Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/4663bb-c509-4a9a-bcae-70bc66893e5c/1/O0FaQjCRQ0JIK5OOQar3mtWT8MA.roa
File:                     O0FaQjCRQ0JIK5OOQar3mtWT8MA.roa (raw, json)
Hash identifier:          54YmmN1D7Hg2VdkdbKMfGbX1y+vNrZ2lhYDbBxjjQUU=
Subject key identifier:   3B:41:5A:42:30:91:43:42:48:2B:93:8E:41:AA:F7:9A:D5:93:F0:C0
Certificate issuer:       /CN=042ac382689687b60fce5ce9db887b21d68a6abc
Certificate serial:       018CC9BC6D21201BEFDCC3479DF33F9A18AF
Authority key identifier: 04:2A:C3:82:68:96:87:B6:0F:CE:5C:E9:DB:88:7B:21:D6:8A:6A:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BCrDgmiWh7YPzlzp24h7IdaKarw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/4663bb-c509-4a9a-bcae-70bc66893e5c/1/O0FaQjCRQ0JIK5OOQar3mtWT8MA.roa
Signing time:             Tue 02 Jan 2024 10:33:38 +0000
ROA not before:           Tue 02 Jan 2024 10:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57152
IP address blocks:        185.226.92.0/24 maxlen: 24
                          185.226.95.0/24 maxlen: 24
                          185.226.94.0/24 maxlen: 24
                          185.226.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/4663bb-c509-4a9a-bcae-70bc66893e5c/1/BCrDgmiWh7YPzlzp24h7IdaKarw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/4663bb-c509-4a9a-bcae-70bc66893e5c/1/BCrDgmiWh7YPzlzp24h7IdaKarw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BCrDgmiWh7YPzlzp24h7IdaKarw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6d:21:20:1b:ef:dc:c3:47:9d:f3:3f:9a:18:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=042ac382689687b60fce5ce9db887b21d68a6abc
        Validity
            Not Before: Jan  2 10:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b415a4230914342482b938e41aaf79ad593f0c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d8:e2:fe:b1:4a:d3:72:59:6d:a0:2c:5e:d1:
                    ea:ee:f2:5a:3a:28:c2:9e:1d:3d:e9:32:0b:bc:11:
                    52:12:11:60:24:81:32:e7:aa:3d:6a:d4:a0:ce:fd:
                    51:30:52:e0:58:ed:f9:29:43:f6:89:1c:ff:f8:8c:
                    49:ff:3a:f2:2f:01:bb:4f:d5:0a:e4:55:38:89:fb:
                    1c:b7:61:88:b3:1e:57:c5:80:f6:85:37:f9:3b:8a:
                    71:e2:7c:69:a8:93:e8:88:c0:0f:d7:c3:19:38:76:
                    ac:b8:3d:91:d6:eb:58:4c:ca:7e:3f:33:c3:70:04:
                    25:4d:bd:8a:99:01:f7:91:a3:e9:df:e8:30:8c:9a:
                    9a:69:48:08:6b:79:35:2c:d7:8d:d3:6d:27:f3:4a:
                    d4:48:07:b1:90:78:2c:40:14:68:f2:79:28:90:7e:
                    c3:97:3e:dc:e3:cb:4f:40:af:19:ec:84:7a:bd:34:
                    11:04:38:86:32:5b:15:36:7c:43:60:cf:8b:dd:bb:
                    a8:96:76:a0:7c:fb:e9:0b:39:1b:49:6e:3a:45:97:
                    c4:7c:53:c0:3b:d0:a2:1f:9e:ea:6a:11:0b:eb:4e:
                    fc:93:fa:ce:1d:2d:ad:4d:81:b7:ba:9f:80:1d:7b:
                    8c:0c:8a:35:ba:7d:59:13:4f:26:00:4d:3c:ce:41:
                    01:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:41:5A:42:30:91:43:42:48:2B:93:8E:41:AA:F7:9A:D5:93:F0:C0
            X509v3 Authority Key Identifier:
