Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/MVQTAo-L1NKctTJ5DIG9aQEMkBQ.roa
File:                     MVQTAo-L1NKctTJ5DIG9aQEMkBQ.roa (raw, json)
Hash identifier:          EJFBDyjqtYKpUE9+AZTVzM9nvNJnUy3e7nuzVli1TDM=
Subject key identifier:   31:54:13:02:8F:8B:D4:D2:9C:B5:32:79:0C:81:BD:69:01:0C:90:14
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018CC8DF16962C718203D8DE98D7D30439C4
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/MVQTAo-L1NKctTJ5DIG9aQEMkBQ.roa
Signing time:             Tue 02 Jan 2024 06:31:52 +0000
ROA not before:           Tue 02 Jan 2024 06:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199614
IP address blocks:        185.199.214.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:16:96:2c:71:82:03:d8:de:98:d7:d3:04:39:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  2 06:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=315413028f8bd4d29cb532790c81bd69010c9014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f8:9b:f7:d6:7d:64:ce:81:a0:9f:90:59:aa:
                    c2:65:e4:a9:e2:c8:7e:6a:49:9e:77:98:fc:d1:79:
                    3b:35:a4:63:d6:b5:fd:81:67:f6:b5:f3:33:f2:0b:
                    be:2e:80:2d:20:ea:f4:ce:a1:93:e4:a3:d8:7b:f8:
                    c5:68:a4:93:c0:b5:f0:f5:dc:9f:c5:d5:35:cf:2f:
                    98:69:f4:f0:f8:24:a4:22:36:2d:a5:67:49:5d:08:
                    12:a8:59:1e:b9:28:04:7f:54:8e:2d:8b:a7:cc:5b:
                    1c:53:ed:03:82:9c:1e:d6:cd:60:dd:b9:51:d1:77:
                    c3:6e:e4:52:9d:c1:66:c1:e9:6d:c7:4c:3f:df:5b:
                    6c:3e:ae:3d:26:12:0d:78:a9:47:b3:d2:d4:6b:ed:
                    ff:cd:96:21:31:5c:9a:c8:99:c4:d4:7e:ae:ac:46:
                    3d:2e:09:bf:66:9c:41:5a:4a:b8:15:46:45:0d:51:
                    64:48:02:2e:63:10:7b:0c:68:ce:0c:f2:f0:a2:d8:
                    2d:f8:d5:b2:b4:16:c1:2c:49:a9:4f:5d:29:6b:41:
                    07:0d:50:c7:dc:4f:ca:ba:f8:a3:9f:b3:e1:01:e7:
                    c3:89:c7:f7:cd:cd:fb:52:44:13:76:77:cc:37:a3:
                    ee:8b:4f:56:d0:6c:e9:f4:b5:40:90:79:ca:5f:f1:
                    a8:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:54:13:02:8F:8B:D4:D2:9C:B5:32:79:0C:81:BD:69:01:0C:90:14
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/MVQTAo-L1NKctTJ5DIG9aQEMkBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:d3:9d:5a:42:ba:12:27:8d:28:62:27:ce:0c:c4:36:60:6d:
         9a:2e:6e:d0:19:77:ea:63:dc:c2:4e:7f:68:9c:0a:a7:74:9b:
         16:39:5a:5d:f7:32:88:0a:72:57:23:37:1e:82:4b:12:8a:48:
         f3:c6:25:1f:9a:d6:58:5d:8c:45:ce:2e:1d:3b:24:8c:ed:67:
         81:21:8c:e1:d7:40:64:4c:20:b4:d2:a7:d7:5c:6f:f7:98:56:
         d7:e6:49:a7:89:9c:1a:a5:da:4a:fa:34:1d:c6:b8:e0:e6:63:
         ce:85:70:b2:e4:dd:97:11:3d:69:61:e9:a3:8d:14:0c:b4:76:
         65:68:16:e0:b5:f4:6d:97:5c:98:9b:42:a1:3f:22:82:b1:50:
         57:f0:0f:7b:41:4c:45:d5:47:c8:a8:6b:a8:05:9a:d8:6a:e5:
         de:7b:8b:d7:0d:6e:85:b9:9d:37:04:7b:55:d2:cc:6b:85:df:
         51:f5:8a:f0:60:5d:bb:48:5b:ce:83:4a:06:ce:da:4c:9b:3c:
         76:f2:b0:4a:bd:4e:de:ef:cd:38:b3:e8:c4:7a:14:d9:af:c8:
         b8:bf:35:10:49:9f:84:12:12:18:51:6c:74:9a:f6:83:a7:34:
         c2:22:7b:d2:59:f9:39:c3:d2:3a:3e:c2:87:91:a6:7b:18:02:
         8d:c1:1c:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xaWLHGCA9jemNfTBDnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMTAyMDYzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTU0MTMwMjhmOGJkNGQyOWNiNTMyNzkwYzgxYmQ2OTAxMGM5MDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPib99Z9ZM6BoJ+QWarCZeSp4sh+
akmed5j80Xk7NaRj1rX9gWf2tfMz8gu+LoAtIOr0zqGT5KPYe/jFaKSTwLXw9dyf
xdU1zy+YafTw+CSkIjYtpWdJXQgSqFkeuSgEf1SOLYunzFscU+0Dgpwe1s1g3blR
0XfDbuRSncFmweltx0w/31tsPq49JhINeKlHs9LUa+3/zZYhMVyayJnE1H6urEY9
Lgm/ZpxBWkq4FUZFDVFkSAIuYxB7DGjODPLwotgt+NWytBbBLEmpT10pa0EHDVDH
3E/Kuvijn7PhAefDicf3zc37UkQTdnfMN6Pui09W0Gzp9LVAkHnKX/GogwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFUEwKPi9TSnLUyeQyBvWkBDJAUMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvTVZRVEFvLUwxTktjdFRKNURJRzlhUUVNa0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucfWMA0G
CSqGSIb3DQEBCwUAA4IBAQCR051aQroSJ40oYifODMQ2YG2aLm7QGXfqY9zCTn9o
nAqndJsWOVpd9zKICnJXIzcegksSikjzxiUfmtZYXYxFzi4dOySM7WeBIYzh10Bk
TCC00qfXXG/3mFbX5kmniZwapdpK+jQdxrjg5mPOhXCy5N2XET1pYemjjRQMtHZl
aBbgtfRtl1yYm0KhPyKCsVBX8A97QUxF1UfIqGuoBZrYauXee4vXDW6FuZ03BHtV
0sxrhd9R9YrwYF27SFvOg0oGztpMmzx28rBKvU7e7804s+jEehTZr8i4vzUQSZ+E
EhIYUWx0mvaDpzTCInvSWfk5w9I6PsKHkaZ7GAKNwRzK
-----END CERTIFICATE-----
Generated at Fri Jun 14 18:54:58 2024 by rpki-client on console-fra.rpki-client.org