Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/6e3fba-4d3a-43cb-babf-5f2882de3ec7/1/phfiv3SfeaBhcvne3aza_cBtZsY.roa
File:                     phfiv3SfeaBhcvne3aza_cBtZsY.roa (raw, json)
Hash identifier:          T71fbllJpX3pc09o0rIjJAYIrt93XRYdQk5LcVyv9Bc=
Subject key identifier:   A6:17:E2:BF:74:9F:79:A0:61:72:F9:DE:DD:AC:DA:FD:C0:6D:66:C6
Certificate issuer:       /CN=64e90627021adcfa5624342d3e5f8b48035acfb4
Certificate serial:       018CC7273BDCE7B04159575B6B41370E4E53
Authority key identifier: 64:E9:06:27:02:1A:DC:FA:56:24:34:2D:3E:5F:8B:48:03:5A:CF:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZOkGJwIa3PpWJDQtPl-LSANaz7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/6e3fba-4d3a-43cb-babf-5f2882de3ec7/1/phfiv3SfeaBhcvne3aza_cBtZsY.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198336
IP address blocks:        176.227.224.0/21 maxlen: 21
                          176.227.224.0/20 maxlen: 20
                          176.227.232.0/23 maxlen: 23
                          176.227.238.0/23 maxlen: 23
                          176.227.234.0/23 maxlen: 23
                          176.227.237.0/24 maxlen: 24
                          176.227.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/6e3fba-4d3a-43cb-babf-5f2882de3ec7/1/ZOkGJwIa3PpWJDQtPl-LSANaz7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/6e3fba-4d3a-43cb-babf-5f2882de3ec7/1/ZOkGJwIa3PpWJDQtPl-LSANaz7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZOkGJwIa3PpWJDQtPl-LSANaz7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3b:dc:e7:b0:41:59:57:5b:6b:41:37:0e:4e:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64e90627021adcfa5624342d3e5f8b48035acfb4
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a617e2bf749f79a06172f9deddacdafdc06d66c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:33:81:d9:54:d2:8d:84:8b:dc:b1:65:0b:a2:
                    31:98:ad:42:80:00:6d:65:53:30:45:73:d9:30:56:
                    80:aa:2b:59:eb:e6:25:4c:a1:37:92:59:b6:a6:d4:
                    69:3f:e8:83:1f:13:04:8f:e9:dc:b0:a7:d5:57:b1:
                    48:02:32:43:05:24:2e:ff:5d:0a:d5:73:06:a4:fb:
                    6c:49:4f:72:ce:c6:0a:0c:5e:90:26:ee:22:22:55:
                    11:47:3e:3f:47:e9:e5:1f:bb:17:96:cd:ee:9c:a8:
                    a0:9b:71:dd:fe:d2:a9:d2:46:1e:36:0a:67:04:c1:
                    0b:34:77:9e:77:eb:0d:2b:d2:99:e1:27:59:eb:48:
                    6d:ef:6b:32:6c:55:75:a9:cd:b6:63:57:9c:03:bd:
                    37:44:d1:fc:23:71:d0:58:7f:d6:ff:6c:4f:ad:81:
                    66:ac:20:f8:98:88:9e:7b:51:78:a6:d8:b6:33:26:
                    81:bb:2f:f3:e9:23:8b:d5:3e:a5:c6:f8:2e:de:27:
                    48:ca:24:95:2e:3e:fe:02:b5:18:8a:c0:1c:f1:49:
                    75:94:86:12:99:cb:58:5c:dc:64:ee:23:ca:4d:c9:
                    d7:b6:e6:f9:58:0b:3f:cb:b1:99:3d:29:d3:6d:e7:
                    05:67:28:cb:17:2a:d9:11:8f:4f:5e:b4:c5:7c:25:
                    04:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:17:E2:BF:74:9F:79:A0:61:72:F9:DE:DD:AC:DA:FD:C0:6D:66:C6
            X509v3 Authority Key Identifier:
                keyid:64:E9:06:27:02:1A:DC:FA:56:24:34:2D:3E:5F:8B:48:03:5A:CF:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZOkGJwIa3PpWJDQtPl-LSANaz7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6e3fba-4d3a-43cb-babf-5f2882de3ec7/1/phfiv3SfeaBhcvne3aza_cBtZsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6e3fba-4d3a-43cb-babf-5f2882de3ec7/1/ZOkGJwIa3PpWJDQtPl-LSANaz7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.227.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         80:4f:e6:61:5e:d5:88:7a:a9:03:1f:a8:8e:12:a2:8b:d5:6f:
         19:02:8f:e7:95:6b:f0:85:74:1a:4f:c3:27:e0:03:83:5f:bd:
         78:05:44:a7:5c:11:3e:07:bf:1a:5b:d2:a4:4e:20:71:77:a8:
         57:31:f3:72:9c:35:96:1b:95:83:13:91:2f:69:c5:11:14:62:
         3c:86:98:6c:8a:ba:42:fa:77:04:4a:d6:24:c7:14:2f:3a:f1:
         ec:50:2b:59:28:8d:68:19:c2:9f:1e:ed:08:e8:74:36:ee:2d:
         0f:f5:22:de:17:aa:a0:6e:84:50:dc:a3:f2:53:35:e4:c4:52:
         b6:5b:59:5c:f6:1f:5c:ed:52:4e:8c:1c:69:b5:a0:f9:6c:38:
         5b:0f:93:23:51:47:d7:8f:e7:d6:49:63:b1:4a:0d:0a:df:21:
         a6:ae:20:e9:ea:3e:05:7b:25:c1:ee:30:f7:75:ad:03:d2:95:
         19:73:d1:ba:97:be:5f:cd:33:d2:5f:e4:6d:09:9f:66:72:2e:
         8a:53:05:9b:8e:04:f1:0b:55:2b:6f:7a:7d:bc:43:5e:b9:45:
         e1:ae:45:c1:f7:af:7b:dc:34:19:b9:f5:a5:97:de:5f:bc:c1:
         db:d5:c6:a7:0a:7d:bf:3b:11:42:b9:43:a2:49:fc:99:cf:5e:
         8e:5b:8d:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzvc57BBWVdba0E3Dk5TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZTkwNjI3MDIxYWRjZmE1NjI0MzQyZDNlNWY4YjQ4MDM1
YWNmYjQwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjE3ZTJiZjc0OWY3OWEwNjE3MmY5ZGVkZGFjZGFmZGMwNmQ2NmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDOB2VTSjYSL3LFlC6IxmK1CgABt
ZVMwRXPZMFaAqitZ6+YlTKE3klm2ptRpP+iDHxMEj+ncsKfVV7FIAjJDBSQu/10K
1XMGpPtsSU9yzsYKDF6QJu4iIlURRz4/R+nlH7sXls3unKigm3Hd/tKp0kYeNgpn
BMELNHeed+sNK9KZ4SdZ60ht72sybFV1qc22Y1ecA703RNH8I3HQWH/W/2xPrYFm
rCD4mIiee1F4pti2MyaBuy/z6SOL1T6lxvgu3idIyiSVLj7+ArUYisAc8Ul1lIYS
mctYXNxk7iPKTcnXtub5WAs/y7GZPSnTbecFZyjLFyrZEY9PXrTFfCUE7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYX4r90n3mgYXL53t2s2v3AbWbGMB8GA1UdIwQY
MBaAFGTpBicCGtz6ViQ0LT5fi0gDWs+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk9rR0p3SWEzUHBXSkRRdFBsLUxTQU5hejdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy82ZTNmYmEtNGQzYS00M2NiLWJhYmYt
NWYyODgyZGUzZWM3LzEvcGhmaXYzU2ZlYUJoY3ZuZTNhemFfY0J0WnNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy82ZTNmYmEtNGQzYS00M2NiLWJhYmYtNWYyODgyZGUzZWM3
LzEvWk9rR0p3SWEzUHBXSkRRdFBsLUxTQU5hejdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEsOPgMA0G
CSqGSIb3DQEBCwUAA4IBAQCAT+ZhXtWIeqkDH6iOEqKL1W8ZAo/nlWvwhXQaT8Mn
4AODX714BUSnXBE+B78aW9KkTiBxd6hXMfNynDWWG5WDE5EvacURFGI8hphsirpC
+ncEStYkxxQvOvHsUCtZKI1oGcKfHu0I6HQ27i0P9SLeF6qgboRQ3KPyUzXkxFK2
W1lc9h9c7VJOjBxptaD5bDhbD5MjUUfXj+fWSWOxSg0K3yGmriDp6j4FeyXB7jD3
da0D0pUZc9G6l75fzTPSX+RtCZ9mci6KUwWbjgTxC1Urb3p9vENeuUXhrkXB9697
3DQZufWll95fvMHb1canCn2/OxFCuUOiSfyZz16OW415
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:54:10 2024 by rpki-client on console-ams.rpki-client.org