Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ae4547-2ca2-4cbd-a1b5-3cf3b463a86a/1/rVNS5ZLJ0DneG9cmkLjv3g05yH4.roa
File:                     rVNS5ZLJ0DneG9cmkLjv3g05yH4.roa (raw, json)
Hash identifier:          wch70Ap5xhYxbnT/Ll8b0Jhpuqvb5dshXYH/a2RUZq4=
Subject key identifier:   AD:53:52:E5:92:C9:D0:39:DE:1B:D7:26:90:B8:EF:DE:0D:39:C8:7E
Certificate issuer:       /CN=03f7e7cf8176e302764d48299fc22a9bdc6ba683
Certificate serial:       018CCA2B9C0A0DD6BD8837B6C75E6D1A9CE7
Authority key identifier: 03:F7:E7:CF:81:76:E3:02:76:4D:48:29:9F:C2:2A:9B:DC:6B:A6:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A_fnz4F24wJ2TUgpn8Iqm9xrpoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ae4547-2ca2-4cbd-a1b5-3cf3b463a86a/1/rVNS5ZLJ0DneG9cmkLjv3g05yH4.roa
Signing time:             Tue 02 Jan 2024 12:35:04 +0000
ROA not before:           Tue 02 Jan 2024 12:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205943
IP address blocks:        185.201.70.0/24 maxlen: 24
                          185.201.69.0/24 maxlen: 24
                          185.201.68.0/24 maxlen: 24
                          2a0a:bf40::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ae4547-2ca2-4cbd-a1b5-3cf3b463a86a/1/A_fnz4F24wJ2TUgpn8Iqm9xrpoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ae4547-2ca2-4cbd-a1b5-3cf3b463a86a/1/A_fnz4F24wJ2TUgpn8Iqm9xrpoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A_fnz4F24wJ2TUgpn8Iqm9xrpoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:9c:0a:0d:d6:bd:88:37:b6:c7:5e:6d:1a:9c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03f7e7cf8176e302764d48299fc22a9bdc6ba683
        Validity
            Not Before: Jan  2 12:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad5352e592c9d039de1bd72690b8efde0d39c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:db:99:12:9c:3f:22:65:15:aa:ed:09:4d:b8:
                    df:2e:c3:9a:59:97:b1:7c:e9:f9:50:72:91:af:b7:
                    dd:91:f8:2c:70:17:b5:a8:13:c1:6d:76:d2:d6:e5:
                    65:a2:0e:e8:e7:71:2b:40:d7:9e:86:b2:58:43:24:
                    3d:62:8b:1e:0a:3c:b7:22:81:93:03:74:3d:58:10:
                    4c:88:70:30:2d:41:0b:0a:76:8b:4a:38:00:22:cd:
                    59:0b:23:d1:e4:80:f5:32:22:34:cc:a9:95:51:2d:
                    8c:ac:07:8e:c7:b9:ec:74:5f:e4:0f:fd:1a:39:48:
                    55:2a:19:5c:8c:5d:da:de:cb:0d:6a:93:0f:2e:18:
                    02:f8:8d:ae:6b:2c:00:f2:4d:a3:fb:c5:aa:b2:c3:
                    3e:97:82:ec:69:92:c8:a6:1d:9f:d6:a1:ae:97:89:
                    b0:0f:6b:77:f9:00:72:d1:e3:06:43:ca:c5:73:e8:
                    e7:13:08:ad:6b:df:46:b2:4f:23:87:68:4a:4e:b3:
                    1d:72:c0:22:2f:b5:36:8f:14:d0:f4:fa:9b:aa:f1:
                    34:73:ad:13:18:0d:e5:5c:63:48:54:e4:db:88:76:
                    41:59:4e:fa:b7:39:d4:a6:b2:d6:53:a2:62:c1:8a:
                    97:c7:22:ca:a0:eb:fb:ac:61:3d:95:2b:47:ae:ad:
                    c0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:53:52:E5:92:C9:D0:39:DE:1B:D7:26:90:B8:EF:DE:0D:39:C8:7E
            X509v3 Authority Key Identifier:
