Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Rs33io-AsFmb0nd7uZIyr_jiKjo.roa
File:                     Rs33io-AsFmb0nd7uZIyr_jiKjo.roa (raw, json)
Hash identifier:          fv46rLA20t4wSKOOHKE5TVzZ1SQOOJ6gmZ1o9NUXb40=
Subject key identifier:   46:CD:F7:8A:8F:80:B0:59:9B:D2:77:7B:B9:92:32:AF:F8:E2:2A:3A
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50122E9195DD29F18F53767EF731C3C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Rs33io-AsFmb0nd7uZIyr_jiKjo.roa
Signing time:             Mon 01 Jan 2024 12:30:35 +0000
ROA not before:           Mon 01 Jan 2024 12:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201838
IP address blocks:        161.51.48.0/20 maxlen: 24
                          161.51.192.0/19 maxlen: 24
                          161.51.96.0/23 maxlen: 24
                          161.51.224.0/20 maxlen: 24
                          161.51.252.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:22:e9:19:5d:d2:9f:18:f5:37:67:ef:73:1c:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46cdf78a8f80b0599bd2777bb99232aff8e22a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d3:ef:f0:8d:b1:39:dc:3b:9c:9b:f8:75:a6:
                    9a:2e:62:94:dc:15:f0:40:f7:33:d0:a1:d3:71:6b:
                    39:96:a6:38:0a:1f:a1:d7:0e:b4:52:53:88:1d:23:
                    07:9d:16:f7:66:9b:be:58:c2:1b:73:77:f1:73:0f:
                    63:23:9d:a4:42:8f:b5:1c:58:7f:e9:9a:9d:a9:48:
                    03:dc:28:4b:41:df:ed:04:d3:a7:ee:18:82:73:1d:
                    14:34:0c:fc:cd:4d:10:27:7d:48:6c:b9:29:54:35:
                    29:45:a6:26:1c:e3:9b:76:f1:c8:54:3b:4b:b3:cc:
                    f0:4c:68:a1:cb:ec:33:3a:38:a1:1b:b0:a2:82:d2:
                    77:54:0e:77:b8:50:e5:89:f5:a0:c9:30:ec:5b:e8:
                    5e:4b:42:45:a0:8b:fc:a3:c0:80:f9:f1:1b:b8:d4:
                    2c:1e:e7:ec:a2:68:53:db:0c:88:e3:90:4b:8b:98:
                    65:e9:67:4d:0a:b4:86:46:d6:e5:ad:7c:5a:03:e0:
                    8c:c5:d9:0a:f8:fd:f2:79:5f:cf:8c:51:93:92:7a:
                    ea:c7:ab:b2:54:cf:bb:27:2d:36:a6:93:cc:f7:80:
                    f2:80:37:75:04:05:f5:3e:4c:d8:ee:12:34:d3:64:
                    aa:5a:2b:f5:11:62:02:2f:76:c8:be:8c:ea:a8:be:
                    b2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:CD:F7:8A:8F:80:B0:59:9B:D2:77:7B:B9:92:32:AF:F8:E2:2A:3A
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Rs33io-AsFmb0nd7uZIyr_jiKjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.51.48.0/20
                  161.51.96.0/23
                  161.51.192.0-161.51.239.255
                  161.51.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:70:80:21:8d:10:46:e5:62:b2:a0:55:e6:b1:80:19:ea:bd:
         3c:78:94:70:7e:0e:5a:04:94:0a:1c:63:4b:32:e9:96:0f:96:
         5c:07:df:16:87:c0:23:33:4f:31:7c:cd:0b:77:b3:a5:a3:d1:
         c7:74:04:c8:2f:ec:e5:75:e2:4a:e2:bf:1c:13:d0:00:41:29:
         15:5a:b4:6e:34:e6:d0:07:bb:1f:e0:1b:89:01:31:a0:0d:35:
         44:fb:93:c1:58:d6:19:ac:d8:db:9b:dd:6e:a3:e4:53:f9:47:
         9b:a5:1d:a5:a9:f0:fb:59:9f:20:7d:70:85:15:9b:75:3a:59:
         b3:02:53:67:58:d3:40:a3:b4:2f:f9:28:c8:ed:02:49:f2:ab:
         cc:c9:3c:14:e6:f3:e8:15:9f:f6:6f:59:5b:94:36:99:72:05:
         a9:61:ee:c1:d5:d8:d4:db:6c:c4:c9:f5:7f:f9:ab:96:d5:cc:
         8a:12:b3:1f:fd:7d:16:bc:68:72:55:22:f0:6f:4a:46:2b:3d:
         63:7c:f5:79:d8:51:de:2d:37:2f:0b:6d:5a:7b:4f:4e:b1:3f:
         89:cc:d7:af:66:36:00:0f:59:06:1a:49:95:01:47:df:7e:cb:
         16:fa:e0:93:2f:fe:9d:85:52:fe:19:0f:58:1d:ae:8b:ed:89:
         dd:b2:91:2e
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzFASLpGV3Snxj1N2fvcxw8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmNkZjc4YThmODBiMDU5OWJkMjc3N2JiOTkyMzJhZmY4ZTIyYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9Pv8I2xOdw7nJv4daaaLmKU3BXw
QPcz0KHTcWs5lqY4Ch+h1w60UlOIHSMHnRb3Zpu+WMIbc3fxcw9jI52kQo+1HFh/
6ZqdqUgD3ChLQd/tBNOn7hiCcx0UNAz8zU0QJ31IbLkpVDUpRaYmHOObdvHIVDtL
s8zwTGihy+wzOjihG7CigtJ3VA53uFDlifWgyTDsW+heS0JFoIv8o8CA+fEbuNQs
HufsomhT2wyI45BLi5hl6WdNCrSGRtblrXxaA+CMxdkK+P3yeV/PjFGTknrqx6uy
VM+7Jy02ppPM94DygDd1BAX1PkzY7hI002SqWiv1EWICL3bIvozqqL6yawIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFEbN94qPgLBZm9J3e7mSMq/44io6MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUnMzM2lvLUFzRm1iMG5kN3VaSXlyX2ppS2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQEoTMwAwQB
oTNgMAwDBAahM8ADBAShM+ADBAGhM/wwDQYJKoZIhvcNAQELBQADggEBAFFwgCGN
EEblYrKgVeaxgBnqvTx4lHB+DloElAocY0sy6ZYPllwH3xaHwCMzTzF8zQt3s6Wj
0cd0BMgv7OV14krivxwT0ABBKRVatG405tAHux/gG4kBMaANNUT7k8FY1hms2Nub
3W6j5FP5R5ulHaWp8PtZnyB9cIUVm3U6WbMCU2dY00CjtC/5KMjtAknyq8zJPBTm
8+gVn/ZvWVuUNplyBalh7sHV2NTbbMTJ9X/5q5bVzIoSsx/9fRa8aHJVIvBvSkYr
PWN89XnYUd4tNy8LbVp7T06xP4nM169mNgAPWQYaSZUBR99+yxb64JMv/p2FUv4Z
D1gdrovtid2ykS4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:08:05 2024 by rpki-client on console-fra.rpki-client.org