Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/0Nzx4AGL6vWp9FXNQ9zGyuLP3C8.roa
File:                     0Nzx4AGL6vWp9FXNQ9zGyuLP3C8.roa (raw, json)
Hash identifier:          tJtVpD0Ife7e5B+Fqp0DKlorNoGCHGFSFPkuBXs5md8=
Subject key identifier:   D0:DC:F1:E0:01:8B:EA:F5:A9:F4:55:CD:43:DC:C6:CA:E2:CF:DC:2F
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       018CC9BCBC6B1885906232F9C031B628D2B8
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/0Nzx4AGL6vWp9FXNQ9zGyuLP3C8.roa
Signing time:             Tue 02 Jan 2024 10:33:58 +0000
ROA not before:           Tue 02 Jan 2024 10:33:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200165
IP address blocks:        195.235.164.0/24 maxlen: 24
                          213.99.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:bc:6b:18:85:90:62:32:f9:c0:31:b6:28:d2:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 10:33:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0dcf1e0018beaf5a9f455cd43dcc6cae2cfdc2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:54:0c:88:ee:14:45:88:2a:2f:40:58:60:67:
                    ef:8d:18:45:66:a3:cc:4a:5c:a2:3a:c3:54:82:e5:
                    6d:54:e9:2f:37:d2:9c:13:32:39:5c:15:e0:30:63:
                    72:1e:b9:98:d3:91:e3:9d:9f:85:11:58:12:56:fc:
                    ea:6c:7d:43:e7:6b:86:70:b6:f3:e1:8c:0f:29:ea:
                    d5:80:0b:a8:0f:36:33:23:cc:e5:eb:f3:9c:3a:12:
                    e8:f5:6f:5b:4d:9f:c2:c7:b4:e8:50:88:54:d2:da:
                    3f:c2:e1:96:7a:d9:58:38:c6:1f:db:a9:eb:6b:cf:
                    d5:b9:59:8f:26:28:d0:28:9e:94:88:89:9b:05:4a:
                    38:c3:9c:ca:bf:ec:7e:c5:4f:d3:7c:a6:07:75:c9:
                    7a:9d:25:b8:20:23:cd:63:1e:55:ee:b7:8f:b8:7e:
                    3f:75:3b:74:c1:1a:50:5b:41:cf:43:d9:9b:fe:78:
                    b8:2f:58:81:d6:b5:87:55:2b:ff:85:c8:c0:38:b8:
                    90:e5:72:a3:d3:75:aa:1e:eb:40:98:9d:d3:d3:62:
                    42:48:eb:48:e3:3b:46:2d:cd:4f:55:30:8d:29:99:
                    fa:01:69:98:64:ab:1d:71:e0:ce:48:8c:5a:0e:dd:
                    7f:d7:13:2e:0a:7f:c3:df:59:3b:f9:70:d8:75:ea:
                    ce:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:DC:F1:E0:01:8B:EA:F5:A9:F4:55:CD:43:DC:C6:CA:E2:CF:DC:2F
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/0Nzx4AGL6vWp9FXNQ9zGyuLP3C8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.235.164.0/24
                  213.99.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:eb:24:29:f0:7a:52:dc:e4:ef:53:62:7e:1b:a6:b1:58:50:
         ac:08:a1:3a:f9:74:c1:09:57:c9:0f:dd:4d:12:f8:06:35:cf:
         75:b3:b8:6a:56:c3:e1:58:1a:60:cf:8a:44:e6:3b:74:da:57:
         26:77:11:55:4d:f6:22:43:50:61:20:28:4d:5e:b6:44:ec:69:
         b2:21:49:0b:72:55:67:24:56:45:e5:c6:a4:0f:b3:72:f3:8a:
         43:d4:8d:cf:95:a6:7c:59:c4:85:9c:70:30:d3:e0:21:9d:61:
         51:c1:5d:03:3f:0e:22:85:47:24:80:8c:b6:5b:a7:69:ff:9b:
         b5:1b:32:d8:c7:10:a6:e6:49:70:f5:8f:31:0d:b0:e3:63:73:
         5d:3f:73:ff:e4:6f:ad:c9:ae:cb:82:c2:07:74:a8:82:c5:5b:
         0d:72:59:22:d5:ee:16:a1:18:c3:ff:bb:a6:c2:eb:dc:11:f4:
         96:50:c6:01:6c:7d:77:49:5c:2a:7b:a7:dd:9a:c9:09:8f:e7:
         64:39:f0:85:4c:7b:52:59:e5:bd:cb:54:3e:9b:b5:52:41:af:
         21:06:c0:c4:d7:81:79:bb:b4:fc:2f:a9:6a:1c:34:9a:39:2c:
         aa:8e:c1:b7:43:cd:af:30:01:99:ff:89:89:3e:ed:22:ee:6f:
         7a:e7:85:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvLxrGIWQYjL5wDG2KNK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwMTAyMTAzMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGRjZjFlMDAxOGJlYWY1YTlmNDU1Y2Q0M2RjYzZjYWUyY2ZkYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFQMiO4URYgqL0BYYGfvjRhFZqPM
SlyiOsNUguVtVOkvN9KcEzI5XBXgMGNyHrmY05HjnZ+FEVgSVvzqbH1D52uGcLbz
4YwPKerVgAuoDzYzI8zl6/OcOhLo9W9bTZ/Cx7ToUIhU0to/wuGWetlYOMYf26nr
a8/VuVmPJijQKJ6UiImbBUo4w5zKv+x+xU/TfKYHdcl6nSW4ICPNYx5V7rePuH4/
dTt0wRpQW0HPQ9mb/ni4L1iB1rWHVSv/hcjAOLiQ5XKj03WqHutAmJ3T02JCSOtI
4ztGLc1PVTCNKZn6AWmYZKsdceDOSIxaDt1/1xMuCn/D31k7+XDYderOEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNDc8eABi+r1qfRVzUPcxsriz9wvMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvME56eDRBR0w2dldwOUZYTlE5ekd5dUxQM0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw+ukAwQA
1WMcMA0GCSqGSIb3DQEBCwUAA4IBAQC46yQp8HpS3OTvU2J+G6axWFCsCKE6+XTB
CVfJD91NEvgGNc91s7hqVsPhWBpgz4pE5jt02lcmdxFVTfYiQ1BhIChNXrZE7Gmy
IUkLclVnJFZF5cakD7Ny84pD1I3PlaZ8WcSFnHAw0+AhnWFRwV0DPw4ihUckgIy2
W6dp/5u1GzLYxxCm5klw9Y8xDbDjY3NdP3P/5G+tya7LgsIHdKiCxVsNclki1e4W
oRjD/7umwuvcEfSWUMYBbH13SVwqe6fdmskJj+dkOfCFTHtSWeW9y1Q+m7VSQa8h
BsDE14F5u7T8L6lqHDSaOSyqjsG3Q82vMAGZ/4mJPu0i7m9654Vj
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:57:43 2024 by rpki-client on console-fra.rpki-client.org