Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/54687f-efa5-4620-8619-3155ba8cb74f/1/cZoba5btLjXCv0MNdnDUmvBIvyY.roa
File:                     cZoba5btLjXCv0MNdnDUmvBIvyY.roa (raw, json)
Hash identifier:          21zQs2nUYAf9nXsXtjgAV4ChXculzyJlabGMRbD3u9U=
Subject key identifier:   71:9A:1B:6B:96:ED:2E:35:C2:BF:43:0D:76:70:D4:9A:F0:48:BF:26
Certificate issuer:       /CN=7c6dc7395815af045048f4ce3910d04008ff3a7c
Certificate serial:       018CC9BC8831B5A32BB75E69DBCF3A5B3075
Authority key identifier: 7C:6D:C7:39:58:15:AF:04:50:48:F4:CE:39:10:D0:40:08:FF:3A:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fG3HOVgVrwRQSPTOORDQQAj_Onw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/54687f-efa5-4620-8619-3155ba8cb74f/1/cZoba5btLjXCv0MNdnDUmvBIvyY.roa
Signing time:             Tue 02 Jan 2024 10:33:45 +0000
ROA not before:           Tue 02 Jan 2024 10:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8560
IP address blocks:        82.223.0.0/16 maxlen: 24
                          217.76.128.0/19 maxlen: 24
                          185.132.44.0/22 maxlen: 24
                          94.143.136.0/21 maxlen: 24
                          93.93.112.0/21 maxlen: 24
                          62.151.160.0/21 maxlen: 24
                          62.151.176.0/21 maxlen: 24
                          2001:ba0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/54687f-efa5-4620-8619-3155ba8cb74f/1/fG3HOVgVrwRQSPTOORDQQAj_Onw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/54687f-efa5-4620-8619-3155ba8cb74f/1/fG3HOVgVrwRQSPTOORDQQAj_Onw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fG3HOVgVrwRQSPTOORDQQAj_Onw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 19:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:88:31:b5:a3:2b:b7:5e:69:db:cf:3a:5b:30:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c6dc7395815af045048f4ce3910d04008ff3a7c
        Validity
            Not Before: Jan  2 10:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=719a1b6b96ed2e35c2bf430d7670d49af048bf26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:12:48:05:a5:f7:ba:f3:f2:31:de:24:bd:50:
                    a4:a9:05:0d:9e:dd:f9:14:6f:e8:25:3c:f0:d4:67:
                    1c:17:3a:04:8d:c1:14:98:53:9e:37:14:b9:2c:9d:
                    4b:ff:43:53:30:4f:e5:52:1f:4c:4a:b3:d0:a5:08:
                    68:b7:45:b7:82:98:60:1a:0d:d3:a6:fb:15:8f:bc:
                    e0:24:cd:58:7d:af:ba:62:17:c7:37:d9:b0:21:bd:
                    26:0a:5c:47:00:7c:98:50:c0:15:29:a9:8d:1f:70:
                    45:4d:ce:38:68:d0:8c:a9:fe:72:89:0e:64:c2:e8:
                    6c:fc:a1:9c:bf:f3:bd:0a:32:d5:be:bc:e9:83:28:
                    73:9a:ab:98:a0:0b:b0:04:4c:6f:78:95:5e:d9:2d:
                    b7:79:f8:33:4e:91:6d:bd:46:57:bf:42:b0:6d:ed:
                    29:96:ce:92:4d:ae:aa:45:42:59:92:a4:5b:df:d3:
                    1a:1f:19:83:50:f3:72:4e:88:fa:9b:50:a9:5c:9e:
                    c9:65:ac:99:95:fe:4a:4a:cf:2a:b8:11:45:e3:56:
                    40:2d:b1:6c:49:29:71:db:36:a4:49:e5:f8:e9:6c:
                    38:bc:77:43:18:fb:dd:b7:bf:f0:e2:b8:c0:19:60:
                    24:a3:3f:3a:7a:ff:a4:28:98:44:c0:47:f6:61:f5:
                    b9:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9A:1B:6B:96:ED:2E:35:C2:BF:43:0D:76:70:D4:9A:F0:48:BF:26
            X509v3 Authority Key Identifier:
