Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/047dec-d844-467a-a01a-fc03ef794718/1/aTAp5ZFkPsnJHtRfQBniuJRLNM4.roa
File:                     aTAp5ZFkPsnJHtRfQBniuJRLNM4.roa (raw, json)
Hash identifier:          nflAj5vJPMYtF0oFTdDYEtjApgfE1EZ7aQXjMhbJAXw=
Subject key identifier:   69:30:29:E5:91:64:3E:C9:C9:1E:D4:5F:40:19:E2:B8:94:4B:34:CE
Certificate issuer:       /CN=aecaf94aedffefa4366bca2beb91992c1db34ccc
Certificate serial:       018CC34893D5C4758FFF57BBBA1E7261B859
Authority key identifier: AE:CA:F9:4A:ED:FF:EF:A4:36:6B:CA:2B:EB:91:99:2C:1D:B3:4C:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rsr5Su3_76Q2a8or65GZLB2zTMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/047dec-d844-467a-a01a-fc03ef794718/1/aTAp5ZFkPsnJHtRfQBniuJRLNM4.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21286
IP address blocks:        193.176.216.0/23 maxlen: 23
                          2001:67c:5a0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/047dec-d844-467a-a01a-fc03ef794718/1/rsr5Su3_76Q2a8or65GZLB2zTMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/047dec-d844-467a-a01a-fc03ef794718/1/rsr5Su3_76Q2a8or65GZLB2zTMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rsr5Su3_76Q2a8or65GZLB2zTMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:93:d5:c4:75:8f:ff:57:bb:ba:1e:72:61:b8:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aecaf94aedffefa4366bca2beb91992c1db34ccc
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=693029e591643ec9c91ed45f4019e2b8944b34ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:44:25:d5:b7:9e:00:30:f3:cf:23:a9:a3:bb:
                    22:ba:bd:e0:7f:7d:e2:b8:ca:59:d2:d0:81:f9:45:
                    75:17:ed:5e:ae:28:42:be:c8:f1:7f:00:00:8d:3b:
                    2d:31:50:84:f3:43:68:63:40:fc:35:e2:e6:be:8d:
                    5a:af:bd:29:42:dd:4a:15:50:b7:a7:ae:97:5d:7e:
                    18:e3:fe:91:d5:ed:27:16:d9:01:1c:68:e0:5c:53:
                    94:6d:f1:fe:1b:58:7c:06:3e:ce:97:db:9f:82:0b:
                    60:c0:88:4e:8d:e3:11:d8:d9:84:c0:ec:9f:29:65:
                    11:2f:5d:53:0e:cc:b0:29:10:ab:2e:ce:f3:2c:9c:
                    d5:3e:03:86:3b:0f:20:20:a1:58:fc:3b:77:d5:d3:
                    fc:a6:a5:65:59:78:0c:ba:09:e4:d7:86:ba:49:2a:
                    cf:5e:16:a2:1d:ab:5e:07:fd:b1:32:c7:c5:5f:ba:
                    b5:a7:42:74:f4:1f:9f:68:89:73:43:dc:0f:f4:ad:
                    1b:e8:d0:c5:83:57:c5:fa:be:b0:83:fd:f9:ed:2e:
                    28:15:66:fa:1c:62:2d:85:0b:9a:06:27:f7:6c:e2:
                    c4:69:6e:ca:8a:43:a9:17:5d:88:15:09:06:0c:16:
                    c7:39:03:5a:24:35:a7:43:94:52:3e:6c:05:b2:af:
                    92:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:30:29:E5:91:64:3E:C9:C9:1E:D4:5F:40:19:E2:B8:94:4B:34:CE
            X509v3 Authority Key Identifier:
