Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/X1SNEO7Ij2hzblHWnQovo2zyNbc.roa
File:                     X1SNEO7Ij2hzblHWnQovo2zyNbc.roa (raw, json)
Hash identifier:          Q4xUiQ4TvFJS/bsXEEzY9wJS4C+BNTZ5mQhVqXL5L2A=
Subject key identifier:   5F:54:8D:10:EE:C8:8F:68:73:6E:51:D6:9D:0A:2F:A3:6C:F2:35:B7
Certificate issuer:       /CN=a3674d5884a50a84e07dbdf6798ddcbb9cc2032e
Certificate serial:       018CC6B92DEC33A3CDE6AA1407B1E7274FB9
Authority key identifier: A3:67:4D:58:84:A5:0A:84:E0:7D:BD:F6:79:8D:DC:BB:9C:C2:03:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/X1SNEO7Ij2hzblHWnQovo2zyNbc.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199251
IP address blocks:        176.58.44.0/24 maxlen: 24
                          176.58.45.0/24 maxlen: 24
                          176.58.48.0/23 maxlen: 23
                          176.58.51.0/24 maxlen: 24
                          176.58.52.0/24 maxlen: 24
                          176.58.55.0/24 maxlen: 24
                          176.58.57.0/24 maxlen: 24
                          176.58.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/o2dNWISlCoTgfb32eY3cu5zCAy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/o2dNWISlCoTgfb32eY3cu5zCAy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2d:ec:33:a3:cd:e6:aa:14:07:b1:e7:27:4f:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3674d5884a50a84e07dbdf6798ddcbb9cc2032e
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f548d10eec88f68736e51d69d0a2fa36cf235b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ff:f7:b1:7c:fb:f7:07:ce:d2:4e:80:f0:94:
                    57:80:92:69:eb:9c:95:19:21:70:1c:13:53:f6:1e:
                    a0:a2:cb:af:d6:47:40:96:3b:ef:c6:aa:5b:53:2c:
                    16:bc:2e:ad:86:87:fe:2c:e5:d6:0b:75:d2:03:49:
                    8d:bb:90:92:0b:31:40:92:71:8b:e5:ef:36:a1:9d:
                    ae:5d:b8:8c:80:4f:de:2a:8d:95:8a:af:72:34:08:
                    1a:a8:bc:80:f3:f7:52:17:31:38:04:61:26:4a:2b:
                    53:d9:38:a3:29:fe:29:3a:58:76:77:c2:a2:63:bd:
                    08:20:e5:a8:1b:82:7a:b5:76:d8:4b:d5:b3:42:5c:
                    ac:5a:ed:85:d0:c5:ae:60:d9:eb:ad:37:3a:67:22:
                    8c:30:65:3b:a6:49:ad:45:65:1c:d8:ce:e2:b1:85:
                    53:78:34:9a:e0:48:86:4a:0e:3a:2a:72:4b:44:4d:
                    9c:4a:90:51:f4:90:29:bb:0d:eb:de:61:95:78:89:
                    0e:ad:28:e8:a2:b6:8c:88:5e:8e:8d:f3:29:f0:5f:
                    ac:59:ac:cd:71:36:2b:ef:3f:da:b6:22:a6:bc:f5:
                    58:c1:33:b2:7a:0a:0b:f7:99:87:b7:6d:15:97:64:
                    7c:98:c7:fd:9a:46:0a:4c:1f:7a:44:9b:85:b0:c7:
                    42:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:54:8D:10:EE:C8:8F:68:73:6E:51:D6:9D:0A:2F:A3:6C:F2:35:B7
            X509v3 Authority Key Identifier:
                keyid:A3:67:4D:58:84:A5:0A:84:E0:7D:BD:F6:79:8D:DC:BB:9C:C2:03:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/X1SNEO7Ij2hzblHWnQovo2zyNbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/o2dNWISlCoTgfb32eY3cu5zCAy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.44.0/23
