Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/33FdBozWevuH9yJXBhDlh-ABjXQ.roa
File:                     33FdBozWevuH9yJXBhDlh-ABjXQ.roa (raw, json)
Hash identifier:          Nrbn7XyWkkIazVHf0MbLckj7qtEJs9PeHqwfVTWcr6o=
Subject key identifier:   DF:71:5D:06:8C:D6:7A:FB:87:F7:22:57:06:10:E5:87:E0:01:8D:74
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EE62D8728919D752EB6CD6C62ABC8C1BA
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/33FdBozWevuH9yJXBhDlh-ABjXQ.roa
Signing time:             Tue 16 Apr 2024 09:12:07 +0000
ROA not before:           Tue 16 Apr 2024 09:12:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41190
IP address blocks:        77.72.248.0/24 maxlen: 24
                          77.72.249.0/24 maxlen: 24
                          77.72.250.0/24 maxlen: 24
                          77.72.251.0/24 maxlen: 24
                          77.72.252.0/24 maxlen: 24
                          77.72.253.0/24 maxlen: 24
                          77.72.254.0/24 maxlen: 24
                          77.72.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:2d:87:28:91:9d:75:2e:b6:cd:6c:62:ab:c8:c1:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 16 09:12:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df715d068cd67afb87f722570610e587e0018d74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7e:de:ea:ec:9e:2f:f4:cd:67:ce:ed:33:11:
                    b9:90:71:c5:63:0c:a8:c2:ae:2f:37:73:a0:cb:fb:
                    fa:bd:0e:d0:74:59:6b:3f:fd:d5:a3:87:ca:89:42:
                    5b:fb:47:2e:76:1e:4b:9c:7e:ec:ad:bb:45:b8:12:
                    3a:75:91:72:c9:9d:2a:b2:8d:36:3e:6b:b3:d1:a5:
                    c4:79:02:28:f4:5e:34:58:d3:8f:b0:2c:e4:13:c6:
                    99:1b:8a:bd:c0:70:5d:7a:c2:72:60:3d:c1:f0:58:
                    0e:75:7f:de:a3:06:1a:a5:be:3d:ce:ea:92:16:81:
                    83:8f:c5:2e:af:92:1e:a2:55:8e:79:9c:af:cd:25:
                    c6:e0:fc:e3:64:c3:53:06:80:da:ab:4f:bc:3e:23:
                    07:f4:aa:e2:61:ff:0a:21:e5:b7:8d:10:04:15:6c:
                    25:45:e1:49:c0:88:0b:88:84:44:8c:0f:fc:67:bb:
                    78:01:ce:65:d0:3f:59:97:65:0a:64:45:5b:a2:72:
                    a1:4c:63:9f:74:33:f3:77:e5:7f:52:63:5a:50:d3:
                    06:ca:72:8b:f4:6f:4a:65:a7:cc:de:a6:0f:1d:63:
                    b6:38:f1:e3:5c:b1:50:3c:fc:36:9a:81:2a:55:3a:
                    9a:1e:a2:09:82:6a:73:95:46:df:2c:8d:3a:93:ac:
                    89:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:71:5D:06:8C:D6:7A:FB:87:F7:22:57:06:10:E5:87:E0:01:8D:74
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/33FdBozWevuH9yJXBhDlh-ABjXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.72.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6c:29:99:91:e7:c0:22:fa:57:7d:09:b6:e2:ca:e1:d8:13:fb:
         c0:94:f8:19:06:7e:c5:b6:45:af:6c:c2:a7:b7:69:9e:4c:33:
         be:88:f5:69:d1:7c:59:5a:e0:ed:fb:61:1d:3c:60:c0:10:46:
         39:13:28:71:a4:f1:db:85:89:5b:3d:fe:97:37:4f:98:5c:2c:
         9a:52:f7:aa:e5:0e:26:7a:43:8f:0d:63:1f:58:7c:06:47:b8:
         19:f5:8f:a8:ba:2f:c6:af:54:58:5b:e2:a5:d5:f7:8a:ab:2f:
         f6:aa:23:3f:e9:eb:81:81:17:eb:df:8d:f6:1c:20:d3:48:44:
         72:9c:d4:88:46:b2:33:e1:ff:5d:05:06:d7:45:7a:08:34:5f:
         b9:d5:ea:3f:93:f6:13:ba:aa:58:5d:e4:10:72:46:b8:fd:a3:
         0a:a2:8f:6a:e8:be:14:ed:4f:6c:de:96:68:fa:00:25:66:1a:
         cc:2d:4a:02:7a:ee:73:bd:05:1d:b4:23:86:b3:17:3f:80:7c:
         43:2a:d9:3a:67:94:18:ba:14:7e:1c:9d:42:eb:9f:ec:bf:10:
         2b:fa:f6:a0:29:ea:9e:6a:08:99:b0:73:e2:3b:ca:4f:68:f5:
         6b:3b:1b:ce:0c:f8:1a:a0:c6:d2:97:b4:1e:ad:4f:75:b7:e5:
         e2:7f:26:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7mLYcokZ11LrbNbGKryMG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDE2MDkxMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjcxNWQwNjhjZDY3YWZiODdmNzIyNTcwNjEwZTU4N2UwMDE4ZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk37e6uyeL/TNZ87tMxG5kHHFYwyo
wq4vN3Ogy/v6vQ7QdFlrP/3Vo4fKiUJb+0cudh5LnH7srbtFuBI6dZFyyZ0qso02
Pmuz0aXEeQIo9F40WNOPsCzkE8aZG4q9wHBdesJyYD3B8FgOdX/eowYapb49zuqS
FoGDj8Uur5IeolWOeZyvzSXG4PzjZMNTBoDaq0+8PiMH9KriYf8KIeW3jRAEFWwl
ReFJwIgLiIREjA/8Z7t4Ac5l0D9Zl2UKZEVbonKhTGOfdDPzd+V/UmNaUNMGynKL
9G9KZafM3qYPHWO2OPHjXLFQPPw2moEqVTqaHqIJgmpzlUbfLI06k6yJuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9xXQaM1nr7h/ciVwYQ5YfgAY10MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvMzNGZEJveldldnVIOXlKWEJoRGxoLUFCalhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTUj4MA0G
CSqGSIb3DQEBCwUAA4IBAQBsKZmR58Ai+ld9CbbiyuHYE/vAlPgZBn7FtkWvbMKn
t2meTDO+iPVp0XxZWuDt+2EdPGDAEEY5EyhxpPHbhYlbPf6XN0+YXCyaUveq5Q4m
ekOPDWMfWHwGR7gZ9Y+oui/Gr1RYW+Kl1feKqy/2qiM/6euBgRfr3432HCDTSERy
nNSIRrIz4f9dBQbXRXoINF+51eo/k/YTuqpYXeQQcka4/aMKoo9q6L4U7U9s3pZo
+gAlZhrMLUoCeu5zvQUdtCOGsxc/gHxDKtk6Z5QYuhR+HJ1C65/svxAr+vagKeqe
agiZsHPiO8pPaPVrOxvODPgaoMbSl7QerU91t+XifyaV
-----END CERTIFICATE-----
Generated at Sat Nov 23 07:50:39 2024 by rpki-client on console-ams.rpki-client.org