Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/bxoQwGnIjgehyOU5QbPzYLAzirc.roa
File:                     bxoQwGnIjgehyOU5QbPzYLAzirc.roa (raw, json)
Hash identifier:          YPIzomdG/bJCvbXvPKS6XU87RGOYtzWiK0lVtwY2etE=
Subject key identifier:   6F:1A:10:C0:69:C8:8E:07:A1:C8:E5:39:41:B3:F3:60:B0:33:8A:B7
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       018CC80155009DB4BC0E1B20C99ACF202C81
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/bxoQwGnIjgehyOU5QbPzYLAzirc.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19197
IP address blocks:        57.72.96.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:55:00:9d:b4:bc:0e:1b:20:c9:9a:cf:20:2c:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f1a10c069c88e07a1c8e53941b3f360b0338ab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d8:55:88:3e:b3:48:14:02:e1:e0:1c:2d:34:
                    12:5f:07:82:1f:9a:8c:0b:af:9e:3d:21:b2:2f:9a:
                    b2:72:05:c6:1c:71:b5:74:db:fa:21:93:f7:9d:23:
                    9a:6a:e8:89:57:e6:d1:a9:c1:84:73:51:7a:39:11:
                    0e:ca:15:b4:a4:2e:58:05:65:a8:74:e4:24:f7:67:
                    d9:95:b7:90:47:b1:b1:4f:a8:66:cf:f1:4b:b1:3d:
                    3c:a6:44:f6:bc:71:28:f0:fa:5a:f6:22:85:b1:5c:
                    df:c4:93:25:cf:3a:c0:79:0f:b9:c2:1f:78:88:a4:
                    64:9a:bd:f5:6a:d4:82:4b:63:20:0e:2b:86:72:7e:
                    69:fb:31:6a:a2:47:e7:64:f0:a6:10:0e:8a:9d:f9:
                    d4:95:8e:ae:a7:6f:68:57:0c:f3:40:8d:26:73:41:
                    cd:b1:fb:5b:bc:ac:d6:7e:14:2a:46:e1:d5:91:71:
                    19:8b:35:0f:5f:7e:17:4f:10:ef:9a:04:aa:e0:63:
                    c2:71:13:2a:7f:0a:b0:76:80:aa:c3:df:1c:8d:54:
                    af:08:47:6f:c2:76:ea:56:c8:47:37:53:48:fa:fc:
                    60:4d:51:93:a4:bd:b4:a9:63:ec:80:2b:9b:bb:e6:
                    8a:a8:8a:b4:02:af:2a:90:3c:63:ba:6f:54:88:c0:
                    e5:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:1A:10:C0:69:C8:8E:07:A1:C8:E5:39:41:B3:F3:60:B0:33:8A:B7
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/bxoQwGnIjgehyOU5QbPzYLAzirc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.72.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:d7:f3:24:30:40:3b:6d:e7:b0:46:07:ce:b0:ab:65:ee:dc:
         d3:0a:6d:d8:32:b9:db:ec:68:5c:66:6b:4a:b4:8a:79:e7:21:
         fc:7c:78:d8:91:ae:5f:e5:ba:01:8a:10:c6:11:bd:8c:50:ae:
         a0:70:b5:c4:4d:76:77:31:53:69:7b:7b:5e:9e:6a:ef:4c:5e:
         a1:9f:53:ce:b1:68:86:be:f1:4e:3a:af:4d:7f:e2:0d:12:97:
         50:39:b1:76:0c:13:5f:f3:61:92:3a:9b:17:82:90:56:2e:27:
         75:e3:89:01:53:84:43:1f:bf:09:13:ca:2c:07:55:17:09:7e:
         08:70:d9:c1:df:32:4b:d4:c9:0d:89:34:0f:64:9b:57:de:28:
         b6:1e:cf:4c:a1:0f:ed:66:a6:9b:19:bc:06:7d:b8:bd:6b:df:
         d6:9f:77:cb:d2:68:75:27:a8:60:5a:be:1d:98:03:69:1b:b6:
         4b:60:f7:5e:e2:c2:40:40:de:d5:c8:76:77:8b:65:9c:97:cc:
         d3:f7:e2:4f:56:60:c8:c5:fc:38:ad:a3:b4:ee:ec:a2:83:33:
         2d:0f:f7:c3:79:63:2d:a7:38:18:4a:94:11:39:8f:70:32:f7:
         e5:72:38:49:e0:b1:4e:3e:4e:6e:f4:bc:18:42:54:26:eb:a3:
         27:4d:d6:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVUAnbS8DhsgyZrPICyBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjFhMTBjMDY5Yzg4ZTA3YTFjOGU1Mzk0MWIzZjM2MGIwMzM4YWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9hViD6zSBQC4eAcLTQSXweCH5qM
C6+ePSGyL5qycgXGHHG1dNv6IZP3nSOaauiJV+bRqcGEc1F6OREOyhW0pC5YBWWo
dOQk92fZlbeQR7GxT6hmz/FLsT08pkT2vHEo8Ppa9iKFsVzfxJMlzzrAeQ+5wh94
iKRkmr31atSCS2MgDiuGcn5p+zFqokfnZPCmEA6KnfnUlY6up29oVwzzQI0mc0HN
sftbvKzWfhQqRuHVkXEZizUPX34XTxDvmgSq4GPCcRMqfwqwdoCqw98cjVSvCEdv
wnbqVshHN1NI+vxgTVGTpL20qWPsgCubu+aKqIq0Aq8qkDxjum9UiMDllwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8aEMBpyI4HocjlOUGz82CwM4q3MB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvYnhvUXdHbklqZ2VoeU9VNVFiUHpZTEF6aXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAOUhgMA0G
CSqGSIb3DQEBCwUAA4IBAQAN1/MkMEA7beewRgfOsKtl7tzTCm3YMrnb7GhcZmtK
tIp55yH8fHjYka5f5boBihDGEb2MUK6gcLXETXZ3MVNpe3tenmrvTF6hn1POsWiG
vvFOOq9Nf+INEpdQObF2DBNf82GSOpsXgpBWLid144kBU4RDH78JE8osB1UXCX4I
cNnB3zJL1MkNiTQPZJtX3ii2Hs9MoQ/tZqabGbwGfbi9a9/Wn3fL0mh1J6hgWr4d
mANpG7ZLYPde4sJAQN7VyHZ3i2Wcl8zT9+JPVmDIxfw4raO07uyigzMtD/fDeWMt
pzgYSpQROY9wMvflcjhJ4LFOPk5u9LwYQlQm66MnTdbk
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:48:32 2024 by rpki-client on console-fra.rpki-client.org