Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/arv70wXjIMlINNYDl2-4nyPlpTo.roa
File:                     arv70wXjIMlINNYDl2-4nyPlpTo.roa (raw, json)
Hash identifier:          /g0Z+wzEq6avdobCFJnqSwvnOcp2awKtn8hJEizlWis=
Subject key identifier:   6A:BB:FB:D3:05:E3:20:C9:48:34:D6:03:97:6F:B8:9F:23:E5:A5:3A
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       018CC5DC90CEF57BE63DBAB2CFA4E154122D
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/arv70wXjIMlINNYDl2-4nyPlpTo.roa
Signing time:             Mon 01 Jan 2024 16:30:15 +0000
ROA not before:           Mon 01 Jan 2024 16:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199522
IP address blocks:        89.30.156.0/24 maxlen: 24
                          89.30.157.0/24 maxlen: 24
                          83.98.216.0/24 maxlen: 24
                          2001:16f8:4000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:90:ce:f5:7b:e6:3d:ba:b2:cf:a4:e1:54:12:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Jan  1 16:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6abbfbd305e320c94834d603976fb89f23e5a53a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ab:02:86:ad:dc:13:53:59:54:db:5f:2f:6c:
                    77:b8:6b:96:75:89:a5:43:dd:80:ba:4c:34:8a:9c:
                    f6:2e:d5:83:ef:a8:b1:16:82:3e:4f:5a:fc:48:3d:
                    4b:70:7f:cb:bf:9f:16:82:38:97:d0:e7:26:62:4c:
                    e6:7a:de:e9:91:e8:af:f5:f1:7d:8e:36:a6:3a:b1:
                    29:df:c0:f5:fa:aa:90:8c:c8:c8:03:22:9b:08:fa:
                    89:a4:9c:c8:ee:e3:88:0c:43:c7:94:0f:a9:fd:d8:
                    b8:5a:dd:70:55:9f:cf:4f:62:46:33:3e:77:69:7e:
                    66:2b:63:85:37:ce:72:08:90:11:73:db:3f:ce:92:
                    13:20:dd:77:82:ed:bb:76:fb:38:b5:59:30:d3:d3:
                    11:cc:1f:69:df:09:39:8d:00:a4:fe:e7:a9:66:5c:
                    be:67:bd:19:d3:77:eb:32:0f:98:8e:70:ec:80:8d:
                    e4:bb:54:35:db:9c:01:e3:37:3c:ee:cc:0a:3e:a8:
                    0f:d4:0a:7a:ef:ef:09:82:14:a5:a3:dc:6a:e7:a0:
                    57:30:06:85:5b:d1:4e:1a:b4:d7:79:25:48:ca:37:
                    61:de:e7:8e:e1:27:87:46:ed:cc:6b:14:c5:4c:54:
                    4b:73:3b:c9:bd:4e:05:4e:56:57:2e:08:39:c4:8c:
                    42:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:BB:FB:D3:05:E3:20:C9:48:34:D6:03:97:6F:B8:9F:23:E5:A5:3A
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/arv70wXjIMlINNYDl2-4nyPlpTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.98.216.0/24
                  89.30.156.0/23
                IPv6:
                  2001:16f8:4000::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:17:61:5f:00:ca:44:b8:39:92:6a:2b:16:01:ef:68:99:88:
         86:55:a3:21:7b:c2:12:a1:6e:3a:82:8c:5f:21:09:cb:27:8a:
         af:34:51:2d:a8:88:1f:72:82:65:29:56:a2:39:7c:7e:ad:37:
         ae:9a:05:54:7f:b3:cf:54:58:3e:b6:f9:bd:e1:48:3c:4c:12:
         b3:29:e4:b1:76:6f:15:7d:43:da:dc:48:27:eb:cc:98:cd:cf:
         21:56:d7:c4:41:67:a0:c8:17:70:ed:fd:f8:08:51:d9:eb:38:
         21:4a:97:f4:5a:b0:50:f4:50:16:28:ce:de:83:3f:0b:15:27:
         d6:04:52:23:fa:fc:b3:7c:16:ae:49:14:03:6f:a7:92:b3:1f:
         4b:c5:1b:78:e3:c5:fd:0a:07:1b:4d:c6:38:2c:40:46:32:82:
         32:ad:e9:0f:57:c1:f3:37:c7:85:3e:cd:e6:95:b5:22:44:df:
         ee:37:5a:6c:06:f3:86:4e:64:5b:11:02:13:67:e6:ca:ce:2a:
         10:93:94:35:11:ae:6b:df:65:df:d5:b4:1f:2f:b4:c7:dd:b8:
         62:13:64:ae:a1:84:f9:bb:75:7d:5b:34:cd:22:bc:a8:2c:4b:
         d1:a8:c9:ab:ce:9e:f2:8e:93:ef:a3:17:d4:2a:41:d2:9b:5c:
         33:93:5a:86
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzF3JDO9XvmPbqyz6ThVBItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjQwMTAxMTYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWJiZmJkMzA1ZTMyMGM5NDgzNGQ2MDM5NzZmYjg5ZjIzZTVhNTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6sChq3cE1NZVNtfL2x3uGuWdYml
Q92Aukw0ipz2LtWD76ixFoI+T1r8SD1LcH/Lv58WgjiX0OcmYkzmet7pkeiv9fF9
jjamOrEp38D1+qqQjMjIAyKbCPqJpJzI7uOIDEPHlA+p/di4Wt1wVZ/PT2JGMz53
aX5mK2OFN85yCJARc9s/zpITIN13gu27dvs4tVkw09MRzB9p3wk5jQCk/uepZly+
Z70Z03frMg+YjnDsgI3ku1Q125wB4zc87swKPqgP1Ap67+8JghSlo9xq56BXMAaF
W9FOGrTXeSVIyjdh3ueO4SeHRu3MaxTFTFRLczvJvU4FTlZXLgg5xIxCEwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGq7+9MF4yDJSDTWA5dvuJ8j5aU6MB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvYXJ2NzB3WGpJTWxJTk5ZRGwyLTRueVBscFRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAU2LYAwQB
WR6cMA8EAgACMAkDBwAgARb4QAAwDQYJKoZIhvcNAQELBQADggEBACgXYV8AykS4
OZJqKxYB72iZiIZVoyF7whKhbjqCjF8hCcsniq80US2oiB9ygmUpVqI5fH6tN66a
BVR/s89UWD62+b3hSDxMErMp5LF2bxV9Q9rcSCfrzJjNzyFW18RBZ6DIF3Dt/fgI
UdnrOCFKl/RasFD0UBYozt6DPwsVJ9YEUiP6/LN8Fq5JFANvp5KzH0vFG3jjxf0K
BxtNxjgsQEYygjKt6Q9XwfM3x4U+zeaVtSJE3+43WmwG84ZOZFsRAhNn5srOKhCT
lDURrmvfZd/VtB8vtMfduGITZK6hhPm7dX1bNM0ivKgsS9GoyavOnvKOk++jF9Qq
QdKbXDOTWoY=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:12:55 2024 by rpki-client on console-ams.rpki-client.org