Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/SnW5Q6MgvxY0HVOv-jCkShRtAuo.roa
File:                     SnW5Q6MgvxY0HVOv-jCkShRtAuo.roa (raw, json)
Hash identifier:          U3ivDH0Rl3VjTN9nypMWlTsY2l2CjMVISDEYgpYK5b0=
Subject key identifier:   4A:75:B9:43:A3:20:BF:16:34:1D:53:AF:FA:30:A4:4A:14:6D:02:EA
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018FB8F655EE8E889D7D08DF1B57D7361A94
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/SnW5Q6MgvxY0HVOv-jCkShRtAuo.roa
Signing time:             Mon 27 May 2024 07:31:42 +0000
ROA not before:           Mon 27 May 2024 07:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        168.199.236.0/22 maxlen: 24
                          168.199.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b8:f6:55:ee:8e:88:9d:7d:08:df:1b:57:d7:36:1a:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: May 27 07:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a75b943a320bf16341d53affa30a44a146d02ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:50:8b:28:3a:16:af:09:e4:14:bc:03:d8:21:
                    1f:ad:5f:36:15:e9:e6:f2:f7:f3:91:ef:15:cd:8e:
                    d2:a5:c5:e4:78:68:a5:77:bf:f3:f9:a0:82:aa:2f:
                    e6:9f:9a:41:4f:71:0c:18:ef:f4:b6:9f:75:c0:6e:
                    af:84:92:2b:83:0b:c1:1c:f2:2f:da:8f:57:63:89:
                    2c:d7:3c:45:24:80:57:56:b9:29:47:4f:66:b4:e8:
                    15:b9:aa:7c:45:d4:69:36:f1:be:0d:23:a7:2d:d4:
                    ff:cb:c9:4a:e7:23:fa:26:d2:b8:51:14:a4:ff:be:
                    55:b3:0e:d0:91:cd:75:80:1e:ce:36:06:73:40:00:
                    39:20:70:d0:fe:f4:d7:ca:79:40:cd:65:50:d7:cc:
                    da:41:39:13:c9:71:88:f0:3a:63:48:29:ac:2e:53:
                    83:a7:66:b9:d5:4f:1c:1e:81:c7:a4:e8:85:5a:1c:
                    0e:96:c1:2f:e8:4a:60:79:e1:ec:b0:e5:18:4a:0f:
                    62:51:07:74:df:de:6c:d4:92:3b:68:8c:ea:89:bb:
                    37:a6:31:3a:c2:a1:92:7d:af:08:48:1f:37:ba:94:
                    7d:df:6c:dd:81:96:a8:57:66:be:e8:70:a2:7d:2d:
                    11:a3:5e:37:00:93:87:bd:7f:6f:0a:50:fe:c4:9b:
                    67:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:75:B9:43:A3:20:BF:16:34:1D:53:AF:FA:30:A4:4A:14:6D:02:EA
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/SnW5Q6MgvxY0HVOv-jCkShRtAuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.236.0/22
                  168.199.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:a1:36:45:3e:68:0b:a1:02:e1:df:43:8e:47:e6:95:5a:c7:
         48:45:13:81:76:05:d9:29:13:60:6b:a4:08:db:66:0c:8f:53:
         d7:df:ee:3a:79:b6:9b:0e:4e:73:68:e7:b6:8c:53:fd:9d:d1:
         4a:d5:99:d6:e6:fb:ba:55:f4:4f:1c:a9:b9:7f:ac:7b:c1:1a:
         17:59:51:6b:bb:f2:d1:e3:19:1b:3b:94:b5:50:dc:76:a1:ef:
         cc:6b:15:54:b5:f7:d4:fe:2a:1e:77:64:64:57:70:b8:a6:52:
         e6:45:b3:06:ab:a6:41:f2:7c:c6:d0:b2:97:c3:88:c6:b3:76:
         06:d8:01:ee:97:fa:25:3a:b0:0d:a0:bd:cf:30:ff:b3:81:41:
         97:80:c0:86:d4:67:84:8e:8b:47:20:16:a1:9a:a7:5c:4f:97:
         5b:7e:97:d3:59:dd:3e:63:2f:c8:14:2c:9e:b8:52:37:1a:04:
         e8:be:2e:7c:68:5a:90:3f:c7:ec:5e:19:b2:f8:0d:6e:01:08:
         08:14:31:5a:7f:06:29:c8:92:ca:aa:5a:e3:99:5a:73:2a:3b:
         aa:4c:db:01:94:b8:99:75:40:10:f2:0d:be:70:c5:5f:25:b9:
         e9:bf:4e:d4:e5:60:b4:bd:2d:b0:7d:b1:51:28:f7:35:ea:a1:
         d6:62:05:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+49lXujoidfQjfG1fXNhqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQwNTI3MDczMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTc1Yjk0M2EzMjBiZjE2MzQxZDUzYWZmYTMwYTQ0YTE0NmQwMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6VCLKDoWrwnkFLwD2CEfrV82Fenm
8vfzke8VzY7SpcXkeGild7/z+aCCqi/mn5pBT3EMGO/0tp91wG6vhJIrgwvBHPIv
2o9XY4ks1zxFJIBXVrkpR09mtOgVuap8RdRpNvG+DSOnLdT/y8lK5yP6JtK4URSk
/75Vsw7Qkc11gB7ONgZzQAA5IHDQ/vTXynlAzWVQ18zaQTkTyXGI8DpjSCmsLlOD
p2a51U8cHoHHpOiFWhwOlsEv6EpgeeHssOUYSg9iUQd0395s1JI7aIzqibs3pjE6
wqGSfa8ISB83upR932zdgZaoV2a+6HCifS0Ro143AJOHvX9vClD+xJtnuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEp1uUOjIL8WNB1Tr/owpEoUbQLqMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvU25XNVE2TWd2eFkwSFZPdi1qQ2tTaFJ0QXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCqMfsAwQC
qMf4MA0GCSqGSIb3DQEBCwUAA4IBAQCwoTZFPmgLoQLh30OOR+aVWsdIRROBdgXZ
KRNga6QI22YMj1PX3+46ebabDk5zaOe2jFP9ndFK1ZnW5vu6VfRPHKm5f6x7wRoX
WVFru/LR4xkbO5S1UNx2oe/MaxVUtffU/ioed2RkV3C4plLmRbMGq6ZB8nzG0LKX
w4jGs3YG2AHul/olOrANoL3PMP+zgUGXgMCG1GeEjotHIBahmqdcT5dbfpfTWd0+
Yy/IFCyeuFI3GgTovi58aFqQP8fsXhmy+A1uAQgIFDFafwYpyJLKqlrjmVpzKjuq
TNsBlLiZdUAQ8g2+cMVfJbnpv07U5WC0vS2wfbFRKPc16qHWYgUK
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:25:29 2024 by rpki-client on console-ams.rpki-client.org