Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/do2B3YEz0kTKSfDRFk6Z3h6pH_0.roa
File:                     do2B3YEz0kTKSfDRFk6Z3h6pH_0.roa (raw, json)
Hash identifier:          J9J1OBP2NDNSRJhPb3gkAf376zhLkp7rOQElmmlsaY8=
Subject key identifier:   76:8D:81:DD:81:33:D2:44:CA:49:F0:D1:16:4E:99:DE:1E:A9:1F:FD
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EA2E560C0AEC1140DFC1A33D109A65AC2
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/do2B3YEz0kTKSfDRFk6Z3h6pH_0.roa
Signing time:             Wed 03 Apr 2024 07:38:45 +0000
ROA not before:           Wed 03 Apr 2024 07:38:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57580
IP address blocks:        2.63.170.0/24 maxlen: 24
                          217.107.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a2:e5:60:c0:ae:c1:14:0d:fc:1a:33:d1:09:a6:5a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr  3 07:38:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=768d81dd8133d244ca49f0d1164e99de1ea91ffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:62:57:42:12:92:e7:4d:dc:88:c4:34:d0:3e:
                    ce:99:8f:57:63:27:12:17:25:96:8b:f5:68:34:38:
                    28:26:ab:fa:e9:60:e6:8d:84:b6:14:eb:56:0e:6c:
                    18:7e:e1:6c:85:d5:a8:3d:db:be:f1:69:84:51:a5:
                    d7:0e:66:94:89:3d:59:ee:09:64:35:6b:f6:53:75:
                    e3:89:86:77:4c:2f:1c:f9:65:5f:16:8b:5d:0c:17:
                    0b:9a:9f:9b:3d:7f:bd:dd:6d:a0:71:f4:6f:89:e0:
                    e6:c6:c1:f4:61:aa:15:9e:f6:b5:48:fd:d4:85:a3:
                    50:1a:18:d0:65:c5:3a:fc:03:08:37:a4:97:f1:cf:
                    e0:f8:94:d0:fe:c2:43:2c:26:13:7c:06:2c:40:41:
                    70:76:e2:ae:4d:5a:7b:d6:ea:fd:9d:26:9e:9e:65:
                    53:40:a4:05:d3:23:18:ef:19:1c:77:65:c2:b7:a4:
                    49:58:38:2a:be:af:57:1b:5b:1d:a9:5d:f7:f1:ee:
                    24:f3:62:b0:80:bb:66:d5:f0:b9:f2:a9:21:d6:ff:
                    92:90:44:24:74:67:fb:1f:45:50:51:c4:cf:e7:8b:
                    77:51:bb:31:58:02:5e:71:7c:01:29:53:86:61:c1:
                    57:66:66:34:dd:86:7d:01:22:e9:d2:f1:70:b7:0e:
                    a2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:8D:81:DD:81:33:D2:44:CA:49:F0:D1:16:4E:99:DE:1E:A9:1F:FD
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/do2B3YEz0kTKSfDRFk6Z3h6pH_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.63.170.0/24
                  217.107.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:3c:13:69:07:f9:e7:46:b1:98:07:92:fa:79:98:38:d5:20:
         20:2e:af:93:b7:af:43:25:20:c2:a4:29:36:31:0d:b5:39:0d:
         dd:00:7a:d7:81:fb:51:e7:9c:23:2b:64:19:d4:25:04:15:3a:
         8a:42:bc:6b:2d:58:4c:47:dd:fd:f3:df:1b:5f:e4:3a:a1:54:
         12:94:28:56:b9:cc:02:7b:89:26:cb:6b:d4:76:66:5d:e0:3e:
         11:96:70:ec:57:e1:76:ba:5d:d8:d8:da:7c:61:00:9b:7b:fe:
         83:70:5f:04:33:ed:e8:bc:bb:54:9a:47:fa:82:03:6d:ef:ae:
         ef:55:aa:a9:ad:a4:4f:e9:2b:39:d3:b8:cf:32:bf:01:33:7a:
         78:e1:96:a9:9e:db:d5:7b:50:b5:30:4a:93:a5:f0:45:77:0f:
         51:35:4c:69:89:fa:0f:8f:cb:85:b9:a6:8c:70:80:26:1c:cc:
         42:3f:05:6a:98:38:00:d8:07:3c:4c:3e:5f:87:61:d3:ad:9c:
         09:fb:d4:21:bc:af:da:80:8c:67:ad:44:99:94:24:7c:b1:01:
         56:31:56:99:02:35:bd:d0:f3:67:ed:a9:00:33:aa:d5:1d:f9:
         68:33:19:47:23:52:0c:e7:11:18:5f:11:98:7b:26:b2:8c:75:
         9d:0c:09:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6i5WDArsEUDfwaM9EJplrCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDAzMDczODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjhkODFkZDgxMzNkMjQ0Y2E0OWYwZDExNjRlOTlkZTFlYTkxZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WJXQhKS503ciMQ00D7OmY9XYycS
FyWWi/VoNDgoJqv66WDmjYS2FOtWDmwYfuFshdWoPdu+8WmEUaXXDmaUiT1Z7glk
NWv2U3XjiYZ3TC8c+WVfFotdDBcLmp+bPX+93W2gcfRvieDmxsH0YaoVnva1SP3U
haNQGhjQZcU6/AMIN6SX8c/g+JTQ/sJDLCYTfAYsQEFwduKuTVp71ur9nSaenmVT
QKQF0yMY7xkcd2XCt6RJWDgqvq9XG1sdqV338e4k82KwgLtm1fC58qkh1v+SkEQk
dGf7H0VQUcTP54t3UbsxWAJecXwBKVOGYcFXZmY03YZ9ASLp0vFwtw6ihwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHaNgd2BM9JEyknw0RZOmd4eqR/9MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvZG8yQjNZRXowa1RLU2ZEUkZrNlozaDZwSF8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAj+qAwQA
2Wt4MA0GCSqGSIb3DQEBCwUAA4IBAQBJPBNpB/nnRrGYB5L6eZg41SAgLq+Tt69D
JSDCpCk2MQ21OQ3dAHrXgftR55wjK2QZ1CUEFTqKQrxrLVhMR939898bX+Q6oVQS
lChWucwCe4kmy2vUdmZd4D4RlnDsV+F2ul3Y2Np8YQCbe/6DcF8EM+3ovLtUmkf6
ggNt767vVaqpraRP6Ss507jPMr8BM3p44ZapntvVe1C1MEqTpfBFdw9RNUxpifoP
j8uFuaaMcIAmHMxCPwVqmDgA2Ac8TD5fh2HTrZwJ+9QhvK/agIxnrUSZlCR8sQFW
MVaZAjW90PNn7akAM6rVHfloMxlHI1IM5xEYXxGYeyayjHWdDAkR
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:27:57 2024 by rpki-client on console-ams.rpki-client.org