Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Fo4b5eigIlzy9-7p_CtteRImC-4.roa
File:                     Fo4b5eigIlzy9-7p_CtteRImC-4.roa (raw, json)
Hash identifier:          rbZ7rypjcfNu0BpWDmIebrpXM+e0f2xYe6ChlIBsCEU=
Subject key identifier:   16:8E:1B:E5:E8:A0:22:5C:F2:F7:EE:E9:FC:2B:6D:79:12:26:0B:EE
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       018CCA9939797120D8E2E0E09EA992A67DB1
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Fo4b5eigIlzy9-7p_CtteRImC-4.roa
Signing time:             Tue 02 Jan 2024 14:34:48 +0000
ROA not before:           Tue 02 Jan 2024 14:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204650
IP address blocks:        62.220.118.0/23 maxlen: 24
                          81.12.43.0/24 maxlen: 24
                          87.107.100.0/22 maxlen: 24
                          81.12.77.0/24 maxlen: 24
                          81.12.102.0/23 maxlen: 23
                          81.12.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:39:79:71:20:d8:e2:e0:e0:9e:a9:92:a6:7d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  2 14:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=168e1be5e8a0225cf2f7eee9fc2b6d7912260bee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e8:24:4f:e2:10:29:44:2a:af:61:32:1e:86:
                    25:a1:1c:10:da:08:ca:94:42:a3:b6:c2:2f:3b:a3:
                    75:51:ff:86:ef:f9:e6:b3:5d:1e:4f:db:b1:a0:02:
                    21:c3:06:59:7d:3c:65:2e:59:ed:0e:a8:1f:2f:9b:
                    57:fc:5c:a4:31:6e:64:0b:ce:fa:cb:be:cf:8f:a9:
                    7b:c4:29:74:a3:c5:4e:99:a9:b2:9a:f0:d2:98:35:
                    98:69:a5:e8:9d:96:5c:94:8a:48:55:5c:c6:b1:8d:
                    98:d6:97:88:21:83:d6:37:3e:35:ae:a7:75:b7:c3:
                    48:ba:aa:33:95:8d:50:39:bb:59:97:98:c0:ff:3c:
                    bc:05:b7:ee:17:44:3d:61:be:6a:27:04:d8:f1:20:
                    cc:d5:40:ee:d8:d3:33:91:be:ab:c6:a7:0b:73:f2:
                    f0:80:bf:80:42:f3:18:d2:73:ca:4b:6a:e0:5c:61:
                    74:45:df:38:9d:eb:ad:94:95:90:d1:74:bf:2f:09:
                    fe:0b:24:20:b7:f4:1a:0f:31:d5:04:1e:87:6a:1c:
                    63:b5:91:ac:74:01:81:71:5a:7b:87:c6:5c:54:93:
                    a2:e3:6d:0d:8f:91:25:e2:c7:40:03:b7:4a:3d:d9:
                    fb:3b:82:d9:00:9c:5a:cf:cb:c1:c4:e1:af:ab:90:
                    68:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:8E:1B:E5:E8:A0:22:5C:F2:F7:EE:E9:FC:2B:6D:79:12:26:0B:EE
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/Fo4b5eigIlzy9-7p_CtteRImC-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.220.118.0/23
                  81.12.43.0/24
                  81.12.77.0/24
                  81.12.100.0/24
                  81.12.102.0/23
                  87.107.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:02:37:84:90:64:13:b2:44:1e:53:af:e8:a9:c8:cc:66:e4:
         06:e5:37:20:49:83:53:a0:00:d1:4f:8e:53:db:38:18:3a:0a:
         3f:62:60:3e:f8:69:8f:75:87:bf:f6:a2:79:77:99:f2:fe:ab:
         11:e3:a6:eb:9d:b4:4c:51:e9:18:ad:6f:47:9a:b0:e2:ea:89:
         2a:97:7e:7f:6a:66:7f:46:85:45:ab:3e:69:fd:4b:fc:8c:b2:
         17:a7:ad:a0:ba:1a:07:17:1e:a8:01:e9:84:08:95:23:3f:a1:
         83:54:ae:64:18:ae:53:ae:81:cc:be:86:c2:d2:fc:f5:dd:76:
         23:25:81:34:a5:0c:93:9f:fe:3b:3d:69:63:69:8a:be:47:4a:
         7f:7b:ea:0b:c0:e7:1e:19:eb:30:69:c9:19:62:7f:ef:97:b3:
         ef:e7:9c:0e:9b:db:b4:70:e5:35:7c:bb:c0:68:59:ea:a4:0e:
         ba:7f:17:11:a3:82:24:b1:d0:3f:d5:d8:06:e5:4f:8a:69:8c:
         f4:91:06:ea:5c:88:7d:06:99:c4:cd:3f:ab:4c:fd:cc:64:77:
         92:f4:1f:12:6f:7c:f0:3d:16:1f:5f:c3:ff:d1:67:59:57:3c:
         b5:00:20:76:43:9b:9d:a3:d3:db:05:b4:68:0c:c2:e1:ad:07:
         25:da:2c:9f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzKmTl5cSDY4uDgnqmSpn2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjQwMTAyMTQzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjhlMWJlNWU4YTAyMjVjZjJmN2VlZTlmYzJiNmQ3OTEyMjYwYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhugkT+IQKUQqr2EyHoYloRwQ2gjK
lEKjtsIvO6N1Uf+G7/nms10eT9uxoAIhwwZZfTxlLlntDqgfL5tX/FykMW5kC876
y77Pj6l7xCl0o8VOmamymvDSmDWYaaXonZZclIpIVVzGsY2Y1peIIYPWNz41rqd1
t8NIuqozlY1QObtZl5jA/zy8BbfuF0Q9Yb5qJwTY8SDM1UDu2NMzkb6rxqcLc/Lw
gL+AQvMY0nPKS2rgXGF0Rd84neutlJWQ0XS/Lwn+CyQgt/QaDzHVBB6HahxjtZGs
dAGBcVp7h8ZcVJOi420Nj5El4sdAA7dKPdn7O4LZAJxaz8vBxOGvq5BoSwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFBaOG+XooCJc8vfu6fwrbXkSJgvuMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvRm80YjVlaWdJbHp5OS03cF9DdHRlUkltQy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBPtx2AwQA
UQwrAwQAUQxNAwQAUQxkAwQBUQxmAwQCV2tkMA0GCSqGSIb3DQEBCwUAA4IBAQAB
AjeEkGQTskQeU6/oqcjMZuQG5TcgSYNToADRT45T2zgYOgo/YmA++GmPdYe/9qJ5
d5ny/qsR46brnbRMUekYrW9HmrDi6okql35/amZ/RoVFqz5p/Uv8jLIXp62guhoH
Fx6oAemECJUjP6GDVK5kGK5TroHMvobC0vz13XYjJYE0pQyTn/47PWljaYq+R0p/
e+oLwOceGeswackZYn/vl7Pv55wOm9u0cOU1fLvAaFnqpA66fxcRo4IksdA/1dgG
5U+KaYz0kQbqXIh9BpnEzT+rTP3MZHeS9B8Sb3zwPRYfX8P/0WdZVzy1ACB2Q5ud
o9PbBbRoDMLhrQcl2iyf
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:23:01 2024 by rpki-client on console-fra.rpki-client.org