Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Rzi9rRqLyb6TI4BNXmfMXnR3TBU.roa
File:                     Rzi9rRqLyb6TI4BNXmfMXnR3TBU.roa (raw, json)
Hash identifier:          7Flzn8I686UlrMeTsZSZgUzjm1OVtu2OfUi0+bG0MUg=
Subject key identifier:   47:38:BD:AD:1A:8B:C9:BE:93:23:80:4D:5E:67:CC:5E:74:77:4C:15
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC5063050BC53DD71727222E94BE1C
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Rzi9rRqLyb6TI4BNXmfMXnR3TBU.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202984
IP address blocks:        62.76.142.0/24 maxlen: 24
                          195.19.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:50:63:05:0b:c5:3d:d7:17:27:22:2e:94:be:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4738bdad1a8bc9be9323804d5e67cc5e74774c15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:08:07:57:83:82:6f:36:d8:9b:66:31:cb:27:
                    be:c3:72:c1:6f:07:c3:c4:0b:51:ca:d6:9f:da:b9:
                    3e:71:b3:41:5a:c2:36:88:ab:a3:78:bd:16:1b:bf:
                    a1:5d:a0:26:52:c5:3f:b8:30:64:12:1a:1e:47:66:
                    94:3b:5a:92:e8:95:2d:5c:1a:87:86:a2:3a:96:42:
                    6a:4d:98:79:2e:16:49:41:e8:f3:b4:92:33:15:50:
                    eb:5f:ff:cc:0a:9c:ad:f9:c6:92:09:cb:86:77:0f:
                    56:53:38:04:22:4f:24:6f:7d:15:9c:81:76:42:48:
                    4d:7e:47:56:d3:05:06:78:2e:4a:88:6f:ef:54:df:
                    c0:3f:b5:6f:e4:10:4d:a2:6d:f4:44:6b:c6:ba:ba:
                    80:3d:35:d6:77:5c:16:fc:03:9d:e7:23:de:7e:cf:
                    99:91:f0:27:c8:c5:67:ff:4a:81:05:9a:b6:fe:76:
                    0b:1c:38:b2:55:2b:6a:c5:ff:cf:c5:f2:43:50:7a:
                    b6:2b:f6:64:41:09:cd:f8:00:68:9f:c1:57:c1:d5:
                    28:4a:d1:15:d9:c1:e8:6e:e5:8f:24:7c:e1:e0:9f:
                    76:36:b9:13:ee:5c:9d:05:44:49:f3:98:a6:c0:c5:
                    b9:48:ac:52:4f:45:6f:2b:9c:16:c1:97:bf:70:9b:
                    25:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:38:BD:AD:1A:8B:C9:BE:93:23:80:4D:5E:67:CC:5E:74:77:4C:15
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Rzi9rRqLyb6TI4BNXmfMXnR3TBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.142.0/24
                  195.19.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:bb:67:61:9a:97:42:a7:48:56:7b:28:51:69:56:27:2e:d7:
         53:2d:d0:0c:d3:e9:73:41:2e:0a:4d:21:99:28:85:b8:6c:eb:
         09:7b:07:6b:70:ed:f0:1c:57:4c:26:81:61:c0:20:b4:86:8f:
         4d:3d:54:af:dd:45:44:51:e2:c3:c8:fe:f0:ed:db:ff:f8:04:
         25:c7:4e:6b:32:f2:01:02:3d:01:d0:9d:9c:4f:1c:a9:e0:36:
         24:87:64:0b:90:82:0c:89:27:fb:18:0d:e3:5e:5e:18:ff:0e:
         f5:07:9c:4a:54:a9:7e:c2:f7:17:67:d2:3d:df:66:73:73:2a:
         2e:b2:fb:de:d9:a8:78:a0:4a:c2:88:73:e0:dd:c9:f0:59:14:
         6b:e7:81:cc:6e:48:25:8b:d6:47:50:b1:2b:5a:11:48:d0:45:
         51:98:bd:92:04:53:3f:f2:6c:8b:2f:da:09:39:96:35:cd:31:
         7b:1f:bc:35:b6:20:db:12:ac:ad:39:58:3d:db:5d:c4:9d:0c:
         04:93:2a:a3:6e:80:d2:e7:c1:dc:cd:47:61:f5:3b:e9:69:c4:
         8b:2e:3f:d9:c5:da:02:a9:b3:d9:c5:50:df:0b:b7:33:b3:bc:
         57:84:1d:28:c7:b3:16:b9:cd:18:a2:61:ee:c1:67:4f:96:00:
         32:39:8d:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3FBjBQvFPdcXJyIulL4cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzM4YmRhZDFhOGJjOWJlOTMyMzgwNGQ1ZTY3Y2M1ZTc0Nzc0YzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAgHV4OCbzbYm2Yxyye+w3LBbwfD
xAtRytaf2rk+cbNBWsI2iKujeL0WG7+hXaAmUsU/uDBkEhoeR2aUO1qS6JUtXBqH
hqI6lkJqTZh5LhZJQejztJIzFVDrX//MCpyt+caSCcuGdw9WUzgEIk8kb30VnIF2
QkhNfkdW0wUGeC5KiG/vVN/AP7Vv5BBNom30RGvGurqAPTXWd1wW/AOd5yPefs+Z
kfAnyMVn/0qBBZq2/nYLHDiyVStqxf/PxfJDUHq2K/ZkQQnN+ABon8FXwdUoStEV
2cHobuWPJHzh4J92NrkT7lydBURJ85imwMW5SKxST0VvK5wWwZe/cJslnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEc4va0ai8m+kyOATV5nzF50d0wVMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvUnppOXJScUx5YjZUSTRCTlhtZk1YblIzVEJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkyOAwQA
wxNcMA0GCSqGSIb3DQEBCwUAA4IBAQADu2dhmpdCp0hWeyhRaVYnLtdTLdAM0+lz
QS4KTSGZKIW4bOsJewdrcO3wHFdMJoFhwCC0ho9NPVSv3UVEUeLDyP7w7dv/+AQl
x05rMvIBAj0B0J2cTxyp4DYkh2QLkIIMiSf7GA3jXl4Y/w71B5xKVKl+wvcXZ9I9
32Zzcyousvve2ah4oErCiHPg3cnwWRRr54HMbkgli9ZHULErWhFI0EVRmL2SBFM/
8myLL9oJOZY1zTF7H7w1tiDbEqytOVg9213EnQwEkyqjboDS58HczUdh9TvpacSL
Lj/ZxdoCqbPZxVDfC7czs7xXhB0ox7MWuc0YomHuwWdPlgAyOY2f
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:45:24 2024 by rpki-client on console-ams.rpki-client.org