Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/2UGjFYmm9BDm33oRiBL6vojxtD4.roa
File:                     2UGjFYmm9BDm33oRiBL6vojxtD4.roa (raw, json)
Hash identifier:          bgaIVUqvRvEIqyg1rHE5kcVvel+mkhIbTkLOYbz9u2g=
Subject key identifier:   D9:41:A3:15:89:A6:F4:10:E6:DF:7A:11:88:12:FA:BE:88:F1:B4:3E
Certificate issuer:       /CN=28b0ff7998ca8854ce7c475a972ed1d52a5c60cd
Certificate serial:       018CC793F24752409E5D059DE7294FFD12B5
Authority key identifier: 28:B0:FF:79:98:CA:88:54:CE:7C:47:5A:97:2E:D1:D5:2A:5C:60:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/2UGjFYmm9BDm33oRiBL6vojxtD4.roa
Signing time:             Tue 02 Jan 2024 00:30:10 +0000
ROA not before:           Tue 02 Jan 2024 00:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203923
IP address blocks:        185.119.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 06:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:f2:47:52:40:9e:5d:05:9d:e7:29:4f:fd:12:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28b0ff7998ca8854ce7c475a972ed1d52a5c60cd
        Validity
            Not Before: Jan  2 00:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d941a31589a6f410e6df7a118812fabe88f1b43e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:24:25:38:1a:0b:91:9e:71:a7:0f:af:93:a3:
                    4a:c0:57:4b:96:66:91:64:2e:6a:4c:e8:57:12:9f:
                    ed:46:60:d8:5a:8e:3e:8b:10:06:24:60:a2:b5:24:
                    cd:58:f2:fb:c0:00:06:8f:1f:74:99:b0:b1:0a:d4:
                    47:6b:a3:5d:e3:d4:8f:d1:e5:08:97:0e:1c:0c:0f:
                    29:a8:f8:82:97:22:ba:99:af:3b:55:bd:5f:a9:34:
                    32:84:00:9c:d2:a9:a7:cf:1a:1c:ec:81:6a:4b:3d:
                    49:72:b4:c1:f8:b9:80:ac:8e:5a:f3:ef:49:3e:5c:
                    41:2e:d1:e4:e9:28:b4:71:a3:8d:6a:2a:19:4a:b7:
                    05:b2:ce:6a:04:8d:22:47:3a:27:7c:96:9e:6d:8c:
                    a5:fc:62:7f:b0:ae:70:79:83:52:6b:ce:2d:2e:4c:
                    3e:d8:50:35:fb:51:88:db:b1:86:bb:84:eb:6e:07:
                    00:c9:f4:5b:58:69:5b:fc:e1:28:af:d1:af:e6:f5:
                    2d:9f:b6:23:00:10:ee:55:d8:f1:31:08:ee:78:0f:
                    16:c6:dc:97:a4:e6:30:da:f6:aa:e8:28:ea:65:7f:
                    45:98:20:7e:59:eb:a3:ee:8c:fb:e9:42:17:a7:06:
                    e7:9a:bb:56:d9:d6:ee:3c:86:e5:53:3e:52:13:f8:
                    25:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:41:A3:15:89:A6:F4:10:E6:DF:7A:11:88:12:FA:BE:88:F1:B4:3E
            X509v3 Authority Key Identifier:
                keyid:28:B0:FF:79:98:CA:88:54:CE:7C:47:5A:97:2E:D1:D5:2A:5C:60:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/2UGjFYmm9BDm33oRiBL6vojxtD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:ed:8a:52:83:79:9f:68:55:22:c2:e4:83:80:bd:d9:37:ac:
         db:6f:f1:9e:12:ad:7a:46:6b:e4:26:6b:cc:6b:bd:4d:85:c6:
         1b:f4:ab:20:94:b2:fe:ec:bd:0b:cb:0a:6f:bf:c3:66:48:36:
         e6:bb:f9:a6:dc:a3:e4:78:cf:45:7d:ad:04:2d:80:cd:04:60:
         f3:5b:ea:f1:9c:d7:11:08:e8:ef:ca:cb:b8:db:d7:5c:75:e9:
         4b:97:89:b5:2c:54:f5:4a:1d:54:67:32:b3:09:10:25:9e:41:
         c8:d2:6e:c6:0e:40:2a:b6:12:8a:ca:6b:c6:79:b0:97:8b:e6:
         fc:6b:d1:27:fe:98:45:e2:7b:38:46:33:cd:a6:00:a3:c8:7b:
         bc:69:c1:d6:06:3c:3e:26:e9:af:7d:af:aa:ad:ab:c3:ba:cb:
         cd:72:0f:b6:c6:c9:55:d2:7d:3f:5a:65:c1:13:3a:6f:21:bd:
         4e:bc:71:42:1e:0a:51:a2:d3:5f:ff:17:8a:88:c6:88:12:27:
         c1:0f:c6:b1:78:6a:5f:18:85:0c:19:ec:50:74:29:3a:9b:52:
         57:8b:68:2c:dc:b9:a2:71:09:d5:85:55:bf:61:4a:f6:d4:3d:
         b5:c1:06:29:e7:98:27:92:3b:13:bb:24:36:22:c1:46:8c:39:
         cf:f5:3d:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk/JHUkCeXQWd5ylP/RK1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YjBmZjc5OThjYTg4NTRjZTdjNDc1YTk3MmVkMWQ1MmE1
YzYwY2QwHhcNMjQwMTAyMDAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQxYTMxNTg5YTZmNDEwZTZkZjdhMTE4ODEyZmFiZTg4ZjFiNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyQlOBoLkZ5xpw+vk6NKwFdLlmaR
ZC5qTOhXEp/tRmDYWo4+ixAGJGCitSTNWPL7wAAGjx90mbCxCtRHa6Nd49SP0eUI
lw4cDA8pqPiClyK6ma87Vb1fqTQyhACc0qmnzxoc7IFqSz1JcrTB+LmArI5a8+9J
PlxBLtHk6Si0caONaioZSrcFss5qBI0iRzonfJaebYyl/GJ/sK5weYNSa84tLkw+
2FA1+1GI27GGu4TrbgcAyfRbWGlb/OEor9Gv5vUtn7YjABDuVdjxMQjueA8WxtyX
pOYw2vaq6CjqZX9FmCB+Weuj7oz76UIXpwbnmrtW2dbuPIblUz5SE/gltQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlBoxWJpvQQ5t96EYgS+r6I8bQ+MB8GA1UdIwQY
MBaAFCiw/3mYyohUznxHWpcu0dUqXGDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0xEX2VaaktpRlRPZkVkYWx5N1IxU3BjWU0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9hMGQ2NzQtODdiNi00MzE4LWJlZDIt
MjY3NTQ3ZWExZTM1LzEvMlVHakZZbW05QkRtMzNvUmlCTDZ2b2p4dEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9hMGQ2NzQtODdiNi00MzE4LWJlZDItMjY3NTQ3ZWExZTM1
LzEvS0xEX2VaaktpRlRPZkVkYWx5N1IxU3BjWU0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXfcMA0G
CSqGSIb3DQEBCwUAA4IBAQA67YpSg3mfaFUiwuSDgL3ZN6zbb/GeEq16RmvkJmvM
a71NhcYb9KsglLL+7L0Lywpvv8NmSDbmu/mm3KPkeM9Ffa0ELYDNBGDzW+rxnNcR
COjvysu429dcdelLl4m1LFT1Sh1UZzKzCRAlnkHI0m7GDkAqthKKymvGebCXi+b8
a9En/phF4ns4RjPNpgCjyHu8acHWBjw+Jumvfa+qravDusvNcg+2xslV0n0/WmXB
EzpvIb1OvHFCHgpRotNf/xeKiMaIEifBD8axeGpfGIUMGexQdCk6m1JXi2gs3Lmi
cQnVhVW/YUr21D21wQYp55gnkjsTuyQ2IsFGjDnP9T3y
-----END CERTIFICATE-----
Generated at Mon Jun 17 16:00:55 2024 by rpki-client on console-ams.rpki-client.org