                keyid:04:2A:C3:82:68:96:87:B6:0F:CE:5C:E9:DB:88:7B:21:D6:8A:6A:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BCrDgmiWh7YPzlzp24h7IdaKarw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/4663bb-c509-4a9a-bcae-70bc66893e5c/1/O0FaQjCRQ0JIK5OOQar3mtWT8MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/4663bb-c509-4a9a-bcae-70bc66893e5c/1/BCrDgmiWh7YPzlzp24h7IdaKarw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:12:dd:11:f9:47:6c:a6:d8:4c:b2:b5:33:cc:6e:6a:96:a5:
         59:e5:22:2b:83:41:e3:b9:dd:8e:3b:01:ff:94:9f:10:f9:13:
         56:5f:fa:d2:a1:23:f3:1d:76:9d:72:41:b4:62:e2:be:4d:7e:
         5a:ca:91:ec:45:53:ee:79:f3:9d:63:71:65:35:8b:61:cf:fa:
         96:94:8c:d4:a1:ac:38:7e:a2:c7:12:4b:e0:6d:e8:a0:c8:d9:
         09:1c:25:69:90:53:f0:3a:b5:86:c9:9a:96:55:ae:f7:54:99:
         2b:a0:20:0f:8e:8c:ae:26:97:12:3c:dd:c8:dc:11:33:b3:66:
         70:0d:ba:ad:e9:8b:2f:90:f0:e5:fe:9d:ae:b4:f9:ba:1a:1c:
         4b:f4:f3:49:97:d6:ad:01:d5:6e:61:2f:31:f6:33:96:2e:b2:
         57:c4:68:01:b2:fa:76:8a:11:39:ed:7c:93:73:8f:cb:b2:2e:
         f8:45:b6:b4:71:45:a2:3c:46:ca:e3:6e:95:42:89:bf:32:37:
         f3:11:33:87:63:a4:ff:bf:45:aa:d0:29:fc:5d:ad:e9:9b:e9:
         f4:cd:c7:77:c4:da:5f:be:b4:e5:93:bd:07:15:eb:38:bc:e2:
         28:e3:00:4a:0f:e4:65:9f:38:7b:f5:3a:1c:69:36:86:f8:f5:
         7c:b0:92:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvG0hIBvv3MNHnfM/mhivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MmFjMzgyNjg5Njg3YjYwZmNlNWNlOWRiODg3YjIxZDY4
YTZhYmMwHhcNMjQwMTAyMTAzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjQxNWE0MjMwOTE0MzQyNDgyYjkzOGU0MWFhZjc5YWQ1OTNmMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdji/rFK03JZbaAsXtHq7vJaOijC
nh096TILvBFSEhFgJIEy56o9atSgzv1RMFLgWO35KUP2iRz/+IxJ/zryLwG7T9UK
5FU4ifsct2GIsx5XxYD2hTf5O4px4nxpqJPoiMAP18MZOHasuD2R1utYTMp+PzPD
cAQlTb2KmQH3kaPp3+gwjJqaaUgIa3k1LNeN020n80rUSAexkHgsQBRo8nkokH7D
lz7c48tPQK8Z7IR6vTQRBDiGMlsVNnxDYM+L3buolnagfPvpCzkbSW46RZfEfFPA
O9CiH57qahEL6078k/rOHS2tTYG3up+AHXuMDIo1un1ZE08mAE08zkEBDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtBWkIwkUNCSCuTjkGq95rVk/DAMB8GA1UdIwQY
MBaAFAQqw4Joloe2D85c6duIeyHWimq8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkNyRGdtaVdoN1lQemx6cDI0aDdJZGFLYXJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC80NjYzYmItYzUwOS00YTlhLWJjYWUt
NzBiYzY2ODkzZTVjLzEvTzBGYVFqQ1JRMEpJSzVPT1FhcjNtdFdUOE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC80NjYzYmItYzUwOS00YTlhLWJjYWUtNzBiYzY2ODkzZTVj
LzEvQkNyRGdtaVdoN1lQemx6cDI0aDdJZGFLYXJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueJcMA0G
CSqGSIb3DQEBCwUAA4IBAQAQEt0R+UdspthMsrUzzG5qlqVZ5SIrg0Hjud2OOwH/
lJ8Q+RNWX/rSoSPzHXadckG0YuK+TX5aypHsRVPuefOdY3FlNYthz/qWlIzUoaw4
fqLHEkvgbeigyNkJHCVpkFPwOrWGyZqWVa73VJkroCAPjoyuJpcSPN3I3BEzs2Zw
Dbqt6YsvkPDl/p2utPm6GhxL9PNJl9atAdVuYS8x9jOWLrJXxGgBsvp2ihE57XyT
c4/Lsi74Rba0cUWiPEbK426VQom/MjfzETOHY6T/v0Wq0Cn8Xa3pm+n0zcd3xNpf
vrTlk70HFes4vOIo4wBKD+Rlnzh79TocaTaG+PV8sJKO
-----END CERTIFICATE-----
Generated at Mon Jun 17 08:53:13 2024 by rpki-client on console-ams.rpki-client.org