Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/RLxXGCPyth7oIKeKLJIYY5XJUVk.roa
File:                     RLxXGCPyth7oIKeKLJIYY5XJUVk.roa (raw, json)
Hash identifier:          8YBFWTNhTbOMC6zBZlRleUOdO9Sx8scy0LJ/ikd/P7U=
Subject key identifier:   44:BC:57:18:23:F2:B6:1E:E8:20:A7:8A:2C:92:18:63:95:C9:51:59
Certificate issuer:       /CN=fc96311f207e30e04e5ed18960b31fb3ba67d9cc
Certificate serial:       018CC5DBF5D6E9B4D08B986DC788C4026E88
Authority key identifier: FC:96:31:1F:20:7E:30:E0:4E:5E:D1:89:60:B3:1F:B3:BA:67:D9:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_JYxHyB-MOBOXtGJYLMfs7pn2cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/RLxXGCPyth7oIKeKLJIYY5XJUVk.roa
Signing time:             Mon 01 Jan 2024 16:29:36 +0000
ROA not before:           Mon 01 Jan 2024 16:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.187.116.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/_JYxHyB-MOBOXtGJYLMfs7pn2cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/_JYxHyB-MOBOXtGJYLMfs7pn2cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_JYxHyB-MOBOXtGJYLMfs7pn2cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f5:d6:e9:b4:d0:8b:98:6d:c7:88:c4:02:6e:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc96311f207e30e04e5ed18960b31fb3ba67d9cc
        Validity
            Not Before: Jan  1 16:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44bc571823f2b61ee820a78a2c92186395c95159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:c1:b5:8d:08:a7:1f:34:eb:a8:f6:2b:f4:56:
                    bc:18:51:4c:52:5b:7b:3a:d1:20:14:ee:8b:d8:f3:
                    70:51:1d:9e:5e:76:c6:fe:a9:cc:f9:6f:ab:b9:6a:
                    82:75:6d:d9:31:f5:dd:38:34:10:fe:fe:4a:bf:8d:
                    53:92:1e:22:04:20:eb:d2:fc:60:23:de:b6:c5:3c:
                    7f:9e:15:55:62:9d:fd:4f:50:84:ff:c8:a3:8d:81:
                    05:69:53:de:3f:45:bc:31:4f:25:a1:c4:c5:02:af:
                    07:00:4c:37:19:7c:43:2c:ae:9f:96:63:cb:56:9f:
                    60:b1:0c:2f:bf:31:dd:c6:30:11:1d:89:96:1f:76:
                    74:f0:1f:31:a4:96:39:08:fb:33:d9:12:65:fc:88:
                    18:39:6e:5b:3b:dc:ea:23:e4:bf:2c:42:e5:69:16:
                    7b:ef:6d:b0:ab:5e:0b:1d:07:1f:38:de:a5:f8:00:
                    5d:0b:8f:09:2b:04:7b:aa:a8:5d:33:10:e9:45:dc:
                    50:fe:6c:b0:a2:b6:73:ec:0e:0c:e9:41:db:56:8c:
                    37:5b:61:26:aa:e3:b3:8b:fe:58:8a:21:6d:61:69:
                    be:8d:93:30:22:ad:76:57:ed:36:fb:e5:c2:cd:0e:
                    3f:69:c9:07:c4:f5:e4:b9:a0:30:86:dd:69:92:38:
                    79:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:BC:57:18:23:F2:B6:1E:E8:20:A7:8A:2C:92:18:63:95:C9:51:59
            X509v3 Authority Key Identifier:
