Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/97BAPsew3_1liq1CGxhxofD57Bs.roa
File:                     97BAPsew3_1liq1CGxhxofD57Bs.roa (raw, json)
Hash identifier:          dBTykiavOfHvrnPNMfAg9dP36M+HyNop9EVthW3Ez5I=
Subject key identifier:   F7:B0:40:3E:C7:B0:DF:FD:65:8A:AD:42:1B:18:71:A1:F0:F9:EC:1B
Certificate issuer:       /CN=3474210c28413e26284822abe83ad6d7c0f764fa
Certificate serial:       018CC500E5429714B8AC7B57EE87F460CB82
Authority key identifier: 34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/97BAPsew3_1liq1CGxhxofD57Bs.roa
Signing time:             Mon 01 Jan 2024 12:30:19 +0000
ROA not before:           Mon 01 Jan 2024 12:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        185.161.233.0/24 maxlen: 24
                          185.161.232.0/22 maxlen: 24
                          185.68.44.0/22 maxlen: 24
                          185.68.44.0/24 maxlen: 24
                          185.68.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e5:42:97:14:b8:ac:7b:57:ee:87:f4:60:cb:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3474210c28413e26284822abe83ad6d7c0f764fa
        Validity
            Not Before: Jan  1 12:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7b0403ec7b0dffd658aad421b1871a1f0f9ec1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:75:10:7c:72:2f:53:b2:54:d2:ba:e4:07:b6:
                    6b:b8:c3:10:d5:f0:e0:1b:db:bd:5e:a2:7f:7e:e6:
                    92:0b:d2:77:ad:24:7a:c3:f7:03:9d:b7:19:b7:54:
                    ba:4a:f9:6e:03:19:d9:58:8e:ed:81:a2:43:b6:fb:
                    55:b3:d4:9b:0c:46:ba:1f:67:f5:cb:c6:35:a8:db:
                    c5:5e:cf:49:7c:99:5e:e8:13:4e:cb:1d:bd:51:9e:
                    0b:e4:39:dd:c3:c8:85:2b:bb:b7:c9:b3:4a:3b:3c:
                    04:c7:d7:65:2e:87:20:10:c9:54:68:55:9f:8a:5f:
                    93:96:8e:06:7b:cc:78:80:8d:16:a9:1a:89:cf:ef:
                    80:dc:0d:37:ae:02:4d:6e:5a:ae:68:25:6c:01:e9:
                    59:16:3e:26:61:c8:ae:fa:0c:e5:30:8a:be:33:c6:
                    47:88:a8:1b:4c:10:38:ba:87:e4:6e:2b:c5:ab:67:
                    fe:f7:ee:4a:63:c8:91:66:92:be:fc:c3:5b:76:e8:
                    67:ec:49:c6:80:96:03:8e:be:f6:87:52:44:6a:81:
                    ee:d0:ff:0b:8f:1e:b2:83:80:77:27:6c:fb:80:d5:
                    a0:c5:ae:03:4f:28:cf:fb:46:b4:70:9d:05:f5:01:
                    1a:02:7a:6c:67:e8:6a:42:5f:22:08:11:3e:91:22:
                    a4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B0:40:3E:C7:B0:DF:FD:65:8A:AD:42:1B:18:71:A1:F0:F9:EC:1B
            X509v3 Authority Key Identifier:
