Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/1-J6se5zowrtWItRwtV6xQe6lk2k.roa
File:                     1-J6se5zowrtWItRwtV6xQe6lk2k.roa (raw, json)
Hash identifier:          XYSY+1SG7aQ0lPBdAc5JVqSBHnpVnHDR9CE5wloK8jA=
Subject key identifier:   F8:9E:AC:7B:9C:E8:C2:BB:56:22:D4:70:B5:5E:B1:41:EE:A5:93:69
Certificate issuer:       /CN=dbc950098436281cee542a1e74546551e1e55283
Certificate serial:       018CC6B9431F97B6F58142FC0C40E6006C39
Authority key identifier: DB:C9:50:09:84:36:28:1C:EE:54:2A:1E:74:54:65:51:E1:E5:52:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28lQCYQ2KBzuVCoedFRlUeHlUoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/1-J6se5zowrtWItRwtV6xQe6lk2k.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8315
IP address blocks:        185.116.72.0/22 maxlen: 24
                          2a0d:5040::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/28lQCYQ2KBzuVCoedFRlUeHlUoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/28lQCYQ2KBzuVCoedFRlUeHlUoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28lQCYQ2KBzuVCoedFRlUeHlUoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:43:1f:97:b6:f5:81:42:fc:0c:40:e6:00:6c:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbc950098436281cee542a1e74546551e1e55283
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f89eac7b9ce8c2bb5622d470b55eb141eea59369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ab:55:08:98:1c:75:b8:35:d3:62:13:c5:d1:
                    34:a6:66:db:9d:3b:b5:b7:02:ab:8c:1a:59:28:f0:
                    88:fe:54:1e:09:bc:2b:66:c1:be:e8:45:a7:da:b5:
                    4e:8d:b6:6b:44:ec:d8:d5:b1:b7:92:45:74:19:97:
                    07:ee:80:c6:a9:f8:84:97:90:83:39:85:60:29:8b:
                    08:19:49:00:06:e4:58:d0:f9:9b:cb:fb:a3:b0:68:
                    e9:3e:32:a6:5c:06:c1:2c:16:5d:62:a3:b3:c5:5b:
                    df:fa:16:3d:1c:a3:0d:83:2c:42:5d:91:fe:6c:64:
                    89:63:0f:5a:73:76:00:83:77:e2:5e:79:38:0c:97:
                    65:2e:dc:ea:06:d9:42:bb:b4:91:b3:b4:aa:ed:9b:
                    21:0e:00:8b:35:4b:6b:9c:32:20:a3:53:3d:03:81:
                    55:80:d5:65:92:64:f6:2d:c7:b1:49:40:5d:16:29:
                    ec:35:3c:28:de:87:37:45:cf:c1:8c:66:52:ca:12:
                    0c:17:ec:77:e8:4f:1b:35:78:a3:e5:72:6a:e9:f5:
                    da:ac:f5:8f:4c:78:06:7d:b8:76:a2:be:42:ca:68:
                    54:be:71:51:3c:29:5b:a1:7a:5c:43:aa:dc:71:07:
                    4a:52:4c:55:ee:42:de:44:c9:e2:82:bf:e8:30:e8:
                    95:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:9E:AC:7B:9C:E8:C2:BB:56:22:D4:70:B5:5E:B1:41:EE:A5:93:69
            X509v3 Authority Key Identifier:
                keyid:DB:C9:50:09:84:36:28:1C:EE:54:2A:1E:74:54:65:51:E1:E5:52:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28lQCYQ2KBzuVCoedFRlUeHlUoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/1-J6se5zowrtWItRwtV6xQe6lk2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/28lQCYQ2KBzuVCoedFRlUeHlUoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.72.0/22
