Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5eb289-6270-4db2-acde-a879df46eb99/1/A3Nzh5IMPdBrw6ZYMVUEQ_N86Hc.roa
File:                     A3Nzh5IMPdBrw6ZYMVUEQ_N86Hc.roa (raw, json)
Hash identifier:          5MaNpHmKeTyn/fJ+VjcwU8k7PJOljEqeXXhAN9QgS5w=
Subject key identifier:   03:73:73:87:92:0C:3D:D0:6B:C3:A6:58:31:55:04:43:F3:7C:E8:77
Certificate issuer:       /CN=41761e6d16ebf17e571c6bf77ec06bdf7ab68af8
Certificate serial:       018CC6B8D7E1C091A76A22D75F7F1871BE85
Authority key identifier: 41:76:1E:6D:16:EB:F1:7E:57:1C:6B:F7:7E:C0:6B:DF:7A:B6:8A:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QXYebRbr8X5XHGv3fsBr33q2ivg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/5eb289-6270-4db2-acde-a879df46eb99/1/A3Nzh5IMPdBrw6ZYMVUEQ_N86Hc.roa
Signing time:             Mon 01 Jan 2024 20:30:51 +0000
ROA not before:           Mon 01 Jan 2024 20:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60193
IP address blocks:        194.32.70.0/24 maxlen: 24
                          194.32.68.0/24 maxlen: 24
                          194.32.83.0/24 maxlen: 24
                          194.31.255.0/24 maxlen: 24
                          2a10:7f80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/5eb289-6270-4db2-acde-a879df46eb99/1/QXYebRbr8X5XHGv3fsBr33q2ivg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/5eb289-6270-4db2-acde-a879df46eb99/1/QXYebRbr8X5XHGv3fsBr33q2ivg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QXYebRbr8X5XHGv3fsBr33q2ivg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d7:e1:c0:91:a7:6a:22:d7:5f:7f:18:71:be:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41761e6d16ebf17e571c6bf77ec06bdf7ab68af8
        Validity
            Not Before: Jan  1 20:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03737387920c3dd06bc3a65831550443f37ce877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b1:a6:fd:f2:01:e5:a6:09:ec:42:d0:f7:1b:
                    64:79:ac:03:06:02:8b:9e:16:98:ee:7b:1c:7d:47:
                    80:b5:6c:e2:75:08:ae:b9:0b:9a:47:b8:3b:5a:e2:
                    62:ca:0f:ac:05:57:57:88:0d:1b:3f:82:d2:50:75:
                    85:6f:71:c0:d5:5b:4c:31:1d:3a:09:85:d1:b8:76:
                    6c:f0:7b:fe:ea:a2:ca:de:05:2f:ba:67:0a:10:a1:
                    ac:dd:77:01:f2:5b:81:0e:f5:fa:c1:fa:e7:df:bf:
                    6c:fc:82:45:55:f9:04:7d:47:be:4e:a4:7d:68:d5:
                    d6:6b:78:79:74:80:30:67:12:27:85:43:82:a9:6b:
                    cb:88:ef:5d:bd:3b:6e:16:40:0e:0a:80:f1:5c:20:
                    77:f4:1b:52:60:55:e8:95:db:62:80:04:09:da:9c:
                    c8:dc:66:9b:bc:e0:da:14:17:67:e4:e9:1d:ed:3b:
                    cb:94:a5:e1:d3:8b:37:9a:86:8e:87:79:c4:42:30:
                    aa:e6:f3:ec:d1:8c:36:79:a6:eb:c6:7d:ed:6b:1c:
                    ea:1e:8a:b6:79:d3:94:67:ed:6c:7b:f4:ff:b0:a2:
                    fb:fd:5f:23:8f:ec:96:1f:11:74:01:b5:70:87:92:
                    f2:3f:ce:6c:f9:5d:4c:95:5e:16:ed:c7:4d:5d:a0:
                    30:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:73:73:87:92:0C:3D:D0:6B:C3:A6:58:31:55:04:43:F3:7C:E8:77
            X509v3 Authority Key Identifier:
                keyid:41:76:1E:6D:16:EB:F1:7E:57:1C:6B:F7:7E:C0:6B:DF:7A:B6:8A:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXYebRbr8X5XHGv3fsBr33q2ivg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5eb289-6270-4db2-acde-a879df46eb99/1/A3Nzh5IMPdBrw6ZYMVUEQ_N86Hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5eb289-6270-4db2-acde-a879df46eb99/1/QXYebRbr8X5XHGv3fsBr33q2ivg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.255.0/24
                  194.32.68.0/24
                  194.32.70.0/24
                  194.32.83.0/24
                IPv6:
                  2a10:7f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:a8:9e:7f:38:2f:bc:ea:d6:03:d5:0e:9e:94:19:6e:cb:42:
         a0:b1:44:88:2f:de:af:f6:79:bb:02:05:ea:24:42:31:22:6b:
         c5:02:04:f4:5d:48:96:42:a3:6b:5f:f7:44:59:e4:4d:4c:72:
         c9:c3:18:31:aa:ad:b8:a6:3c:9d:87:4c:e5:5f:0b:f8:d2:82:
         7a:cd:f0:30:97:9d:42:c5:72:99:23:06:0d:11:ee:7d:59:7e:
         c4:d7:2b:2e:e5:1f:a1:37:fe:76:64:7b:9e:e6:28:06:92:cf:
         60:58:c2:e6:11:3a:cf:70:6f:87:47:cd:9d:60:30:48:f0:0d:
         d6:29:96:43:30:11:14:c7:78:48:93:c8:53:06:8d:bb:ef:3c:
         4c:85:32:f0:bf:25:ca:3b:8e:81:cc:5b:d6:d3:dd:59:46:fb:
         44:ed:3e:dd:8c:73:c1:d1:27:f1:77:51:55:cc:9a:a8:ad:33:
         7b:3d:7c:07:90:3a:26:f4:78:3b:e7:06:5b:45:b4:67:ab:e7:
         db:4f:ae:9e:91:a4:24:ba:57:09:a8:11:f7:66:25:ca:71:2c:
         b9:98:07:8e:8c:f9:42:8b:c3:6b:aa:6f:54:74:56:5b:e7:9f:
         a0:ce:38:1c:92:6b:5a:bf:d9:c3:7d:e5:ae:a8:8f:d3:05:1d:
         e4:a0:54:4d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzGuNfhwJGnaiLXX38Ycb6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzYxZTZkMTZlYmYxN2U1NzFjNmJmNzdlYzA2YmRmN2Fi
NjhhZjgwHhcNMjQwMTAxMjAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzczNzM4NzkyMGMzZGQwNmJjM2E2NTgzMTU1MDQ0M2YzN2NlODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7Gm/fIB5aYJ7ELQ9xtkeawDBgKL
nhaY7nscfUeAtWzidQiuuQuaR7g7WuJiyg+sBVdXiA0bP4LSUHWFb3HA1VtMMR06
CYXRuHZs8Hv+6qLK3gUvumcKEKGs3XcB8luBDvX6wfrn379s/IJFVfkEfUe+TqR9
aNXWa3h5dIAwZxInhUOCqWvLiO9dvTtuFkAOCoDxXCB39BtSYFXoldtigAQJ2pzI
3GabvODaFBdn5Okd7TvLlKXh04s3moaOh3nEQjCq5vPs0Yw2eabrxn3taxzqHoq2
edOUZ+1se/T/sKL7/V8jj+yWHxF0AbVwh5LyP85s+V1MlV4W7cdNXaAw9QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFANzc4eSDD3Qa8OmWDFVBEPzfOh3MB8GA1UdIwQY
MBaAFEF2Hm0W6/F+Vxxr937Aa996tor4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhZZWJSYnI4WDVYSEd2M2ZzQnIzM3EyaXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81ZWIyODktNjI3MC00ZGIyLWFjZGUt
YTg3OWRmNDZlYjk5LzEvQTNOemg1SU1QZEJydzZaWU1WVUVRX044NkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81ZWIyODktNjI3MC00ZGIyLWFjZGUtYTg3OWRmNDZlYjk5
LzEvUVhZZWJSYnI4WDVYSEd2M2ZzQnIzM3EyaXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAwh//AwQA
wiBEAwQAwiBGAwQAwiBTMA0EAgACMAcDBQMqEH+AMA0GCSqGSIb3DQEBCwUAA4IB
AQBbqJ5/OC+86tYD1Q6elBluy0KgsUSIL96v9nm7AgXqJEIxImvFAgT0XUiWQqNr
X/dEWeRNTHLJwxgxqq24pjydh0zlXwv40oJ6zfAwl51CxXKZIwYNEe59WX7E1ysu
5R+hN/52ZHue5igGks9gWMLmETrPcG+HR82dYDBI8A3WKZZDMBEUx3hIk8hTBo27
7zxMhTLwvyXKO46BzFvW091ZRvtE7T7djHPB0Sfxd1FVzJqorTN7PXwHkDom9Hg7
5wZbRbRnq+fbT66ekaQkulcJqBH3ZiXKcSy5mAeOjPlCi8Nrqm9UdFZb55+gzjgc
kmtav9nDfeWuqI/TBR3koFRN
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:36:10 2024 by rpki-client on console-fra.rpki-client.org