                keyid:03:F7:E7:CF:81:76:E3:02:76:4D:48:29:9F:C2:2A:9B:DC:6B:A6:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A_fnz4F24wJ2TUgpn8Iqm9xrpoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ae4547-2ca2-4cbd-a1b5-3cf3b463a86a/1/rVNS5ZLJ0DneG9cmkLjv3g05yH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ae4547-2ca2-4cbd-a1b5-3cf3b463a86a/1/A_fnz4F24wJ2TUgpn8Iqm9xrpoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.68.0-185.201.70.255
                IPv6:
                  2a0a:bf40::/36

    Signature Algorithm: sha256WithRSAEncryption
         48:ca:bc:39:a8:1f:46:07:6b:d2:43:41:75:aa:77:e3:fb:9c:
         f5:2b:d2:56:53:7c:0b:a9:ed:0f:8e:b3:00:d3:51:73:71:5b:
         c6:1e:ad:f3:b3:31:53:e9:27:9d:35:b9:e3:33:2a:3c:e8:d5:
         12:3c:a0:26:78:8e:81:fe:ef:61:b2:fc:e9:97:a2:08:33:1a:
         0a:16:1e:b3:f6:97:c2:cc:23:f5:8f:3d:f9:84:a2:e3:d7:99:
         fc:70:6b:ce:35:8a:b9:fe:24:29:1c:e9:21:50:6c:52:63:1b:
         6d:91:ce:1f:72:c2:38:32:ee:98:f7:23:2c:ef:2f:6a:10:18:
         99:72:fa:0b:b1:a2:0d:9c:3a:3c:1a:cf:8f:45:c0:96:af:11:
         a0:c9:f8:5c:bd:c5:57:92:85:48:01:36:02:a4:1c:69:2e:20:
         6e:0d:a4:4b:fa:d7:21:b9:84:a4:93:bc:b2:d5:7e:dd:57:4c:
         02:75:79:9a:d6:a5:41:28:c1:70:5c:40:99:f1:88:a6:e3:cd:
         44:ee:72:f6:6b:10:48:2b:23:20:f9:2f:4a:5c:4e:df:5a:4a:
         c3:b4:10:ff:2f:7f:cd:9f:c3:77:8c:ca:f9:0a:d5:d8:24:57:
         c5:ca:9c:f5:4f:89:bf:0e:c3:9d:fb:9b:34:ab:67:5a:8e:b5:
         36:d7:a0:b1
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzKK5wKDda9iDe2x15tGpznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZjdlN2NmODE3NmUzMDI3NjRkNDgyOTlmYzIyYTliZGM2
YmE2ODMwHhcNMjQwMTAyMTIzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDUzNTJlNTkyYzlkMDM5ZGUxYmQ3MjY5MGI4ZWZkZTBkMzljODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9uZEpw/ImUVqu0JTbjfLsOaWZex
fOn5UHKRr7fdkfgscBe1qBPBbXbS1uVlog7o53ErQNeehrJYQyQ9YoseCjy3IoGT
A3Q9WBBMiHAwLUELCnaLSjgAIs1ZCyPR5ID1MiI0zKmVUS2MrAeOx7nsdF/kD/0a
OUhVKhlcjF3a3ssNapMPLhgC+I2uaywA8k2j+8WqssM+l4LsaZLIph2f1qGul4mw
D2t3+QBy0eMGQ8rFc+jnEwita99Gsk8jh2hKTrMdcsAiL7U2jxTQ9PqbqvE0c60T
GA3lXGNIVOTbiHZBWU76tznUprLWU6JiwYqXxyLKoOv7rGE9lStHrq3APQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFK1TUuWSydA53hvXJpC4794NOch+MB8GA1UdIwQY
MBaAFAP358+BduMCdk1IKZ/CKpvca6aDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQV9mbno0RjI0d0oyVFVncG44SXFtOXhycG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hZTQ1NDctMmNhMi00Y2JkLWExYjUt
M2NmM2I0NjNhODZhLzEvclZOUzVaTEowRG5lRzljbWtManYzZzA1eUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hZTQ1NDctMmNhMi00Y2JkLWExYjUtM2NmM2I0NjNhODZh
LzEvQV9mbno0RjI0d0oyVFVncG44SXFtOXhycG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAK5yUQD
BAC5yUYwDgQCAAIwCAMGBCoKv0AAMA0GCSqGSIb3DQEBCwUAA4IBAQBIyrw5qB9G
B2vSQ0F1qnfj+5z1K9JWU3wLqe0PjrMA01FzcVvGHq3zszFT6SedNbnjMyo86NUS
PKAmeI6B/u9hsvzpl6IIMxoKFh6z9pfCzCP1jz35hKLj15n8cGvONYq5/iQpHOkh
UGxSYxttkc4fcsI4Mu6Y9yMs7y9qEBiZcvoLsaINnDo8Gs+PRcCWrxGgyfhcvcVX
koVIATYCpBxpLiBuDaRL+tchuYSkk7yy1X7dV0wCdXma1qVBKMFwXECZ8Yim481E
7nL2axBIKyMg+S9KXE7fWkrDtBD/L3/Nn8N3jMr5CtXYJFfFypz1T4m/DsOd+5s0
q2dajrU216Cx
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:41:44 2024 by rpki-client on console-ams.rpki-client.org