                keyid:34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/97BAPsew3_1liq1CGxhxofD57Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.44.0/22
                  185.161.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:23:8c:c9:17:cf:c6:e5:a8:bb:d4:16:16:ff:e1:c2:dc:82:
         01:6e:16:31:b1:9c:f8:7f:6f:43:b0:d1:56:ca:bf:4f:64:ba:
         d1:34:e2:9a:6f:54:d6:eb:85:11:81:78:44:67:8d:db:5a:17:
         02:b5:85:1c:12:ba:6d:d5:96:73:5a:09:60:2b:65:7f:e8:3d:
         b9:5a:95:f6:7b:79:06:23:d3:86:c5:52:74:3a:88:0d:c6:80:
         0a:30:9a:57:31:c2:b8:bc:8a:f9:46:e1:19:d7:50:b9:94:17:
         9e:5b:33:2d:3c:1d:19:a6:22:32:8e:7e:1e:ee:18:ca:43:f4:
         73:4b:57:0a:0a:db:47:ab:9d:27:7a:45:d0:f9:37:1b:df:4f:
         01:34:c6:fb:f3:0b:42:a2:9a:5a:a6:2c:0a:9d:85:56:e6:e2:
         08:bd:06:56:25:25:2f:29:fb:0e:16:e1:56:b6:cb:d9:8f:5f:
         92:c8:a1:b7:d2:59:ab:b5:06:69:e2:48:54:54:2a:ad:4f:d6:
         f0:35:43:d3:52:27:9e:8a:0e:1c:ab:0d:92:eb:79:50:58:a8:
         ad:6f:49:91:2c:b2:f6:6c:81:14:35:54:f4:7f:4c:42:27:77:
         3f:0d:0f:97:90:a5:36:4c:42:9f:cb:4a:1e:05:99:9a:30:e4:
         79:07:83:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAOVClxS4rHtX7of0YMuCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NzQyMTBjMjg0MTNlMjYyODQ4MjJhYmU4M2FkNmQ3YzBm
NzY0ZmEwHhcNMjQwMTAxMTIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2IwNDAzZWM3YjBkZmZkNjU4YWFkNDIxYjE4NzFhMWYwZjllYzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHUQfHIvU7JU0rrkB7ZruMMQ1fDg
G9u9XqJ/fuaSC9J3rSR6w/cDnbcZt1S6SvluAxnZWI7tgaJDtvtVs9SbDEa6H2f1
y8Y1qNvFXs9JfJle6BNOyx29UZ4L5Dndw8iFK7u3ybNKOzwEx9dlLocgEMlUaFWf
il+Tlo4Ge8x4gI0WqRqJz++A3A03rgJNblquaCVsAelZFj4mYciu+gzlMIq+M8ZH
iKgbTBA4uofkbivFq2f+9+5KY8iRZpK+/MNbduhn7EnGgJYDjr72h1JEaoHu0P8L
jx6yg4B3J2z7gNWgxa4DTyjP+0a0cJ0F9QEaAnpsZ+hqQl8iCBE+kSKk1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPewQD7HsN/9ZYqtQhsYcaHw+ewbMB8GA1UdIwQY
MBaAFDR0IQwoQT4mKEgiq+g61tfA92T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5Yzkt
YjBjNzRiNzZlMTgyLzEvOTdCQVBzZXczXzFsaXExQ0d4aHhvZkQ1N0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5YzktYjBjNzRiNzZlMTgy
LzEvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuUQsAwQC
uaHoMA0GCSqGSIb3DQEBCwUAA4IBAQBfI4zJF8/G5ai71BYW/+HC3IIBbhYxsZz4
f29DsNFWyr9PZLrRNOKab1TW64URgXhEZ43bWhcCtYUcErpt1ZZzWglgK2V/6D25
WpX2e3kGI9OGxVJ0OogNxoAKMJpXMcK4vIr5RuEZ11C5lBeeWzMtPB0ZpiIyjn4e
7hjKQ/RzS1cKCttHq50nekXQ+Tcb308BNMb78wtCoppapiwKnYVW5uIIvQZWJSUv
KfsOFuFWtsvZj1+SyKG30lmrtQZp4khUVCqtT9bwNUPTUieeig4cqw2S63lQWKit
b0mRLLL2bIEUNVT0f0xCJ3c/DQ+XkKU2TEKfy0oeBZmaMOR5B4Nw
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:41:20 2024 by rpki-client on console-fra.rpki-client.org