Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/9iNNjitmnxEMLr2K1yCbvuQUs-I.roa
File:                     9iNNjitmnxEMLr2K1yCbvuQUs-I.roa (raw, json)
Hash identifier:          DOiyHp8slWnZ34606YAeFptixA22bjrRB1dI4k7fo3k=
Subject key identifier:   F6:23:4D:8E:2B:66:9F:11:0C:2E:BD:8A:D7:20:9B:BE:E4:14:B3:E2
Certificate issuer:       /CN=6665dd97665a23b1b183e223822b66b5ae536a2f
Certificate serial:       018F5398D801E042F6C869E0FB6F240E0CFE
Authority key identifier: 66:65:DD:97:66:5A:23:B1:B1:83:E2:23:82:2B:66:B5:AE:53:6A:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/9iNNjitmnxEMLr2K1yCbvuQUs-I.roa
Signing time:             Tue 07 May 2024 15:07:56 +0000
ROA not before:           Tue 07 May 2024 15:07:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        5.198.137.0/24 maxlen: 24
                          5.198.138.0/24 maxlen: 24
                          5.198.139.0/24 maxlen: 24
                          5.198.141.0/24 maxlen: 24
                          83.137.211.0/24 maxlen: 24
                          83.137.212.0/24 maxlen: 24
                          188.92.138.0/24 maxlen: 24
                          188.92.139.0/24 maxlen: 24
                          2001:67c:128::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:98:d8:01:e0:42:f6:c8:69:e0:fb:6f:24:0e:0c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6665dd97665a23b1b183e223822b66b5ae536a2f
        Validity
            Not Before: May  7 15:07:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6234d8e2b669f110c2ebd8ad7209bbee414b3e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bc:5f:7c:9a:ac:1f:b4:b6:6b:a7:cd:52:99:
                    2e:ee:c9:4a:c8:53:d9:43:34:56:06:3e:cf:ab:e7:
                    0d:08:3f:0d:80:d8:e7:58:e5:fb:f7:e2:47:47:0e:
                    4d:4c:fc:11:d1:6c:7d:0b:39:98:4c:dc:e7:05:93:
                    5e:ba:cd:33:39:2e:d8:19:c3:48:5f:2e:01:df:f1:
                    fc:e0:83:d3:7c:c9:fc:5b:e4:73:5c:f8:29:f0:2e:
                    08:43:5a:67:3b:29:b2:d7:fe:e4:4d:53:af:97:e1:
                    76:9d:e0:8e:2c:5a:e6:21:97:f0:09:d2:1b:5b:fb:
                    96:95:ed:1a:e6:39:58:70:cd:14:4b:6a:b9:1a:ac:
                    22:32:eb:07:dd:b0:fa:25:01:5a:50:1c:9f:5b:86:
                    2c:21:14:a1:9e:1a:cf:00:f5:41:f3:d9:0f:6a:dd:
                    a4:50:2d:ad:e4:0c:f2:76:94:27:21:80:aa:87:27:
                    f2:3b:dd:e1:8d:41:d4:a9:f8:35:85:c4:02:24:f4:
                    08:9f:60:79:32:1f:37:c5:cc:4f:c4:61:6f:20:a2:
                    db:f4:a4:c5:ac:01:0b:cf:08:db:08:ae:69:67:e7:
                    81:b0:fd:4f:05:de:fa:89:a1:a7:e7:2c:38:a9:c2:
                    56:ae:ab:86:3f:e3:b0:14:41:79:98:6d:17:86:51:
                    87:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:23:4D:8E:2B:66:9F:11:0C:2E:BD:8A:D7:20:9B:BE:E4:14:B3:E2
            X509v3 Authority Key Identifier:
                keyid:66:65:DD:97:66:5A:23:B1:B1:83:E2:23:82:2B:66:B5:AE:53:6A:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/9iNNjitmnxEMLr2K1yCbvuQUs-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/312529-73f6-4809-af9b-e8d70717ff8a/1/ZmXdl2ZaI7Gxg-Ijgitmta5Tai8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.198.137.0-5.198.139.255
