Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/d6c15a-3dff-44d7-a538-a951f200f652/1/v-lyzaf_xA5Tumq8lg1Ei7EzQfI.roa
File:                     v-lyzaf_xA5Tumq8lg1Ei7EzQfI.roa (raw, json)
Hash identifier:          cyO2gFZSO/KcvLI20z1qxd7D5XluK8buyz9GgBc7Kg8=
Subject key identifier:   BF:E9:72:CD:A7:FF:C4:0E:53:BA:6A:BC:96:0D:44:8B:B1:33:41:F2
Certificate issuer:       /CN=1a29b2a45de0136feabbfae4baa70172aa86619b
Certificate serial:       018CC94E18FB733F5D08BF8F7E97F2C6172D
Authority key identifier: 1A:29:B2:A4:5D:E0:13:6F:EA:BB:FA:E4:BA:A7:01:72:AA:86:61:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GimypF3gE2_qu_rkuqcBcqqGYZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/d6c15a-3dff-44d7-a538-a951f200f652/1/v-lyzaf_xA5Tumq8lg1Ei7EzQfI.roa
Signing time:             Tue 02 Jan 2024 08:33:07 +0000
ROA not before:           Tue 02 Jan 2024 08:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61201
IP address blocks:        193.36.189.0/24 maxlen: 24
                          2001:67c:91c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/d6c15a-3dff-44d7-a538-a951f200f652/1/GimypF3gE2_qu_rkuqcBcqqGYZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/d6c15a-3dff-44d7-a538-a951f200f652/1/GimypF3gE2_qu_rkuqcBcqqGYZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GimypF3gE2_qu_rkuqcBcqqGYZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:18:fb:73:3f:5d:08:bf:8f:7e:97:f2:c6:17:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a29b2a45de0136feabbfae4baa70172aa86619b
        Validity
            Not Before: Jan  2 08:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfe972cda7ffc40e53ba6abc960d448bb13341f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:55:d8:60:9a:a3:39:e0:9b:cf:c8:b7:6b:54:
                    86:11:61:4f:0f:94:c7:f6:9f:6a:9c:10:55:58:35:
                    b8:7a:14:7b:eb:5f:e8:fc:7f:63:81:10:34:ba:4b:
                    fd:8e:14:2c:38:3a:f9:a6:e5:a8:41:97:c4:e0:02:
                    87:ca:a8:47:bc:66:ae:4e:12:cc:c8:92:ce:f5:d9:
                    5f:a5:42:eb:e9:e0:4d:c5:a5:2c:99:6c:3b:83:35:
                    0a:e9:66:79:11:fb:d1:3c:08:4a:8b:96:73:d5:a4:
                    47:2d:06:06:50:10:aa:01:36:7f:7b:5f:39:57:51:
                    36:8b:ce:25:e3:09:e9:e9:82:66:2e:e6:03:de:28:
                    21:5a:89:69:b3:41:44:fc:d4:69:5f:8b:69:7a:3b:
                    4d:b2:36:01:5d:a0:27:5e:93:34:3f:eb:d1:56:ed:
                    2a:a7:6e:a9:ec:93:7f:23:f1:8b:1e:c6:b5:49:f6:
                    59:69:8e:85:54:af:e2:44:53:7b:1e:88:7b:6a:2c:
                    01:39:e0:ca:43:34:57:b1:ac:b8:b5:22:b2:a0:a5:
                    1d:7d:c2:b4:56:b1:8b:44:11:b9:80:9d:43:46:59:
                    5e:5d:62:d5:3e:83:d8:51:65:f2:c9:59:dd:30:02:
                    f9:64:00:3d:f2:9b:cd:7b:1d:92:5a:b0:33:cc:5a:
                    a3:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:E9:72:CD:A7:FF:C4:0E:53:BA:6A:BC:96:0D:44:8B:B1:33:41:F2
            X509v3 Authority Key Identifier:
