Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/Opzi26JjfjfXOCUBX5GPknC-tM8.roa
File:                     Opzi26JjfjfXOCUBX5GPknC-tM8.roa (raw, json)
Hash identifier:          Wk5MtBqy4YOqMks1prMolYMdunylGV+fLUCMS8c/nvc=
Subject key identifier:   3A:9C:E2:DB:A2:63:7E:37:D7:38:25:01:5F:91:8F:92:70:BE:B4:CF
Certificate issuer:       /CN=b7151f194a3e524c82c677b8e132058143c8ebee
Certificate serial:       018CC5DC01745C9794751F791C3DD734985F
Authority key identifier: B7:15:1F:19:4A:3E:52:4C:82:C6:77:B8:E1:32:05:81:43:C8:EB:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txUfGUo-UkyCxne44TIFgUPI6-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/Opzi26JjfjfXOCUBX5GPknC-tM8.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21293
IP address blocks:        160.68.0.0/16 maxlen: 16
                          185.97.188.0/22 maxlen: 24
                          160.67.0.0/16 maxlen: 16
                          2a00:f980::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/txUfGUo-UkyCxne44TIFgUPI6-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/txUfGUo-UkyCxne44TIFgUPI6-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txUfGUo-UkyCxne44TIFgUPI6-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:01:74:5c:97:94:75:1f:79:1c:3d:d7:34:98:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7151f194a3e524c82c677b8e132058143c8ebee
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a9ce2dba2637e37d73825015f918f9270beb4cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2a:76:33:98:02:8c:fe:09:8f:3c:77:50:a5:
                    99:28:e9:a9:a6:95:8b:3a:81:d0:fb:0d:ee:76:60:
                    9a:f9:46:b6:ee:34:d2:84:8b:85:49:8f:f6:11:08:
                    0d:c5:a7:c3:32:7f:0c:1e:05:d1:d4:47:fc:a4:e9:
                    05:7b:7b:5f:fa:b1:85:46:9a:b1:ee:64:ae:85:a1:
                    e5:a5:2e:62:5e:e4:b6:e7:65:ba:ed:1d:40:a0:8f:
                    09:dd:dc:19:71:ab:c5:09:52:19:f2:98:94:29:43:
                    54:c4:5d:be:57:be:02:c9:43:be:e1:f5:43:18:ac:
                    f3:7c:fc:68:31:1a:0c:12:f8:81:15:dc:a7:e3:80:
                    b9:07:fe:28:c9:e2:bf:69:cc:a8:e6:ea:4d:c1:77:
                    cc:40:5f:33:52:bb:8b:da:db:a3:b5:52:13:1f:34:
                    ae:70:15:1d:d0:38:21:87:38:d6:78:74:b2:ce:34:
                    ff:49:b7:69:45:1a:4d:8a:28:86:75:e4:0d:81:9d:
                    97:27:2d:56:19:7d:96:a6:7b:0c:91:41:08:d8:47:
                    7c:00:ad:34:ca:79:23:ad:f8:14:2f:16:27:a7:77:
                    c0:28:d6:ba:3f:d2:57:65:80:18:ad:68:1e:c2:71:
                    8a:2b:0d:03:39:08:40:8c:c4:c4:39:8c:3e:da:75:
                    76:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:9C:E2:DB:A2:63:7E:37:D7:38:25:01:5F:91:8F:92:70:BE:B4:CF
            X509v3 Authority Key Identifier:
                keyid:B7:15:1F:19:4A:3E:52:4C:82:C6:77:B8:E1:32:05:81:43:C8:EB:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txUfGUo-UkyCxne44TIFgUPI6-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/Opzi26JjfjfXOCUBX5GPknC-tM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/49a32d-d0f2-481a-9791-c9a49f70e23b/1/txUfGUo-UkyCxne44TIFgUPI6-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.67.0.0-160.68.255.255
