Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/a842pDwNQHbYUA8igJVhhRtE6dY.roa
File:                     a842pDwNQHbYUA8igJVhhRtE6dY.roa (raw, json)
Hash identifier:          bbGHXCcpRi+Ggt4Cej8eQNSiA073M3bbtQVupYk0Abw=
Subject key identifier:   6B:CE:36:A4:3C:0D:40:76:D8:50:0F:22:80:95:61:85:1B:44:E9:D6
Certificate issuer:       /CN=87d7f7d2fc1348914c006b55ab93f2d2e3390de6
Certificate serial:       018CC5DD2DD4F14D7D5E28D81C22CADE829C
Authority key identifier: 87:D7:F7:D2:FC:13:48:91:4C:00:6B:55:AB:93:F2:D2:E3:39:0D:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h9f30vwTSJFMAGtVq5Py0uM5DeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/a842pDwNQHbYUA8igJVhhRtE6dY.roa
Signing time:             Mon 01 Jan 2024 16:30:55 +0000
ROA not before:           Mon 01 Jan 2024 16:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52080
IP address blocks:        185.249.152.0/22 maxlen: 22
                          185.249.152.0/24 maxlen: 24
                          193.162.107.0/24 maxlen: 24
                          185.249.155.0/24 maxlen: 24
                          185.249.154.0/24 maxlen: 24
                          185.249.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/h9f30vwTSJFMAGtVq5Py0uM5DeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/h9f30vwTSJFMAGtVq5Py0uM5DeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h9f30vwTSJFMAGtVq5Py0uM5DeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:2d:d4:f1:4d:7d:5e:28:d8:1c:22:ca:de:82:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87d7f7d2fc1348914c006b55ab93f2d2e3390de6
        Validity
            Not Before: Jan  1 16:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bce36a43c0d4076d8500f22809561851b44e9d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d7:06:1a:2c:b8:07:a0:15:9c:20:5c:5b:20:
                    59:6b:ff:42:d8:63:0f:b4:f5:63:58:ea:ca:1b:9d:
                    54:64:1e:55:20:4c:bf:da:c5:35:1c:d6:eb:8a:ab:
                    4c:a9:88:00:bd:a7:2b:af:5c:f8:66:f9:e7:60:f6:
                    54:7a:92:5d:b9:d5:53:69:7d:04:f6:04:bf:52:32:
                    fd:47:4e:db:31:23:b2:8c:88:a2:1f:8b:03:52:55:
                    43:7a:51:35:91:60:a4:50:f5:7e:7d:0f:d9:92:8a:
                    05:3b:3f:4a:92:6a:7e:b6:87:f2:31:9e:ac:b0:52:
                    34:03:e4:f3:63:fb:de:22:52:03:2e:04:72:39:de:
                    c4:2c:0e:72:7d:b1:a5:1a:54:92:d2:e3:59:60:ad:
                    13:76:0b:77:57:87:53:53:78:29:1e:58:27:bc:db:
                    d4:83:28:c2:16:32:81:03:01:d9:ac:e6:00:0f:63:
                    c2:d2:81:12:40:53:d3:66:8f:14:7e:34:48:66:0b:
                    12:19:96:d1:83:7a:0e:a5:29:eb:32:cd:98:86:6c:
                    a7:33:6d:07:8e:a9:ae:f1:56:e2:48:73:15:9f:32:
                    c9:d6:ba:09:f8:5c:ed:bd:80:11:24:d8:9f:54:1c:
                    ae:4c:4e:67:3e:4a:8d:4a:09:54:5b:74:e0:88:fa:
                    66:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:CE:36:A4:3C:0D:40:76:D8:50:0F:22:80:95:61:85:1B:44:E9:D6
            X509v3 Authority Key Identifier:
