Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/110_suLtcjswCXLqOyWkehAlU3Y.roa
File:                     110_suLtcjswCXLqOyWkehAlU3Y.roa (raw, json)
Hash identifier:          LZVYuOhSk5WjJ+YkyMYZB6v7TaCXjd09kgiXNAaH1Gs=
Subject key identifier:   D7:5D:3F:B2:E2:ED:72:3B:30:09:72:EA:3B:25:A4:7A:10:25:53:76
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018CC7946B55A37D11F52E21178CACED4B63
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/110_suLtcjswCXLqOyWkehAlU3Y.roa
Signing time:             Tue 02 Jan 2024 00:30:41 +0000
ROA not before:           Tue 02 Jan 2024 00:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        168.199.0.0/20 maxlen: 24
                          168.199.112.0/20 maxlen: 24
                          168.199.16.0/23 maxlen: 24
                          168.199.22.0/23 maxlen: 24
                          168.199.48.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:6b:55:a3:7d:11:f5:2e:21:17:8c:ac:ed:4b:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  2 00:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d75d3fb2e2ed723b300972ea3b25a47a10255376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6e:51:2d:04:52:a8:c6:be:af:07:2e:08:c4:
                    ba:28:72:ca:fe:15:a7:ef:ac:da:5e:fb:21:fd:1e:
                    3c:05:9b:89:bf:a6:54:b2:ad:6c:75:c1:68:bf:89:
                    e0:c0:ae:9f:5c:10:0b:35:20:00:5e:65:64:15:b0:
                    c7:89:ea:d2:f1:74:47:d6:d7:97:d5:45:b7:66:88:
                    74:d5:cf:a3:d1:96:e2:da:a9:65:4d:d7:cb:ae:fd:
                    d6:22:cc:74:36:74:13:dd:3f:75:6d:02:51:13:76:
                    70:48:99:a3:69:c0:e4:83:96:39:0b:1f:6e:39:98:
                    7f:1e:70:4d:8c:b5:8a:23:ab:24:de:00:68:b0:67:
                    8d:82:50:c7:04:e1:84:ee:92:f0:50:6d:f8:0d:de:
                    da:7a:bd:bf:0c:0c:67:12:68:98:5e:41:ff:2e:f5:
                    41:23:c2:70:ea:b6:2d:b0:e9:fd:d6:3a:68:53:14:
                    9d:0d:d1:4a:8d:d8:cb:fe:ff:21:ea:8d:7b:08:6a:
                    77:15:2c:b5:e0:23:08:51:dd:55:36:c4:e0:f5:f4:
                    be:7b:a0:ad:b0:1b:2f:90:f7:c6:49:78:a3:cd:e6:
                    dc:92:40:7a:8d:f2:c9:63:7f:9f:f8:a3:8f:5f:ea:
                    a5:a9:6d:bc:5c:fa:03:33:04:03:81:10:00:c2:d9:
                    d1:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:5D:3F:B2:E2:ED:72:3B:30:09:72:EA:3B:25:A4:7A:10:25:53:76
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/110_suLtcjswCXLqOyWkehAlU3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.0.0-168.199.17.255
                  168.199.22.0/23
                  168.199.48.0/20
                  168.199.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a4:9b:90:31:58:31:e3:8c:28:c2:e3:a8:86:28:2d:b6:e1:a3:
         43:d6:de:67:cd:b3:3a:d3:fa:07:83:e0:52:0c:e6:75:af:24:
         d7:e3:8a:ba:9b:75:37:a2:29:7c:60:0d:b6:71:9d:27:a8:c2:
         64:63:53:7e:c7:88:ab:8f:a9:f0:b3:68:e1:ae:57:77:70:ac:
         27:35:51:09:76:4c:1f:c2:10:e8:18:e4:71:a1:4d:8d:fd:53:
         9c:b7:ff:da:0f:7a:49:db:ce:7e:09:8b:a1:c7:91:aa:56:ab:
         dd:bd:00:0e:fd:e2:b8:08:08:ed:ae:4b:8c:95:bf:75:d8:8a:
         87:a7:ea:d5:24:e2:21:c9:39:b1:f7:92:e1:06:37:d5:57:80:
         09:f9:c7:ff:50:50:27:10:91:30:99:11:85:94:14:0f:32:9f:
         a0:f2:f4:00:3e:3d:21:b0:59:30:dd:62:e0:dd:f2:93:f6:66:
         cd:83:0e:9e:16:37:5f:4d:80:15:56:50:4f:c8:9e:af:0f:d2:
         40:1e:fa:6e:68:6f:94:80:d9:33:82:ef:11:21:3e:9b:26:89:
         ed:44:d4:4f:c7:8d:c3:f7:03:e7:26:5f:96:48:18:28:c0:76:
         fc:c9:64:22:a9:ea:4d:a1:31:83:e7:3e:fa:32:ac:f9:25:8d:
         1f:ec:63:00
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzHlGtVo30R9S4hF4ys7UtjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQwMTAyMDAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzVkM2ZiMmUyZWQ3MjNiMzAwOTcyZWEzYjI1YTQ3YTEwMjU1Mzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAom5RLQRSqMa+rwcuCMS6KHLK/hWn
76zaXvsh/R48BZuJv6ZUsq1sdcFov4ngwK6fXBALNSAAXmVkFbDHierS8XRH1teX
1UW3Zoh01c+j0Zbi2qllTdfLrv3WIsx0NnQT3T91bQJRE3ZwSJmjacDkg5Y5Cx9u
OZh/HnBNjLWKI6sk3gBosGeNglDHBOGE7pLwUG34Dd7aer2/DAxnEmiYXkH/LvVB
I8Jw6rYtsOn91jpoUxSdDdFKjdjL/v8h6o17CGp3FSy14CMIUd1VNsTg9fS+e6Ct
sBsvkPfGSXijzebckkB6jfLJY3+f+KOPX+qlqW28XPoDMwQDgRAAwtnRzwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNddP7Li7XI7MAly6jslpHoQJVN2MB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvMTEwX3N1THRjanN3Q1hMcU95V2tlaEFsVTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAlBAIAATAfMAsDAwCoxwME
AajHEAMEAajHFgMEBKjHMAMEBKjHcDANBgkqhkiG9w0BAQsFAAOCAQEApJuQMVgx
44wowuOohigttuGjQ9beZ82zOtP6B4PgUgzmda8k1+OKupt1N6IpfGANtnGdJ6jC
ZGNTfseIq4+p8LNo4a5Xd3CsJzVRCXZMH8IQ6BjkcaFNjf1TnLf/2g96SdvOfgmL
oceRqlar3b0ADv3iuAgI7a5LjJW/ddiKh6fq1STiIck5sfeS4QY31VeACfnH/1BQ
JxCRMJkRhZQUDzKfoPL0AD49IbBZMN1i4N3yk/ZmzYMOnhY3X02AFVZQT8ierw/S
QB76bmhvlIDZM4LvESE+myaJ7UTUT8eNw/cD5yZflkgYKMB2/MlkIqnqTaExg+c+
+jKs+SWNH+xjAA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:56:59 2024 by rpki-client on console-fra.rpki-client.org