                IPv6:
                  2a0d:5040::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:ee:a4:97:84:da:ba:46:3f:9e:43:e2:7f:6c:4b:71:7d:db:
         cc:4c:3a:d1:ce:a3:88:4a:21:5b:16:6b:c0:59:a4:d2:be:eb:
         f0:8c:12:d7:ba:48:f8:e7:fa:e9:cd:0a:28:54:96:9c:ab:c0:
         7c:6e:aa:d9:95:d7:03:53:7d:ae:a5:bc:9d:f1:70:49:e7:c1:
         b5:cb:1c:43:72:9a:b0:65:b4:67:cf:ca:ef:ad:ef:59:7d:49:
         13:19:5d:3e:a5:c3:ec:50:78:80:12:c8:6f:f0:69:74:f3:c0:
         d4:01:b2:c0:ad:76:f7:8f:81:b3:94:b7:7d:77:21:3a:9f:33:
         e1:3e:e0:28:2e:64:85:20:bb:ba:33:73:34:36:82:a9:27:37:
         96:ca:09:78:69:ef:06:e0:d6:52:4a:c0:bd:15:1f:8c:ac:a1:
         8c:d2:0a:10:eb:f8:2b:51:a6:58:11:d5:e2:5e:ba:77:bf:d0:
         6f:48:66:59:aa:6b:da:20:1b:5d:ae:51:89:c3:4a:57:7d:25:
         58:e9:df:e7:b3:07:e8:03:91:5a:20:ae:d7:9d:32:e2:a5:3c:
         73:bb:2e:d7:5f:d6:31:e1:99:f6:45:c9:15:25:7b:cf:dd:9e:
         da:53:a3:37:eb:f6:8a:42:10:de:1a:26:ac:a2:f1:3b:69:63:
         b4:30:bd:0c
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzGuUMfl7b1gUL8DEDmAGw5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYzk1MDA5ODQzNjI4MWNlZTU0MmExZTc0NTQ2NTUxZTFl
NTUyODMwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODllYWM3YjljZThjMmJiNTYyMmQ0NzBiNTVlYjE0MWVlYTU5MzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgatVCJgcdbg102ITxdE0pmbbnTu1
twKrjBpZKPCI/lQeCbwrZsG+6EWn2rVOjbZrROzY1bG3kkV0GZcH7oDGqfiEl5CD
OYVgKYsIGUkABuRY0Pmby/ujsGjpPjKmXAbBLBZdYqOzxVvf+hY9HKMNgyxCXZH+
bGSJYw9ac3YAg3fiXnk4DJdlLtzqBtlCu7SRs7Sq7ZshDgCLNUtrnDIgo1M9A4FV
gNVlkmT2LcexSUBdFinsNTwo3oc3Rc/BjGZSyhIMF+x36E8bNXij5XJq6fXarPWP
THgGfbh2or5CymhUvnFRPClboXpcQ6rccQdKUkxV7kLeRMnigr/oMOiVAQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPierHuc6MK7ViLUcLVesUHupZNpMB8GA1UdIwQY
MBaAFNvJUAmENigc7lQqHnRUZVHh5VKDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhsUUNZUTJLQnp1VkNvZWRGUmxVZUhsVW9NLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi81YWE0NDgtNjQzZi00YWVlLTkwZDkt
ZjQ3ZTE2OTI2NmMyLzEvMS1KNnNlNXpvd3J0V0l0Und0VjZ4UWU2bGsyay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDIvNWFhNDQ4LTY0M2YtNGFlZS05MGQ5LWY0N2UxNjkyNjZj
Mi8xLzI4bFFDWVEyS0J6dVZDb2VkRlJsVWVIbFVvTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArl0SDAN
BAIAAjAHAwUDKg1QQDANBgkqhkiG9w0BAQsFAAOCAQEAQe6kl4TaukY/nkPif2xL
cX3bzEw60c6jiEohWxZrwFmk0r7r8IwS17pI+Of66c0KKFSWnKvAfG6q2ZXXA1N9
rqW8nfFwSefBtcscQ3KasGW0Z8/K763vWX1JExldPqXD7FB4gBLIb/BpdPPA1AGy
wK1294+Bs5S3fXchOp8z4T7gKC5khSC7ujNzNDaCqSc3lsoJeGnvBuDWUkrAvRUf
jKyhjNIKEOv4K1GmWBHV4l66d7/Qb0hmWapr2iAbXa5RicNKV30lWOnf57MH6AOR
WiCu150y4qU8c7su11/WMeGZ9kXJFSV7z92e2lOjN+v2ikIQ3homrKLxO2ljtDC9
DA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:58:12 2024 by rpki-client on console-ams.rpki-client.org