                  176.58.48.0/23
                  176.58.51.0-176.58.52.255
                  176.58.55.0/24
                  176.58.57.0/24
                  176.58.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:56:85:32:6e:8d:1d:d1:f7:99:35:74:78:02:48:ac:3d:bb:
         8c:bc:c1:79:ec:08:6a:0a:6e:75:d3:a0:a2:9a:54:ef:93:a1:
         dc:6c:a4:c4:f1:9a:e7:55:ff:62:34:4e:9e:76:06:fe:51:86:
         0f:b6:53:4d:0c:ec:a6:64:5f:50:8c:82:11:47:7f:b2:6b:16:
         90:da:2b:34:e5:bf:fe:8d:dc:3c:f4:01:06:21:e9:2b:22:f4:
         29:4e:87:36:91:05:42:18:b4:00:ec:d2:34:04:a0:b2:fe:0c:
         2e:f6:60:00:17:8a:1b:10:86:46:86:c1:cd:15:93:c9:e5:52:
         58:47:97:87:73:70:a5:7c:4c:5c:fd:82:bd:98:ca:e3:5e:b1:
         ad:4e:d8:cc:0b:34:0f:83:3c:3c:37:9d:ff:7c:60:52:e1:ba:
         c1:0e:cd:56:58:c4:ea:5b:f4:ae:da:4b:82:bf:9a:f5:43:08:
         95:86:6b:46:a3:d8:16:e5:b5:cd:8b:44:f4:77:1b:86:74:97:
         7c:96:41:4f:84:77:4b:bb:1e:59:bc:28:a1:8f:76:ab:b5:29:
         6f:5d:0c:0d:36:c7:32:fc:6d:c7:6b:0e:1b:64:7f:e3:e0:14:
         bb:60:36:16:b4:72:4e:ff:df:a6:33:58:98:10:c0:17:11:c5:
         a8:03:5e:40
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYzGuS3sM6PN5qoUB7HnJ0+5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjc0ZDU4ODRhNTBhODRlMDdkYmRmNjc5OGRkY2JiOWNj
MjAzMmUwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjU0OGQxMGVlYzg4ZjY4NzM2ZTUxZDY5ZDBhMmZhMzZjZjIzNWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv/3sXz79wfO0k6A8JRXgJJp65yV
GSFwHBNT9h6gosuv1kdAljvvxqpbUywWvC6thof+LOXWC3XSA0mNu5CSCzFAknGL
5e82oZ2uXbiMgE/eKo2Viq9yNAgaqLyA8/dSFzE4BGEmSitT2TijKf4pOlh2d8Ki
Y70IIOWoG4J6tXbYS9WzQlysWu2F0MWuYNnrrTc6ZyKMMGU7pkmtRWUc2M7isYVT
eDSa4EiGSg46KnJLRE2cSpBR9JApuw3r3mGVeIkOrSjooraMiF6OjfMp8F+sWazN
cTYr7z/atiKmvPVYwTOyegoL95mHt20Vl2R8mMf9mkYKTB96RJuFsMdCmwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFF9UjRDuyI9oc25R1p0KL6Ns8jW3MB8GA1UdIwQY
MBaAFKNnTViEpQqE4H299nmN3LucwgMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJkTldJU2xDb1RnZmIzMmVZM2N1NXpDQXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84MDY1MzItNTRlOS00YjQ5LWI4YTct
OWUyMjBmMDRhOTAxLzEvWDFTTkVPN0lqMmh6YmxIV25Rb3ZvMnp5TmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84MDY1MzItNTRlOS00YjQ5LWI4YTctOWUyMjBmMDRhOTAx
LzEvbzJkTldJU2xDb1RnZmIzMmVZM2N1NXpDQXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBsDosAwQB
sDowMAwDBACwOjMDBACwOjQDBACwOjcDBACwOjkDBACwOjswDQYJKoZIhvcNAQEL
BQADggEBAE5WhTJujR3R95k1dHgCSKw9u4y8wXnsCGoKbnXToKKaVO+TodxspMTx
mudV/2I0Tp52Bv5Rhg+2U00M7KZkX1CMghFHf7JrFpDaKzTlv/6N3Dz0AQYh6Ssi
9ClOhzaRBUIYtADs0jQEoLL+DC72YAAXihsQhkaGwc0Vk8nlUlhHl4dzcKV8TFz9
gr2YyuNesa1O2MwLNA+DPDw3nf98YFLhusEOzVZYxOpb9K7aS4K/mvVDCJWGa0aj
2Bbltc2LRPR3G4Z0l3yWQU+Ed0u7Hlm8KKGPdqu1KW9dDA02xzL8bcdrDhtkf+Pg
FLtgNha0ck7/36YzWJgQwBcRxagDXkA=
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:23:14 2024 by rpki-client on console-fra.rpki-client.org