Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/yjuipj5_DN-dGsS9sdI74019vVM.roa
File:                     yjuipj5_DN-dGsS9sdI74019vVM.roa (raw, json)
Hash identifier:          N/r51Pi7xr5+sIY0wwgWgZhbHifRQNhea6pEbyhIO2M=
Subject key identifier:   CA:3B:A2:A6:3E:7F:0C:DF:9D:1A:C4:BD:B1:D2:3B:E3:4D:7D:BD:53
Certificate issuer:       /CN=3447a30428254c9970fcfbdffef06b0d6b490f0e
Certificate serial:       018CC94E2DFE9958F06E6D6C87A199A48224
Authority key identifier: 34:47:A3:04:28:25:4C:99:70:FC:FB:DF:FE:F0:6B:0D:6B:49:0F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NEejBCglTJlw_Pvf_vBrDWtJDw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/yjuipj5_DN-dGsS9sdI74019vVM.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42198
IP address blocks:        193.30.32.0/22 maxlen: 24
                          2a0c:8540::/43 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/NEejBCglTJlw_Pvf_vBrDWtJDw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/NEejBCglTJlw_Pvf_vBrDWtJDw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NEejBCglTJlw_Pvf_vBrDWtJDw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 11:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2d:fe:99:58:f0:6e:6d:6c:87:a1:99:a4:82:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3447a30428254c9970fcfbdffef06b0d6b490f0e
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca3ba2a63e7f0cdf9d1ac4bdb1d23be34d7dbd53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6c:25:61:8e:64:f2:b2:b1:49:3c:0a:e9:41:
                    7e:3e:55:88:48:61:76:89:e9:39:a1:77:43:37:7b:
                    a0:a1:78:b1:24:52:a4:85:0d:b1:fb:a8:f9:8f:ab:
                    5b:81:96:23:53:05:23:fa:df:b3:30:d6:31:a9:24:
                    41:a7:28:b8:cb:ff:87:37:70:cb:10:4b:4f:f5:51:
                    77:45:c9:9b:91:65:c3:d3:12:7d:4e:c2:5f:20:85:
                    af:7e:0b:89:59:99:21:de:eb:d7:36:14:27:3b:38:
                    8c:96:d5:99:5b:f8:99:b0:c5:ab:71:04:c1:79:37:
                    9e:9d:a9:84:0c:7f:2a:25:0c:d8:ce:bc:49:63:e8:
                    75:88:c9:61:b7:af:bb:43:45:9c:81:bc:b9:d5:8a:
                    70:84:b7:4c:9f:7e:d5:f2:0a:69:f7:5a:25:72:de:
                    9b:83:1b:9f:09:c2:a4:ba:34:77:6b:5f:d8:4f:2d:
                    a2:fa:ad:03:e0:6f:ed:9c:71:c4:19:b7:b5:1f:8e:
                    f7:14:39:e7:2c:ca:1a:ce:21:2e:a0:55:00:a8:66:
                    e5:7f:84:18:9f:0a:52:ff:65:f7:89:a2:11:06:d2:
                    b4:79:08:d6:d8:da:c5:c6:b8:93:a5:ff:ec:39:5f:
                    cf:0f:dc:26:83:ac:00:b9:ce:08:3b:d1:0c:36:c2:
                    93:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:3B:A2:A6:3E:7F:0C:DF:9D:1A:C4:BD:B1:D2:3B:E3:4D:7D:BD:53
            X509v3 Authority Key Identifier:
                keyid:34:47:A3:04:28:25:4C:99:70:FC:FB:DF:FE:F0:6B:0D:6B:49:0F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NEejBCglTJlw_Pvf_vBrDWtJDw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/yjuipj5_DN-dGsS9sdI74019vVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/fc419a-5c21-4d2f-9b80-bde028ad5930/1/NEejBCglTJlw_Pvf_vBrDWtJDw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.32.0/22
