Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/5y9ChzVmw1EVmALCtko9hmbomaI.roa
File:                     5y9ChzVmw1EVmALCtko9hmbomaI.roa (raw, json)
Hash identifier:          WyMvlhrRA5Fxx8qseNZdWk9M2zxZfGDKLLXXtUJCZ5o=
Subject key identifier:   E7:2F:42:87:35:66:C3:51:15:98:02:C2:B6:4A:3D:86:66:E8:99:A2
Certificate issuer:       /CN=ec167bb6b061fffa629dd2a84ccf7db44c71a351
Certificate serial:       018CCA991ADDB6E6B734AF0785C3954E0C0B
Authority key identifier: EC:16:7B:B6:B0:61:FF:FA:62:9D:D2:A8:4C:CF:7D:B4:4C:71:A3:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/5y9ChzVmw1EVmALCtko9hmbomaI.roa
Signing time:             Tue 02 Jan 2024 14:34:40 +0000
ROA not before:           Tue 02 Jan 2024 14:34:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     65011
IP address blocks:        185.3.30.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:1a:dd:b6:e6:b7:34:af:07:85:c3:95:4e:0c:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec167bb6b061fffa629dd2a84ccf7db44c71a351
        Validity
            Not Before: Jan  2 14:34:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e72f42873566c351159802c2b64a3d8666e899a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:56:cc:36:d1:ac:9d:7b:d3:79:42:c6:1a:83:
                    b9:bc:d4:e4:40:4d:d6:d0:72:b2:7b:d2:55:8e:0c:
                    4c:9a:73:69:f0:22:9e:1d:7a:83:34:57:00:81:1c:
                    72:e7:bf:c5:09:58:44:de:32:ce:88:de:29:5f:c7:
                    41:3e:a4:7a:34:5f:71:70:46:dd:67:c5:26:f3:2a:
                    ad:f2:c1:94:35:a4:20:31:e3:a1:3f:8f:92:48:80:
                    2b:ea:06:2b:46:93:c6:30:ec:65:dd:9a:c6:9f:19:
                    e6:b0:bf:b1:c7:88:2b:53:7f:b5:d6:87:ae:1a:a9:
                    d9:00:f3:e2:76:1c:a4:98:75:5c:ea:d9:21:01:dd:
                    ab:db:f3:e9:fd:5c:e6:6b:b8:c8:d8:0b:ca:44:f5:
                    9f:41:3c:ce:8e:29:6f:63:c0:bd:f3:bf:4e:e0:a7:
                    c7:d2:59:91:76:92:12:3e:03:71:17:ed:3e:f2:00:
                    7e:b1:d5:7b:89:39:03:f8:3f:c0:0b:b2:03:f3:c4:
                    64:10:7f:26:d1:8f:d7:68:3b:b5:03:d2:14:b6:f6:
                    fc:e2:21:6f:ff:b2:ef:df:6a:d0:17:fa:4f:11:02:
                    cc:a6:c6:1a:ee:2b:1c:06:26:a9:bc:9b:fd:94:bb:
                    b7:84:c5:08:41:89:7b:77:5a:41:86:b6:73:21:25:
                    f3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2F:42:87:35:66:C3:51:15:98:02:C2:B6:4A:3D:86:66:E8:99:A2
            X509v3 Authority Key Identifier:
                keyid:EC:16:7B:B6:B0:61:FF:FA:62:9D:D2:A8:4C:CF:7D:B4:4C:71:A3:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/5y9ChzVmw1EVmALCtko9hmbomaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:1b:fe:9b:59:3d:aa:f2:3e:a6:4e:67:a7:20:54:d0:32:35:
         24:3e:13:f5:9c:c3:88:89:e7:f6:4f:80:cf:a2:b9:43:f2:04:
         50:97:6a:7c:06:f7:a3:48:d4:bc:0e:fa:45:4c:81:71:5f:80:
         0a:eb:3d:de:2e:52:6f:1f:ea:75:64:64:1c:66:a6:a3:5a:80:
         8e:40:bc:0c:8b:da:53:c0:7f:f0:14:24:e7:ce:60:d3:cd:14:
         69:a2:65:74:0c:80:ff:19:7b:13:87:d6:9f:53:c8:f0:5d:e4:
         79:b5:02:3b:0b:8f:0b:ac:b0:b4:35:69:a1:c2:a7:10:05:58:
         ea:06:67:3d:6d:62:b6:38:ca:26:61:5c:1e:e5:88:fb:3f:48:
         d5:f6:03:5f:59:58:9b:0a:82:ad:c6:d8:52:ab:2b:70:72:f6:
         8f:17:3d:d5:ce:c1:e7:27:c4:74:e7:ed:5b:2b:bc:49:91:e5:
         f0:5e:9d:f6:ed:1e:dd:b9:b1:0f:92:40:b6:de:63:d3:28:a7:
         2f:dd:52:ca:b0:27:d8:74:99:90:e2:65:bf:1c:1d:32:98:30:
         da:f9:dc:95:ff:48:50:e4:26:34:02:05:df:c4:fb:f7:01:b7:
         2c:50:d7:65:cb:68:8d:ca:71:4c:96:21:d2:9d:71:25:02:18:
         ed:cf:fb:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmRrdtua3NK8HhcOVTgwLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMTY3YmI2YjA2MWZmZmE2MjlkZDJhODRjY2Y3ZGI0NGM3
MWEzNTEwHhcNMjQwMTAyMTQzNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzJmNDI4NzM1NjZjMzUxMTU5ODAyYzJiNjRhM2Q4NjY2ZTg5OWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFbMNtGsnXvTeULGGoO5vNTkQE3W
0HKye9JVjgxMmnNp8CKeHXqDNFcAgRxy57/FCVhE3jLOiN4pX8dBPqR6NF9xcEbd
Z8Um8yqt8sGUNaQgMeOhP4+SSIAr6gYrRpPGMOxl3ZrGnxnmsL+xx4grU3+11oeu
GqnZAPPidhykmHVc6tkhAd2r2/Pp/Vzma7jI2AvKRPWfQTzOjilvY8C9879O4KfH
0lmRdpISPgNxF+0+8gB+sdV7iTkD+D/AC7ID88RkEH8m0Y/XaDu1A9IUtvb84iFv
/7Lv32rQF/pPEQLMpsYa7iscBiapvJv9lLu3hMUIQYl7d1pBhrZzISXzAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcvQoc1ZsNRFZgCwrZKPYZm6JmiMB8GA1UdIwQY
MBaAFOwWe7awYf/6Yp3SqEzPfbRMcaNRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0JaN3RyQmhfX3BpbmRLb1RNOTl0RXh4bzFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9mNTVkNDQtNTg5My00YzIyLWIwYjct
YzY1NWFkNTk0MTkzLzEvNXk5Q2h6Vm13MUVWbUFMQ3RrbzlobWJvbWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9mNTVkNDQtNTg5My00YzIyLWIwYjctYzY1NWFkNTk0MTkz
LzEvN0JaN3RyQmhfX3BpbmRLb1RNOTl0RXh4bzFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQMeMA0G
CSqGSIb3DQEBCwUAA4IBAQA5G/6bWT2q8j6mTmenIFTQMjUkPhP1nMOIief2T4DP
orlD8gRQl2p8BvejSNS8DvpFTIFxX4AK6z3eLlJvH+p1ZGQcZqajWoCOQLwMi9pT
wH/wFCTnzmDTzRRpomV0DID/GXsTh9afU8jwXeR5tQI7C48LrLC0NWmhwqcQBVjq
Bmc9bWK2OMomYVwe5Yj7P0jV9gNfWVibCoKtxthSqytwcvaPFz3VzsHnJ8R05+1b
K7xJkeXwXp327R7dubEPkkC23mPTKKcv3VLKsCfYdJmQ4mW/HB0ymDDa+dyV/0hQ
5CY0AgXfxPv3AbcsUNdly2iNynFMliHSnXElAhjtz/sR
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:38:23 2024 by rpki-client on console-fra.rpki-client.org