Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/b-49N0MafHtldcWRMuIjUEiTSAE.roa
File:                     b-49N0MafHtldcWRMuIjUEiTSAE.roa (raw, json)
Hash identifier:          kPaR5Q+7WOXlASzgsf57xxz9ar75eNBNIyBvCekUVsc=
Subject key identifier:   6F:EE:3D:37:43:1A:7C:7B:65:75:C5:91:32:E2:23:50:48:93:48:01
Certificate issuer:       /CN=a52fc60d36e28bb8df145c84acab19cfa53b025a
Certificate serial:       018CCA2B99610510148835EE879205E8AAD2
Authority key identifier: A5:2F:C6:0D:36:E2:8B:B8:DF:14:5C:84:AC:AB:19:CF:A5:3B:02:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/b-49N0MafHtldcWRMuIjUEiTSAE.roa
Signing time:             Tue 02 Jan 2024 12:35:04 +0000
ROA not before:           Tue 02 Jan 2024 12:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207021
IP address blocks:        176.97.158.0/24 maxlen: 24
                          192.174.68.0/24 maxlen: 24
                          2001:67c:10b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/pS_GDTbii7jfFFyErKsZz6U7Alo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/pS_GDTbii7jfFFyErKsZz6U7Alo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:99:61:05:10:14:88:35:ee:87:92:05:e8:aa:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a52fc60d36e28bb8df145c84acab19cfa53b025a
        Validity
            Not Before: Jan  2 12:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fee3d37431a7c7b6575c59132e2235048934801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:00:fc:bc:9e:1d:ab:ed:7f:4c:d9:da:80:17:
                    7f:a4:f9:57:cb:e6:07:c3:8c:a4:fe:44:75:15:2c:
                    a6:15:c3:65:56:a4:73:67:bf:ae:88:5b:cc:f7:e5:
                    bd:dd:8b:ac:39:35:cd:2a:d6:30:85:db:f5:06:a1:
                    ba:b6:9e:8a:07:61:44:1a:fa:65:15:69:65:2c:a6:
                    eb:6a:5a:f1:35:24:86:54:99:97:a3:34:f9:77:3b:
                    4d:04:79:1d:e6:5c:07:17:c9:77:bb:8f:cf:ea:06:
                    66:e6:dc:d4:9e:bb:46:31:67:b1:cb:6d:17:9e:25:
                    99:34:d2:3b:65:aa:36:95:a2:a4:ed:48:45:ae:27:
                    75:4a:7b:4f:fe:be:31:34:26:aa:a3:f8:51:26:30:
                    ef:cb:35:62:1c:d1:54:07:8e:4a:43:f0:ed:1e:ed:
                    3d:2e:9b:3f:44:23:db:2d:22:d1:e5:e0:62:59:0b:
                    fd:26:84:67:ba:88:07:5a:de:a5:d7:06:68:e0:55:
                    e3:53:a9:20:81:ee:a5:66:92:d7:5f:7e:d5:06:c9:
                    e1:f8:01:71:cf:81:54:72:f4:22:60:d5:1c:82:cd:
                    ee:6e:28:f9:ff:28:05:02:8b:ee:05:0f:87:2c:f4:
                    57:87:73:3c:2a:3c:f3:55:9e:c6:7e:dd:cd:af:5d:
                    48:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:EE:3D:37:43:1A:7C:7B:65:75:C5:91:32:E2:23:50:48:93:48:01
            X509v3 Authority Key Identifier:
                keyid:A5:2F:C6:0D:36:E2:8B:B8:DF:14:5C:84:AC:AB:19:CF:A5:3B:02:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/b-49N0MafHtldcWRMuIjUEiTSAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/pS_GDTbii7jfFFyErKsZz6U7Alo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.158.0/24
