:95:e2:bb:18:56:1b:0b:67:89:27:94:c7:97:ef:66:
         a6:a2:d5:2d:cc:5b:e9:44:64:75:6f:9d:95:9d:18:3e:77:48:
         4f:4a:7f:21:2f:c2:8c:2b:8f:17:c5:07:e4:a1:b0:57:cd:01:
         77:47:6a:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk4hwxmxSSwp3hQ/7WVPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNjYyYzlhOTgwYWQ3NTg0NjUwYWJhYTM1NDViOWVhOTFk
M2UzNWUwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2RmNmJkMGQ1YWIzZGZiZDFkZmZhZDkxZjU0YWEzZmY4NGUzOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjKnCNPJLCQD2NY/OpkD7UxgkhnC
VATvZfvy2LERgmeGnWYacDs3QnSoDbzBpzakG1trXLSm3jIl/Dahk3sin3SQ9W97
yukSvgV46jb5FX+mEHmrj4YZywtBr0EAB5I/6pF5P8DKaj4ljT+OTxafcCiKF2oI
buGcC+it7kzNmad26ENMJzeplQ/UCaKSpyRlRPFZjrsEwuhTVvN6YEauUFVaS6qB
lrSk5FeAuLQ3lSQHDEF+XmXcIKcD2LOhDI1v+2ImhC84HBNQyYO7dSfCCcrp49At
+6LIk4vts+odx1vy3lfPTHwLTBwNNwVrIpDORyv20rU5Cs6NeugiEyjaPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPffa9DVqz370d/62R9Uqj/4Tjn1MB8GA1UdIwQY
MBaAFCNmLJqYCtdYRlCrqjVFueqR0+NeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEt
ODIzMmUzNTBkNDU4LzEvOTk5cjBOV3JQZnZSM19yWkgxU3FQX2hPT2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEtODIzMmUzNTBkNDU4
LzEvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuULAMA0E
AgACMAcDBQIqAyJgMA0GCSqGSIb3DQEBCwUAA4IBAQB3AghWk2TyZ7T4eieEStrf
nYdktC/5Gmwvjuz4AoJlFhYxrhlo6vsEkj7Z2alV8T4uRLim/qc4bz9VXRu4Ha6S
9pM1d+kBRj+1YkFojE/VB8wHnsKvnhmJ2t9Lx6VMsX4a6kB85V+A2gcE8F7YOVz7
pkXZQxAuBojFb1h2yHBgP4RJo+PKzoIxL2RoR31epii8KyEdedeB40FmcmvcoaW/
aVMJZVHwA/xoNlnyz9BFUAjRrWrI5On+vqTBr95CXgjqc+XObm018MKV4rsYVhsL
Z4knlMeX72amotUtzFvpRGR1b52VnRg+d0hPSn8hL8KMK48XxQfkobBXzQF3R2qI
-----END CERTIFICATE-----
Generated at Sat Nov 23 01:16:44 2024 by rpki-client on console-fra.rpki-client.org