                keyid:AE:CA:F9:4A:ED:FF:EF:A4:36:6B:CA:2B:EB:91:99:2C:1D:B3:4C:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rsr5Su3_76Q2a8or65GZLB2zTMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/047dec-d844-467a-a01a-fc03ef794718/1/aTAp5ZFkPsnJHtRfQBniuJRLNM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/047dec-d844-467a-a01a-fc03ef794718/1/rsr5Su3_76Q2a8or65GZLB2zTMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.216.0/23
                IPv6:
                  2001:67c:5a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:af:6c:14:29:63:b6:aa:76:3b:e1:97:68:64:f7:a7:2d:e3:
         12:f0:71:17:8b:91:f3:86:8a:3c:a3:31:91:a9:48:d6:31:82:
         09:6d:0f:81:6a:77:e3:cb:7e:ea:71:57:75:62:c6:d7:a1:15:
         32:ff:0d:4f:5e:55:f7:cf:d4:28:02:85:fc:49:d5:81:6b:ef:
         49:2f:92:5d:4e:f5:31:83:d9:14:0e:aa:d0:47:be:9d:db:31:
         d2:2e:88:c1:79:e5:ad:8e:a6:e1:f0:0f:24:6a:49:4d:84:c7:
         ea:2c:25:76:80:56:e7:3a:98:1a:d2:e6:06:b2:2e:dc:df:93:
         7f:25:a1:26:69:5c:08:66:2b:6b:ff:45:1c:75:b9:0e:84:45:
         8b:a2:c4:5e:44:f8:5e:30:8c:7f:52:37:56:5a:01:b6:6c:be:
         8f:ef:e9:b8:48:c6:3f:cc:d0:a1:d4:7c:a9:26:55:5d:42:26:
         5c:22:46:d0:b8:2f:82:b1:20:ff:a8:5a:80:a0:ea:bc:3e:98:
         75:da:19:c2:19:d0:b8:52:8a:6c:78:06:56:97:3a:22:b0:b2:
         31:7b:6f:fd:72:5e:1a:5b:d9:e8:01:82:b7:ae:bc:60:5e:f9:
         d9:b9:9c:f5:ab:99:b5:84:eb:f5:88:6d:75:02:9f:11:7d:74:
         e7:fa:b8:04
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSJPVxHWP/1e7uh5yYbhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlY2FmOTRhZWRmZmVmYTQzNjZiY2EyYmViOTE5OTJjMWRi
MzRjY2MwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTMwMjllNTkxNjQzZWM5YzkxZWQ0NWY0MDE5ZTJiODk0NGIzNGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskQl1beeADDzzyOpo7siur3gf33i
uMpZ0tCB+UV1F+1erihCvsjxfwAAjTstMVCE80NoY0D8NeLmvo1ar70pQt1KFVC3
p66XXX4Y4/6R1e0nFtkBHGjgXFOUbfH+G1h8Bj7Ol9ufggtgwIhOjeMR2NmEwOyf
KWURL11TDsywKRCrLs7zLJzVPgOGOw8gIKFY/Dt31dP8pqVlWXgMugnk14a6SSrP
XhaiHateB/2xMsfFX7q1p0J09B+faIlzQ9wP9K0b6NDFg1fF+r6wg/357S4oFWb6
HGIthQuaBif3bOLEaW7KikOpF12IFQkGDBbHOQNaJDWnQ5RSPmwFsq+SjwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGkwKeWRZD7JyR7UX0AZ4riUSzTOMB8GA1UdIwQY
MBaAFK7K+Urt/++kNmvKK+uRmSwds0zMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnNyNVN1M183NlEyYThvcjY1R1pMQjJ6VE13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8wNDdkZWMtZDg0NC00NjdhLWEwMWEt
ZmMwM2VmNzk0NzE4LzEvYVRBcDVaRmtQc25KSHRSZlFCbml1SlJMTk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8wNDdkZWMtZDg0NC00NjdhLWEwMWEtZmMwM2VmNzk0NzE4
LzEvcnNyNVN1M183NlEyYThvcjY1R1pMQjJ6VE13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwbDYMA8E
AgACMAkDBwAgAQZ8BaAwDQYJKoZIhvcNAQELBQADggEBAGqvbBQpY7aqdjvhl2hk
96ct4xLwcReLkfOGijyjMZGpSNYxggltD4Fqd+PLfupxV3VixtehFTL/DU9eVffP
1CgChfxJ1YFr70kvkl1O9TGD2RQOqtBHvp3bMdIuiMF55a2OpuHwDyRqSU2Ex+os
JXaAVuc6mBrS5gayLtzfk38loSZpXAhmK2v/RRx1uQ6ERYuixF5E+F4wjH9SN1Za
AbZsvo/v6bhIxj/M0KHUfKkmVV1CJlwiRtC4L4KxIP+oWoCg6rw+mHXaGcIZ0LhS
imx4BlaXOiKwsjF7b/1yXhpb2egBgreuvGBe+dm5nPWrmbWE6/WIbXUCnxF9dOf6
uAQ=
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:07:40 2024 by rpki-client on console-ams.rpki-client.org