Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/GUqmbbo1yT_SKrSCo3c9pB14ssI.roa
File:                     GUqmbbo1yT_SKrSCo3c9pB14ssI.roa (raw, json)
Hash identifier:          bftbVe6yaNvY7+C+/fuafOy6uHwpmf0ITDDkRolF1G8=
Subject key identifier:   19:4A:A6:6D:BA:35:C9:3F:D2:2A:B4:82:A3:77:3D:A4:1D:78:B2:C2
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       018CC34928CE29AA7F259DE305412ED6EF71
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/GUqmbbo1yT_SKrSCo3c9pB14ssI.roa
Signing time:             Mon 01 Jan 2024 04:30:00 +0000
ROA not before:           Mon 01 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35600
IP address blocks:        185.56.176.0/22 maxlen: 22
                          91.221.92.0/23 maxlen: 24
                          91.221.106.0/23 maxlen: 24
                          194.117.246.0/23 maxlen: 23
                          185.48.132.0/22 maxlen: 24
                          2001:67c:184c::/48 maxlen: 48
                          2a02:5520::/32 maxlen: 32
                          2a00:4780::/32 maxlen: 32
                          2a0e:ac80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:28:ce:29:aa:7f:25:9d:e3:05:41:2e:d6:ef:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Jan  1 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=194aa66dba35c93fd22ab482a3773da41d78b2c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8f:70:34:19:9b:5f:27:a9:62:e9:34:17:1d:
                    ef:40:f9:16:5f:0f:78:23:b3:af:c9:a3:32:db:54:
                    c5:33:6a:e8:5b:46:f3:a5:f3:b0:10:54:83:e1:ac:
                    93:8e:fa:60:55:4b:ac:76:fb:55:7e:2a:0b:17:77:
                    42:26:c2:51:42:d5:c3:ae:c9:e1:41:61:7a:be:cf:
                    fb:a1:aa:e4:5a:14:4b:60:1a:c1:8b:1a:00:d5:23:
                    42:df:7d:d9:f1:c6:d5:0b:be:a0:28:3d:a5:69:1d:
                    8b:b9:8e:ca:75:48:ae:e0:f0:d9:77:41:27:cf:46:
                    58:d0:7e:c3:74:8d:6a:b4:2f:ee:5d:63:8c:29:f1:
                    82:0a:61:0b:7c:71:92:9e:66:56:45:07:fe:45:a8:
                    bc:47:d1:ea:a4:73:75:c9:dd:49:b4:cd:3f:56:90:
                    6f:cc:5c:01:b7:57:3b:a3:f9:6d:ca:58:82:ae:2b:
                    1d:e4:0e:55:e9:49:9e:c0:a0:80:d8:c7:41:29:59:
                    e7:7c:b4:62:d4:18:c1:0e:8a:c1:2e:2d:97:0c:29:
                    da:30:09:ce:84:e9:61:55:fe:bd:30:02:16:c3:2d:
                    8b:a4:f0:41:9a:8d:1f:10:af:39:1d:20:5c:aa:cd:
                    01:00:55:f0:3a:98:50:c4:bc:39:67:e4:f9:28:55:
                    7e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:4A:A6:6D:BA:35:C9:3F:D2:2A:B4:82:A3:77:3D:A4:1D:78:B2:C2
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/GUqmbbo1yT_SKrSCo3c9pB14ssI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.92.0/23