                  192.174.68.0/24
                IPv6:
                  2001:67c:10b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:10:7e:8f:c6:20:a9:95:e3:c4:9a:53:2e:2d:16:1d:8d:7d:
         22:33:43:ef:69:94:2d:1a:04:64:23:3a:cc:b7:e0:e5:15:59:
         04:16:8f:59:1d:4b:32:d2:c3:ed:fd:9e:dc:21:02:b5:4c:59:
         40:8f:63:27:d2:6f:2a:89:20:5e:ff:e3:ea:dd:93:47:59:c9:
         86:7f:51:81:21:48:ea:1e:11:69:a8:3b:5b:77:ed:af:c9:c6:
         cd:d6:4d:01:a9:6b:ae:59:f2:bb:d5:20:cf:08:6b:bb:e0:86:
         83:b3:dc:4c:6a:8c:7e:ab:57:1e:fa:b6:88:0b:ca:78:f8:02:
         09:32:53:55:2e:6a:20:3a:0d:fd:44:37:3f:b8:45:fb:e1:8e:
         ab:bd:04:0a:2e:42:28:4e:a7:01:b3:ea:6e:03:7c:55:88:d4:
         20:c7:d9:d6:ae:a2:7c:f8:7a:13:5e:2f:63:eb:51:3a:c2:1c:
         e3:b8:0e:96:b8:1e:29:37:74:bf:3f:e7:66:e2:4d:2d:a9:df:
         3f:4f:75:c5:0c:ae:74:b1:38:84:5b:78:73:20:4d:75:eb:11:
         66:65:c1:ca:ce:47:58:e2:bb:5b:3f:16:13:7d:6b:64:10:64:
         05:1c:a5:49:3f:d9:c5:73:a7:44:29:cb:b1:16:42:a9:91:c7:
         ae:b5:63:40
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzKK5lhBRAUiDXuh5IF6KrSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MmZjNjBkMzZlMjhiYjhkZjE0NWM4NGFjYWIxOWNmYTUz
YjAyNWEwHhcNMjQwMTAyMTIzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmVlM2QzNzQzMWE3YzdiNjU3NWM1OTEzMmUyMjM1MDQ4OTM0ODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQD8vJ4dq+1/TNnagBd/pPlXy+YH
w4yk/kR1FSymFcNlVqRzZ7+uiFvM9+W93YusOTXNKtYwhdv1BqG6tp6KB2FEGvpl
FWllLKbralrxNSSGVJmXozT5dztNBHkd5lwHF8l3u4/P6gZm5tzUnrtGMWexy20X
niWZNNI7Zao2laKk7UhFrid1SntP/r4xNCaqo/hRJjDvyzViHNFUB45KQ/DtHu09
Lps/RCPbLSLR5eBiWQv9JoRnuogHWt6l1wZo4FXjU6kgge6lZpLXX37VBsnh+AFx
z4FUcvQiYNUcgs3ubij5/ygFAovuBQ+HLPRXh3M8KjzzVZ7Gft3Nr11IbQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFG/uPTdDGnx7ZXXFkTLiI1BIk0gBMB8GA1UdIwQY
MBaAFKUvxg024ou43xRchKyrGc+lOwJaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFNfR0RUYmlpN2pmRkZ5RXJLc1p6NlU3QWxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9mMGI5NjAtODZkOC00MDYyLWE1OTct
OWI0YTJkNWYzYTc2LzEvYi00OU4wTWFmSHRsZGNXUk11SWpVRWlUU0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9mMGI5NjAtODZkOC00MDYyLWE1OTctOWI0YTJkNWYzYTc2
LzEvcFNfR0RUYmlpN2pmRkZ5RXJLc1p6NlU3QWxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAsGGeAwQA
wK5EMA8EAgACMAkDBwAgAQZ8ELgwDQYJKoZIhvcNAQELBQADggEBAJYQfo/GIKmV
48SaUy4tFh2NfSIzQ+9plC0aBGQjOsy34OUVWQQWj1kdSzLSw+39ntwhArVMWUCP
YyfSbyqJIF7/4+rdk0dZyYZ/UYEhSOoeEWmoO1t37a/Jxs3WTQGpa65Z8rvVIM8I
a7vghoOz3ExqjH6rVx76togLynj4AgkyU1UuaiA6Df1ENz+4Rfvhjqu9BAouQihO
pwGz6m4DfFWI1CDH2dauonz4ehNeL2PrUTrCHOO4Dpa4Hik3dL8/52biTS2p3z9P
dcUMrnSxOIRbeHMgTXXrEWZlwcrOR1jiu1s/FhN9a2QQZAUcpUk/2cVzp0Qpy7EW
QqmRx661Y0A=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:22:42 2024 by rpki-client on console-ams.rpki-client.org