Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/B5vBaR6NDtZUA1Iaov600zjt1bw.roa
File:                     B5vBaR6NDtZUA1Iaov600zjt1bw.roa (raw, json)
Hash identifier:          CAB3FUzG4laqZ+4ZIxHVx+bdY/T5jgJMC9S9pVC7/Uo=
Subject key identifier:   07:9B:C1:69:1E:8D:0E:D6:54:03:52:1A:A2:FE:B4:D3:38:ED:D5:BC
Certificate issuer:       /CN=be2f2ccf1baa39033ec76a586f846a36218f209d
Certificate serial:       018CC8DD8A8473885146C1CB61BCC7922FDC
Authority key identifier: BE:2F:2C:CF:1B:AA:39:03:3E:C7:6A:58:6F:84:6A:36:21:8F:20:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vi8szxuqOQM-x2pYb4RqNiGPIJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/B5vBaR6NDtZUA1Iaov600zjt1bw.roa
Signing time:             Tue 02 Jan 2024 06:30:11 +0000
ROA not before:           Tue 02 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39382
IP address blocks:        159.255.200.0/21 maxlen: 21
                          195.234.116.0/22 maxlen: 22
                          2a03:8680::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/vi8szxuqOQM-x2pYb4RqNiGPIJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/vi8szxuqOQM-x2pYb4RqNiGPIJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vi8szxuqOQM-x2pYb4RqNiGPIJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:8a:84:73:88:51:46:c1:cb:61:bc:c7:92:2f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be2f2ccf1baa39033ec76a586f846a36218f209d
        Validity
            Not Before: Jan  2 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=079bc1691e8d0ed65403521aa2feb4d338edd5bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2e:f9:bc:c1:4f:35:60:4a:8d:f7:de:29:b8:
                    b3:b3:40:eb:1f:23:19:a4:31:d2:91:81:96:4c:f6:
                    89:fb:49:eb:e5:a3:47:63:58:82:ac:5c:f8:0b:89:
                    ac:19:07:7c:06:28:bb:bc:5d:1b:f1:8a:b3:da:18:
                    5f:f0:dd:05:88:7d:d3:8e:03:df:e9:d1:b2:28:58:
                    6a:8a:35:03:c4:48:7d:49:fc:85:90:f6:e7:d2:63:
                    d8:da:57:23:55:c4:28:74:93:f2:61:fe:82:3e:4f:
                    95:b8:72:d3:4c:51:c0:0b:5d:ca:46:18:bb:88:48:
                    65:4a:e1:08:43:93:c8:06:dc:90:7d:b4:e9:30:0f:
                    1a:22:9b:ac:4e:09:7c:6c:fd:27:46:26:fd:a2:be:
                    dc:ef:f1:66:d3:7d:26:58:bd:c9:91:56:6a:18:81:
                    65:59:95:38:ab:bc:a8:61:7d:f4:35:73:99:05:ff:
                    7b:d4:79:ed:90:a8:34:3c:4c:de:dc:57:68:0e:ec:
                    24:6c:57:e1:aa:74:27:af:08:7b:e3:5f:94:8a:13:
                    3b:c3:1c:9a:66:e9:74:f8:5b:a9:a8:3b:e0:65:2d:
                    db:22:cb:dc:95:78:4d:a9:e8:ff:15:15:29:21:06:
                    e9:91:ba:f1:3b:3d:c2:51:34:a0:50:a9:89:c6:e6:
                    8b:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:9B:C1:69:1E:8D:0E:D6:54:03:52:1A:A2:FE:B4:D3:38:ED:D5:BC
            X509v3 Authority Key Identifier:
