Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/16661c-e77b-41c3-80e4-14ee32fc5d06/1/dew4SZIqJ6gsdMdWPqcIRaIROXQ.roa
File:                     dew4SZIqJ6gsdMdWPqcIRaIROXQ.roa (raw, json)
Hash identifier:          +dy9DubGFCEktN4UFEcme5jX/EMsuoeggiYV4Q56hpA=
Subject key identifier:   75:EC:38:49:92:2A:27:A8:2C:74:C7:56:3E:A7:08:45:A2:11:39:74
Certificate issuer:       /CN=9f0338b7db5440029410397515c930eb452d75b0
Certificate serial:       018CC2DB49D457DD8510CB9F83EE61D9007E
Authority key identifier: 9F:03:38:B7:DB:54:40:02:94:10:39:75:15:C9:30:EB:45:2D:75:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwM4t9tUQAKUEDl1Fckw60UtdbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/16661c-e77b-41c3-80e4-14ee32fc5d06/1/dew4SZIqJ6gsdMdWPqcIRaIROXQ.roa
Signing time:             Mon 01 Jan 2024 02:30:00 +0000
ROA not before:           Mon 01 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199753
IP address blocks:        185.89.56.0/22 maxlen: 22
                          91.223.151.0/24 maxlen: 24
                          194.117.254.0/23 maxlen: 23
                          2a05:d580::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/16661c-e77b-41c3-80e4-14ee32fc5d06/1/nwM4t9tUQAKUEDl1Fckw60UtdbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/16661c-e77b-41c3-80e4-14ee32fc5d06/1/nwM4t9tUQAKUEDl1Fckw60UtdbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwM4t9tUQAKUEDl1Fckw60UtdbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:49:d4:57:dd:85:10:cb:9f:83:ee:61:d9:00:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0338b7db5440029410397515c930eb452d75b0
        Validity
            Not Before: Jan  1 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75ec3849922a27a82c74c7563ea70845a2113974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:db:89:b3:1c:5a:89:50:d4:fd:a5:87:9e:60:
                    d8:fc:82:a6:7b:75:3d:e2:9f:b5:46:1f:91:88:36:
                    a9:a8:92:d4:a4:2f:11:bf:b7:c6:97:b9:68:30:15:
                    5d:50:bb:73:85:f8:df:55:0d:33:cd:7d:39:0d:c8:
                    f9:b2:0a:b7:cd:b6:c4:5c:9c:f3:f0:b7:aa:cf:02:
                    17:c8:1e:32:31:e4:ed:4b:e9:bc:d7:72:70:dc:cd:
                    94:d1:5e:d8:5d:6e:5a:43:0f:5a:4d:61:0c:5f:da:
                    1d:9c:24:be:95:e8:d4:f4:0f:60:de:47:ec:d7:e3:
                    82:90:a4:df:f2:10:fd:aa:37:16:91:da:44:37:03:
                    7c:8f:9f:03:27:85:d2:25:a5:42:d3:68:ca:4b:7b:
                    cd:9d:59:d7:6d:05:03:2f:2c:12:01:55:fc:e7:4a:
                    c9:46:c8:f4:d6:49:28:d6:fb:bb:b5:cc:ce:4e:90:
                    4e:1c:34:0b:da:ce:28:fa:28:cd:33:cc:be:c0:18:
                    55:8e:aa:60:da:af:51:9b:bf:d8:7a:19:fa:53:8f:
                    f6:cd:3b:df:07:73:da:ea:87:65:9d:cd:88:4a:a5:
                    a6:8e:52:63:6b:2f:b4:d5:16:57:b1:75:7d:24:b3:
                    55:c7:09:2b:72:c7:2d:19:66:48:44:24:d4:30:e5:
                    b4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:EC:38:49:92:2A:27:A8:2C:74:C7:56:3E:A7:08:45:A2:11:39:74
            X509v3 Authority Key Identifier:
