Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KYmbfN0nXJ3lsMe5CzqorriNptU.roa
File:                     KYmbfN0nXJ3lsMe5CzqorriNptU.roa (raw, json)
Hash identifier:          1ws1csJQ+EZyj7EGYPKTGwNtesx2Uk83lzzEG2BvIgw=
Subject key identifier:   29:89:9B:7C:DD:27:5C:9D:E5:B0:C7:B9:0B:3A:A8:AE:B8:8D:A6:D5
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A6E11E2C95FD99EA17E9D86E8BB46
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KYmbfN0nXJ3lsMe5CzqorriNptU.roa
Signing time:             Tue 02 Jan 2024 12:33:47 +0000
ROA not before:           Tue 02 Jan 2024 12:33:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56850
IP address blocks:        185.248.184.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6e:11:e2:c9:5f:d9:9e:a1:7e:9d:86:e8:bb:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29899b7cdd275c9de5b0c7b90b3aa8aeb88da6d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a0:f1:c5:31:53:6f:6e:65:d7:61:49:55:fa:
                    e7:3b:46:7c:c4:ce:3b:28:cd:fb:5e:ff:fa:c5:bd:
                    46:26:e1:2e:de:9a:52:79:b1:01:ca:c0:e9:3c:2b:
                    38:61:9d:6d:c2:5c:f8:aa:3e:c2:23:36:b7:7e:4c:
                    23:a5:73:44:04:a8:70:8a:d1:96:c0:d5:af:40:9a:
                    6f:2a:99:70:c5:a9:f7:90:4c:d7:79:3d:e8:e2:2f:
                    bf:b7:6c:63:f7:5d:ae:37:2e:14:7b:8f:21:cc:6b:
                    c8:c9:ad:a7:bb:a8:8e:66:8e:cc:e1:be:00:8f:4a:
                    25:73:a3:f2:f8:39:e3:b7:20:b9:85:0f:9d:20:c3:
                    fc:85:c7:28:df:04:e9:b0:5c:e8:f9:ca:18:3f:f4:
                    39:f4:fe:52:cf:e0:62:06:6f:70:1f:e5:69:b4:33:
                    2b:cf:59:e5:41:97:eb:8c:8b:a5:07:49:82:76:55:
                    ec:f1:45:76:b1:e7:50:5b:f0:62:54:c0:98:4a:51:
                    53:b6:17:0c:35:c9:16:81:12:07:da:65:66:2b:c9:
                    b9:f8:75:97:78:16:0a:eb:20:c6:48:f1:55:db:6c:
                    db:51:4f:88:a2:1c:e4:7c:d9:7e:55:fe:e9:c9:d2:
                    98:3b:ef:22:bc:34:91:c1:11:18:e1:dc:af:35:6d:
                    43:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:89:9B:7C:DD:27:5C:9D:E5:B0:C7:B9:0B:3A:A8:AE:B8:8D:A6:D5
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KYmbfN0nXJ3lsMe5CzqorriNptU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bf:02:6d:2d:b5:27:4f:d7:bf:52:9f:9f:0b:5b:bd:77:6c:ad:
         00:77:75:4b:e0:09:dd:0e:47:97:82:1c:a8:f6:3c:1a:8c:b0:
         b9:f2:5e:ee:30:7f:a8:1e:70:98:14:2d:b8:f0:31:f5:32:23:
         84:81:d6:5c:89:48:65:18:67:c4:5d:4d:4c:41:f1:7f:3a:34:
         c4:14:31:93:f5:bf:6c:43:84:90:ec:fd:a0:d2:42:f5:d1:75:
         ca:41:8d:14:d2:2a:be:d2:56:65:6d:3a:d4:2c:95:9d:2a:a5:
         25:c3:c1:b0:20:75:07:7d:02:c9:19:7e:67:b5:1d:33:d1:5c:
         fa:e7:b6:03:a1:fa:07:91:c5:9e:cc:f5:09:99:03:9f:39:71:
         e2:75:10:03:38:d2:5e:89:6f:17:a7:ef:dc:ff:bc:c9:c4:c5:
         ae:09:48:05:f4:5b:64:b3:23:21:50:c5:24:1b:53:96:cb:a0:
         55:f2:d0:57:65:c8:5f:ad:d1:3a:67:37:a4:9e:28:4c:e8:0b:
         2c:56:ab:bc:1e:3b:77:e3:24:c8:6a:92:5f:fe:83:50:07:74:
         85:60:72:55:1c:ed:0a:16:00:32:cc:2a:73:f3:0f:4f:95:3d:
         0e:1a:97:35:a5:b9:a4:4e:50:f1:15:aa:80:49:00:ce:0e:15:
         ac:67:a2:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKm4R4slf2Z6hfp2G6LtGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTg5OWI3Y2RkMjc1YzlkZTViMGM3YjkwYjNhYThhZWI4OGRhNmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKDxxTFTb25l12FJVfrnO0Z8xM47
KM37Xv/6xb1GJuEu3ppSebEBysDpPCs4YZ1twlz4qj7CIza3fkwjpXNEBKhwitGW
wNWvQJpvKplwxan3kEzXeT3o4i+/t2xj912uNy4Ue48hzGvIya2nu6iOZo7M4b4A
j0olc6Py+DnjtyC5hQ+dIMP8hcco3wTpsFzo+coYP/Q59P5Sz+BiBm9wH+VptDMr
z1nlQZfrjIulB0mCdlXs8UV2sedQW/BiVMCYSlFTthcMNckWgRIH2mVmK8m5+HWX
eBYK6yDGSPFV22zbUU+IohzkfNl+Vf7pydKYO+8ivDSRwREY4dyvNW1DIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmJm3zdJ1yd5bDHuQs6qK64jabVMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvS1ltYmZOMG5YSjNsc01lNUN6cW9ycmlOcHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufi4MA0G
CSqGSIb3DQEBCwUAA4IBAQC/Am0ttSdP179Sn58LW713bK0Ad3VL4AndDkeXghyo
9jwajLC58l7uMH+oHnCYFC248DH1MiOEgdZciUhlGGfEXU1MQfF/OjTEFDGT9b9s
Q4SQ7P2g0kL10XXKQY0U0iq+0lZlbTrULJWdKqUlw8GwIHUHfQLJGX5ntR0z0Vz6
57YDofoHkcWezPUJmQOfOXHidRADONJeiW8Xp+/c/7zJxMWuCUgF9FtksyMhUMUk
G1OWy6BV8tBXZchfrdE6ZzeknihM6AssVqu8Hjt34yTIapJf/oNQB3SFYHJVHO0K
FgAyzCpz8w9PlT0OGpc1pbmkTlDxFaqASQDODhWsZ6Kn
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:28:10 2024 by rpki-client on console-ams.rpki-client.org