Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/K5jDefxvEqGmTAaLkKTK2jAUriU.roa
File:                     K5jDefxvEqGmTAaLkKTK2jAUriU.roa (raw, json)
Hash identifier:          nvoLyiMzt1kATFmpSFVzfFjdzoDyfHNNY9Gemn/+zgQ=
Subject key identifier:   2B:98:C3:79:FC:6F:12:A1:A6:4C:06:8B:90:A4:CA:DA:30:14:AE:25
Certificate issuer:       /CN=a88ad546f1a0ef8cf75c92a748bd5c86362e209b
Certificate serial:       018CC50069F26B48D70F3879288C097F4351
Authority key identifier: A8:8A:D5:46:F1:A0:EF:8C:F7:5C:92:A7:48:BD:5C:86:36:2E:20:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qIrVRvGg74z3XJKnSL1chjYuIJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/K5jDefxvEqGmTAaLkKTK2jAUriU.roa
Signing time:             Mon 01 Jan 2024 12:29:47 +0000
ROA not before:           Mon 01 Jan 2024 12:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50794
IP address blocks:        178.21.240.0/21 maxlen: 21
                          37.0.24.0/21 maxlen: 21
                          2a04:7e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/qIrVRvGg74z3XJKnSL1chjYuIJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/qIrVRvGg74z3XJKnSL1chjYuIJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qIrVRvGg74z3XJKnSL1chjYuIJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 20:23:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:69:f2:6b:48:d7:0f:38:79:28:8c:09:7f:43:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a88ad546f1a0ef8cf75c92a748bd5c86362e209b
        Validity
            Not Before: Jan  1 12:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b98c379fc6f12a1a64c068b90a4cada3014ae25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:42:e0:b3:e5:5b:45:75:5c:5a:c3:6d:6a:a5:
                    10:df:ee:ad:b4:c1:28:d1:d7:3c:af:0f:0a:05:d5:
                    b9:c9:b3:45:f1:f0:0c:a6:88:7b:62:05:b3:d4:78:
                    48:95:b2:a3:e3:c8:1b:62:56:6e:5e:05:4a:2a:58:
                    cd:69:06:59:9a:bf:1f:9a:fd:a4:70:7b:b8:71:57:
                    28:1f:b4:ab:4f:6f:ed:c5:28:3a:6a:d5:cb:47:72:
                    37:0a:09:12:38:e5:dc:48:d3:7a:fe:8f:37:18:04:
                    26:11:33:44:4e:a6:85:0b:9b:40:45:65:4b:9a:50:
                    42:7c:fd:ae:f5:07:e7:9c:7a:81:24:df:45:97:4a:
                    95:8c:db:0d:68:cf:56:25:79:8c:3a:e3:3d:cc:73:
                    03:d2:e4:de:64:ac:29:96:7d:68:0e:89:0b:94:61:
                    ef:f3:70:4d:5e:cd:3a:2c:34:ac:69:f1:38:55:75:
                    6e:a8:bb:61:92:a3:41:1c:7f:49:83:06:ae:c5:02:
                    e8:20:b3:c1:a1:c5:0f:89:64:bb:51:a0:70:cb:c4:
                    93:b3:7f:94:85:cc:2c:6d:02:37:e0:81:26:9d:4c:
                    48:e6:ae:2a:2c:b6:b6:f5:b6:94:83:0f:0b:8b:f4:
                    b4:fd:c4:86:1d:9c:ad:17:da:cb:5c:04:c9:10:f3:
                    2b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:98:C3:79:FC:6F:12:A1:A6:4C:06:8B:90:A4:CA:DA:30:14:AE:25
            X509v3 Authority Key Identifier:
                keyid:A8:8A:D5:46:F1:A0:EF:8C:F7:5C:92:A7:48:BD:5C:86:36:2E:20:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qIrVRvGg74z3XJKnSL1chjYuIJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/K5jDefxvEqGmTAaLkKTK2jAUriU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/qIrVRvGg74z3XJKnSL1chjYuIJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.0.24.0/21
                  178.21.240.0/21
                IPv6:
                  2a04:7e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:78:b4:4b:22:fd:06:23:70:2e:b3:d4:71:5c:f0:7e:14:02:
         6c:2d:a4:8a:8b:ee:2f:d9:48:49:63:dc:d5:41:53:6c:3e:f2:
         4b:eb:13:18:4a:ff:3a:20:eb:ca:c2:61:49:ed:a9:b8:0a:77:
         6b:02:4c:52:d6:cb:14:65:d8:7c:28:7c:5c:ce:c9:52:8d:ff:
         c7:a1:fc:b9:6a:97:59:93:d0:ab:78:dc:b5:90:39:88:7f:a8:
         b9:4f:ac:98:b5:3b:4b:0e:a7:bc:f8:d6:36:6f:d2:42:a4:86:
         32:69:3e:fc:50:0e:6e:48:c0:9a:9a:52:38:aa:28:b8:02:68:
         43:9c:81:e7:d5:78:ac:26:f9:5e:9e:39:04:ba:56:33:62:91:
         a3:6e:23:84:79:32:f5:5c:e5:14:f7:d9:0e:01:88:af:c9:f9:
         04:75:cb:c3:45:17:39:90:ff:36:b4:3c:a5:18:20:97:5e:13:
         d7:d8:e5:22:db:a7:6f:c2:c3:91:9a:90:b7:c7:2f:d7:21:2b:
         18:49:4e:ae:d5:66:de:a4:4b:6c:72:03:e4:be:54:76:52:28:
         7d:05:f1:2c:bf:31:4c:86:42:0a:b6:bd:16:78:92:4f:2c:0a:
         20:2f:ce:38:df:db:dc:06:f6:62:19:9d:76:e9:c2:34:f2:c3:
         2b:34:96:a0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAGnya0jXDzh5KIwJf0NRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4OGFkNTQ2ZjFhMGVmOGNmNzVjOTJhNzQ4YmQ1Yzg2MzYy
ZTIwOWIwHhcNMjQwMTAxMTIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjk4YzM3OWZjNmYxMmExYTY0YzA2OGI5MGE0Y2FkYTMwMTRhZTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmULgs+VbRXVcWsNtaqUQ3+6ttMEo
0dc8rw8KBdW5ybNF8fAMpoh7YgWz1HhIlbKj48gbYlZuXgVKKljNaQZZmr8fmv2k
cHu4cVcoH7SrT2/txSg6atXLR3I3CgkSOOXcSNN6/o83GAQmETNETqaFC5tARWVL
mlBCfP2u9QfnnHqBJN9Fl0qVjNsNaM9WJXmMOuM9zHMD0uTeZKwpln1oDokLlGHv
83BNXs06LDSsafE4VXVuqLthkqNBHH9JgwauxQLoILPBocUPiWS7UaBwy8STs3+U
hcwsbQI34IEmnUxI5q4qLLa29baUgw8Li/S0/cSGHZytF9rLXATJEPMrTwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCuYw3n8bxKhpkwGi5CkytowFK4lMB8GA1UdIwQY
MBaAFKiK1UbxoO+M91ySp0i9XIY2LiCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUlyVlJ2R2c3NHozWEpLblNMMWNoall1SUpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS81MDBhOGMtNmEyZC00MzRiLTk2ZjEt
MThlYjc3OWE2NDk3LzEvSzVqRGVmeHZFcUdtVEFhTGtLVEsyakFVcmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS81MDBhOGMtNmEyZC00MzRiLTk2ZjEtMThlYjc3OWE2NDk3
LzEvcUlyVlJ2R2c3NHozWEpLblNMMWNoall1SUpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJQAYAwQD
shXwMA0EAgACMAcDBQMqBH6AMA0GCSqGSIb3DQEBCwUAA4IBAQBleLRLIv0GI3Au
s9RxXPB+FAJsLaSKi+4v2UhJY9zVQVNsPvJL6xMYSv86IOvKwmFJ7am4CndrAkxS
1ssUZdh8KHxczslSjf/Hofy5apdZk9CreNy1kDmIf6i5T6yYtTtLDqe8+NY2b9JC
pIYyaT78UA5uSMCamlI4qii4AmhDnIHn1XisJvlenjkEulYzYpGjbiOEeTL1XOUU
99kOAYivyfkEdcvDRRc5kP82tDylGCCXXhPX2OUi26dvwsORmpC3xy/XISsYSU6u
1WbepEtscgPkvlR2Uih9BfEsvzFMhkIKtr0WeJJPLAogL84439vcBvZiGZ126cI0
8sMrNJag
-----END CERTIFICATE-----
Generated at Mon Jun 17 03:54:44 2024 by rpki-client on console-ams.rpki-client.org