                keyid:FC:96:31:1F:20:7E:30:E0:4E:5E:D1:89:60:B3:1F:B3:BA:67:D9:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_JYxHyB-MOBOXtGJYLMfs7pn2cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/RLxXGCPyth7oIKeKLJIYY5XJUVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/_JYxHyB-MOBOXtGJYLMfs7pn2cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:4b:7d:86:2d:28:c9:4c:e3:57:12:35:11:38:a3:ef:25:73:
         71:fa:16:1a:c0:fe:87:4f:b8:ab:6e:47:39:bb:28:09:83:89:
         86:79:c5:82:00:a9:6f:57:06:5b:b3:98:99:00:fd:66:e9:97:
         40:33:e4:63:e2:ca:1a:78:65:79:39:bb:f8:84:07:84:84:75:
         7f:3d:19:60:ba:36:07:68:87:44:30:89:9f:98:3e:bf:00:6f:
         9c:45:b1:3a:2b:4c:33:8d:be:78:2e:31:c8:f7:6f:ca:11:ab:
         06:cc:c9:8f:ff:0f:ab:0c:17:5a:8b:54:15:e6:cd:83:05:b6:
         69:73:05:6e:e0:0b:ad:77:63:14:24:69:b0:2f:e5:10:14:27:
         e0:44:ab:42:bf:d3:90:f4:60:eb:bf:4e:c5:05:4f:30:e3:f5:
         55:ea:2b:a3:9a:d2:4d:a4:52:61:e5:b2:cd:3f:69:35:00:9c:
         17:2c:7c:72:a6:6f:93:38:79:a4:7d:9e:55:17:c0:03:45:97:
         b0:72:01:94:93:b0:61:75:d2:cb:0a:c0:f1:c2:ed:9a:88:f0:
         9a:2a:0b:59:6a:b7:3f:98:ab:f8:c7:6e:5b:e1:f1:bd:46:9c:
         f6:c4:1e:7b:81:0f:85:f6:82:20:36:54:cb:7d:36:89:cc:91:
         a8:48:a6:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/XW6bTQi5htx4jEAm6IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOTYzMTFmMjA3ZTMwZTA0ZTVlZDE4OTYwYjMxZmIzYmE2
N2Q5Y2MwHhcNMjQwMTAxMTYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGJjNTcxODIzZjJiNjFlZTgyMGE3OGEyYzkyMTg2Mzk1Yzk1MTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sG1jQinHzTrqPYr9Fa8GFFMUlt7
OtEgFO6L2PNwUR2eXnbG/qnM+W+ruWqCdW3ZMfXdODQQ/v5Kv41Tkh4iBCDr0vxg
I962xTx/nhVVYp39T1CE/8ijjYEFaVPeP0W8MU8locTFAq8HAEw3GXxDLK6flmPL
Vp9gsQwvvzHdxjARHYmWH3Z08B8xpJY5CPsz2RJl/IgYOW5bO9zqI+S/LELlaRZ7
722wq14LHQcfON6l+ABdC48JKwR7qqhdMxDpRdxQ/myworZz7A4M6UHbVow3W2Em
quOzi/5YiiFtYWm+jZMwIq12V+02++XCzQ4/ackHxPXkuaAwht1pkjh5aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFES8Vxgj8rYe6CCniiySGGOVyVFZMB8GA1UdIwQY
MBaAFPyWMR8gfjDgTl7RiWCzH7O6Z9nMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0pZeEh5Qi1NT0JPWHRHSllMTWZzN3BuMmN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iYzQ4ZDItMjhlOC00MDVkLTlmOWEt
MDM4OTdmNGNiMzVkLzEvUkx4WEdDUHl0aDdvSUtlS0xKSVlZNVhKVVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iYzQ4ZDItMjhlOC00MDVkLTlmOWEtMDM4OTdmNGNiMzVk
LzEvX0pZeEh5Qi1NT0JPWHRHSllMTWZzN3BuMmN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubt0MA0G
CSqGSIb3DQEBCwUAA4IBAQABS32GLSjJTONXEjUROKPvJXNx+hYawP6HT7irbkc5
uygJg4mGecWCAKlvVwZbs5iZAP1m6ZdAM+Rj4soaeGV5Obv4hAeEhHV/PRlgujYH
aIdEMImfmD6/AG+cRbE6K0wzjb54LjHI92/KEasGzMmP/w+rDBdai1QV5s2DBbZp
cwVu4Autd2MUJGmwL+UQFCfgRKtCv9OQ9GDrv07FBU8w4/VV6iujmtJNpFJh5bLN
P2k1AJwXLHxypm+TOHmkfZ5VF8ADRZewcgGUk7BhddLLCsDxwu2aiPCaKgtZarc/
mKv4x25b4fG9Rpz2xB57gQ+F9oIgNlTLfTaJzJGoSKb8
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:26:44 2024 by rpki-client on console-fra.rpki-client.org