Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/i6Zze3xNEJa92cKqLLFy8PJwkwc.roa
File:                     i6Zze3xNEJa92cKqLLFy8PJwkwc.roa (raw, json)
Hash identifier:          J4eo1pBmc4dEQcYy9V0csC77HT8JUuzohndd4kF3W/Y=
Subject key identifier:   8B:A6:73:7B:7C:4D:10:96:BD:D9:C2:AA:2C:B1:72:F0:F2:70:93:07
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC453238FAC8BE129071AD31ADDF74
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/i6Zze3xNEJa92cKqLLFy8PJwkwc.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43832
IP address blocks:        193.232.160.0/24 maxlen: 24
                          193.232.177.0/24 maxlen: 24
                          2a0c:a9c7:160::/48 maxlen: 48
                          2a0c:a9c7:177::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:45:32:38:fa:c8:be:12:90:71:ad:31:ad:df:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ba6737b7c4d1096bdd9c2aa2cb172f0f2709307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:75:31:68:3d:c1:70:66:dc:07:de:73:4b:53:
                    23:94:71:b8:46:84:c1:6b:a6:c3:1f:ab:0c:66:a2:
                    04:3d:45:8c:ba:02:04:dc:8c:d4:79:ed:18:65:bb:
                    7d:9c:59:19:54:4c:5e:09:9d:05:e7:d8:45:dc:f2:
                    b7:5e:5c:65:59:6c:ed:a7:2c:64:67:95:38:5e:19:
                    03:21:7f:8b:d3:d1:29:15:6d:53:de:43:6f:d9:5c:
                    45:8f:66:03:31:f0:3c:93:af:ef:99:dd:ae:ae:62:
                    30:ad:db:ad:88:4a:62:69:7d:67:c8:e2:2e:70:00:
                    98:95:dc:03:26:d4:cb:9c:a4:98:27:25:04:0a:f4:
                    69:10:7f:13:fa:30:43:8c:cf:c9:5b:77:f8:73:19:
                    b0:46:72:e7:e0:c0:9c:66:93:5f:6d:a0:2e:ec:a1:
                    10:67:16:03:b8:f2:39:9d:da:65:ef:9b:41:62:09:
                    f5:60:5e:10:32:1d:1f:c2:51:65:c5:9b:f5:42:5e:
                    35:83:10:84:de:e0:4c:e2:c9:18:ae:dd:d9:ad:6b:
                    93:db:9c:36:1c:2e:00:6e:26:c6:84:28:0c:4d:84:
                    32:40:42:1d:6c:8a:06:c6:ec:2a:12:fa:72:85:47:
                    19:98:31:54:d2:e8:d0:42:fe:98:0c:11:46:f5:7d:
                    38:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A6:73:7B:7C:4D:10:96:BD:D9:C2:AA:2C:B1:72:F0:F2:70:93:07
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/i6Zze3xNEJa92cKqLLFy8PJwkwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.160.0/24
                  193.232.177.0/24
                IPv6:
                  2a0c:a9c7:160::/48
                  2a0c:a9c7:177::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:7b:6f:cc:33:41:73:e3:03:c3:98:35:c8:ad:68:39:be:6c:
         d8:e8:27:16:ad:7b:a5:0a:1b:9c:6d:b9:22:3b:15:d3:b1:9e:
         a2:16:90:af:b3:7e:44:a5:50:e8:0d:a2:86:b3:37:12:fc:4b:
         e7:4a:7c:df:07:27:f9:c8:af:ad:a9:04:ad:4e:02:91:92:6d:
         81:07:d7:3f:06:15:06:16:d8:df:a0:8d:2b:be:27:e9:7c:e5:
         13:ab:c5:2b:b5:ad:84:3a:31:48:a3:c1:29:5c:79:52:fa:d3:
         d9:e0:66:17:b4:8b:fb:a0:9e:2d:6d:e4:78:99:92:b4:cd:68:
         cd:3e:17:a0:80:d1:29:54:b6:2b:a7:56:7a:30:67:3e:84:04:
         96:55:f1:01:f9:36:96:fa:85:86:d5:8b:3c:66:77:70:1b:72:
         80:d2:82:08:59:02:23:8a:0c:fd:27:66:20:a1:6a:e8:16:8d:
         1a:62:05:95:91:65:fd:97:f4:bc:d8:0f:10:db:e9:60:c8:81:
         16:97:63:af:e3:3d:f9:3c:99:00:69:a7:88:e9:c7:ed:ab:ea:
         f3:04:a7:1d:49:76:e3:7a:83:8c:35:64:d1:93:86:14:03:ad:
         7c:ce:dd:35:9c:9f:ff:2f:11:a1:c3:bb:c2:05:d2:8b:fd:b5:
         cc:89:f8:61
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzF3EUyOPrIvhKQca0xrd90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE2NzM3YjdjNGQxMDk2YmRkOWMyYWEyY2IxNzJmMGYyNzA5MzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXUxaD3BcGbcB95zS1MjlHG4RoTB
a6bDH6sMZqIEPUWMugIE3IzUee0YZbt9nFkZVExeCZ0F59hF3PK3XlxlWWztpyxk
Z5U4XhkDIX+L09EpFW1T3kNv2VxFj2YDMfA8k6/vmd2urmIwrdutiEpiaX1nyOIu
cACYldwDJtTLnKSYJyUECvRpEH8T+jBDjM/JW3f4cxmwRnLn4MCcZpNfbaAu7KEQ
ZxYDuPI5ndpl75tBYgn1YF4QMh0fwlFlxZv1Ql41gxCE3uBM4skYrt3ZrWuT25w2
HC4AbibGhCgMTYQyQEIdbIoGxuwqEvpyhUcZmDFU0ujQQv6YDBFG9X046wIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFIumc3t8TRCWvdnCqiyxcvDycJMHMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvaTZaemUzeE5FSmE5MmNLcUxMRnk4UEp3a3djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQAweigAwQA
weixMBgEAgACMBIDBwAqDKnHAWADBwAqDKnHAXcwDQYJKoZIhvcNAQELBQADggEB
AKh7b8wzQXPjA8OYNcitaDm+bNjoJxate6UKG5xtuSI7FdOxnqIWkK+zfkSlUOgN
ooazNxL8S+dKfN8HJ/nIr62pBK1OApGSbYEH1z8GFQYW2N+gjSu+J+l85ROrxSu1
rYQ6MUijwSlceVL609ngZhe0i/ugni1t5HiZkrTNaM0+F6CA0SlUtiunVnowZz6E
BJZV8QH5Npb6hYbVizxmd3AbcoDSgghZAiOKDP0nZiChaugWjRpiBZWRZf2X9LzY
DxDb6WDIgRaXY6/jPfk8mQBpp4jpx+2r6vMEpx1JduN6g4w1ZNGThhQDrXzO3TWc
n/8vEaHDu8IF0ov9tcyJ+GE=
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:45:24 2024 by rpki-client on console-ams.rpki-client.org