Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/lSQYu6Uj-4d6QcMK0Fxe3aWG11o.roa
File:                     lSQYu6Uj-4d6QcMK0Fxe3aWG11o.roa (raw, json)
Hash identifier:          ZoOC7aKEUN5t06VqNPbkUl18hZATIFagOOBkX0Hq77g=
Subject key identifier:   95:24:18:BB:A5:23:FB:87:7A:41:C3:0A:D0:5C:5E:DD:A5:86:D7:5A
Certificate issuer:       /CN=72e6fd2271dde10886d97ff14703e581a204b65e
Certificate serial:       018D12995147BDA3C8CFC0B308640A1BDB71
Authority key identifier: 72:E6:FD:22:71:DD:E1:08:86:D9:7F:F1:47:03:E5:81:A2:04:B6:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cub9InHd4QiG2X_xRwPlgaIEtl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/lSQYu6Uj-4d6QcMK0Fxe3aWG11o.roa
Signing time:             Tue 16 Jan 2024 14:07:34 +0000
ROA not before:           Tue 16 Jan 2024 14:07:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61218
IP address blocks:        95.128.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/cub9InHd4QiG2X_xRwPlgaIEtl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/cub9InHd4QiG2X_xRwPlgaIEtl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cub9InHd4QiG2X_xRwPlgaIEtl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:12:99:51:47:bd:a3:c8:cf:c0:b3:08:64:0a:1b:db:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e6fd2271dde10886d97ff14703e581a204b65e
        Validity
            Not Before: Jan 16 14:07:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=952418bba523fb877a41c30ad05c5edda586d75a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b0:33:cc:d2:1a:e6:48:ba:58:9d:06:2c:b5:
                    ee:2f:3f:ff:39:ef:58:00:3c:04:2e:ac:f8:54:1f:
                    57:a4:c3:c4:1d:5a:89:0a:fd:96:e2:42:57:13:80:
                    ef:49:f4:e7:8f:dd:c0:90:85:51:54:4d:5d:25:3d:
                    9c:02:26:b0:9d:31:e4:b9:4b:48:f0:6b:04:ed:3d:
                    74:d9:1e:c5:1a:9b:c3:d8:57:76:ed:fb:ea:db:b1:
                    b8:f5:2d:23:2a:a2:47:93:c0:46:05:35:eb:af:06:
                    27:0a:52:03:9d:06:2e:9c:ff:59:ca:f0:3f:66:f8:
                    27:55:75:c9:e7:93:e4:62:0f:0b:8d:8e:ac:7f:8b:
                    46:81:df:ad:81:4c:6b:94:b2:63:c7:2c:e6:bc:34:
                    ae:09:df:b5:dd:3e:bd:0d:62:fa:3e:38:c5:f8:4f:
                    87:47:eb:26:50:2a:0c:e6:4a:89:b2:79:97:4e:7d:
                    9e:56:db:93:9b:19:45:76:8e:79:5a:88:ff:1c:f3:
                    c4:3b:63:dc:fb:97:59:ac:5f:e2:02:81:d4:d4:e2:
                    9f:a7:4e:cf:46:50:41:49:cc:9b:1a:74:63:ca:61:
                    5c:03:46:33:5b:e2:57:24:7d:d4:14:b8:c0:36:b3:
                    d8:f3:03:4e:cd:59:73:e4:24:29:71:14:36:81:26:
                    b2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:24:18:BB:A5:23:FB:87:7A:41:C3:0A:D0:5C:5E:DD:A5:86:D7:5A
            X509v3 Authority Key Identifier:
                keyid:72:E6:FD:22:71:DD:E1:08:86:D9:7F:F1:47:03:E5:81:A2:04:B6:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cub9InHd4QiG2X_xRwPlgaIEtl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/lSQYu6Uj-4d6QcMK0Fxe3aWG11o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/70658b-377a-4915-b1e8-6af215bff1ce/1/cub9InHd4QiG2X_xRwPlgaIEtl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:85:b6:db:56:1c:ff:17:9a:03:b4:a1:3c:9c:61:b8:19:01:
         a0:1e:63:30:57:0a:e7:04:48:f6:d9:75:2e:b6:a0:09:c4:31:
         31:4d:3f:74:be:8f:e4:2a:31:8c:6f:ba:7f:ff:a5:ec:91:11:
         04:50:20:c2:be:f9:25:43:d9:64:a7:d1:e0:b4:5c:97:cb:77:
         4c:66:7f:13:57:03:28:6f:27:4e:6b:c2:76:80:ec:5a:6f:50:
         9c:fa:e3:eb:b7:a3:58:64:34:0d:28:f0:42:fe:d5:75:12:e6:
         d8:8b:01:d5:bd:b0:13:4a:37:76:3d:9d:bc:0d:ab:71:dd:00:
         74:4d:69:3f:6a:a5:4c:99:34:03:92:c9:44:ff:f1:27:4e:fe:
         e1:d6:24:df:f7:a8:82:02:58:97:ae:9b:49:fb:91:96:be:b2:
         87:93:79:8d:32:c4:a2:18:65:3c:1f:32:84:ba:c9:70:6f:81:
         e5:c2:64:95:0b:a8:be:28:c6:87:e0:68:3c:fc:92:88:f3:73:
         dc:7f:05:a9:2d:5b:f9:1a:b1:e4:04:82:52:f3:b0:9e:8a:a7:
         9e:4d:47:01:0c:e5:76:d0:9c:f1:d4:76:04:41:4c:a7:98:f3:
         05:6a:ac:93:1f:66:5a:16:79:4f:51:2b:72:84:49:c3:96:83:
         35:e4:36:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0SmVFHvaPIz8CzCGQKG9txMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTZmZDIyNzFkZGUxMDg4NmQ5N2ZmMTQ3MDNlNTgxYTIw
NGI2NWUwHhcNMjQwMTE2MTQwNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTI0MThiYmE1MjNmYjg3N2E0MWMzMGFkMDVjNWVkZGE1ODZkNzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bAzzNIa5ki6WJ0GLLXuLz//Oe9Y
ADwELqz4VB9XpMPEHVqJCv2W4kJXE4DvSfTnj93AkIVRVE1dJT2cAiawnTHkuUtI
8GsE7T102R7FGpvD2Fd27fvq27G49S0jKqJHk8BGBTXrrwYnClIDnQYunP9ZyvA/
ZvgnVXXJ55PkYg8LjY6sf4tGgd+tgUxrlLJjxyzmvDSuCd+13T69DWL6PjjF+E+H
R+smUCoM5kqJsnmXTn2eVtuTmxlFdo55Woj/HPPEO2Pc+5dZrF/iAoHU1OKfp07P
RlBBScybGnRjymFcA0YzW+JXJH3UFLjANrPY8wNOzVlz5CQpcRQ2gSay+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUkGLulI/uHekHDCtBcXt2lhtdaMB8GA1UdIwQY
MBaAFHLm/SJx3eEIhtl/8UcD5YGiBLZeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3ViOUluSGQ0UWlHMlhfeFJ3UGxnYUlFdGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83MDY1OGItMzc3YS00OTE1LWIxZTgt
NmFmMjE1YmZmMWNlLzEvbFNRWXU2VWotNGQ2UWNNSzBGeGUzYVdHMTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83MDY1OGItMzc3YS00OTE1LWIxZTgtNmFmMjE1YmZmMWNl
LzEvY3ViOUluSGQ0UWlHMlhfeFJ3UGxnYUlFdGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4CdMA0G
CSqGSIb3DQEBCwUAA4IBAQBDhbbbVhz/F5oDtKE8nGG4GQGgHmMwVwrnBEj22XUu
tqAJxDExTT90vo/kKjGMb7p//6XskREEUCDCvvklQ9lkp9HgtFyXy3dMZn8TVwMo
bydOa8J2gOxab1Cc+uPrt6NYZDQNKPBC/tV1EubYiwHVvbATSjd2PZ28Datx3QB0
TWk/aqVMmTQDkslE//EnTv7h1iTf96iCAliXrptJ+5GWvrKHk3mNMsSiGGU8HzKE
uslwb4HlwmSVC6i+KMaH4Gg8/JKI83PcfwWpLVv5GrHkBIJS87CeiqeeTUcBDOV2
0Jzx1HYEQUynmPMFaqyTH2ZaFnlPUStyhEnDloM15DZx
-----END CERTIFICATE-----
Generated at Tue Nov 26 20:13:29 2024 by rpki-client on console-ams.rpki-client.org