                keyid:7C:6D:C7:39:58:15:AF:04:50:48:F4:CE:39:10:D0:40:08:FF:3A:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fG3HOVgVrwRQSPTOORDQQAj_Onw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54687f-efa5-4620-8619-3155ba8cb74f/1/cZoba5btLjXCv0MNdnDUmvBIvyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54687f-efa5-4620-8619-3155ba8cb74f/1/fG3HOVgVrwRQSPTOORDQQAj_Onw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.151.160.0/21
                  62.151.176.0/21
                  82.223.0.0/16
                  93.93.112.0/21
                  94.143.136.0/21
                  185.132.44.0/22
                  217.76.128.0/19
                IPv6:
                  2001:ba0::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:48:08:6e:f7:0a:a2:fc:3c:4e:73:16:b7:1e:95:4f:72:cc:
         f6:33:0f:95:6c:23:26:97:ac:43:75:88:cd:2f:96:91:26:57:
         77:d8:df:95:3a:1e:d8:46:4d:6d:9a:0c:e1:d3:da:3e:50:e9:
         d8:93:08:69:7e:52:c7:71:ea:c2:2e:ac:56:a0:7b:0b:8e:ad:
         8a:10:34:a0:12:61:5e:d7:7d:a3:f2:7d:bb:fd:64:8b:75:09:
         2c:fe:80:18:05:94:b3:c2:23:af:80:69:8c:6d:ac:d5:0b:32:
         10:43:85:de:42:99:c4:49:9f:8c:83:5f:76:76:9f:f8:9c:e9:
         a7:86:68:f8:c2:6e:97:0c:65:c6:7a:8e:47:9a:0d:81:c9:ac:
         83:2e:b3:f0:0e:48:17:9a:ab:a6:b1:76:24:63:c3:88:a8:52:
         b4:63:fa:66:43:bd:a8:a4:71:09:69:f6:eb:83:da:7f:52:bd:
         92:5b:ae:4b:94:9d:e9:20:94:0b:27:35:06:d4:16:ed:f0:cd:
         70:44:25:b6:cf:e0:29:d9:20:8f:5d:e4:dd:16:c4:e9:7c:96:
         2b:0d:9f:27:02:fa:89:80:dd:f2:93:69:0e:ce:00:38:54:b1:
         b7:37:14:33:93:2b:6f:24:68:d3:a8:4c:41:e4:81:5d:8a:c6:
         dc:6c:2d:ef
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzJvIgxtaMrt15p2886WzB1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNmRjNzM5NTgxNWFmMDQ1MDQ4ZjRjZTM5MTBkMDQwMDhm
ZjNhN2MwHhcNMjQwMTAyMTAzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTlhMWI2Yjk2ZWQyZTM1YzJiZjQzMGQ3NjcwZDQ5YWYwNDhiZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRJIBaX3uvPyMd4kvVCkqQUNnt35
FG/oJTzw1GccFzoEjcEUmFOeNxS5LJ1L/0NTME/lUh9MSrPQpQhot0W3gphgGg3T
pvsVj7zgJM1Yfa+6YhfHN9mwIb0mClxHAHyYUMAVKamNH3BFTc44aNCMqf5yiQ5k
wuhs/KGcv/O9CjLVvrzpgyhzmquYoAuwBExveJVe2S23efgzTpFtvUZXv0Kwbe0p
ls6STa6qRUJZkqRb39MaHxmDUPNyToj6m1CpXJ7JZayZlf5KSs8quBFF41ZALbFs
SSlx2zakSeX46Ww4vHdDGPvdt7/w4rjAGWAkoz86ev+kKJhEwEf2YfW56QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHGaG2uW7S41wr9DDXZw1JrwSL8mMB8GA1UdIwQY
MBaAFHxtxzlYFa8EUEj0zjkQ0EAI/zp8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkczSE9WZ1Zyd1JRU1BUT09SRFFRQWpfT253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81NDY4N2YtZWZhNS00NjIwLTg2MTkt
MzE1NWJhOGNiNzRmLzEvY1pvYmE1YnRMalhDdjBNTmRuRFVtdkJJdnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81NDY4N2YtZWZhNS00NjIwLTg2MTktMzE1NWJhOGNiNzRm
LzEvZkczSE9WZ1Zyd1JRU1BUT09SRFFRQWpfT253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAvBAIAATApAwQDPpegAwQD
PpewAwMAUt8DBANdXXADBANej4gDBAK5hCwDBAXZTIAwDQQCAAIwBwMFACABC6Aw
DQYJKoZIhvcNAQELBQADggEBAFZICG73CqL8PE5zFrcelU9yzPYzD5VsIyaXrEN1
iM0vlpEmV3fY35U6HthGTW2aDOHT2j5Q6diTCGl+Usdx6sIurFagewuOrYoQNKAS
YV7XfaPyfbv9ZIt1CSz+gBgFlLPCI6+AaYxtrNULMhBDhd5CmcRJn4yDX3Z2n/ic
6aeGaPjCbpcMZcZ6jkeaDYHJrIMus/AOSBeaq6axdiRjw4ioUrRj+mZDvaikcQlp
9uuD2n9SvZJbrkuUnekglAsnNQbUFu3wzXBEJbbP4CnZII9d5N0WxOl8lisNnycC
+omA3fKTaQ7OADhUsbc3FDOTK28kaNOoTEHkgV2KxtxsLe8=
-----END CERTIFICATE-----
Generated at Sun Jun 16 04:04:23 2024 by rpki-client on console-ams.rpki-client.org