Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/NpiGkfuh_hWSBlv7P0Dy5Af3f7k.roa
File:                     NpiGkfuh_hWSBlv7P0Dy5Af3f7k.roa (raw, json)
Hash identifier:          DJJMPsvFrSakOvzyjZJbdaqgsa/bk2aVMfdBsTZyLA4=
Subject key identifier:   36:98:86:91:FB:A1:FE:15:92:06:5B:FB:3F:40:F2:E4:07:F7:7F:B9
Certificate issuer:       /CN=8b69fc6128be591401acf82bc2461af636ebe8e6
Certificate serial:       018CCA2A649786D22AF99AE93A657DA61A10
Authority key identifier: 8B:69:FC:61:28:BE:59:14:01:AC:F8:2B:C2:46:1A:F6:36:EB:E8:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2n8YSi-WRQBrPgrwkYa9jbr6OY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/NpiGkfuh_hWSBlv7P0Dy5Af3f7k.roa
Signing time:             Tue 02 Jan 2024 12:33:44 +0000
ROA not before:           Tue 02 Jan 2024 12:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51531
IP address blocks:        185.176.192.0/22 maxlen: 24
                          46.31.120.0/21 maxlen: 24
                          45.129.80.0/22 maxlen: 24
                          81.89.88.0/21 maxlen: 24
                          185.70.20.0/22 maxlen: 24
                          2a02:c50::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/i2n8YSi-WRQBrPgrwkYa9jbr6OY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/i2n8YSi-WRQBrPgrwkYa9jbr6OY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2n8YSi-WRQBrPgrwkYa9jbr6OY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:64:97:86:d2:2a:f9:9a:e9:3a:65:7d:a6:1a:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b69fc6128be591401acf82bc2461af636ebe8e6
        Validity
            Not Before: Jan  2 12:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36988691fba1fe1592065bfb3f40f2e407f77fb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2b:59:ad:0b:2b:9f:b6:86:49:2a:b6:6a:25:
                    76:ab:be:3c:28:2c:6b:33:94:b1:87:e9:08:93:72:
                    00:a8:9a:a9:5c:59:09:23:33:a3:ac:7b:c9:0c:77:
                    ba:44:a8:8f:44:97:f1:ee:5b:0b:0a:4a:f2:7a:99:
                    1b:83:ea:92:24:c7:5c:b6:ea:10:98:f2:06:ce:56:
                    54:4a:94:3a:a2:ac:17:1b:fa:2a:e4:77:ca:7c:d3:
                    a7:c8:78:7a:29:72:6b:7b:13:a8:ba:62:44:97:c0:
                    20:4a:4d:39:e9:0d:63:36:9c:cf:9d:57:41:07:b1:
                    ee:83:60:ca:36:92:69:e7:86:8a:8d:87:00:ad:2e:
                    b3:53:e6:ee:79:84:56:93:32:7d:33:fc:04:7c:37:
                    51:15:30:a9:6a:b4:97:eb:ce:26:d6:44:5f:fa:f7:
                    56:26:0e:9f:64:df:c3:59:94:f3:4f:af:cd:3d:21:
                    b4:d4:6a:5c:07:ba:80:b3:b9:18:a4:56:83:05:76:
                    55:1c:88:9e:bb:4f:8b:83:40:21:0b:6f:ff:3b:b1:
                    2d:72:1a:97:e8:05:74:98:5b:95:84:42:44:91:ea:
                    6e:6e:8d:94:75:61:60:f4:a2:ff:fb:5b:15:ec:54:
                    b8:dd:f6:fb:46:79:7c:a8:93:98:7b:09:48:ce:a1:
                    67:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:98:86:91:FB:A1:FE:15:92:06:5B:FB:3F:40:F2:E4:07:F7:7F:B9
            X509v3 Authority Key Identifier:
