Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/9ec680-ae36-494b-a2f1-54c58b476e9a/1/gsFbo8YC8jXFM7d-mPLdV3ZkiZY.roa
File:                     gsFbo8YC8jXFM7d-mPLdV3ZkiZY.roa (raw, json)
Hash identifier:          Bb5nKVUVxQWA6J1/fPoqe+k/13A+QQMVYyS+H+SiBjA=
Subject key identifier:   82:C1:5B:A3:C6:02:F2:35:C5:33:B7:7E:98:F2:DD:57:76:64:89:96
Certificate issuer:       /CN=b20b511af9f278a0ad788e9374154bf6ad5ea3ab
Certificate serial:       018CC50135E5846D69188CA55A3C0DA55DD4
Authority key identifier: B2:0B:51:1A:F9:F2:78:A0:AD:78:8E:93:74:15:4B:F6:AD:5E:A3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sgtRGvnyeKCteI6TdBVL9q1eo6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/9ec680-ae36-494b-a2f1-54c58b476e9a/1/gsFbo8YC8jXFM7d-mPLdV3ZkiZY.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197205
IP address blocks:        195.66.82.0/24 maxlen: 24
                          83.150.244.0/22 maxlen: 22
                          2a09:1f00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/9ec680-ae36-494b-a2f1-54c58b476e9a/1/sgtRGvnyeKCteI6TdBVL9q1eo6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/9ec680-ae36-494b-a2f1-54c58b476e9a/1/sgtRGvnyeKCteI6TdBVL9q1eo6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sgtRGvnyeKCteI6TdBVL9q1eo6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:35:e5:84:6d:69:18:8c:a5:5a:3c:0d:a5:5d:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b20b511af9f278a0ad788e9374154bf6ad5ea3ab
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82c15ba3c602f235c533b77e98f2dd5776648996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:aa:e6:d6:41:f9:28:1a:f0:92:56:49:53:47:
                    e1:46:2c:37:3d:4f:93:1e:96:45:96:f6:c4:e4:9d:
                    3f:17:e4:65:89:ea:a3:e6:a3:30:0e:9f:f3:b1:be:
                    f4:60:f5:ca:14:f9:da:ba:61:6b:f3:23:8a:bb:e8:
                    95:52:d4:a3:aa:9b:54:5b:6d:84:8f:98:9a:2e:ee:
                    fd:8d:67:a4:73:ea:09:e0:cc:63:6d:19:24:a2:c2:
                    01:64:0b:62:0f:40:5f:5a:52:12:5a:01:2d:fd:48:
                    0c:ef:14:a3:a6:80:ec:c6:3d:83:96:f0:86:ef:71:
                    8b:ed:5f:7d:90:58:05:4d:64:a3:c8:c0:18:f0:84:
                    12:74:8a:cc:fc:26:3d:ce:c3:40:95:f0:0f:64:69:
                    25:de:01:9c:87:c5:5f:96:e4:66:4c:e2:43:76:ae:
                    0e:a4:73:0e:25:57:c4:5c:6a:3a:9c:f3:a8:74:29:
                    e9:1e:78:cc:91:a4:2e:4a:75:9e:3f:fd:2f:52:41:
                    db:7c:e9:81:6c:65:d3:7d:71:2e:95:77:8a:d4:a7:
                    6b:4a:ef:d4:87:6f:7e:6b:dc:dd:a1:cb:80:ca:48:
                    e2:04:5f:08:00:90:8c:47:97:83:38:ad:ca:70:20:
                    0b:30:84:19:dd:a3:40:5f:23:9c:1c:9c:d9:54:85:
                    1d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C1:5B:A3:C6:02:F2:35:C5:33:B7:7E:98:F2:DD:57:76:64:89:96
            X509v3 Authority Key Identifier:
