Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/kaIJ3v6bJMa7_WOSA-9tpwJX8ZI.roa
File:                     kaIJ3v6bJMa7_WOSA-9tpwJX8ZI.roa (raw, json)
Hash identifier:          24MF8HePt15XNm29GrUVnMlzVaZ+d0n3e3fS3wKI9AA=
Subject key identifier:   91:A2:09:DE:FE:9B:24:C6:BB:FD:63:92:03:EF:6D:A7:02:57:F1:92
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       018CC80134DD6D0369746896045F03CE6AFE
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/kaIJ3v6bJMa7_WOSA-9tpwJX8ZI.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9063
IP address blocks:        153.96.57.0/24 maxlen: 24
                          153.96.183.0/24 maxlen: 24
                          153.96.139.0/24 maxlen: 24
                          153.96.137.0/24 maxlen: 24
                          153.96.136.0/24 maxlen: 24
                          153.96.138.0/24 maxlen: 24
                          129.233.211.0/24 maxlen: 24
                          153.96.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:34:dd:6d:03:69:74:68:96:04:5f:03:ce:6a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91a209defe9b24c6bbfd639203ef6da70257f192
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:2a:83:ce:c2:01:1c:df:84:84:c4:e5:a7:e1:
                    df:b7:30:be:a8:3b:90:95:80:66:f6:ba:13:2c:9d:
                    97:b7:16:bd:cb:6f:0f:73:a3:b2:3a:16:be:05:f1:
                    7c:1f:cb:f9:1c:9e:4e:ae:3b:06:62:b4:17:25:e9:
                    c1:aa:fe:92:50:22:1a:ff:b0:65:b6:cc:75:38:c9:
                    82:53:6e:8e:cc:2d:9f:9a:ab:e5:a0:af:89:67:d7:
                    33:5e:5b:b0:41:2c:a2:5b:b8:b8:1f:44:d3:9f:93:
                    a9:91:7d:de:9a:10:ab:79:8b:1c:88:53:9a:d0:a6:
                    b3:ed:7d:75:00:d4:b4:0c:c0:81:c5:d4:62:22:a5:
                    c9:eb:a3:30:02:1b:33:e9:ca:26:4a:d8:fd:d6:dd:
                    b0:05:27:13:6d:35:08:bc:4b:7b:60:b9:4f:1a:2c:
                    50:0a:eb:c2:5a:16:ef:49:ca:3c:dc:6f:6c:aa:f5:
                    b3:4a:23:14:a7:81:f1:33:f6:eb:2a:a0:f7:72:67:
                    6e:ff:be:52:af:8d:8d:8e:11:2e:7f:02:a5:dc:2d:
                    81:04:56:e8:05:9a:d5:f7:8e:b5:c2:01:df:e0:9e:
                    6f:3b:ee:5c:2e:f7:89:eb:ec:d5:ab:85:44:0d:d8:
                    85:47:10:ba:60:b4:7a:8c:c5:1e:03:9f:38:92:8a:
                    62:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A2:09:DE:FE:9B:24:C6:BB:FD:63:92:03:EF:6D:A7:02:57:F1:92
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/kaIJ3v6bJMa7_WOSA-9tpwJX8ZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.233.211.0/24
                  153.96.50.0/24
                  153.96.57.0/24
                  153.96.136.0/22
                  153.96.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:65:14:d6:99:bd:97:ef:6b:33:f1:a6:6f:03:84:a0:19:be:
         b4:da:fe:7c:a0:fe:65:00:00:5d:ec:51:22:f8:15:71:b3:44:
         f8:f1:c9:e9:3c:42:06:33:e0:b0:fb:8f:1c:6d:b1:d7:fd:09:
         88:6a:7f:a2:9b:c5:6f:52:88:c1:68:4b:99:f6:54:00:fd:47:
         92:83:1b:b4:af:a3:bb:a6:10:cc:b9:d0:72:87:c0:48:81:11:
         90:44:a3:15:12:c3:f7:9f:c9:16:cb:2e:df:da:3d:a5:93:0e:
         71:f6:17:ce:28:4c:27:52:a4:27:75:ed:a6:20:ce:59:7a:b2:
         74:db:0d:1b:80:08:57:71:a0:8e:fa:ac:2c:28:f9:82:68:de:
         b0:77:8b:c4:ab:81:89:dd:ce:0d:77:83:a7:ae:de:35:5b:e6:
         7a:70:89:4c:26:42:3c:5c:3f:77:89:2a:99:4e:f6:bc:32:b6:
         c5:55:0f:8d:3a:78:35:bb:d5:f5:33:20:6b:44:11:a1:c3:b4:
         c5:03:74:16:fc:be:4d:2e:92:49:7e:c7:a3:72:83:9a:e7:17:
         61:4e:b2:a0:9b:56:d6:04:6d:e7:00:ce:2a:4a:93:0b:13:d1:
         23:c5:14:2e:b5:01:e5:d2:14:3e:bb:5f:2a:c4:20:d8:0b:c1:
         d2:cb:a2:97
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzIATTdbQNpdGiWBF8Dzmr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWEyMDlkZWZlOWIyNGM2YmJmZDYzOTIwM2VmNmRhNzAyNTdmMTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyqDzsIBHN+EhMTlp+HftzC+qDuQ
lYBm9roTLJ2Xtxa9y28Pc6OyOha+BfF8H8v5HJ5OrjsGYrQXJenBqv6SUCIa/7Bl
tsx1OMmCU26OzC2fmqvloK+JZ9czXluwQSyiW7i4H0TTn5OpkX3emhCreYsciFOa
0Kaz7X11ANS0DMCBxdRiIqXJ66MwAhsz6comStj91t2wBScTbTUIvEt7YLlPGixQ
CuvCWhbvSco83G9sqvWzSiMUp4HxM/brKqD3cmdu/75Sr42NjhEufwKl3C2BBFbo
BZrV9461wgHf4J5vO+5cLveJ6+zVq4VEDdiFRxC6YLR6jMUeA584kopihwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJGiCd7+myTGu/1jkgPvbacCV/GSMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEva2FJSjN2NmJKTWE3X1dPU0EtOXRwd0pYOFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAgenTAwQA
mWAyAwQAmWA5AwQCmWCIAwQAmWC3MA0GCSqGSIb3DQEBCwUAA4IBAQBsZRTWmb2X
72sz8aZvA4SgGb602v58oP5lAABd7FEi+BVxs0T48cnpPEIGM+Cw+48cbbHX/QmI
an+im8VvUojBaEuZ9lQA/UeSgxu0r6O7phDMudByh8BIgRGQRKMVEsP3n8kWyy7f
2j2lkw5x9hfOKEwnUqQnde2mIM5ZerJ02w0bgAhXcaCO+qwsKPmCaN6wd4vEq4GJ
3c4Nd4Onrt41W+Z6cIlMJkI8XD93iSqZTva8MrbFVQ+NOng1u9X1MyBrRBGhw7TF
A3QW/L5NLpJJfsejcoOa5xdhTrKgm1bWBG3nAM4qSpMLE9EjxRQutQHl0hQ+u18q
xCDYC8HSy6KX
-----END CERTIFICATE-----
Generated at Sat Jun 15 14:30:06 2024 by rpki-client on console-fra.rpki-client.org