                keyid:8B:69:FC:61:28:BE:59:14:01:AC:F8:2B:C2:46:1A:F6:36:EB:E8:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2n8YSi-WRQBrPgrwkYa9jbr6OY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/NpiGkfuh_hWSBlv7P0Dy5Af3f7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0aa6e6-3054-4888-865e-265f2bd0f8f3/1/i2n8YSi-WRQBrPgrwkYa9jbr6OY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.80.0/22
                  46.31.120.0/21
                  81.89.88.0/21
                  185.70.20.0/22
                  185.176.192.0/22
                IPv6:
                  2a02:c50::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:d0:6e:ca:ab:ab:cb:92:4f:1f:61:e4:ef:ef:e8:65:40:1f:
         16:20:44:d0:d2:2c:b5:09:be:e6:3f:04:46:cf:2c:7f:b6:dd:
         03:d8:e2:00:d4:68:ff:81:72:a2:9d:9c:eb:aa:e4:d3:8e:dc:
         27:ca:65:af:21:bb:ad:38:e2:9a:4b:9c:11:8b:e9:63:20:ac:
         80:1f:ab:e4:c9:9d:2e:58:4f:a2:51:fc:93:35:a8:57:0f:fe:
         4a:a4:de:12:eb:2d:78:db:0d:81:69:b5:39:7f:61:c7:46:6b:
         54:ba:53:4e:a0:b3:0c:dc:27:b3:a4:92:98:da:74:24:15:93:
         78:ef:1c:d9:f1:68:c1:44:60:f9:d6:b7:30:d8:a2:7e:fe:15:
         68:64:54:c3:ee:de:ab:9f:fa:ca:ab:0f:11:33:be:40:77:ac:
         4a:74:76:60:21:5d:b4:6e:49:7f:be:48:84:b7:39:14:62:3c:
         ed:1b:bb:ff:72:18:4d:78:1e:11:ec:ee:c2:e9:3a:95:8f:73:
         9c:e3:00:57:44:2b:af:45:0e:01:e4:82:88:1b:2d:ca:ce:32:
         c4:41:4f:ee:3b:96:13:1f:75:b0:bd:89:fa:e8:3a:12:c1:d2:
         91:e1:11:da:05:09:02:f1:63:75:36:bd:9e:75:6a:53:7c:5b:
         1c:7b:73:cd
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzKKmSXhtIq+ZrpOmV9phoQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNjlmYzYxMjhiZTU5MTQwMWFjZjgyYmMyNDYxYWY2MzZl
YmU4ZTYwHhcNMjQwMTAyMTIzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjk4ODY5MWZiYTFmZTE1OTIwNjViZmIzZjQwZjJlNDA3Zjc3ZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCtZrQsrn7aGSSq2aiV2q748KCxr
M5Sxh+kIk3IAqJqpXFkJIzOjrHvJDHe6RKiPRJfx7lsLCkryepkbg+qSJMdctuoQ
mPIGzlZUSpQ6oqwXG/oq5HfKfNOnyHh6KXJrexOoumJEl8AgSk056Q1jNpzPnVdB
B7Hug2DKNpJp54aKjYcArS6zU+bueYRWkzJ9M/wEfDdRFTCparSX684m1kRf+vdW
Jg6fZN/DWZTzT6/NPSG01GpcB7qAs7kYpFaDBXZVHIieu0+Lg0AhC2//O7EtchqX
6AV0mFuVhEJEkepubo2UdWFg9KL/+1sV7FS43fb7Rnl8qJOYewlIzqFnNwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFDaYhpH7of4VkgZb+z9A8uQH93+5MB8GA1UdIwQY
MBaAFItp/GEovlkUAaz4K8JGGvY26+jmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTJuOFlTaS1XUlFCclBncndrWWE5amJyNk9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8wYWE2ZTYtMzA1NC00ODg4LTg2NWUt
MjY1ZjJiZDBmOGYzLzEvTnBpR2tmdWhfaFdTQmx2N1AwRHk1QWYzZjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8wYWE2ZTYtMzA1NC00ODg4LTg2NWUtMjY1ZjJiZDBmOGYz
LzEvaTJuOFlTaS1XUlFCclBncndrWWE5amJyNk9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCLYFQAwQD
Lh94AwQDUVlYAwQCuUYUAwQCubDAMA0EAgACMAcDBQAqAgxQMA0GCSqGSIb3DQEB
CwUAA4IBAQBB0G7Kq6vLkk8fYeTv7+hlQB8WIETQ0iy1Cb7mPwRGzyx/tt0D2OIA
1Gj/gXKinZzrquTTjtwnymWvIbutOOKaS5wRi+ljIKyAH6vkyZ0uWE+iUfyTNahX
D/5KpN4S6y142w2BabU5f2HHRmtUulNOoLMM3CezpJKY2nQkFZN47xzZ8WjBRGD5
1rcw2KJ+/hVoZFTD7t6rn/rKqw8RM75Ad6xKdHZgIV20bkl/vkiEtzkUYjztG7v/
chhNeB4R7O7C6TqVj3Oc4wBXRCuvRQ4B5IKIGy3KzjLEQU/uO5YTH3WwvYn66DoS
wdKR4RHaBQkC8WN1Nr2edWpTfFsce3PN
-----END CERTIFICATE-----
Generated at Sun Jun 16 07:56:04 2024 by rpki-client on console-ams.rpki-client.org