                  5.198.141.0/24
                  83.137.211.0-83.137.212.255
                  188.92.138.0/23
                IPv6:
                  2001:67c:128::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:23:ce:fb:83:ff:82:2e:4f:11:e4:4c:c5:e5:ab:86:13:08:
         9b:82:d9:0f:23:bd:73:63:00:81:77:57:d0:d5:2f:c7:12:12:
         7e:fa:6e:d4:51:f0:41:16:7b:fc:50:6e:97:eb:44:20:fe:1a:
         71:14:46:0e:0f:9f:c9:f7:2c:3f:33:29:b5:40:af:5d:d4:31:
         e8:2a:30:89:19:f6:f3:bd:26:36:46:02:12:9b:5d:4a:35:c1:
         ad:5e:36:80:7a:d8:d7:c1:0a:40:fb:ff:c3:da:ed:23:83:31:
         56:55:86:1c:21:d2:8b:e4:2d:60:c9:75:5d:ae:1f:61:93:69:
         9a:01:47:0a:42:7f:83:7a:dc:87:3a:bf:e2:69:84:80:08:ca:
         f0:a7:8a:59:41:48:67:1f:13:9a:52:9d:c8:56:d6:94:1b:40:
         26:13:4b:66:d4:20:7e:76:af:01:57:ca:34:b9:7e:94:60:df:
         66:c3:6d:08:d9:c1:22:4a:9c:e9:67:e1:42:47:5a:8e:14:9e:
         1d:60:6a:65:ab:d5:8e:1e:8d:f5:07:c1:62:55:77:af:3c:cf:
         82:5e:4e:a2:2d:72:f3:05:7c:62:25:ae:a4:43:03:52:73:a4:
         fe:88:c9:aa:ea:7e:4e:0e:b5:37:9c:78:e8:b9:e8:b6:27:b8:
         60:1c:e2:aa
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAY9TmNgB4EL2yGng+28kDgz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjVkZDk3NjY1YTIzYjFiMTgzZTIyMzgyMmI2NmI1YWU1
MzZhMmYwHhcNMjQwNTA3MTUwNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjIzNGQ4ZTJiNjY5ZjExMGMyZWJkOGFkNzIwOWJiZWU0MTRiM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7xffJqsH7S2a6fNUpku7slKyFPZ
QzRWBj7Pq+cNCD8NgNjnWOX79+JHRw5NTPwR0Wx9CzmYTNznBZNeus0zOS7YGcNI
Xy4B3/H84IPTfMn8W+RzXPgp8C4IQ1pnOymy1/7kTVOvl+F2neCOLFrmIZfwCdIb
W/uWle0a5jlYcM0US2q5GqwiMusH3bD6JQFaUByfW4YsIRShnhrPAPVB89kPat2k
UC2t5AzydpQnIYCqhyfyO93hjUHUqfg1hcQCJPQIn2B5Mh83xcxPxGFvIKLb9KTF
rAELzwjbCK5pZ+eBsP1PBd76iaGn5yw4qcJWrquGP+OwFEF5mG0XhlGH9QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFPYjTY4rZp8RDC69itcgm77kFLPiMB8GA1UdIwQY
MBaAFGZl3ZdmWiOxsYPiI4IrZrWuU2ovMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1YZGwyWmFJN0d4Zy1JamdpdG10YTVUYWk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8zMTI1MjktNzNmNi00ODA5LWFmOWIt
ZThkNzA3MTdmZjhhLzEvOWlOTmppdG1ueEVNTHIySzF5Q2J2dVFVcy1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8zMTI1MjktNzNmNi00ODA5LWFmOWItZThkNzA3MTdmZjhh
LzEvWm1YZGwyWmFJN0d4Zy1JamdpdG10YTVUYWk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAuBAIAATAoMAwDBAAFxokD
BAIFxogDBAAFxo0wDAMEAFOJ0wMEAFOJ1AMEAbxcijAPBAIAAjAJAwcAIAEGfAEo
MA0GCSqGSIb3DQEBCwUAA4IBAQCpI877g/+CLk8R5EzF5auGEwibgtkPI71zYwCB
d1fQ1S/HEhJ++m7UUfBBFnv8UG6X60Qg/hpxFEYOD5/J9yw/Mym1QK9d1DHoKjCJ
GfbzvSY2RgISm11KNcGtXjaAetjXwQpA+//D2u0jgzFWVYYcIdKL5C1gyXVdrh9h
k2maAUcKQn+DetyHOr/iaYSACMrwp4pZQUhnHxOaUp3IVtaUG0AmE0tm1CB+dq8B
V8o0uX6UYN9mw20I2cEiSpzpZ+FCR1qOFJ4dYGplq9WOHo31B8FiVXevPM+CXk6i
LXLzBXxiJa6kQwNSc6T+iMmq6n5ODrU3nHjouei2J7hgHOKq
-----END CERTIFICATE-----
Generated at Sun Jun 16 03:56:21 2024 by rpki-client on console-ams.rpki-client.org