                  91.221.106.0/23
                  185.48.132.0/22
                  185.56.176.0/22
                  194.117.246.0/23
                IPv6:
                  2001:67c:184c::/48
                  2a00:4780::/32
                  2a02:5520::/32
                  2a0e:ac80::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:dc:f7:8d:b8:27:de:f4:69:8d:4a:01:b5:75:52:07:da:9f:
         74:c7:38:2b:51:82:dc:5c:1f:f3:c1:94:97:fd:e7:a6:9e:7d:
         73:cd:db:6e:6b:97:e3:bd:57:bb:ca:fa:cc:c7:b5:cb:a9:72:
         18:e9:38:0a:1c:97:f5:4d:8e:16:a6:6e:65:f5:b0:4a:7b:70:
         6f:15:8a:74:1c:28:68:7d:a9:8d:b2:b2:1e:60:24:01:b4:ef:
         ac:bb:94:df:75:fe:79:89:7d:03:0b:2b:5c:40:3a:55:9c:62:
         ec:49:6b:64:b0:1d:1c:a1:6e:0b:44:51:3b:c7:6f:47:ce:d0:
         50:01:fe:14:40:c4:d6:8e:58:3c:50:97:b6:54:e2:4d:77:2b:
         a9:78:e2:db:cd:79:4c:6f:68:62:9f:33:a5:c3:67:ad:b8:6e:
         c3:fb:ed:a9:6d:60:85:01:6e:37:88:5c:41:46:4d:af:4c:6e:
         7c:c0:f4:80:e3:2f:57:46:1c:e0:f1:33:0e:59:4d:e9:a5:7c:
         e6:62:30:43:62:e2:d9:eb:8b:84:08:e7:32:d6:8e:22:48:b7:
         5b:bc:d9:f1:78:bb:0e:ac:59:bc:99:29:02:0e:9a:9a:47:10:
         26:8d:ac:27:0f:ff:b7:ec:89:9b:72:9f:92:78:47:e0:a0:7a:
         31:1a:0e:c6
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYzDSSjOKap/JZ3jBUEu1u9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjQwMTAxMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTRhYTY2ZGJhMzVjOTNmZDIyYWI0ODJhMzc3M2RhNDFkNzhiMmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj49wNBmbXyepYuk0Fx3vQPkWXw94
I7OvyaMy21TFM2roW0bzpfOwEFSD4ayTjvpgVUusdvtVfioLF3dCJsJRQtXDrsnh
QWF6vs/7oarkWhRLYBrBixoA1SNC333Z8cbVC76gKD2laR2LuY7KdUiu4PDZd0En
z0ZY0H7DdI1qtC/uXWOMKfGCCmELfHGSnmZWRQf+Rai8R9HqpHN1yd1JtM0/VpBv
zFwBt1c7o/ltyliCrisd5A5V6UmewKCA2MdBKVnnfLRi1BjBDorBLi2XDCnaMAnO
hOlhVf69MAIWwy2LpPBBmo0fEK85HSBcqs0BAFXwOphQxLw5Z+T5KFV+JQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFBlKpm26Nck/0iq0gqN3PaQdeLLCMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvR1VxbWJibzF5VF9TS3JTQ28zYzlwQjE0c3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAkBAIAATAeAwQBW91cAwQB
W91qAwQCuTCEAwQCuTiwAwQBwnX2MCQEAgACMB4DBwAgAQZ8GEwDBQAqAEeAAwUA
KgJVIAMFAyoOrIAwDQYJKoZIhvcNAQELBQADggEBABjc9424J970aY1KAbV1Ugfa
n3THOCtRgtxcH/PBlJf956aefXPN225rl+O9V7vK+szHtcupchjpOAocl/VNjham
bmX1sEp7cG8VinQcKGh9qY2ysh5gJAG076y7lN91/nmJfQMLK1xAOlWcYuxJa2Sw
HRyhbgtEUTvHb0fO0FAB/hRAxNaOWDxQl7ZU4k13K6l44tvNeUxvaGKfM6XDZ624
bsP77altYIUBbjeIXEFGTa9MbnzA9IDjL1dGHODxMw5ZTemlfOZiMENi4tnri4QI
5zLWjiJIt1u82fF4uw6sWbyZKQIOmppHECaNrCcP/7fsiZtyn5J4R+CgejEaDsY=
-----END CERTIFICATE-----
Generated at Sat Jun 15 22:04:02 2024 by rpki-client on console-ams.rpki-client.org