Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/f9342c-57a9-48f3-9e67-8a3d8dc358eb/1/1-iyBsl5rE9lpSKrl-SUfwo5NPhY.roa
File:                     1-iyBsl5rE9lpSKrl-SUfwo5NPhY.roa (raw, json)
Hash identifier:          IXdsm4JyaQFJ2cJkNYafRmC3NYOOT1+6IGlaC79dMRk=
Subject key identifier:   FA:2C:81:B2:5E:6B:13:D9:69:48:AA:E5:F9:25:1F:C2:8E:4D:3E:16
Certificate issuer:       /CN=4285821bb7a8445efbf433d4c19890a7fa949fa8
Certificate serial:       018CC801732842670A956B254C448AAD6B09
Authority key identifier: 42:85:82:1B:B7:A8:44:5E:FB:F4:33:D4:C1:98:90:A7:FA:94:9F:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QoWCG7eoRF779DPUwZiQp_qUn6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/f9342c-57a9-48f3-9e67-8a3d8dc358eb/1/1-iyBsl5rE9lpSKrl-SUfwo5NPhY.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209383
IP address blocks:        139.28.192.0/23 maxlen: 23
                          139.28.192.0/22 maxlen: 22
                          139.28.194.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/f9342c-57a9-48f3-9e67-8a3d8dc358eb/1/QoWCG7eoRF779DPUwZiQp_qUn6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/f9342c-57a9-48f3-9e67-8a3d8dc358eb/1/QoWCG7eoRF779DPUwZiQp_qUn6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QoWCG7eoRF779DPUwZiQp_qUn6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:73:28:42:67:0a:95:6b:25:4c:44:8a:ad:6b:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4285821bb7a8445efbf433d4c19890a7fa949fa8
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa2c81b25e6b13d96948aae5f9251fc28e4d3e16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8a:a4:f2:ba:b7:79:0c:6e:c3:f2:ee:f3:7d:
                    fe:5b:64:d5:6b:95:37:8f:14:4b:b4:32:5a:22:9e:
                    0a:e5:66:84:c0:e4:33:21:53:4a:8f:16:81:56:3b:
                    36:25:df:da:b8:77:83:28:b6:11:98:c8:89:23:46:
                    90:57:75:69:d5:78:23:d4:fb:38:52:50:e5:af:04:
                    02:50:c9:3e:5c:9f:aa:de:99:9f:16:9c:bb:46:96:
                    66:02:51:f3:00:c5:92:67:69:3c:4c:3c:21:70:57:
                    14:f6:07:e2:ba:4b:72:48:37:94:6c:61:d2:b7:5b:
                    94:a7:92:ea:20:17:58:0e:6c:04:a6:ca:ce:69:b3:
                    29:7c:19:d9:8f:87:bc:90:a2:ea:b5:48:a6:30:03:
                    ef:34:22:db:2c:ca:82:6a:c8:2d:51:ed:43:77:ba:
                    92:ab:03:7d:ef:83:80:dd:b2:4c:45:a4:6c:0b:b9:
                    f3:ec:8b:16:a9:5e:9b:28:71:52:39:95:96:ba:58:
                    67:9e:e6:a5:49:23:51:77:08:2c:67:30:80:5b:11:
                    c6:67:ac:88:f4:54:d3:3b:f3:0e:6d:6a:e2:e4:a9:
                    b0:0f:e7:5a:d8:9c:78:85:fc:ed:66:c4:ad:91:cb:
                    47:ad:37:df:54:be:6c:15:a4:ba:2b:3c:e0:b0:c0:
                    33:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:2C:81:B2:5E:6B:13:D9:69:48:AA:E5:F9:25:1F:C2:8E:4D:3E:16
            X509v3 Authority Key Identifier:
                keyid:42:85:82:1B:B7:A8:44:5E:FB:F4:33:D4:C1:98:90:A7:FA:94:9F:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QoWCG7eoRF779DPUwZiQp_qUn6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/f9342c-57a9-48f3-9e67-8a3d8dc358eb/1/1-iyBsl5rE9lpSKrl-SUfwo5NPhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/f9342c-57a9-48f3-9e67-8a3d8dc358eb/1/QoWCG7eoRF779DPUwZiQp_qUn6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:49:4d:b8:ba:8a:b1:02:4f:e2:bd:48:11:e1:7b:95:a1:42:
         cc:db:0a:52:f8:bc:13:63:11:71:e1:86:be:c7:05:78:6d:f2:
         0a:3c:a4:d4:ef:cd:71:79:70:b8:83:9e:8e:86:65:14:1b:48:
         1f:0b:3c:76:25:fc:4a:45:99:23:18:f7:e1:f8:b9:78:c8:ab:
         cb:55:13:2c:5e:59:66:31:e0:7d:a9:7b:34:33:5a:27:84:9c:
         48:b2:cd:2d:11:95:48:76:1e:ef:3c:5f:66:5c:fb:f7:08:d3:
         5e:21:f6:a6:1f:9c:61:78:50:a0:5f:41:68:02:71:e9:30:aa:
         15:e3:24:84:a2:87:fb:92:7b:eb:35:36:72:aa:3e:eb:f3:90:
         ab:44:94:58:08:3d:22:c3:42:57:d8:25:e2:d0:f6:99:21:dd:
         c3:3c:ce:62:42:43:ca:8a:67:55:8e:3a:82:cb:6b:b0:20:39:
         e6:89:9a:f2:1a:3f:5d:c1:4b:c8:2a:9d:96:ae:be:5b:e8:40:
         0d:2a:8c:fa:43:5b:af:be:f1:fa:6e:ec:97:1e:89:9b:66:0c:
         62:1a:54:39:b5:a5:80:15:b3:13:e3:5b:51:dc:79:2d:3b:a3:
         9b:40:d5:10:04:e3:fc:81:5b:98:0f:ff:3f:36:62:0a:9a:38:
         0f:f2:ba:6b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIAXMoQmcKlWslTESKrWsJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyODU4MjFiYjdhODQ0NWVmYmY0MzNkNGMxOTg5MGE3ZmE5
NDlmYTgwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTJjODFiMjVlNmIxM2Q5Njk0OGFhZTVmOTI1MWZjMjhlNGQzZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Iqk8rq3eQxuw/Lu833+W2TVa5U3
jxRLtDJaIp4K5WaEwOQzIVNKjxaBVjs2Jd/auHeDKLYRmMiJI0aQV3Vp1Xgj1Ps4
UlDlrwQCUMk+XJ+q3pmfFpy7RpZmAlHzAMWSZ2k8TDwhcFcU9gfiuktySDeUbGHS
t1uUp5LqIBdYDmwEpsrOabMpfBnZj4e8kKLqtUimMAPvNCLbLMqCasgtUe1Dd7qS
qwN974OA3bJMRaRsC7nz7IsWqV6bKHFSOZWWulhnnualSSNRdwgsZzCAWxHGZ6yI
9FTTO/MObWri5KmwD+da2Jx4hfztZsStkctHrTffVL5sFaS6KzzgsMAzywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPosgbJeaxPZaUiq5fklH8KOTT4WMB8GA1UdIwQY
MBaAFEKFghu3qERe+/Qz1MGYkKf6lJ+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW9XQ0c3ZW9SRjc3OURQVXdaaVFwX3FVbjZnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9mOTM0MmMtNTdhOS00OGYzLTllNjct
OGEzZDhkYzM1OGViLzEvMS1peUJzbDVyRTlscFNLcmwtU1Vmd281TlBoWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDgvZjkzNDJjLTU3YTktNDhmMy05ZTY3LThhM2Q4ZGMzNThl
Yi8xL1FvV0NHN2VvUkY3NzlEUFV3WmlRcF9xVW42Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAoscwDAN
BgkqhkiG9w0BAQsFAAOCAQEAfklNuLqKsQJP4r1IEeF7laFCzNsKUvi8E2MRceGG
vscFeG3yCjyk1O/NcXlwuIOejoZlFBtIHws8diX8SkWZIxj34fi5eMiry1UTLF5Z
ZjHgfal7NDNaJ4ScSLLNLRGVSHYe7zxfZlz79wjTXiH2ph+cYXhQoF9BaAJx6TCq
FeMkhKKH+5J76zU2cqo+6/OQq0SUWAg9IsNCV9gl4tD2mSHdwzzOYkJDyopnVY46
gstrsCA55oma8ho/XcFLyCqdlq6+W+hADSqM+kNbr77x+m7slx6Jm2YMYhpUObWl
gBWzE+NbUdx5LTujm0DVEATj/IFbmA//PzZiCpo4D/K6aw==
-----END CERTIFICATE-----
Generated at Sat Jun 15 15:11:21 2024 by rpki-client on console-ams.rpki-client.org