Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/eaWSYlYtTHoUV2T6puoJwTY1yzo.roa
File:                     eaWSYlYtTHoUV2T6puoJwTY1yzo.roa (raw, json)
Hash identifier:          4EDnzhJ+sngEfgBNbpNFt8hpCgyj82szfd/D0pgviK8=
Subject key identifier:   79:A5:92:62:56:2D:4C:7A:14:57:64:FA:A6:EA:09:C1:36:35:CB:3A
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       018CC80136552C424EDAC1630F6D92265958
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/eaWSYlYtTHoUV2T6puoJwTY1yzo.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16097
IP address blocks:        153.96.84.0/23 maxlen: 23
                          153.96.86.0/24 maxlen: 24
                          129.233.172.0/24 maxlen: 24
                          153.96.132.0/24 maxlen: 24
                          153.96.27.0/24 maxlen: 24
                          129.233.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:36:55:2c:42:4e:da:c1:63:0f:6d:92:26:59:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79a59262562d4c7a145764faa6ea09c13635cb3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ff:b9:30:2e:a1:00:4d:8d:5b:a7:af:d5:cc:
                    dc:cf:3a:50:5e:ab:87:65:bc:4f:03:06:44:69:c8:
                    e6:2e:aa:aa:38:ec:8a:cf:83:eb:41:ce:0f:28:58:
                    a5:90:3e:7d:e9:8d:e9:e5:7c:ae:30:28:17:b1:e7:
                    0b:cd:b1:57:bd:7b:85:e4:d5:1b:46:da:af:22:e6:
                    d3:49:19:86:cc:37:ef:12:53:0f:d6:b3:a7:cc:ce:
                    43:74:11:39:4f:b5:26:88:0a:b5:6d:71:9d:ea:86:
                    10:d1:56:a2:7c:ac:50:31:5d:fc:7d:1a:03:0f:a9:
                    55:72:4d:04:4a:01:1f:43:1b:93:e0:a3:f3:3c:ab:
                    d9:1d:1b:6b:39:7b:a1:ad:2b:94:fb:be:65:fa:70:
                    63:b6:8d:41:29:07:71:27:4c:76:d6:70:39:31:77:
                    17:9e:dc:b7:98:5e:11:c1:49:44:1c:f0:f5:c5:e5:
                    86:bf:bc:ca:32:ed:b7:58:4c:5b:4e:b2:04:ee:fc:
                    ab:1a:98:97:89:28:e3:eb:d7:46:32:97:c4:06:10:
                    46:d2:cf:69:dc:0f:9d:62:d5:ac:b1:76:7c:85:c0:
                    75:97:e8:e9:a6:18:8d:a4:c2:63:b6:45:0b:0e:f4:
                    88:b2:67:e4:77:0e:c3:94:f4:d3:47:90:d7:8e:ca:
                    8f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:A5:92:62:56:2D:4C:7A:14:57:64:FA:A6:EA:09:C1:36:35:CB:3A
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/eaWSYlYtTHoUV2T6puoJwTY1yzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.233.172.0/24
                  129.233.216.0/24
                  153.96.27.0/24
                  153.96.84.0-153.96.86.255
                  153.96.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:b9:8f:25:80:06:f1:71:5e:c5:10:3a:29:c9:37:4a:b8:1a:
         8b:46:b4:e5:95:f0:f9:90:6f:dc:05:7f:a6:89:4a:39:54:f7:
         d1:77:2b:98:85:7c:24:5a:42:2e:4f:ab:90:33:7c:f5:d3:02:
         24:97:19:78:a4:bb:53:f8:8a:00:95:84:4d:dc:8a:14:8c:b5:
         d1:3f:7c:92:2a:74:d5:7b:f3:d9:87:3c:7b:1c:01:b4:60:7e:
         d2:77:0f:a1:44:d1:19:e3:a7:7c:3f:17:4c:2e:b9:5c:92:7f:
         96:50:c4:3d:0d:03:7e:c5:7a:a4:36:b7:c4:5c:5b:8e:30:04:
         58:db:02:08:51:32:ad:cb:90:3b:15:c3:7a:89:16:c7:03:72:
         67:88:ee:db:18:b6:88:08:b3:a0:05:15:1f:3a:97:61:4a:75:
         bc:e5:e4:f2:ba:03:75:13:18:1b:b4:98:84:de:c7:56:2a:5a:
         4b:30:66:f5:f7:d2:de:f4:80:e6:0c:15:8f:5c:7d:4b:23:cb:
         23:87:95:4c:e3:fe:b4:51:5d:13:92:b9:ba:9e:77:27:0c:80:
         90:9e:c1:85:81:5e:c4:be:9d:6b:e4:8e:1e:28:aa:84:c4:c9:
         73:58:56:ca:49:b6:fb:a9:b6:7b:3f:3f:8f:fa:bd:05:93:ad:
         04:48:b3:28
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzIATZVLEJO2sFjD22SJllYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWE1OTI2MjU2MmQ0YzdhMTQ1NzY0ZmFhNmVhMDljMTM2MzVjYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmv+5MC6hAE2NW6ev1czczzpQXquH
ZbxPAwZEacjmLqqqOOyKz4PrQc4PKFilkD596Y3p5XyuMCgXsecLzbFXvXuF5NUb
RtqvIubTSRmGzDfvElMP1rOnzM5DdBE5T7UmiAq1bXGd6oYQ0VaifKxQMV38fRoD
D6lVck0ESgEfQxuT4KPzPKvZHRtrOXuhrSuU+75l+nBjto1BKQdxJ0x21nA5MXcX
nty3mF4RwUlEHPD1xeWGv7zKMu23WExbTrIE7vyrGpiXiSjj69dGMpfEBhBG0s9p
3A+dYtWssXZ8hcB1l+jpphiNpMJjtkULDvSIsmfkdw7DlPTTR5DXjsqPPwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFHmlkmJWLUx6FFdk+qbqCcE2Ncs6MB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvZWFXU1lsWXRUSG9VVjJUNnB1b0p3VFkxeXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAgemsAwQA
genYAwQAmWAbMAwDBAKZYFQDBACZYFYDBACZYIQwDQYJKoZIhvcNAQELBQADggEB
AFq5jyWABvFxXsUQOinJN0q4GotGtOWV8PmQb9wFf6aJSjlU99F3K5iFfCRaQi5P
q5AzfPXTAiSXGXiku1P4igCVhE3cihSMtdE/fJIqdNV789mHPHscAbRgftJ3D6FE
0Rnjp3w/F0wuuVySf5ZQxD0NA37FeqQ2t8RcW44wBFjbAghRMq3LkDsVw3qJFscD
cmeI7tsYtogIs6AFFR86l2FKdbzl5PK6A3UTGBu0mITex1YqWkswZvX30t70gOYM
FY9cfUsjyyOHlUzj/rRRXROSubqedycMgJCewYWBXsS+nWvkjh4oqoTEyXNYVspJ
tvuptns/P4/6vQWTrQRIsyg=
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:38:45 2024 by rpki-client on console-ams.rpki-client.org