Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/936d98-7019-401f-9e2a-3e3660da13a4/1/vPdNYp-mchdmtcaWUZ1RJpFG-nE.roa
File:                     vPdNYp-mchdmtcaWUZ1RJpFG-nE.roa (raw, json)
Hash identifier:          9iHICWNipP2JdsvY6VuIirxL7nAFhCI0weQv7/w5Oys=
Subject key identifier:   BC:F7:4D:62:9F:A6:72:17:66:B5:C6:96:51:9D:51:26:91:46:FA:71
Certificate issuer:       /CN=7b1f557ee263cb359a19ea2cd7fa0e8c9139eb76
Certificate serial:       018CC86F2E3AB6231F42B5254E9241105FB8
Authority key identifier: 7B:1F:55:7E:E2:63:CB:35:9A:19:EA:2C:D7:FA:0E:8C:91:39:EB:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ex9VfuJjyzWaGeos1_oOjJE563Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/936d98-7019-401f-9e2a-3e3660da13a4/1/vPdNYp-mchdmtcaWUZ1RJpFG-nE.roa
Signing time:             Tue 02 Jan 2024 04:29:38 +0000
ROA not before:           Tue 02 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199907
IP address blocks:        194.24.188.0/24 maxlen: 24
                          185.42.172.0/24 maxlen: 24
                          185.42.174.0/24 maxlen: 24
                          185.42.175.0/24 maxlen: 24
                          185.42.173.0/24 maxlen: 24
                          2a01:63a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/936d98-7019-401f-9e2a-3e3660da13a4/1/ex9VfuJjyzWaGeos1_oOjJE563Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/936d98-7019-401f-9e2a-3e3660da13a4/1/ex9VfuJjyzWaGeos1_oOjJE563Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ex9VfuJjyzWaGeos1_oOjJE563Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2e:3a:b6:23:1f:42:b5:25:4e:92:41:10:5f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b1f557ee263cb359a19ea2cd7fa0e8c9139eb76
        Validity
            Not Before: Jan  2 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcf74d629fa6721766b5c696519d51269146fa71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9d:23:01:40:e4:7b:3f:1f:84:3f:9c:bd:0e:
                    e9:00:67:04:af:3a:90:ec:73:f6:19:34:e7:0f:8e:
                    08:87:6c:3d:8f:ff:32:29:c1:bf:f6:0b:67:7b:a7:
                    2c:ab:c6:46:23:29:1c:06:f2:c0:1e:19:f3:f2:5a:
                    44:08:c1:9c:27:b4:54:a6:be:95:97:8d:70:dc:ea:
                    11:d6:8e:1b:ad:d2:91:1b:f9:fd:74:b0:4c:5e:9c:
                    12:c3:0c:bb:49:82:13:94:ad:c6:0c:bd:d0:64:07:
                    fc:8f:a6:e0:f6:d6:45:f9:47:f9:c8:e2:d8:68:44:
                    8f:a0:0f:1b:6a:00:29:78:76:ba:34:5b:d8:23:8c:
                    73:cd:c1:04:47:b8:c6:df:09:3d:63:05:da:e9:96:
                    a0:a4:37:56:b0:f5:8c:6c:25:0f:0e:b3:44:79:71:
                    a4:40:8e:14:56:be:e6:9f:f7:e3:ba:9d:5d:5b:e3:
                    3d:9c:91:8a:0b:53:f2:35:76:c3:11:45:2d:40:0f:
                    b4:92:71:d4:6e:56:e1:ae:eb:fe:82:83:af:10:b8:
                    f6:dc:f9:8f:82:17:01:6d:b9:ae:cf:07:36:bd:1f:
                    f0:62:d0:c8:0f:49:0c:57:bd:b9:7e:9d:29:0c:05:
                    46:29:1e:64:ed:2b:5a:bd:c9:5c:8f:82:53:04:ac:
                    f1:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:F7:4D:62:9F:A6:72:17:66:B5:C6:96:51:9D:51:26:91:46:FA:71
            X509v3 Authority Key Identifier:
                keyid:7B:1F:55:7E:E2:63:CB:35:9A:19:EA:2C:D7:FA:0E:8C:91:39:EB:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ex9VfuJjyzWaGeos1_oOjJE563Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/936d98-7019-401f-9e2a-3e3660da13a4/1/vPdNYp-mchdmtcaWUZ1RJpFG-nE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/936d98-7019-401f-9e2a-3e3660da13a4/1/ex9VfuJjyzWaGeos1_oOjJE563Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.172.0/22
                  194.24.188.0/24
                IPv6:
                  2a01:63a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         63:d3:f0:e3:7d:cb:8b:ac:c0:9c:ca:56:6d:26:59:20:8a:bd:
         92:cd:60:dd:ea:21:68:a6:78:8c:bf:a3:46:fe:ac:53:56:42:
         ec:56:1c:72:f7:32:6d:b1:bf:47:52:6f:10:06:43:97:1e:b8:
         a8:97:36:b5:90:15:5e:e2:6f:77:75:59:9d:10:a6:aa:38:d3:
         5c:f9:b7:ac:38:b2:c4:f2:05:39:18:cf:1b:95:c0:ad:6c:93:
         fd:7b:2e:89:9c:c2:b1:88:db:80:9b:1f:88:65:31:66:20:75:
         da:ca:ed:71:20:2e:ca:fd:f5:7f:5e:73:57:88:e4:c1:a1:31:
         32:fa:73:6c:68:12:6a:5e:c5:61:90:6c:a3:66:b6:67:d0:97:
         f4:23:05:db:b8:68:6d:6a:23:3b:a8:c8:61:d0:2e:ac:ee:8e:
         30:8c:36:b5:2e:12:c1:2c:d0:32:2d:9c:d5:2d:24:ac:1b:64:
         6f:11:ac:a3:9e:ef:31:56:5e:2b:28:c3:55:f2:7d:f8:c9:42:
         71:8d:2f:54:6e:e6:f5:08:ce:66:b6:e2:98:50:8a:0e:5e:1c:
         90:1a:c1:82:2f:de:a0:9a:9b:94:57:6b:78:e9:46:6a:cc:cc:
         06:a8:56:5f:fa:9a:01:96:53:5c:ce:ab:fa:99:72:56:4b:d9:
         d5:9e:45:ba
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIby46tiMfQrUlTpJBEF+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMWY1NTdlZTI2M2NiMzU5YTE5ZWEyY2Q3ZmEwZThjOTEz
OWViNzYwHhcNMjQwMTAyMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2Y3NGQ2MjlmYTY3MjE3NjZiNWM2OTY1MTlkNTEyNjkxNDZmYTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJ0jAUDkez8fhD+cvQ7pAGcErzqQ
7HP2GTTnD44Ih2w9j/8yKcG/9gtne6csq8ZGIykcBvLAHhnz8lpECMGcJ7RUpr6V
l41w3OoR1o4brdKRG/n9dLBMXpwSwwy7SYITlK3GDL3QZAf8j6bg9tZF+Uf5yOLY
aESPoA8bagApeHa6NFvYI4xzzcEER7jG3wk9YwXa6ZagpDdWsPWMbCUPDrNEeXGk
QI4UVr7mn/fjup1dW+M9nJGKC1PyNXbDEUUtQA+0knHUblbhruv+goOvELj23PmP
ghcBbbmuzwc2vR/wYtDID0kMV725fp0pDAVGKR5k7Stavclcj4JTBKzxGQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLz3TWKfpnIXZrXGllGdUSaRRvpxMB8GA1UdIwQY
MBaAFHsfVX7iY8s1mhnqLNf6DoyROet2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXg5VmZ1Smp5eldhR2VvczFfb09qSkU1NjNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85MzZkOTgtNzAxOS00MDFmLTllMmEt
M2UzNjYwZGExM2E0LzEvdlBkTllwLW1jaGRtdGNhV1VaMVJKcEZHLW5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85MzZkOTgtNzAxOS00MDFmLTllMmEtM2UzNjYwZGExM2E0
LzEvZXg5VmZ1Smp5eldhR2VvczFfb09qSkU1NjNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuSqsAwQA
whi8MA0EAgACMAcDBQAqAWOgMA0GCSqGSIb3DQEBCwUAA4IBAQBj0/DjfcuLrMCc
ylZtJlkgir2SzWDd6iFopniMv6NG/qxTVkLsVhxy9zJtsb9HUm8QBkOXHriolza1
kBVe4m93dVmdEKaqONNc+besOLLE8gU5GM8blcCtbJP9ey6JnMKxiNuAmx+IZTFm
IHXayu1xIC7K/fV/XnNXiOTBoTEy+nNsaBJqXsVhkGyjZrZn0Jf0IwXbuGhtaiM7
qMhh0C6s7o4wjDa1LhLBLNAyLZzVLSSsG2RvEayjnu8xVl4rKMNV8n34yUJxjS9U
bub1CM5mtuKYUIoOXhyQGsGCL96gmpuUV2t46UZqzMwGqFZf+poBllNczqv6mXJW
S9nVnkW6
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:30:37 2024 by rpki-client on console-ams.rpki-client.org