Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/1-Hf4Ds-tDJsQaFnpdVeDcBMxNpw.roa
File:                     1-Hf4Ds-tDJsQaFnpdVeDcBMxNpw.roa (raw, json)
Hash identifier:          5lVD9/VBP1RPjkkHx9mC+iELyJOZpcxXn75DCiepme0=
Subject key identifier:   F8:77:F8:0E:CF:AD:0C:9B:10:68:59:E9:75:57:83:70:13:31:36:9C
Certificate issuer:       /CN=74267f3ecfcc61668e0501bca60ced6dd75d347c
Certificate serial:       018CC9BC562E601E18EF9D2FA4D5B5E991B8
Authority key identifier: 74:26:7F:3E:CF:CC:61:66:8E:05:01:BC:A6:0C:ED:6D:D7:5D:34:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dCZ_Ps_MYWaOBQG8pgztbdddNHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/1-Hf4Ds-tDJsQaFnpdVeDcBMxNpw.roa
Signing time:             Tue 02 Jan 2024 10:33:32 +0000
ROA not before:           Tue 02 Jan 2024 10:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2263
IP address blocks:        192.108.119.0/24 maxlen: 24
                          192.44.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/dCZ_Ps_MYWaOBQG8pgztbdddNHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/dCZ_Ps_MYWaOBQG8pgztbdddNHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dCZ_Ps_MYWaOBQG8pgztbdddNHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:56:2e:60:1e:18:ef:9d:2f:a4:d5:b5:e9:91:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74267f3ecfcc61668e0501bca60ced6dd75d347c
        Validity
            Not Before: Jan  2 10:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f877f80ecfad0c9b106859e9755783701331369c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5b:14:d1:d4:43:db:02:8f:24:cc:e2:93:cf:
                    19:9d:a1:8f:c3:42:f0:2f:d5:76:6f:c8:28:38:f4:
                    28:c2:12:b5:0c:bd:35:7e:3a:2a:79:9b:f6:1c:52:
                    81:1f:07:76:f6:70:77:a1:18:f7:5b:2f:98:74:4f:
                    2e:1e:a8:46:0b:2c:9d:3b:27:33:3c:f8:3f:45:b1:
                    31:6d:d5:09:27:47:0b:e4:52:00:26:61:1d:00:89:
                    a7:67:c8:86:45:9b:9a:7e:37:40:0d:19:2b:68:64:
                    ec:32:63:92:06:70:0d:5a:93:34:61:ed:20:ea:b6:
                    4b:ad:7d:87:72:3c:75:f3:a9:97:c9:5c:24:fd:21:
                    0a:5b:17:b2:f1:01:4f:b3:2c:cb:f3:5e:9f:23:ed:
                    14:fa:10:3a:b4:6b:fe:36:ca:c8:fe:f8:75:2d:d1:
                    f9:84:f4:14:57:d2:ab:6d:7f:08:39:12:18:57:64:
                    65:10:5e:2e:a9:3b:aa:d8:09:c6:b8:5a:30:1c:3f:
                    88:ad:00:a9:42:02:ae:31:96:8b:ea:fe:63:e7:54:
                    93:3c:14:06:8b:10:82:ac:eb:fb:fd:b7:21:40:68:
                    f4:a9:64:83:53:7b:a3:d9:b7:f2:f5:3e:14:b9:2e:
                    fa:eb:f0:44:28:1f:59:fa:4c:e0:06:cd:8d:cf:5e:
                    1a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:77:F8:0E:CF:AD:0C:9B:10:68:59:E9:75:57:83:70:13:31:36:9C
            X509v3 Authority Key Identifier:
                keyid:74:26:7F:3E:CF:CC:61:66:8E:05:01:BC:A6:0C:ED:6D:D7:5D:34:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dCZ_Ps_MYWaOBQG8pgztbdddNHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/1-Hf4Ds-tDJsQaFnpdVeDcBMxNpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70cb80-4e6d-46a5-b1b4-4e3f4d68f682/1/dCZ_Ps_MYWaOBQG8pgztbdddNHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.44.77.0/24
                  192.108.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:07:9a:23:c4:cf:7b:4c:6f:f5:df:1d:6d:7a:f0:27:76:27:
         dc:62:b3:df:d8:f8:3d:a1:89:af:aa:87:db:75:02:60:2c:2a:
         7a:c1:48:2a:21:58:7c:c4:f9:f8:3a:ac:89:24:a0:23:22:32:
         68:22:ca:3f:45:68:9a:e0:17:73:1b:9b:33:57:11:5a:eb:95:
         9a:14:ab:f3:cd:84:17:ca:40:ac:92:4d:e2:da:c0:85:91:e8:
         bf:6f:69:41:8c:b1:e7:24:fa:1a:ca:bf:3e:ee:87:cd:27:f8:
         f0:2c:f8:78:f2:87:da:5b:65:f5:6a:ed:e2:2a:88:da:04:fa:
         8f:0c:77:37:c9:81:7f:70:58:52:f9:62:d4:c1:d5:d8:27:91:
         f5:fa:05:e6:19:47:d7:d9:c8:38:5a:6d:1f:f5:4d:42:74:b3:
         24:11:32:97:ca:dd:75:f4:b1:6f:b9:55:c8:3c:02:42:b2:ce:
         d7:09:e0:32:f8:e3:d0:7e:d3:6e:6c:77:1d:52:30:d5:c7:69:
         7d:29:56:a1:c0:d0:56:b5:d6:12:c0:90:4a:2a:01:bf:59:ef:
         ae:67:2f:3a:fd:2f:c8:ab:a9:2b:2f:a4:e0:c7:ab:f7:67:fb:
         21:72:ae:e7:cc:9b:e7:a2:4a:1e:d0:bc:df:f0:45:0b:dc:85:
         0a:85:0c:cb
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzJvFYuYB4Y750vpNW16ZG4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MjY3ZjNlY2ZjYzYxNjY4ZTA1MDFiY2E2MGNlZDZkZDc1
ZDM0N2MwHhcNMjQwMTAyMTAzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODc3ZjgwZWNmYWQwYzliMTA2ODU5ZTk3NTU3ODM3MDEzMzEzNjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlsU0dRD2wKPJMzik88ZnaGPw0Lw
L9V2b8goOPQowhK1DL01fjoqeZv2HFKBHwd29nB3oRj3Wy+YdE8uHqhGCyydOycz
PPg/RbExbdUJJ0cL5FIAJmEdAImnZ8iGRZuafjdADRkraGTsMmOSBnANWpM0Ye0g
6rZLrX2Hcjx186mXyVwk/SEKWxey8QFPsyzL816fI+0U+hA6tGv+NsrI/vh1LdH5
hPQUV9KrbX8IORIYV2RlEF4uqTuq2AnGuFowHD+IrQCpQgKuMZaL6v5j51STPBQG
ixCCrOv7/bchQGj0qWSDU3uj2bfy9T4UuS766/BEKB9Z+kzgBs2Nz14aVwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPh3+A7PrQybEGhZ6XVXg3ATMTacMB8GA1UdIwQY
MBaAFHQmfz7PzGFmjgUBvKYM7W3XXTR8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZENaX1BzX01ZV2FPQlFHOHBnenRiZGRkTkh3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNiODAtNGU2ZC00NmE1LWIxYjQt
NGUzZjRkNjhmNjgyLzEvMS1IZjREcy10REpzUWFGbnBkVmVEY0JNeE5wdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjcvNzBjYjgwLTRlNmQtNDZhNS1iMWI0LTRlM2Y0ZDY4ZjY4
Mi8xL2RDWl9Qc19NWVdhT0JRRzhwZ3p0YmRkZE5Idy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAMAsTQME
AMBsdzANBgkqhkiG9w0BAQsFAAOCAQEAeQeaI8TPe0xv9d8dbXrwJ3Yn3GKz39j4
PaGJr6qH23UCYCwqesFIKiFYfMT5+DqsiSSgIyIyaCLKP0VomuAXcxubM1cRWuuV
mhSr882EF8pArJJN4trAhZHov29pQYyx5yT6Gsq/Pu6HzSf48Cz4ePKH2ltl9Wrt
4iqI2gT6jwx3N8mBf3BYUvli1MHV2CeR9foF5hlH19nIOFptH/VNQnSzJBEyl8rd
dfSxb7lVyDwCQrLO1wngMvjj0H7Tbmx3HVIw1cdpfSlWocDQVrXWEsCQSioBv1nv
rmcvOv0vyKupKy+k4Mer92f7IXKu58yb56JKHtC83/BFC9yFCoUMyw==
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:59:42 2024 by rpki-client on console-ams.rpki-client.org