Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/42BxOrY47trzUY241Lat7s8s6bs.roa
File:                     42BxOrY47trzUY241Lat7s8s6bs.roa (raw, json)
Hash identifier:          xXwwr1Z37TVhBX+xu9eWCeTA9rVK6Ndxyvc4KqJppew=
Subject key identifier:   E3:60:71:3A:B6:38:EE:DA:F3:51:8D:B8:D4:B6:AD:EE:CF:2C:E9:BB
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF6DC901F132F91118BAD5562D978
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/42BxOrY47trzUY241Lat7s8s6bs.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201695
IP address blocks:        94.40.87.0/24 maxlen: 24
                          82.160.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f6:dc:90:1f:13:2f:91:11:8b:ad:55:62:d9:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e360713ab638eedaf3518db8d4b6adeecf2ce9bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b3:2b:5d:eb:ea:b1:29:d4:f6:df:0d:13:d4:
                    b2:fd:34:9c:4e:e8:62:aa:fb:c1:1c:98:ad:ec:4b:
                    53:88:1c:88:86:0c:dd:23:4d:a3:49:30:42:df:0b:
                    80:2f:39:ba:30:a2:66:9e:4e:29:46:7a:21:97:20:
                    f4:f6:65:9d:91:7b:45:fa:b3:39:bd:63:1f:b7:0c:
                    2c:64:f9:97:31:d9:3a:24:47:d3:a6:62:9f:76:1b:
                    bf:67:1d:c0:30:71:c8:da:98:82:38:98:60:83:28:
                    63:f7:e4:92:74:9f:bc:74:13:f9:6e:73:4b:ae:3b:
                    31:9e:3b:d2:34:31:5f:c7:d0:e7:1a:c1:64:9a:9e:
                    c2:95:3e:6f:1b:b7:4d:81:55:5f:33:b7:23:e8:32:
                    b7:44:30:61:77:42:a4:22:f0:a6:24:cd:4d:33:e4:
                    6f:5c:2e:85:77:6f:5e:42:26:b3:3a:71:7b:5b:55:
                    8f:b0:28:87:53:53:bf:9f:f1:aa:c6:64:eb:0c:55:
                    bd:a9:8c:4f:8c:44:39:2c:86:bd:fc:4d:e8:41:fb:
                    08:90:a1:ea:4b:4f:66:e1:27:96:5c:14:75:3f:08:
                    3a:1d:93:5c:b9:15:37:9d:ac:6d:1e:9b:ac:01:bc:
                    b0:5c:10:79:80:21:ea:4f:6f:c8:64:0d:c0:90:57:
                    51:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:60:71:3A:B6:38:EE:DA:F3:51:8D:B8:D4:B6:AD:EE:CF:2C:E9:BB
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/42BxOrY47trzUY241Lat7s8s6bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.160.134.0/24
                  94.40.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:e3:bc:71:3d:17:90:7d:dc:a9:ba:e6:a2:53:e2:88:99:f6:
         f5:45:c7:64:c5:53:a3:4a:0e:a2:dd:f2:65:e3:fe:f4:81:75:
         4c:7c:0c:43:35:8c:f3:97:3a:5e:23:c0:12:b4:da:c6:0f:c2:
         b0:f7:6b:03:d3:41:d2:40:c7:f1:28:4e:3f:8b:4c:10:3a:e1:
         30:ad:f9:a9:4c:e2:e9:e8:9a:15:ef:53:5b:8c:ed:40:7a:0a:
         0a:72:1f:01:0d:5a:32:66:bb:ee:f6:38:5c:c0:b1:1b:96:1f:
         62:de:29:6d:3e:fd:41:41:c3:3a:8f:94:fc:45:b9:d8:9d:89:
         6c:0c:d3:3a:32:80:d8:df:58:1b:02:ed:50:65:c1:66:78:43:
         ef:8b:3e:74:2d:02:87:73:b1:e4:20:64:8e:6a:db:50:0b:63:
         15:55:46:73:15:b9:8f:48:6d:4b:66:21:45:c4:94:ea:92:63:
         18:75:8e:12:1b:93:dc:f2:4f:e4:5e:24:ca:0e:53:47:81:9f:
         97:9d:ed:7d:fc:bf:2e:e9:9a:07:0b:23:c3:09:6c:5f:68:09:
         cd:ef:1f:f2:ed:4c:20:52:c7:9f:5f:9a:45:a3:3c:86:6c:b1:
         79:f9:05:36:c4:3d:4d:0a:7e:3d:ac:80:ef:b7:02:a7:bb:92:
         45:87:82:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbPbckB8TL5ERi61VYtl4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzYwNzEzYWI2MzhlZWRhZjM1MThkYjhkNGI2YWRlZWNmMmNlOWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLMrXevqsSnU9t8NE9Sy/TScTuhi
qvvBHJit7EtTiByIhgzdI02jSTBC3wuALzm6MKJmnk4pRnohlyD09mWdkXtF+rM5
vWMftwwsZPmXMdk6JEfTpmKfdhu/Zx3AMHHI2piCOJhggyhj9+SSdJ+8dBP5bnNL
rjsxnjvSNDFfx9DnGsFkmp7ClT5vG7dNgVVfM7cj6DK3RDBhd0KkIvCmJM1NM+Rv
XC6Fd29eQiazOnF7W1WPsCiHU1O/n/GqxmTrDFW9qYxPjEQ5LIa9/E3oQfsIkKHq
S09m4SeWXBR1Pwg6HZNcuRU3naxtHpusAbywXBB5gCHqT2/IZA3AkFdR8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFONgcTq2OO7a81GNuNS2re7PLOm7MB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvNDJCeE9yWTQ3dHJ6VVkyNDFMYXQ3czhzNmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUqCGAwQA
XihXMA0GCSqGSIb3DQEBCwUAA4IBAQBM47xxPReQfdypuuaiU+KImfb1RcdkxVOj
Sg6i3fJl4/70gXVMfAxDNYzzlzpeI8AStNrGD8Kw92sD00HSQMfxKE4/i0wQOuEw
rfmpTOLp6JoV71NbjO1AegoKch8BDVoyZrvu9jhcwLEblh9i3iltPv1BQcM6j5T8
RbnYnYlsDNM6MoDY31gbAu1QZcFmeEPviz50LQKHc7HkIGSOattQC2MVVUZzFbmP
SG1LZiFFxJTqkmMYdY4SG5Pc8k/kXiTKDlNHgZ+Xne19/L8u6ZoHCyPDCWxfaAnN
7x/y7UwgUsefX5pFozyGbLF5+QU2xD1NCn49rIDvtwKnu5JFh4ID
-----END CERTIFICATE-----