Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/MSAGJvcc1StXHJSzSb0NA0qRObY.roa
File:                     MSAGJvcc1StXHJSzSb0NA0qRObY.roa (raw, json)
Hash identifier:          PKDiHO05RnctEIh8lZhGRARYlweDXO30i2f8xR9+PfU=
Subject key identifier:   31:20:06:26:F7:1C:D5:2B:57:1C:94:B3:49:BD:0D:03:4A:91:39:B6
Certificate issuer:       /CN=668d2f64c337465ed38da5f7cc4584df87d4a744
Certificate serial:       018CC3B7215AC8AF3F2A00BE04791AD8A773
Authority key identifier: 66:8D:2F:64:C3:37:46:5E:D3:8D:A5:F7:CC:45:84:DF:87:D4:A7:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/MSAGJvcc1StXHJSzSb0NA0qRObY.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203329
IP address blocks:        2a00:b404:e000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:21:5a:c8:af:3f:2a:00:be:04:79:1a:d8:a7:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=668d2f64c337465ed38da5f7cc4584df87d4a744
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31200626f71cd52b571c94b349bd0d034a9139b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1e:9d:1d:60:b6:95:8b:17:6d:00:a4:b5:39:
                    bb:ce:6e:e2:12:f4:40:81:47:36:06:67:13:3b:b8:
                    c6:24:29:19:10:21:2e:2c:ba:6f:23:a8:11:94:3d:
                    44:4a:60:e4:b9:f1:f4:68:c9:cc:a0:31:95:df:76:
                    dc:11:f2:97:de:a6:9a:ed:24:a0:7f:c3:d7:c3:84:
                    9d:89:6c:88:32:97:c8:d6:94:e7:bb:58:62:cc:32:
                    34:81:22:5a:04:8f:25:1d:69:33:23:1b:15:0c:2d:
                    d4:21:15:43:06:8c:6d:fb:a7:c4:da:82:7f:8d:da:
                    ad:cb:ba:1b:26:43:06:43:50:c7:28:77:9c:e0:fa:
                    30:73:68:71:28:06:c0:16:dc:14:27:a8:06:f8:83:
                    e3:22:3e:d3:ea:ab:bb:f5:a6:47:52:62:95:8d:d2:
                    19:2e:af:62:4d:af:41:4b:78:59:6d:ac:4f:11:ae:
                    f3:d4:73:37:f1:73:88:8e:26:f6:31:af:8c:dc:02:
                    18:06:12:ac:b4:c8:b2:0a:62:e2:1f:1e:cb:09:cd:
                    90:b9:06:88:48:3c:50:25:31:f3:cf:a5:fa:c1:23:
                    08:12:05:ce:58:e9:f1:95:2a:6a:59:a1:50:93:d1:
                    81:3a:bc:f5:62:26:49:71:5f:85:06:d8:77:6f:5b:
                    43:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:20:06:26:F7:1C:D5:2B:57:1C:94:B3:49:BD:0D:03:4A:91:39:B6
            X509v3 Authority Key Identifier:
                keyid:66:8D:2F:64:C3:37:46:5E:D3:8D:A5:F7:CC:45:84:DF:87:D4:A7:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/MSAGJvcc1StXHJSzSb0NA0qRObY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:b404:e000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1e:9b:b6:fb:21:e6:ee:a3:c5:4e:8f:ce:83:11:b4:94:9b:08:
         b2:cd:e1:66:25:b7:5d:b0:ad:45:a6:f2:ed:1d:14:4a:13:f6:
         85:37:9b:12:d9:bd:10:27:d5:20:86:26:e2:56:ea:2c:cb:ad:
         c6:dd:9b:09:b4:67:05:37:19:90:40:b8:7d:1f:29:41:2a:83:
         37:0e:69:62:b9:b6:9f:bf:f4:3c:46:bf:f2:14:9b:a6:49:45:
         a2:86:a5:48:f3:91:6e:68:dc:5f:2e:90:d6:a6:a5:ee:01:7e:
         dd:a1:6b:62:5c:09:ef:ba:e2:4e:85:db:89:3f:cc:b4:27:64:
         d9:24:0c:a8:13:66:a3:48:58:1c:67:23:fa:98:c8:e2:54:4f:
         97:bf:c9:2c:14:80:e3:8b:ce:14:ed:96:63:7d:0a:df:72:df:
         7d:59:cf:38:74:27:83:1b:18:6a:6c:cf:1e:14:81:18:2f:37:
         dc:e7:af:29:f0:c4:d4:a2:4e:f2:2b:6d:44:c1:4b:73:f1:77:
         6b:69:76:b5:7d:6d:db:28:22:53:b9:14:e9:fe:d3:42:bd:41:
         56:d5:47:64:34:a0:bb:49:b4:a4:12:b6:81:76:6b:0c:98:ca:
         15:f6:e0:f3:c7:88:f7:72:21:9c:44:69:46:ed:cb:df:e8:ad:
         cb:41:e1:53
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtyFayK8/KgC+BHka2KdzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGQyZjY0YzMzNzQ2NWVkMzhkYTVmN2NjNDU4NGRmODdk
NGE3NDQwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTIwMDYyNmY3MWNkNTJiNTcxYzk0YjM0OWJkMGQwMzRhOTEzOWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmB6dHWC2lYsXbQCktTm7zm7iEvRA
gUc2BmcTO7jGJCkZECEuLLpvI6gRlD1ESmDkufH0aMnMoDGV33bcEfKX3qaa7SSg
f8PXw4SdiWyIMpfI1pTnu1hizDI0gSJaBI8lHWkzIxsVDC3UIRVDBoxt+6fE2oJ/
jdqty7obJkMGQ1DHKHec4Powc2hxKAbAFtwUJ6gG+IPjIj7T6qu79aZHUmKVjdIZ
Lq9iTa9BS3hZbaxPEa7z1HM38XOIjib2Ma+M3AIYBhKstMiyCmLiHx7LCc2QuQaI
SDxQJTHzz6X6wSMIEgXOWOnxlSpqWaFQk9GBOrz1YiZJcV+FBth3b1tD1wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDEgBib3HNUrVxyUs0m9DQNKkTm2MB8GA1UdIwQY
MBaAFGaNL2TDN0Ze042l98xFhN+H1KdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm8wdlpNTTNSbDdUamFYM3pFV0UzNGZVcDBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS84MjhiMGYtODBlOC00MjdiLTk3MWQt
MzhiYmNmYWVlNmNlLzEvTVNBR0p2Y2MxU3RYSEpTelNiME5BMHFST2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS84MjhiMGYtODBlOC00MjdiLTk3MWQtMzhiYmNmYWVlNmNl
LzEvWm8wdlpNTTNSbDdUamFYM3pFV0UzNGZVcDBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgC0BOAw
DQYJKoZIhvcNAQELBQADggEBAB6btvsh5u6jxU6PzoMRtJSbCLLN4WYlt12wrUWm
8u0dFEoT9oU3mxLZvRAn1SCGJuJW6izLrcbdmwm0ZwU3GZBAuH0fKUEqgzcOaWK5
tp+/9DxGv/IUm6ZJRaKGpUjzkW5o3F8ukNampe4Bft2ha2JcCe+64k6F24k/zLQn
ZNkkDKgTZqNIWBxnI/qYyOJUT5e/ySwUgOOLzhTtlmN9Ct9y331Zzzh0J4MbGGps
zx4UgRgvN9znrynwxNSiTvIrbUTBS3Pxd2tpdrV9bdsoIlO5FOn+00K9QVbVR2Q0
oLtJtKQStoF2awyYyhX24PPHiPdyIZxEaUbty9/orctB4VM=
-----END CERTIFICATE-----
Generated at Sat Nov 23 07:35:21 2024 by rpki-client on console-fra.rpki-client.org