                keyid:B2:0B:51:1A:F9:F2:78:A0:AD:78:8E:93:74:15:4B:F6:AD:5E:A3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sgtRGvnyeKCteI6TdBVL9q1eo6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/9ec680-ae36-494b-a2f1-54c58b476e9a/1/gsFbo8YC8jXFM7d-mPLdV3ZkiZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/9ec680-ae36-494b-a2f1-54c58b476e9a/1/sgtRGvnyeKCteI6TdBVL9q1eo6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.150.244.0/22
                  195.66.82.0/24
                IPv6:
                  2a09:1f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:ed:3c:bd:50:f2:c1:4e:3b:39:6b:b4:7e:e2:7f:36:21:2a:
         88:aa:97:18:1f:f9:94:c0:7d:fd:58:b9:ba:c4:cb:c8:09:5d:
         6d:c7:e2:e4:67:7b:ae:db:ad:df:22:22:b9:45:45:db:ed:b5:
         a1:9a:58:98:ce:56:50:6e:fb:fb:0e:c3:57:11:77:e4:c9:dd:
         92:76:95:f1:26:5f:79:e6:d3:dd:59:44:d3:35:a9:17:a9:0c:
         6f:67:58:c8:fa:d6:24:be:2a:5c:ac:ff:c4:09:b2:46:9c:c1:
         d6:de:e0:16:a9:23:bd:71:0e:b3:ea:dd:56:33:59:7f:1b:02:
         a2:3b:8c:0b:9c:c2:53:50:b2:df:a6:39:bf:ea:41:3f:c8:ca:
         62:fb:58:fb:f5:e6:f5:8b:2b:79:d7:be:8a:1d:73:24:5a:47:
         8c:18:11:99:2d:56:90:a2:93:18:a9:ac:ab:cb:1c:60:a5:dc:
         e0:55:04:c8:d2:1f:13:41:e2:97:9b:29:5d:d1:67:c2:90:eb:
         b3:a4:22:2d:de:86:1d:9d:e8:a2:73:9f:44:d0:10:1c:d8:f9:
         43:2a:ee:a4:fc:62:2c:95:17:3e:55:e4:a9:11:d9:f3:b4:70:
         1a:14:66:e4:12:56:b8:98:1d:8c:ed:49:80:a3:b7:93:c1:f0:
         dc:d6:3c:b5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFATXlhG1pGIylWjwNpV3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMGI1MTFhZjlmMjc4YTBhZDc4OGU5Mzc0MTU0YmY2YWQ1
ZWEzYWIwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmMxNWJhM2M2MDJmMjM1YzUzM2I3N2U5OGYyZGQ1Nzc2NjQ4OTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqrm1kH5KBrwklZJU0fhRiw3PU+T
HpZFlvbE5J0/F+Rlieqj5qMwDp/zsb70YPXKFPnaumFr8yOKu+iVUtSjqptUW22E
j5iaLu79jWekc+oJ4MxjbRkkosIBZAtiD0BfWlISWgEt/UgM7xSjpoDsxj2DlvCG
73GL7V99kFgFTWSjyMAY8IQSdIrM/CY9zsNAlfAPZGkl3gGch8VfluRmTOJDdq4O
pHMOJVfEXGo6nPOodCnpHnjMkaQuSnWeP/0vUkHbfOmBbGXTfXEulXeK1KdrSu/U
h29+a9zdocuAykjiBF8IAJCMR5eDOK3KcCALMIQZ3aNAXyOcHJzZVIUdGQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFILBW6PGAvI1xTO3fpjy3Vd2ZImWMB8GA1UdIwQY
MBaAFLILURr58nigrXiOk3QVS/atXqOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2d0Ukd2bnllS0N0ZUk2VGRCVkw5cTFlbzZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi85ZWM2ODAtYWUzNi00OTRiLWEyZjEt
NTRjNThiNDc2ZTlhLzEvZ3NGYm84WUM4alhGTTdkLW1QTGRWM1praVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi85ZWM2ODAtYWUzNi00OTRiLWEyZjEtNTRjNThiNDc2ZTlh
LzEvc2d0Ukd2bnllS0N0ZUk2VGRCVkw5cTFlbzZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCU5b0AwQA
w0JSMA0EAgACMAcDBQMqCR8AMA0GCSqGSIb3DQEBCwUAA4IBAQAU7Ty9UPLBTjs5
a7R+4n82ISqIqpcYH/mUwH39WLm6xMvICV1tx+LkZ3uu263fIiK5RUXb7bWhmliY
zlZQbvv7DsNXEXfkyd2SdpXxJl955tPdWUTTNakXqQxvZ1jI+tYkvipcrP/ECbJG
nMHW3uAWqSO9cQ6z6t1WM1l/GwKiO4wLnMJTULLfpjm/6kE/yMpi+1j79eb1iyt5
176KHXMkWkeMGBGZLVaQopMYqayryxxgpdzgVQTI0h8TQeKXmyld0WfCkOuzpCIt
3oYdneiic59E0BAc2PlDKu6k/GIslRc+VeSpEdnztHAaFGbkEla4mB2M7UmAo7eT
wfDc1jy1
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:33:02 2024 by rpki-client on console-ams.rpki-client.org