                  185.97.188.0/22
                IPv6:
                  2a00:f980::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:1f:80:ae:a8:68:0f:62:f3:e7:98:17:a8:33:8f:b3:28:49:
         52:42:f6:82:42:2e:d6:2b:49:5e:5a:b6:6c:30:7d:48:e4:99:
         fb:c8:78:ad:3b:67:a2:e6:d7:49:1e:8e:df:f1:cf:5b:e5:85:
         fd:c9:b0:c9:9e:2e:e9:ff:58:fa:35:ab:67:78:05:ff:a3:93:
         fa:99:81:f1:eb:6d:21:18:9d:2a:0d:67:61:1c:dd:53:b8:4e:
         6c:8a:47:f1:e9:c1:45:b1:e4:45:91:5b:cc:4d:e1:66:47:41:
         9a:78:59:cf:6c:35:7f:e1:12:f8:c4:c9:2a:fb:a9:41:09:ce:
         01:f2:5b:fe:43:9d:f3:e2:f2:4e:77:69:74:92:15:c6:a8:83:
         b6:4f:9f:9d:c8:e7:c6:5d:f1:ef:f2:c7:d5:c8:24:ab:51:e4:
         34:3a:1f:44:ff:7b:9b:e3:61:9e:c1:31:d5:ed:ea:b4:a4:ef:
         79:50:53:5f:db:f7:52:a0:6e:28:02:e4:7d:f6:f0:93:c9:f4:
         0f:40:3f:d1:62:b9:71:6c:6a:8e:7b:b9:1f:fc:b1:49:56:96:
         86:96:ba:41:17:53:d8:a7:ac:44:70:30:36:8a:5e:a5:72:33:
         9f:ba:f8:68:bd:81:fa:d8:ad:90:9f:70:19:a6:8f:14:c7:ce:
         d2:31:44:54
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzF3AF0XJeUdR95HD3XNJhfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTUxZjE5NGEzZTUyNGM4MmM2NzdiOGUxMzIwNTgxNDNj
OGViZWUwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTljZTJkYmEyNjM3ZTM3ZDczODI1MDE1ZjkxOGY5MjcwYmViNGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyp2M5gCjP4Jjzx3UKWZKOmpppWL
OoHQ+w3udmCa+Ua27jTShIuFSY/2EQgNxafDMn8MHgXR1Ef8pOkFe3tf+rGFRpqx
7mSuhaHlpS5iXuS252W67R1AoI8J3dwZcavFCVIZ8piUKUNUxF2+V74CyUO+4fVD
GKzzfPxoMRoMEviBFdyn44C5B/4oyeK/acyo5upNwXfMQF8zUruL2tujtVITHzSu
cBUd0DghhzjWeHSyzjT/SbdpRRpNiiiGdeQNgZ2XJy1WGX2WpnsMkUEI2Ed8AK00
ynkjrfgULxYnp3fAKNa6P9JXZYAYrWgewnGKKw0DOQhAjMTEOYw+2nV2UQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDqc4tuiY3431zglAV+Rj5JwvrTPMB8GA1UdIwQY
MBaAFLcVHxlKPlJMgsZ3uOEyBYFDyOvuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhVZkdVby1Va3lDeG5lNDRUSUZnVVBJNi00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni80OWEzMmQtZDBmMi00ODFhLTk3OTEt
YzlhNDlmNzBlMjNiLzEvT3B6aTI2SmpmamZYT0NVQlg1R1BrbkMtdE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni80OWEzMmQtZDBmMi00ODFhLTk3OTEtYzlhNDlmNzBlMjNi
LzEvdHhVZkdVby1Va3lDeG5lNDRUSUZnVVBJNi00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASMAoDAwCgQwMD
AKBEAwQCuWG8MA0EAgACMAcDBQAqAPmAMA0GCSqGSIb3DQEBCwUAA4IBAQBzH4Cu
qGgPYvPnmBeoM4+zKElSQvaCQi7WK0leWrZsMH1I5Jn7yHitO2ei5tdJHo7f8c9b
5YX9ybDJni7p/1j6NatneAX/o5P6mYHx620hGJ0qDWdhHN1TuE5sikfx6cFFseRF
kVvMTeFmR0GaeFnPbDV/4RL4xMkq+6lBCc4B8lv+Q53z4vJOd2l0khXGqIO2T5+d
yOfGXfHv8sfVyCSrUeQ0Oh9E/3ub42GewTHV7eq0pO95UFNf2/dSoG4oAuR99vCT
yfQPQD/RYrlxbGqOe7kf/LFJVpaGlrpBF1PYp6xEcDA2il6lcjOfuvhovYH62K2Q
n3AZpo8Ux87SMURU
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:42:46 2024 by rpki-client on console-ams.rpki-client.org