                IPv6:
                  2a0c:8540::/43

    Signature Algorithm: sha256WithRSAEncryption
         24:df:46:67:1d:2e:cb:95:8f:d0:43:74:e8:35:7f:2e:5b:7d:
         d1:fa:cd:d9:80:8c:aa:bd:ad:c2:c3:67:04:85:54:dc:d2:a2:
         cc:ce:33:af:93:12:d6:91:ff:5a:45:28:bd:15:4a:12:3e:f1:
         e4:44:52:fa:8b:a6:6a:9b:f5:6e:ae:2f:f0:f4:c6:d4:8f:99:
         75:40:00:a6:2a:96:a6:0f:ea:89:c1:68:1d:ff:a9:da:2f:3e:
         ed:3d:67:5d:e6:7d:2d:31:1b:9c:15:bc:66:ee:19:ea:8f:23:
         fa:f2:4e:f1:42:fd:ba:57:8d:64:ba:2f:1b:64:ed:49:b1:29:
         95:d4:c0:27:75:48:03:b0:2b:68:44:4d:18:14:23:f2:eb:38:
         30:13:a9:28:40:22:7e:e4:05:6c:c0:73:5b:48:45:5d:25:c7:
         49:45:ea:51:92:5b:44:45:85:9e:ad:a6:b0:41:83:b3:30:f6:
         0b:3f:8e:7e:a9:62:27:2e:71:45:7e:5e:e2:e2:88:69:9d:72:
         ac:96:e0:9f:4f:8b:da:5a:5a:90:4f:da:80:7c:1c:24:80:6e:
         27:99:be:10:f9:3b:83:c5:c3:3d:d6:50:0d:35:66:13:cf:3e:
         c6:34:88:b5:8d:c3:d8:4a:59:a1:cf:03:52:c2:7b:9e:bd:33:
         55:f5:14:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTi3+mVjwbm1sh6GZpIIkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NDdhMzA0MjgyNTRjOTk3MGZjZmJkZmZlZjA2YjBkNmI0
OTBmMGUwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTNiYTJhNjNlN2YwY2RmOWQxYWM0YmRiMWQyM2JlMzRkN2RiZDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWwlYY5k8rKxSTwK6UF+PlWISGF2
iek5oXdDN3ugoXixJFKkhQ2x+6j5j6tbgZYjUwUj+t+zMNYxqSRBpyi4y/+HN3DL
EEtP9VF3RcmbkWXD0xJ9TsJfIIWvfguJWZkh3uvXNhQnOziMltWZW/iZsMWrcQTB
eTeenamEDH8qJQzYzrxJY+h1iMlht6+7Q0Wcgby51YpwhLdMn37V8gpp91olct6b
gxufCcKkujR3a1/YTy2i+q0D4G/tnHHEGbe1H473FDnnLMoaziEuoFUAqGblf4QY
nwpS/2X3iaIRBtK0eQjW2NrFxriTpf/sOV/PD9wmg6wAuc4IO9EMNsKTSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMo7oqY+fwzfnRrEvbHSO+NNfb1TMB8GA1UdIwQY
MBaAFDRHowQoJUyZcPz73/7waw1rSQ8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkVlakJDZ2xUSmx3X1B2Zl92QnJEV3RKRHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9mYzQxOWEtNWMyMS00ZDJmLTliODAt
YmRlMDI4YWQ1OTMwLzEveWp1aXBqNV9ETi1kR3NTOXNkSTc0MDE5dlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9mYzQxOWEtNWMyMS00ZDJmLTliODAtYmRlMDI4YWQ1OTMw
LzEvTkVlakJDZ2xUSmx3X1B2Zl92QnJEV3RKRHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwR4gMA8E
AgACMAkDBwUqDIVAAAAwDQYJKoZIhvcNAQELBQADggEBACTfRmcdLsuVj9BDdOg1
fy5bfdH6zdmAjKq9rcLDZwSFVNzSoszOM6+TEtaR/1pFKL0VShI+8eREUvqLpmqb
9W6uL/D0xtSPmXVAAKYqlqYP6onBaB3/qdovPu09Z13mfS0xG5wVvGbuGeqPI/ry
TvFC/bpXjWS6Lxtk7UmxKZXUwCd1SAOwK2hETRgUI/LrODATqShAIn7kBWzAc1tI
RV0lx0lF6lGSW0RFhZ6tprBBg7Mw9gs/jn6pYicucUV+XuLiiGmdcqyW4J9Pi9pa
WpBP2oB8HCSAbieZvhD5O4PFwz3WUA01ZhPPPsY0iLWNw9hKWaHPA1LCe569M1X1
FHg=
-----END CERTIFICATE-----
Generated at Thu Jun 13 19:48:02 2024 by rpki-client on console-ams.rpki-client.org