Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/3OL__vUlRT3HIh3Z3sOaB7a8UyA.roa
File:                     3OL__vUlRT3HIh3Z3sOaB7a8UyA.roa (raw, json)
Hash identifier:          dPeDQsWdENzfbK9CX4/peLPi1FFliqTS5thzEiWy5Yg=
Subject key identifier:   DC:E2:FF:FE:F5:25:45:3D:C7:22:1D:D9:DE:C3:9A:07:B6:BC:53:20
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7AF37865D4658A2EEE1A679383EF7
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/3OL__vUlRT3HIh3Z3sOaB7a8UyA.roa
Signing time:             Mon 01 Jan 2024 20:29:35 +0000
ROA not before:           Mon 01 Jan 2024 20:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41957
IP address blocks:        185.191.213.0/24 maxlen: 24
                          194.147.89.0/24 maxlen: 24
                          185.21.141.0/24 maxlen: 24
                          194.93.59.0/24 maxlen: 24
                          85.209.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:af:37:86:5d:46:58:a2:ee:e1:a6:79:38:3e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dce2fffef525453dc7221dd9dec39a07b6bc5320
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:27:73:97:5c:71:0a:5a:d8:77:3a:c5:ea:7e:
                    8b:df:cf:42:b2:61:ad:8b:80:55:7a:27:20:57:6c:
                    c4:d7:51:2c:cb:62:1e:ac:48:64:06:09:5b:55:01:
                    45:da:8b:4b:54:77:d3:8a:e4:b9:e7:8c:b3:32:8f:
                    7a:a2:e6:de:ad:cb:65:a0:86:36:be:c6:88:87:aa:
                    54:ae:c8:7c:13:db:94:2d:44:4c:65:20:e2:70:09:
                    08:ac:97:e0:f0:ce:79:b9:e2:c5:39:ab:ff:90:48:
                    56:e0:9b:89:3a:e3:3c:1a:4e:6d:4a:9b:11:a8:1d:
                    f8:fd:99:6e:ae:21:9c:5c:30:b1:07:d8:65:10:dd:
                    1a:8b:ea:57:af:ac:d8:aa:87:ee:47:8e:92:9b:04:
                    ec:84:34:80:d1:d0:11:fb:66:2a:56:f6:80:57:66:
                    d2:32:04:2b:5f:41:d6:0b:8c:3d:d2:a5:fb:a8:ad:
                    0a:7c:62:9f:e5:37:50:e6:e8:9c:1d:7a:a6:34:62:
                    e2:01:95:19:67:31:f2:f9:c2:b9:ee:9d:55:d9:88:
                    53:a7:03:c8:d6:9f:fb:05:a5:94:d5:4c:cb:67:e7:
                    37:ac:0d:59:fc:1d:f1:5e:a2:83:01:2c:db:f2:87:
                    7c:86:73:d8:d0:05:14:67:0d:c5:68:7e:e0:52:ab:
                    f1:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E2:FF:FE:F5:25:45:3D:C7:22:1D:D9:DE:C3:9A:07:B6:BC:53:20
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/3OL__vUlRT3HIh3Z3sOaB7a8UyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.10.0/24
                  185.21.141.0/24
                  185.191.213.0/24
                  194.93.59.0/24
                  194.147.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:10:cc:ba:d3:bc:f5:af:58:51:ec:95:e8:7a:ed:57:e4:56:
         26:d6:3f:a4:e1:76:63:d8:3a:11:22:67:10:ab:25:96:81:ac:
         67:94:94:51:da:cd:cc:31:c6:50:74:4c:1a:3d:3c:14:45:5c:
         07:e6:9e:2a:90:f4:5b:64:b7:e6:50:89:2e:0a:cd:a7:3f:a3:
         34:d9:c6:72:e3:0a:3b:83:76:5b:3d:c9:26:8c:cb:59:81:31:
         28:86:e6:8e:64:f1:f6:16:2a:1e:9e:da:63:72:38:be:2a:d9:
         4d:c2:fd:9e:01:73:f7:7e:90:47:41:3f:35:c4:0f:67:5d:ad:
         4b:ef:61:bc:53:c4:b4:38:3e:05:3c:2b:86:60:34:ad:64:35:
         de:8a:9b:2a:0c:40:7c:3f:77:e2:af:c5:d4:b8:c0:23:7c:a1:
         39:d6:6e:44:56:2a:63:10:a3:85:2a:39:e4:3d:43:01:f2:63:
         2b:8d:df:80:14:df:d4:b0:4e:bc:2d:b0:db:1b:2d:51:58:72:
         fe:b1:da:22:5c:25:ba:ba:1e:0b:61:75:37:8e:e4:13:ff:2e:
         1a:33:eb:8d:d9:67:d4:2c:7b:bc:68:67:b7:44:f9:ab:54:31:
         e8:87:32:43:2e:98:6f:df:d7:34:28:38:97:f1:0c:c6:13:3a:
         a5:5a:c5:99
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzGt683hl1GWKLu4aZ5OD73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2UyZmZmZWY1MjU0NTNkYzcyMjFkZDlkZWMzOWEwN2I2YmM1MzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSdzl1xxClrYdzrF6n6L389CsmGt
i4BVeicgV2zE11Esy2IerEhkBglbVQFF2otLVHfTiuS554yzMo96ouberctloIY2
vsaIh6pUrsh8E9uULURMZSDicAkIrJfg8M55ueLFOav/kEhW4JuJOuM8Gk5tSpsR
qB34/ZluriGcXDCxB9hlEN0ai+pXr6zYqofuR46SmwTshDSA0dAR+2YqVvaAV2bS
MgQrX0HWC4w90qX7qK0KfGKf5TdQ5uicHXqmNGLiAZUZZzHy+cK57p1V2YhTpwPI
1p/7BaWU1UzLZ+c3rA1Z/B3xXqKDASzb8od8hnPY0AUUZw3FaH7gUqvxDwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNzi//71JUU9xyId2d7Dmge2vFMgMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvM09MX192VWxSVDNISWgzWjNzT2FCN2E4VXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVdEKAwQA
uRWNAwQAub/VAwQAwl07AwQAwpNZMA0GCSqGSIb3DQEBCwUAA4IBAQAOEMy607z1
r1hR7JXoeu1X5FYm1j+k4XZj2DoRImcQqyWWgaxnlJRR2s3MMcZQdEwaPTwURVwH
5p4qkPRbZLfmUIkuCs2nP6M02cZy4wo7g3ZbPckmjMtZgTEohuaOZPH2Fioentpj
cji+KtlNwv2eAXP3fpBHQT81xA9nXa1L72G8U8S0OD4FPCuGYDStZDXeipsqDEB8
P3fir8XUuMAjfKE51m5EVipjEKOFKjnkPUMB8mMrjd+AFN/UsE68LbDbGy1RWHL+
sdoiXCW6uh4LYXU3juQT/y4aM+uN2WfULHu8aGe3RPmrVDHohzJDLphv39c0KDiX
8QzGEzqlWsWZ
-----END CERTIFICATE-----
Generated at Sat Jun 15 21:16:36 2024 by rpki-client on console-ams.rpki-client.org