                keyid:9F:03:38:B7:DB:54:40:02:94:10:39:75:15:C9:30:EB:45:2D:75:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwM4t9tUQAKUEDl1Fckw60UtdbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/16661c-e77b-41c3-80e4-14ee32fc5d06/1/dew4SZIqJ6gsdMdWPqcIRaIROXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/16661c-e77b-41c3-80e4-14ee32fc5d06/1/nwM4t9tUQAKUEDl1Fckw60UtdbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.151.0/24
                  185.89.56.0/22
                  194.117.254.0/23
                IPv6:
                  2a05:d580::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:72:c6:8e:b7:34:71:ae:62:5e:62:5a:0f:58:d0:f4:3a:6a:
         bb:5c:a7:17:d3:7f:f0:a6:d1:90:37:6a:1a:e6:6e:3e:2b:f3:
         fb:c4:be:87:fd:e8:3f:68:77:14:76:8b:03:35:26:b3:6b:b0:
         9f:be:dc:4e:7a:27:38:db:35:cc:ee:78:ec:9d:dc:10:53:9c:
         04:b8:ce:62:84:41:b9:f6:f1:30:d5:75:a4:62:1d:fc:4e:da:
         74:ad:39:dd:41:11:92:04:ef:e8:1c:11:79:85:87:f0:db:08:
         0c:8e:39:d5:ab:30:78:71:4b:5e:b4:50:61:f4:d7:b2:39:98:
         2f:ea:8b:89:fe:b4:ee:1f:57:d0:8b:a7:c6:49:2c:67:d0:6f:
         5f:f5:a8:5d:95:68:02:e1:f8:5f:06:61:18:ba:95:83:7a:0e:
         a1:2f:19:ee:9b:30:3e:43:c5:fd:17:ce:a7:bf:ca:51:81:4c:
         2d:c4:15:77:e5:e6:b3:e9:2b:64:80:fc:64:55:0e:c2:65:8f:
         f5:4f:0e:98:7f:47:59:70:eb:4a:c1:86:61:76:57:4e:66:bf:
         fd:1d:cc:69:74:d8:fb:6b:2c:97:39:17:a0:6c:31:45:76:17:
         63:a2:85:80:94:3f:b5:33:cb:db:97:1e:dd:5a:fb:8f:1a:78:
         95:e7:e6:74
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzC20nUV92FEMufg+5h2QB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDMzOGI3ZGI1NDQwMDI5NDEwMzk3NTE1YzkzMGViNDUy
ZDc1YjAwHhcNMjQwMTAxMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWVjMzg0OTkyMmEyN2E4MmM3NGM3NTYzZWE3MDg0NWEyMTEzOTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApduJsxxaiVDU/aWHnmDY/IKme3U9
4p+1Rh+RiDapqJLUpC8Rv7fGl7loMBVdULtzhfjfVQ0zzX05Dcj5sgq3zbbEXJzz
8LeqzwIXyB4yMeTtS+m813Jw3M2U0V7YXW5aQw9aTWEMX9odnCS+lejU9A9g3kfs
1+OCkKTf8hD9qjcWkdpENwN8j58DJ4XSJaVC02jKS3vNnVnXbQUDLywSAVX850rJ
Rsj01kko1vu7tczOTpBOHDQL2s4o+ijNM8y+wBhVjqpg2q9Rm7/Yehn6U4/2zTvf
B3Pa6odlnc2ISqWmjlJjay+01RZXsXV9JLNVxwkrcsctGWZIRCTUMOW0BQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHXsOEmSKieoLHTHVj6nCEWiETl0MB8GA1UdIwQY
MBaAFJ8DOLfbVEAClBA5dRXJMOtFLXWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndNNHQ5dFVRQUtVRURsMUZja3c2MFV0ZGJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8xNjY2MWMtZTc3Yi00MWMzLTgwZTQt
MTRlZTMyZmM1ZDA2LzEvZGV3NFNaSXFKNmdzZE1kV1BxY0lSYUlST1hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8xNjY2MWMtZTc3Yi00MWMzLTgwZTQtMTRlZTMyZmM1ZDA2
LzEvbndNNHQ5dFVRQUtVRURsMUZja3c2MFV0ZGJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAW9+XAwQC
uVk4AwQBwnX+MA0EAgACMAcDBQAqBdWAMA0GCSqGSIb3DQEBCwUAA4IBAQCBcsaO
tzRxrmJeYloPWND0Omq7XKcX03/wptGQN2oa5m4+K/P7xL6H/eg/aHcUdosDNSaz
a7CfvtxOeic42zXM7njsndwQU5wEuM5ihEG59vEw1XWkYh38Ttp0rTndQRGSBO/o
HBF5hYfw2wgMjjnVqzB4cUtetFBh9NeyOZgv6ouJ/rTuH1fQi6fGSSxn0G9f9ahd
lWgC4fhfBmEYupWDeg6hLxnumzA+Q8X9F86nv8pRgUwtxBV35eaz6StkgPxkVQ7C
ZY/1Tw6Yf0dZcOtKwYZhdldOZr/9HcxpdNj7ayyXORegbDFFdhdjooWAlD+1M8vb
lx7dWvuPGniV5+Z0
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:07:14 2024 by rpki-client on console-fra.rpki-client.org