Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/iunF3EfDLS-7di3NPxJd9ZdH04Y.roa
File:                     iunF3EfDLS-7di3NPxJd9ZdH04Y.roa (raw, json)
Hash identifier:          FmWV3hGBb6NnH91Prx/r2HeBbyV+yFqwxvLATibPORM=
Subject key identifier:   8A:E9:C5:DC:47:C3:2D:2F:BB:76:2D:CD:3F:12:5D:F5:97:47:D3:86
Certificate issuer:       /CN=dbc950098436281cee542a1e74546551e1e55283
Certificate serial:       018CC6B9438B8D988E94D4AA58F799119988
Authority key identifier: DB:C9:50:09:84:36:28:1C:EE:54:2A:1E:74:54:65:51:E1:E5:52:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28lQCYQ2KBzuVCoedFRlUeHlUoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/iunF3EfDLS-7di3NPxJd9ZdH04Y.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34762
IP address blocks:        185.116.72.0/22 maxlen: 24
                          2a0d:5040::/32 maxlen: 32
                          2a0d:5041::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/28lQCYQ2KBzuVCoedFRlUeHlUoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/28lQCYQ2KBzuVCoedFRlUeHlUoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28lQCYQ2KBzuVCoedFRlUeHlUoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:43:8b:8d:98:8e:94:d4:aa:58:f7:99:11:99:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbc950098436281cee542a1e74546551e1e55283
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ae9c5dc47c32d2fbb762dcd3f125df59747d386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:87:3c:5c:3f:c6:46:89:ff:1b:9f:03:75:b0:
                    c8:b0:f2:f7:89:7c:e7:d1:35:38:de:2d:b9:2b:29:
                    e4:2d:54:ee:85:22:87:ae:36:42:42:72:6a:57:58:
                    d6:08:dd:29:4e:0c:37:ce:d1:32:f5:6a:ce:28:6a:
                    a2:ec:07:85:da:3f:16:3e:65:d4:ff:2a:1e:12:45:
                    2e:55:43:22:59:00:62:23:be:9d:94:60:9e:e1:5b:
                    5b:f3:b0:99:a5:fc:78:a6:80:37:9b:b0:42:e1:95:
                    fc:12:e0:f1:9e:04:f2:83:c9:9e:72:a5:d2:0e:e7:
                    83:ca:4f:11:33:48:c8:40:f6:80:9a:d8:a0:34:5b:
                    6e:7c:eb:5a:9d:a1:af:6a:14:5d:79:e2:73:b4:26:
                    87:ba:dc:68:a0:0c:e5:d6:f0:19:9b:68:8f:fc:18:
                    6c:3a:e8:de:00:c9:e6:4b:a1:04:a1:d1:75:58:bb:
                    b0:e4:92:28:88:35:dd:32:ef:e1:3b:1e:c7:71:a8:
                    fb:8d:d5:ec:d6:2a:07:ad:60:ce:5b:bf:d4:a3:99:
                    37:a4:cc:e9:9b:be:cf:ce:70:b8:31:f2:1b:15:cc:
                    60:ed:76:f8:89:08:2b:2e:5b:3c:a9:ae:11:c2:34:
                    f2:97:68:26:d3:a8:5b:ba:68:1b:4d:b4:05:d6:ec:
                    0b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E9:C5:DC:47:C3:2D:2F:BB:76:2D:CD:3F:12:5D:F5:97:47:D3:86
            X509v3 Authority Key Identifier:
                keyid:DB:C9:50:09:84:36:28:1C:EE:54:2A:1E:74:54:65:51:E1:E5:52:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28lQCYQ2KBzuVCoedFRlUeHlUoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/iunF3EfDLS-7di3NPxJd9ZdH04Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5aa448-643f-4aee-90d9-f47e169266c2/1/28lQCYQ2KBzuVCoedFRlUeHlUoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.72.0/22