                keyid:1A:29:B2:A4:5D:E0:13:6F:EA:BB:FA:E4:BA:A7:01:72:AA:86:61:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GimypF3gE2_qu_rkuqcBcqqGYZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d6c15a-3dff-44d7-a538-a951f200f652/1/v-lyzaf_xA5Tumq8lg1Ei7EzQfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d6c15a-3dff-44d7-a538-a951f200f652/1/GimypF3gE2_qu_rkuqcBcqqGYZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.189.0/24
                IPv6:
                  2001:67c:91c::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:72:35:d0:e9:7f:e3:63:39:6f:81:35:5a:d0:11:e1:2f:a0:
         97:1e:39:e0:7e:06:8f:4f:94:57:dc:2b:02:5a:3c:61:f1:56:
         4b:77:85:4e:d4:b2:2b:73:1b:d4:a0:94:b3:f3:73:4d:00:96:
         13:73:9e:82:8d:e9:df:bb:1a:05:3f:d4:87:21:7d:c5:7c:8e:
         45:6d:f7:80:49:cb:1a:d2:4c:d2:2a:e2:39:44:b9:d6:13:e5:
         e4:7a:5b:49:e3:d0:ee:cb:2f:c5:93:0c:e3:01:be:7f:cd:23:
         ca:e9:f1:fb:bb:b0:99:12:94:1b:c1:90:2d:72:d9:b0:e8:a4:
         7c:8d:41:1c:59:d7:84:cd:2c:e6:22:58:8c:8c:82:8f:9a:2f:
         55:6e:22:71:81:e4:eb:69:6b:da:cc:66:27:cb:61:20:8d:23:
         5f:95:d1:4b:2c:5c:6a:6a:c5:a6:c7:d7:b5:36:1d:20:fa:fa:
         48:3a:35:ab:44:ff:89:ff:1c:66:78:05:3e:03:7d:ac:cd:46:
         1e:e9:00:e8:34:cf:0e:9d:08:79:9f:55:10:63:17:25:49:d7:
         fa:9d:53:db:ee:a0:92:7f:f5:dc:9d:36:b6:79:70:35:dc:83:
         a9:46:e0:f6:ac:47:5f:7f:76:ce:f1:33:75:d7:f8:1d:b7:dc:
         64:d0:16:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJThj7cz9dCL+PfpfyxhctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMjliMmE0NWRlMDEzNmZlYWJiZmFlNGJhYTcwMTcyYWE4
NjYxOWIwHhcNMjQwMTAyMDgzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmU5NzJjZGE3ZmZjNDBlNTNiYTZhYmM5NjBkNDQ4YmIxMzM0MWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlXYYJqjOeCbz8i3a1SGEWFPD5TH
9p9qnBBVWDW4ehR761/o/H9jgRA0ukv9jhQsODr5puWoQZfE4AKHyqhHvGauThLM
yJLO9dlfpULr6eBNxaUsmWw7gzUK6WZ5EfvRPAhKi5Zz1aRHLQYGUBCqATZ/e185
V1E2i84l4wnp6YJmLuYD3ighWolps0FE/NRpX4tpejtNsjYBXaAnXpM0P+vRVu0q
p26p7JN/I/GLHsa1SfZZaY6FVK/iRFN7Hoh7aiwBOeDKQzRXsay4tSKyoKUdfcK0
VrGLRBG5gJ1DRlleXWLVPoPYUWXyyVndMAL5ZAA98pvNex2SWrAzzFqjIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL/pcs2n/8QOU7pqvJYNRIuxM0HyMB8GA1UdIwQY
MBaAFBopsqRd4BNv6rv65LqnAXKqhmGbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2lteXBGM2dFMl9xdV9ya3VxY0JjcXFHWVpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9kNmMxNWEtM2RmZi00NGQ3LWE1Mzgt
YTk1MWYyMDBmNjUyLzEvdi1seXphZl94QTVUdW1xOGxnMUVpN0V6UWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9kNmMxNWEtM2RmZi00NGQ3LWE1MzgtYTk1MWYyMDBmNjUy
LzEvR2lteXBGM2dFMl9xdV9ya3VxY0JjcXFHWVpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwSS9MA8E
AgACMAkDBwAgAQZ8CRwwDQYJKoZIhvcNAQELBQADggEBAGByNdDpf+NjOW+BNVrQ
EeEvoJceOeB+Bo9PlFfcKwJaPGHxVkt3hU7UsitzG9SglLPzc00AlhNznoKN6d+7
GgU/1IchfcV8jkVt94BJyxrSTNIq4jlEudYT5eR6W0nj0O7LL8WTDOMBvn/NI8rp
8fu7sJkSlBvBkC1y2bDopHyNQRxZ14TNLOYiWIyMgo+aL1VuInGB5Otpa9rMZifL
YSCNI1+V0UssXGpqxabH17U2HSD6+kg6NatE/4n/HGZ4BT4DfazNRh7pAOg0zw6d
CHmfVRBjFyVJ1/qdU9vuoJJ/9dydNrZ5cDXcg6lG4PasR19/ds7xM3XX+B233GTQ
FkU=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:41:23 2024 by rpki-client on console-ams.rpki-client.org