                keyid:BE:2F:2C:CF:1B:AA:39:03:3E:C7:6A:58:6F:84:6A:36:21:8F:20:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vi8szxuqOQM-x2pYb4RqNiGPIJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/B5vBaR6NDtZUA1Iaov600zjt1bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/vi8szxuqOQM-x2pYb4RqNiGPIJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.200.0/21
                  195.234.116.0/22
                IPv6:
                  2a03:8680::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:0a:64:0a:07:94:8a:14:13:d6:2f:23:04:40:42:85:dc:2d:
         7e:76:a9:b6:dd:05:34:d8:34:80:2d:da:0e:72:8b:94:a9:f3:
         ed:ad:45:c9:07:b9:fd:d3:8b:fd:40:0e:3f:fd:4a:ca:f4:0a:
         88:8e:27:47:af:8b:eb:70:f8:f6:21:c1:5f:87:b5:ff:a5:2c:
         f1:2d:bb:ae:ae:2a:a1:90:bf:18:b9:5c:89:53:0e:15:b8:fe:
         de:44:ba:2f:61:28:a9:73:d1:85:91:08:d2:15:bc:36:97:3d:
         8b:2c:a6:19:36:2c:31:e4:2b:6f:2e:de:f1:f4:4a:d5:4c:de:
         2a:d9:27:ac:4e:b7:c0:45:72:c1:97:e5:f7:28:b3:f5:c5:e1:
         dd:88:60:fc:26:b8:59:ea:18:ae:04:84:40:41:24:c4:98:f4:
         06:0c:15:ad:d6:c7:23:fc:43:fe:1f:e1:22:99:8a:0f:cf:57:
         e8:c7:68:b9:60:e6:9e:e4:4c:c7:ee:b2:5e:51:8a:c6:62:7b:
         df:89:31:95:6f:a0:23:01:d8:72:0d:a9:eb:d8:16:c4:0e:3e:
         79:d7:e3:9c:06:ea:8c:50:ea:c9:11:d5:55:e5:a7:0d:d0:a6:
         cd:80:28:cf:6d:5f:f1:b7:2e:da:bf:f2:0f:b3:56:c3:8b:37:
         cc:d3:ae:e4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI3YqEc4hRRsHLYbzHki/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMmYyY2NmMWJhYTM5MDMzZWM3NmE1ODZmODQ2YTM2MjE4
ZjIwOWQwHhcNMjQwMTAyMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzliYzE2OTFlOGQwZWQ2NTQwMzUyMWFhMmZlYjRkMzM4ZWRkNWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi75vMFPNWBKjffeKbizs0DrHyMZ
pDHSkYGWTPaJ+0nr5aNHY1iCrFz4C4msGQd8Bii7vF0b8Yqz2hhf8N0FiH3TjgPf
6dGyKFhqijUDxEh9SfyFkPbn0mPY2lcjVcQodJPyYf6CPk+VuHLTTFHAC13KRhi7
iEhlSuEIQ5PIBtyQfbTpMA8aIpusTgl8bP0nRib9or7c7/Fm030mWL3JkVZqGIFl
WZU4q7yoYX30NXOZBf971HntkKg0PEze3FdoDuwkbFfhqnQnrwh741+UihM7wxya
Zul0+FupqDvgZS3bIsvclXhNqej/FRUpIQbpkbrxOz3CUTSgUKmJxuaLbwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAebwWkejQ7WVANSGqL+tNM47dW8MB8GA1UdIwQY
MBaAFL4vLM8bqjkDPsdqWG+EajYhjyCdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmk4c3p4dXFPUU0teDJwWWI0UnFOaUdQSUowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85Nzc0NGQtNTk4OC00NmFlLTgyZjEt
NjQxODdlMzA0MzViLzEvQjV2QmFSNk5EdFpVQTFJYW92NjAwemp0MWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85Nzc0NGQtNTk4OC00NmFlLTgyZjEtNjQxODdlMzA0MzVi
LzEvdmk4c3p4dXFPUU0teDJwWWI0UnFOaUdQSUowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDn//IAwQC
w+p0MA0EAgACMAcDBQAqA4aAMA0GCSqGSIb3DQEBCwUAA4IBAQBdCmQKB5SKFBPW
LyMEQEKF3C1+dqm23QU02DSALdoOcouUqfPtrUXJB7n904v9QA4//UrK9AqIjidH
r4vrcPj2IcFfh7X/pSzxLbuuriqhkL8YuVyJUw4VuP7eRLovYSipc9GFkQjSFbw2
lz2LLKYZNiwx5CtvLt7x9ErVTN4q2SesTrfARXLBl+X3KLP1xeHdiGD8JrhZ6hiu
BIRAQSTEmPQGDBWt1scj/EP+H+EimYoPz1fox2i5YOae5EzH7rJeUYrGYnvfiTGV
b6AjAdhyDanr2BbEDj551+OcBuqMUOrJEdVV5acN0KbNgCjPbV/xty7av/IPs1bD
izfM067k
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:45:31 2024 by rpki-client on console-ams.rpki-client.org