                IPv6:
                  2a0d:5040::/31

    Signature Algorithm: sha256WithRSAEncryption
         91:5e:cb:4a:5b:c0:46:c8:55:c3:32:80:ac:bd:e5:80:e9:1c:
         08:1b:bd:6a:e7:c1:33:70:df:f9:ba:9d:da:66:1f:17:1c:15:
         5c:b0:a3:e4:55:4c:a6:ea:1f:d9:77:b7:0d:1b:16:17:87:27:
         70:6e:f3:e1:e9:98:5a:54:fb:d2:a6:2d:22:bc:7f:c0:04:c0:
         bf:80:90:f3:33:7c:68:bf:8b:e8:64:d7:98:0a:d0:20:e4:48:
         0a:70:e4:f7:28:d2:2b:1c:6c:7e:fe:dd:02:cc:60:dc:cd:0a:
         01:d2:09:4e:30:d5:7b:f2:e0:0f:51:89:72:e5:35:cc:74:0b:
         33:cf:2e:18:34:96:7e:07:a3:72:55:6f:cf:6f:b1:b2:53:b7:
         1d:80:f2:ae:44:4c:42:7e:08:95:d3:cc:aa:bb:5d:29:25:93:
         d5:9b:ff:5c:d6:1f:03:a3:78:e9:13:2e:fe:37:8b:00:93:82:
         99:fc:46:39:9d:d7:78:f0:12:50:4e:4d:6a:48:55:49:2f:00:
         e9:1b:ed:f7:51:0e:f7:3b:8e:3f:eb:4d:02:95:e0:35:41:b7:
         5a:54:d0:66:ba:01:d5:f1:23:dd:32:e4:0e:70:4a:ce:8a:fb:
         0a:b8:0d:7d:00:15:af:e2:25:95:e5:aa:fb:65:ce:24:3e:dd:
         65:e3:3b:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuUOLjZiOlNSqWPeZEZmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYzk1MDA5ODQzNjI4MWNlZTU0MmExZTc0NTQ2NTUxZTFl
NTUyODMwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWU5YzVkYzQ3YzMyZDJmYmI3NjJkY2QzZjEyNWRmNTk3NDdkMzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4c8XD/GRon/G58DdbDIsPL3iXzn
0TU43i25KynkLVTuhSKHrjZCQnJqV1jWCN0pTgw3ztEy9WrOKGqi7AeF2j8WPmXU
/yoeEkUuVUMiWQBiI76dlGCe4Vtb87CZpfx4poA3m7BC4ZX8EuDxngTyg8mecqXS
DueDyk8RM0jIQPaAmtigNFtufOtanaGvahRdeeJztCaHutxooAzl1vAZm2iP/Bhs
OujeAMnmS6EEodF1WLuw5JIoiDXdMu/hOx7Hcaj7jdXs1ioHrWDOW7/Uo5k3pMzp
m77PznC4MfIbFcxg7Xb4iQgrLls8qa4RwjTyl2gm06hbumgbTbQF1uwLYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIrpxdxHwy0vu3YtzT8SXfWXR9OGMB8GA1UdIwQY
MBaAFNvJUAmENigc7lQqHnRUZVHh5VKDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhsUUNZUTJLQnp1VkNvZWRGUmxVZUhsVW9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi81YWE0NDgtNjQzZi00YWVlLTkwZDkt
ZjQ3ZTE2OTI2NmMyLzEvaXVuRjNFZkRMUy03ZGkzTlB4SmQ5WmRIMDRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi81YWE0NDgtNjQzZi00YWVlLTkwZDktZjQ3ZTE2OTI2NmMy
LzEvMjhsUUNZUTJLQnp1VkNvZWRGUmxVZUhsVW9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXRIMA0E
AgACMAcDBQEqDVBAMA0GCSqGSIb3DQEBCwUAA4IBAQCRXstKW8BGyFXDMoCsveWA
6RwIG71q58EzcN/5up3aZh8XHBVcsKPkVUym6h/Zd7cNGxYXhydwbvPh6ZhaVPvS
pi0ivH/ABMC/gJDzM3xov4voZNeYCtAg5EgKcOT3KNIrHGx+/t0CzGDczQoB0glO
MNV78uAPUYly5TXMdAszzy4YNJZ+B6NyVW/Pb7GyU7cdgPKuRExCfgiV08yqu10p
JZPVm/9c1h8Do3jpEy7+N4sAk4KZ/EY5ndd48BJQTk1qSFVJLwDpG+33UQ73O44/
600CleA1QbdaVNBmugHV8SPdMuQOcErOivsKuA19ABWv4iWV5ar7Zc4kPt1l4zvL
-----END CERTIFICATE-----
Generated at Sun Jun 16 11:35:22 2024 by rpki-client on console-ams.rpki-client.org