Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/o6DCl-735Gw3HFRiuslykk0QhfI.roa
File:                     o6DCl-735Gw3HFRiuslykk0QhfI.roa (raw, json)
Hash identifier:          lIT76ir20Zao6uadVXXIzXS/4JbZTWcIUB1lpgUbsF0=
Subject key identifier:   A3:A0:C2:97:EE:F7:E4:6C:37:1C:54:62:BA:C9:72:92:4D:10:85:F2
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF4CB7071F15570D174A9FB2EE494
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/o6DCl-735Gw3HFRiuslykk0QhfI.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200176
IP address blocks:        88.199.130.0/24 maxlen: 24
                          88.199.128.0/23 maxlen: 23
                          88.199.44.0/24 maxlen: 24
                          88.199.54.0/23 maxlen: 23
                          88.199.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f4:cb:70:71:f1:55:70:d1:74:a9:fb:2e:e4:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3a0c297eef7e46c371c5462bac972924d1085f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3c:6b:57:6b:cc:0b:d6:10:28:ce:4f:86:6b:
                    a6:f9:d2:3a:3c:84:75:16:8e:70:7a:4c:ad:67:76:
                    1f:cc:c4:98:66:98:9e:7a:bd:46:b2:67:96:69:4b:
                    f9:e4:ff:f6:42:9e:89:8f:a5:d1:60:01:ad:bd:21:
                    06:37:ec:e7:e7:3b:80:70:6b:ab:e1:4d:44:33:4f:
                    b8:15:82:1f:c9:4b:37:13:9f:8b:0a:ac:f1:5c:49:
                    67:2d:6a:52:dc:2a:2c:0a:37:58:70:c0:85:29:89:
                    cc:60:95:1f:75:eb:0c:cd:61:3c:91:56:8a:16:8a:
                    ff:3d:c2:4f:15:dd:bf:64:0f:46:70:67:88:09:c3:
                    8b:c1:b6:79:cd:25:3a:8c:71:48:6e:95:9f:8f:91:
                    3c:e1:e8:3e:bc:24:fd:06:48:74:bc:b6:27:4e:e3:
                    5a:01:0b:2c:d1:e5:ca:bf:49:d3:3c:50:0c:e3:86:
                    8f:b1:01:ba:8a:7e:eb:39:4f:46:00:89:09:7e:3f:
                    91:3c:7c:b0:2d:ea:03:56:ee:1f:32:35:e2:ff:28:
                    b1:c4:b6:f9:ea:08:0f:0b:18:70:5c:43:21:ec:99:
                    92:e3:0f:03:98:7c:fa:a0:9f:ec:5c:84:27:34:05:
                    c5:c2:93:b1:e9:10:31:1b:1f:e6:db:f5:b8:50:6f:
                    c3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A0:C2:97:EE:F7:E4:6C:37:1C:54:62:BA:C9:72:92:4D:10:85:F2
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/o6DCl-735Gw3HFRiuslykk0QhfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.199.44.0/24
                  88.199.53.0-88.199.55.255
                  88.199.128.0-88.199.130.255

    Signature Algorithm: sha256WithRSAEncryption
         22:6f:9c:3a:88:3f:c4:49:09:03:f9:f6:74:c6:89:6c:93:2f:
         63:05:6b:5c:17:ee:ec:a4:21:a0:c6:07:54:7d:10:64:a9:ec:
         ec:e8:88:8e:ee:6c:8f:0b:a3:48:9e:8d:16:e8:0b:21:7f:13:
         20:2d:c0:d9:cc:17:45:28:56:cd:69:90:92:42:79:80:e4:9c:
         c7:fb:13:74:96:fc:c3:d0:57:1d:67:05:3a:69:fe:a3:04:f6:
         ec:29:41:72:fe:15:78:5e:42:20:33:61:05:8a:c4:a2:11:74:
         6c:42:80:24:0b:dd:63:f0:d1:60:d5:c6:be:3a:df:3b:5a:94:
         75:d4:23:ed:76:1f:3d:6d:7f:4a:52:25:dd:df:82:88:b5:8a:
         c3:e3:a8:7d:92:38:22:48:cb:e3:7d:d1:61:9d:2f:0d:7b:84:
         72:95:4e:f7:91:a1:8b:cf:c8:f6:2b:d1:88:3d:bd:83:34:8c:
         94:6d:52:f7:a1:23:ae:94:6a:61:72:4b:f3:46:a9:90:b8:42:
         ae:08:76:39:8e:36:69:7e:19:c5:b0:ca:27:3d:2a:56:eb:3b:
         3a:62:b3:2d:b5:51:b1:29:b5:35:17:49:66:c3:e3:bc:a7:ee:
         9a:d9:cd:5f:b1:0f:1f:b7:25:8c:ff:9c:b4:ca:cf:15:80:4e:
         c9:8c:b4:14
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzCbPTLcHHxVXDRdKn7LuSUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2EwYzI5N2VlZjdlNDZjMzcxYzU0NjJiYWM5NzI5MjRkMTA4NWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozxrV2vMC9YQKM5Phmum+dI6PIR1
Fo5wekytZ3YfzMSYZpieer1GsmeWaUv55P/2Qp6Jj6XRYAGtvSEGN+zn5zuAcGur
4U1EM0+4FYIfyUs3E5+LCqzxXElnLWpS3CosCjdYcMCFKYnMYJUfdesMzWE8kVaK
For/PcJPFd2/ZA9GcGeICcOLwbZ5zSU6jHFIbpWfj5E84eg+vCT9Bkh0vLYnTuNa
AQss0eXKv0nTPFAM44aPsQG6in7rOU9GAIkJfj+RPHywLeoDVu4fMjXi/yixxLb5
6ggPCxhwXEMh7JmS4w8DmHz6oJ/sXIQnNAXFwpOx6RAxGx/m2/W4UG/DgwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFKOgwpfu9+RsNxxUYrrJcpJNEIXyMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvbzZEQ2wtNzM1R3czSEZSaXVzbHlrazBRaGZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQAWMcsMAwD
BABYxzUDBANYxzAwDAMEB1jHgAMEAFjHgjANBgkqhkiG9w0BAQsFAAOCAQEAIm+c
Oog/xEkJA/n2dMaJbJMvYwVrXBfu7KQhoMYHVH0QZKns7OiIju5sjwujSJ6NFugL
IX8TIC3A2cwXRShWzWmQkkJ5gOScx/sTdJb8w9BXHWcFOmn+owT27ClBcv4VeF5C
IDNhBYrEohF0bEKAJAvdY/DRYNXGvjrfO1qUddQj7XYfPW1/SlIl3d+CiLWKw+Oo
fZI4IkjL433RYZ0vDXuEcpVO95Ghi8/I9ivRiD29gzSMlG1S96EjrpRqYXJL80ap
kLhCrgh2OY42aX4ZxbDKJz0qVus7OmKzLbVRsSm1NRdJZsPjvKfumtnNX7EPH7cl
jP+ctMrPFYBOyYy0FA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:42:45 2024 by rpki-client on console-ams.rpki-client.org