                keyid:87:D7:F7:D2:FC:13:48:91:4C:00:6B:55:AB:93:F2:D2:E3:39:0D:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9f30vwTSJFMAGtVq5Py0uM5DeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/a842pDwNQHbYUA8igJVhhRtE6dY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a6592e-b1c1-407c-8f04-301df272152e/1/h9f30vwTSJFMAGtVq5Py0uM5DeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.152.0/22
                  193.162.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:10:13:26:8e:02:a0:7b:ca:9a:06:b0:69:6e:70:e7:de:e9:
         4d:83:6c:f5:20:29:13:0a:53:2c:53:a0:2f:16:b0:95:44:70:
         11:1e:f3:c4:f1:94:8c:76:d2:1a:ae:a8:e9:47:1e:15:47:4e:
         2b:c2:8c:8d:8c:35:07:ea:24:f6:18:b8:e6:84:51:e1:99:27:
         d9:e1:56:04:ce:79:1d:17:68:09:9b:62:57:68:06:4d:ef:5c:
         c4:e1:76:e0:05:7c:44:0f:4f:d3:9d:66:01:ca:96:26:3d:3e:
         3c:3d:9f:2a:4b:e0:c0:db:fd:31:40:19:ef:53:24:73:af:ec:
         ff:0b:b0:f5:99:20:a0:a8:dc:29:2b:15:c6:49:e9:9b:42:3f:
         9c:fa:49:57:d0:3d:7c:18:9e:9f:ac:46:ed:cb:ab:1e:90:c6:
         e7:b1:87:c5:8a:1e:ef:25:ee:da:7c:ca:1e:88:1f:0e:b3:0d:
         34:1f:6b:34:4a:a7:2d:b8:1e:be:10:d3:a3:8a:14:d7:96:e6:
         08:cc:50:d7:a7:49:5b:c7:a0:4d:ff:9b:aa:0a:5e:2b:5f:2d:
         52:7d:ef:cd:27:c0:46:1f:b0:69:e2:3f:97:92:88:f7:bb:e2:
         f1:84:77:01:c0:26:d1:0a:a1:d5:9a:26:74:4e:25:2d:34:df:
         67:14:e5:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3S3U8U19XijYHCLK3oKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZDdmN2QyZmMxMzQ4OTE0YzAwNmI1NWFiOTNmMmQyZTMz
OTBkZTYwHhcNMjQwMTAxMTYzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmNlMzZhNDNjMGQ0MDc2ZDg1MDBmMjI4MDk1NjE4NTFiNDRlOWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9cGGiy4B6AVnCBcWyBZa/9C2GMP
tPVjWOrKG51UZB5VIEy/2sU1HNbriqtMqYgAvacrr1z4ZvnnYPZUepJdudVTaX0E
9gS/UjL9R07bMSOyjIiiH4sDUlVDelE1kWCkUPV+fQ/ZkooFOz9Kkmp+tofyMZ6s
sFI0A+TzY/veIlIDLgRyOd7ELA5yfbGlGlSS0uNZYK0Tdgt3V4dTU3gpHlgnvNvU
gyjCFjKBAwHZrOYAD2PC0oESQFPTZo8UfjRIZgsSGZbRg3oOpSnrMs2YhmynM20H
jqmu8VbiSHMVnzLJ1roJ+FztvYARJNifVByuTE5nPkqNSglUW3TgiPpmawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGvONqQ8DUB22FAPIoCVYYUbROnWMB8GA1UdIwQY
MBaAFIfX99L8E0iRTABrVauT8tLjOQ3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDlmMzB2d1RTSkZNQUd0VnE1UHkwdU01RGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjU5MmUtYjFjMS00MDdjLThmMDQt
MzAxZGYyNzIxNTJlLzEvYTg0MnBEd05RSGJZVUE4aWdKVmhoUnRFNmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjU5MmUtYjFjMS00MDdjLThmMDQtMzAxZGYyNzIxNTJl
LzEvaDlmMzB2d1RTSkZNQUd0VnE1UHkwdU01RGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCufmYAwQA
waJrMA0GCSqGSIb3DQEBCwUAA4IBAQAlEBMmjgKge8qaBrBpbnDn3ulNg2z1ICkT
ClMsU6AvFrCVRHARHvPE8ZSMdtIarqjpRx4VR04rwoyNjDUH6iT2GLjmhFHhmSfZ
4VYEznkdF2gJm2JXaAZN71zE4XbgBXxED0/TnWYBypYmPT48PZ8qS+DA2/0xQBnv
UyRzr+z/C7D1mSCgqNwpKxXGSembQj+c+klX0D18GJ6frEbty6sekMbnsYfFih7v
Je7afMoeiB8Osw00H2s0SqctuB6+ENOjihTXluYIzFDXp0lbx6BN/5uqCl4rXy1S
fe/NJ8BGH7Bp4j+Xkoj3u+LxhHcBwCbRCqHVmiZ0TiUtNN9nFOVE
-----END CERTIFICATE-----
Generated at Sun Jun 16 06:29:42 2024 by rpki-client on console-ams.rpki-client.org