Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/Ajhd8W9OIZ5bqIMgeWbmuQ3cco8.roa
File:                     Ajhd8W9OIZ5bqIMgeWbmuQ3cco8.roa (raw, json)
Hash identifier:          cJfRInb0Pyx4L/4yRpWdo3CDj2fDkXbybOHZvx/plEw=
Subject key identifier:   02:38:5D:F1:6F:4E:21:9E:5B:A8:83:20:79:66:E6:B9:0D:DC:72:8F
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       018CC6B8F2049A91B955BD897111415D9673
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/Ajhd8W9OIZ5bqIMgeWbmuQ3cco8.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203061
IP address blocks:        193.104.96.0/24 maxlen: 32
                          185.144.13.0/24 maxlen: 32
                          185.222.213.0/24 maxlen: 32
                          185.25.107.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f2:04:9a:91:b9:55:bd:89:71:11:41:5d:96:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02385df16f4e219e5ba883207966e6b90ddc728f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:33:6d:ad:67:95:bd:7d:9d:db:c7:91:a0:11:
                    23:8f:31:a8:e4:4b:81:7d:29:da:9b:f4:17:e9:d2:
                    e2:26:17:b7:4c:0d:29:30:3b:45:89:e8:25:fc:e7:
                    3f:23:00:fd:c6:88:40:43:ae:c7:36:c9:e5:f8:cc:
                    92:da:99:e5:96:e4:41:c1:f7:9f:df:62:a3:88:2e:
                    57:7d:ea:8a:c7:12:2e:81:af:11:ad:db:cb:f0:31:
                    f8:72:3c:f4:11:a1:50:c5:ef:4c:61:3a:8d:0d:08:
                    eb:ac:14:2d:9b:3d:17:41:36:1d:f5:71:ae:c4:72:
                    fe:d3:f2:53:a9:56:05:73:8b:15:62:6d:5b:8a:33:
                    00:b3:98:cc:b1:9e:80:69:36:6e:5d:f2:91:c3:41:
                    3c:0e:09:a4:0e:61:2d:8d:c3:39:59:fa:b9:21:42:
                    51:08:11:df:76:5e:8a:ec:3f:b1:2a:ea:3f:e7:dd:
                    57:7b:c5:09:2b:e6:94:3c:5a:ee:89:88:c8:4d:58:
                    79:a3:4f:5c:e9:b3:40:13:04:d3:79:6e:85:0e:be:
                    5e:b4:0c:4a:62:4b:3b:8e:ec:4c:d5:34:34:e8:fc:
                    b9:48:e5:05:58:47:4e:46:99:5c:ce:2b:34:e1:f2:
                    81:38:cc:a3:6a:e4:20:ae:e0:5b:92:72:9b:59:44:
                    b0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:38:5D:F1:6F:4E:21:9E:5B:A8:83:20:79:66:E6:B9:0D:DC:72:8F
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/Ajhd8W9OIZ5bqIMgeWbmuQ3cco8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.107.0/24
                  185.144.13.0/24
                  185.222.213.0/24
                  193.104.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:c0:8b:1c:29:d1:a6:f6:a8:59:37:6e:fd:b7:73:ca:ed:eb:
         c6:ed:25:1c:1f:0d:f5:3a:dd:49:a5:a5:aa:06:0b:4d:e9:37:
         a6:59:b5:2e:11:b1:25:7b:02:40:7d:bb:2f:02:ca:3a:89:66:
         97:f2:68:ef:76:7e:9d:c1:fd:5e:ea:2d:b5:cd:dd:97:09:5f:
         30:23:1c:38:36:ee:50:b7:71:38:5b:6d:5a:e6:37:c3:03:49:
         8f:10:a8:5f:d7:dd:01:d1:dc:4e:07:99:80:59:70:25:b0:37:
         33:f7:2e:a3:b3:e0:e2:e0:17:fb:ab:d8:8c:d0:0f:9f:11:06:
         60:42:0b:55:bd:f3:05:88:7b:8b:e4:9e:67:3a:0c:9a:9d:1a:
         94:0a:1e:fc:0c:2c:ab:21:bd:0f:45:41:f0:e4:d7:c2:2c:c8:
         77:32:99:1f:24:04:f0:0e:b4:cd:9b:3f:fa:d1:ad:b8:1e:68:
         21:97:bd:a5:79:30:20:e8:26:fa:97:86:8c:b3:f4:5b:a0:96:
         88:75:66:f7:5e:f1:97:05:38:ea:dd:6c:f0:6d:81:2e:18:69:
         f8:25:70:16:29:0c:43:f2:39:50:7d:47:b4:d7:77:eb:85:f0:
         30:79:5c:d4:51:48:31:dd:c6:e9:dd:e7:6d:12:a9:0f:45:7c:
         2f:62:06:49
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGuPIEmpG5Vb2JcRFBXZZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjM4NWRmMTZmNGUyMTllNWJhODgzMjA3OTY2ZTZiOTBkZGM3MjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTNtrWeVvX2d28eRoBEjjzGo5EuB
fSnam/QX6dLiJhe3TA0pMDtFiegl/Oc/IwD9xohAQ67HNsnl+MyS2pnlluRBwfef
32KjiC5XfeqKxxIuga8RrdvL8DH4cjz0EaFQxe9MYTqNDQjrrBQtmz0XQTYd9XGu
xHL+0/JTqVYFc4sVYm1bijMAs5jMsZ6AaTZuXfKRw0E8DgmkDmEtjcM5Wfq5IUJR
CBHfdl6K7D+xKuo/591Xe8UJK+aUPFruiYjITVh5o09c6bNAEwTTeW6FDr5etAxK
Yks7juxM1TQ06Py5SOUFWEdORplczis04fKBOMyjauQgruBbknKbWUSwgwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAI4XfFvTiGeW6iDIHlm5rkN3HKPMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvQWpoZDhXOU9JWjVicUlNZ2VXYm11UTNjY284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuRlrAwQA
uZANAwQAud7VAwQAwWhgMA0GCSqGSIb3DQEBCwUAA4IBAQAFwIscKdGm9qhZN279
t3PK7evG7SUcHw31Ot1JpaWqBgtN6TemWbUuEbElewJAfbsvAso6iWaX8mjvdn6d
wf1e6i21zd2XCV8wIxw4Nu5Qt3E4W21a5jfDA0mPEKhf190B0dxOB5mAWXAlsDcz
9y6js+Di4Bf7q9iM0A+fEQZgQgtVvfMFiHuL5J5nOgyanRqUCh78DCyrIb0PRUHw
5NfCLMh3MpkfJATwDrTNmz/60a24Hmghl72leTAg6Cb6l4aMs/RboJaIdWb3XvGX
BTjq3WzwbYEuGGn4JXAWKQxD8jlQfUe013frhfAweVzUUUgx3cbp3edtEqkPRXwv
YgZJ
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:46:58 2024 by rpki-client on console-ams.rpki-client.org