Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/566932-dea6-4dfc-8616-ba901a5fcb74/1/aO5WmXefR_sXjpzs5L7bVdpzl4Y.roa
File:                     aO5WmXefR_sXjpzs5L7bVdpzl4Y.roa (raw, json)
Hash identifier:          Kqrn7ZNaNLGdzugqqvocCqJPuwSYoCooRws+137qFz0=
Subject key identifier:   68:EE:56:99:77:9F:47:FB:17:8E:9C:EC:E4:BE:DB:55:DA:73:97:86
Certificate issuer:       /CN=0c363574898060e1b6a48cac3f1f2bcb36c86d4e
Certificate serial:       018CC4930ECCB18959BF896740E5BBE3D8D0
Authority key identifier: 0C:36:35:74:89:80:60:E1:B6:A4:8C:AC:3F:1F:2B:CB:36:C8:6D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DDY1dImAYOG2pIysPx8ryzbIbU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/566932-dea6-4dfc-8616-ba901a5fcb74/1/aO5WmXefR_sXjpzs5L7bVdpzl4Y.roa
Signing time:             Mon 01 Jan 2024 10:30:20 +0000
ROA not before:           Mon 01 Jan 2024 10:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50629
IP address blocks:        193.46.250.0/23 maxlen: 23
                          193.46.232.0/23 maxlen: 23
                          2a0f:ba80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/566932-dea6-4dfc-8616-ba901a5fcb74/1/DDY1dImAYOG2pIysPx8ryzbIbU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/566932-dea6-4dfc-8616-ba901a5fcb74/1/DDY1dImAYOG2pIysPx8ryzbIbU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DDY1dImAYOG2pIysPx8ryzbIbU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0e:cc:b1:89:59:bf:89:67:40:e5:bb:e3:d8:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c363574898060e1b6a48cac3f1f2bcb36c86d4e
        Validity
            Not Before: Jan  1 10:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68ee5699779f47fb178e9cece4bedb55da739786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:08:34:25:1d:19:76:29:69:a2:7a:f5:e0:a3:
                    6b:e7:34:fd:93:8c:a3:9d:d2:2f:e0:64:e9:ba:bf:
                    2f:a3:ea:60:91:a2:76:30:63:be:2e:dc:25:71:41:
                    50:09:2a:fb:b8:7d:f5:2b:2c:73:99:5d:38:bc:b9:
                    87:2d:42:93:4d:b8:ff:b5:9d:5b:c0:29:a4:19:5f:
                    d5:78:2a:4e:1d:96:7e:1a:49:ea:0c:49:28:8e:48:
                    7b:3c:8a:fd:1d:39:86:ac:4c:44:74:31:8a:b3:ae:
                    f8:6f:7f:7c:52:e9:71:48:22:ef:30:a1:b3:37:e1:
                    42:4a:1c:9e:6f:98:5e:12:65:f4:15:16:c5:b1:9c:
                    7e:51:82:34:96:07:02:3b:0e:d1:77:48:87:4d:8b:
                    6e:94:b2:e2:3a:66:f4:04:5c:df:25:2e:21:83:05:
                    45:29:3c:ac:e5:7d:05:06:be:71:35:7e:59:cb:13:
                    2b:8c:ea:87:18:15:94:5d:b3:c7:ce:52:c8:a5:23:
                    49:60:54:d7:3f:2f:16:30:d3:ac:ed:c5:58:2d:88:
                    99:24:11:fb:37:ab:78:6f:98:f7:49:26:4a:12:74:
                    2b:67:ec:4b:fa:1f:4f:98:a7:03:e6:dc:e2:99:e5:
                    df:95:69:e5:7b:5e:1a:19:85:a3:76:2f:3b:58:2d:
                    b3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:EE:56:99:77:9F:47:FB:17:8E:9C:EC:E4:BE:DB:55:DA:73:97:86
            X509v3 Authority Key Identifier:
                keyid:0C:36:35:74:89:80:60:E1:B6:A4:8C:AC:3F:1F:2B:CB:36:C8:6D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DDY1dImAYOG2pIysPx8ryzbIbU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/566932-dea6-4dfc-8616-ba901a5fcb74/1/aO5WmXefR_sXjpzs5L7bVdpzl4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/566932-dea6-4dfc-8616-ba901a5fcb74/1/DDY1dImAYOG2pIysPx8ryzbIbU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.232.0/23
                  193.46.250.0/23
                IPv6:
                  2a0f:ba80::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:05:de:d3:7e:ae:9f:de:f1:c2:e3:10:68:39:4c:a4:7f:3a:
         84:a6:64:35:98:c9:b7:fa:66:d1:d2:5b:98:38:2a:b2:38:dd:
         5b:f3:45:22:53:c9:4d:d0:e4:f3:04:aa:ee:58:f1:7f:d1:91:
         e5:56:95:d7:bc:39:d9:f1:39:12:2a:f6:09:b3:f5:7d:09:a1:
         6f:ee:0f:09:be:b8:22:56:c4:8d:5f:98:9f:fb:aa:34:ee:fd:
         d6:20:7e:21:cc:ee:60:7b:f3:f0:a3:d5:db:64:b4:eb:c5:bf:
         a0:e9:90:a5:96:f4:c7:55:5e:d9:71:9a:4a:eb:76:48:ce:9e:
         29:ec:25:41:4c:66:87:78:20:28:28:0c:13:cb:94:7a:88:f8:
         06:06:51:c7:95:9a:ec:25:27:de:26:b9:de:43:39:6c:49:ae:
         cb:9a:de:4a:95:29:1b:eb:b6:a0:48:5c:22:f3:1c:29:fa:f1:
         48:ae:cd:f0:f6:dc:41:fa:2a:8f:ba:66:eb:06:5b:4f:c5:fa:
         f2:11:42:6e:da:c4:8b:61:07:62:19:13:50:85:27:65:36:99:
         2b:33:2c:9e:91:6d:d8:06:80:5b:59:97:03:7a:47:3d:09:f6:
         0b:13:7e:da:22:99:10:a0:5c:73:69:f5:91:34:7d:d6:a8:be:
         be:96:78:0f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEkw7MsYlZv4lnQOW749jQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMzYzNTc0ODk4MDYwZTFiNmE0OGNhYzNmMWYyYmNiMzZj
ODZkNGUwHhcNMjQwMTAxMTAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGVlNTY5OTc3OWY0N2ZiMTc4ZTljZWNlNGJlZGI1NWRhNzM5Nzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQg0JR0Zdilponr14KNr5zT9k4yj
ndIv4GTpur8vo+pgkaJ2MGO+LtwlcUFQCSr7uH31KyxzmV04vLmHLUKTTbj/tZ1b
wCmkGV/VeCpOHZZ+GknqDEkojkh7PIr9HTmGrExEdDGKs674b398UulxSCLvMKGz
N+FCShyeb5heEmX0FRbFsZx+UYI0lgcCOw7Rd0iHTYtulLLiOmb0BFzfJS4hgwVF
KTys5X0FBr5xNX5ZyxMrjOqHGBWUXbPHzlLIpSNJYFTXPy8WMNOs7cVYLYiZJBH7
N6t4b5j3SSZKEnQrZ+xL+h9PmKcD5tzimeXflWnle14aGYWjdi87WC2z6wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGjuVpl3n0f7F46c7OS+21Xac5eGMB8GA1UdIwQY
MBaAFAw2NXSJgGDhtqSMrD8fK8s2yG1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRERZMWRJbUFZT0cycEl5c1B4OHJ5emJJYlU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81NjY5MzItZGVhNi00ZGZjLTg2MTYt
YmE5MDFhNWZjYjc0LzEvYU81V21YZWZSX3NYanB6czVMN2JWZHB6bDRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81NjY5MzItZGVhNi00ZGZjLTg2MTYtYmE5MDFhNWZjYjc0
LzEvRERZMWRJbUFZT0cycEl5c1B4OHJ5emJJYlU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwS7oAwQB
wS76MA0EAgACMAcDBQMqD7qAMA0GCSqGSIb3DQEBCwUAA4IBAQBBBd7Tfq6f3vHC
4xBoOUykfzqEpmQ1mMm3+mbR0luYOCqyON1b80UiU8lN0OTzBKruWPF/0ZHlVpXX
vDnZ8TkSKvYJs/V9CaFv7g8JvrgiVsSNX5if+6o07v3WIH4hzO5ge/Pwo9XbZLTr
xb+g6ZCllvTHVV7ZcZpK63ZIzp4p7CVBTGaHeCAoKAwTy5R6iPgGBlHHlZrsJSfe
JrneQzlsSa7Lmt5KlSkb67agSFwi8xwp+vFIrs3w9txB+iqPumbrBltPxfryEUJu
2sSLYQdiGRNQhSdlNpkrMyyekW3YBoBbWZcDekc9CfYLE37aIpkQoFxzafWRNH3W
qL6+lngP
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:11:43 2024 by rpki-client on console-ams.rpki-client.org