Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/874d27-f2ac-4897-96f4-3e4e84f35cd0/1/5ag9GuKkp8P98LJXJLp4m2o12gs.roa
File:                     5ag9GuKkp8P98LJXJLp4m2o12gs.roa (raw, json)
Hash identifier:          tBXlYt2GaygfRB7lmy6IBArz/HSb8P5VbobuhOiGL8g=
Subject key identifier:   E5:A8:3D:1A:E2:A4:A7:C3:FD:F0:B2:57:24:BA:78:9B:6A:35:DA:0B
Certificate issuer:       /CN=e81074e32822c8bef3a7dcb31280825bd27545c9
Certificate serial:       018CC727388AD408B9EE1C5B5EB4AD8BB855
Authority key identifier: E8:10:74:E3:28:22:C8:BE:F3:A7:DC:B3:12:80:82:5B:D2:75:45:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6BB04ygiyL7zp9yzEoCCW9J1Rck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/874d27-f2ac-4897-96f4-3e4e84f35cd0/1/5ag9GuKkp8P98LJXJLp4m2o12gs.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60815
IP address blocks:        185.20.24.0/23 maxlen: 23
                          185.20.24.0/22 maxlen: 22
                          185.20.24.0/24 maxlen: 24
                          185.20.27.0/24 maxlen: 24
                          185.20.26.0/24 maxlen: 24
                          185.20.26.0/23 maxlen: 23
                          185.20.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/874d27-f2ac-4897-96f4-3e4e84f35cd0/1/6BB04ygiyL7zp9yzEoCCW9J1Rck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/874d27-f2ac-4897-96f4-3e4e84f35cd0/1/6BB04ygiyL7zp9yzEoCCW9J1Rck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6BB04ygiyL7zp9yzEoCCW9J1Rck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:38:8a:d4:08:b9:ee:1c:5b:5e:b4:ad:8b:b8:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e81074e32822c8bef3a7dcb31280825bd27545c9
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5a83d1ae2a4a7c3fdf0b25724ba789b6a35da0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:78:15:00:86:d4:89:6a:0b:09:24:4d:35:a1:
                    2e:80:22:60:63:83:13:d6:c0:52:74:d0:93:b9:9d:
                    5a:8f:9f:a8:86:9e:1e:78:80:77:b4:51:9b:34:df:
                    19:56:de:62:b2:f1:30:50:32:5a:56:51:b6:ce:f5:
                    97:d9:54:6b:21:5c:63:e8:07:8e:16:9d:1e:28:e8:
                    76:70:ae:7e:e3:65:59:f1:19:89:65:80:ef:63:7b:
                    99:9b:54:9f:03:9e:86:8a:5d:93:00:07:e7:f2:c0:
                    c2:4d:7e:31:f8:47:c6:1e:26:78:15:cd:5b:f2:71:
                    a2:e7:d0:bc:27:29:29:a3:41:3c:3a:5e:c9:47:47:
                    93:7b:27:d3:57:54:76:78:4b:ec:1a:9d:21:42:b7:
                    28:e6:4a:73:2d:d7:92:f3:e0:02:64:3d:ea:1d:32:
                    38:af:f3:f8:7a:17:76:8a:ec:54:ac:4e:57:40:54:
                    e2:bd:ed:18:07:00:48:4d:c4:87:1e:10:57:1e:70:
                    fe:19:34:e2:92:93:da:e3:22:56:ea:56:d5:d0:1c:
                    2c:09:5b:f7:a8:20:1f:20:65:b1:a8:17:4a:a7:f5:
                    73:3e:9f:c5:85:0c:e6:b7:54:4a:13:f1:92:1a:b6:
                    ff:b0:4b:5a:75:54:63:57:9a:92:4e:50:72:4b:f3:
                    6b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:A8:3D:1A:E2:A4:A7:C3:FD:F0:B2:57:24:BA:78:9B:6A:35:DA:0B
            X509v3 Authority Key Identifier:
                keyid:E8:10:74:E3:28:22:C8:BE:F3:A7:DC:B3:12:80:82:5B:D2:75:45:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6BB04ygiyL7zp9yzEoCCW9J1Rck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/874d27-f2ac-4897-96f4-3e4e84f35cd0/1/5ag9GuKkp8P98LJXJLp4m2o12gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/874d27-f2ac-4897-96f4-3e4e84f35cd0/1/6BB04ygiyL7zp9yzEoCCW9J1Rck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:d8:1b:f5:5c:df:e3:bd:2f:7a:9c:df:b7:73:85:d1:1b:bd:
         97:50:79:f6:cf:c8:26:7e:d5:bc:47:82:6d:2f:ba:1b:81:02:
         09:d6:3f:7c:29:46:5f:c7:da:fd:0d:5c:e0:aa:a7:46:35:5b:
         d9:18:d3:1c:5b:27:62:82:9b:27:a2:50:e7:a5:63:40:61:e9:
         ca:4f:f7:18:4d:ee:9b:93:ce:7a:44:80:23:c1:93:e7:fe:0a:
         a2:88:97:ee:7c:e2:a4:ce:d0:25:ac:24:b2:e4:09:ef:c7:af:
         df:02:25:31:37:8c:20:4d:ea:38:4b:44:7d:e7:40:2e:79:bf:
         ae:c1:0a:ca:f9:26:56:9f:6d:b8:eb:ca:fd:0a:9f:2c:78:2a:
         22:14:6a:3c:3d:1a:7f:99:3a:40:4c:62:fe:87:6e:58:df:4b:
         8d:c0:2b:61:1a:7f:6c:6e:36:a4:a7:0b:01:ae:f5:41:4d:0e:
         98:15:20:54:a6:24:48:0d:c0:cb:ba:78:20:26:c9:0a:2d:b1:
         ed:4d:db:b2:8b:ed:c7:56:ee:26:ed:ae:91:ea:5c:55:63:c2:
         d8:b9:ce:12:a0:a6:9c:4a:35:0a:ff:83:9f:92:55:b2:8c:2b:
         ac:2b:0a:48:bb:84:b4:4d:ec:54:12:44:b3:50:f2:53:f8:81:
         1f:c4:f2:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJziK1Ai57hxbXrSti7hVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MTA3NGUzMjgyMmM4YmVmM2E3ZGNiMzEyODA4MjViZDI3
NTQ1YzkwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWE4M2QxYWUyYTRhN2MzZmRmMGIyNTcyNGJhNzg5YjZhMzVkYTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3gVAIbUiWoLCSRNNaEugCJgY4MT
1sBSdNCTuZ1aj5+ohp4eeIB3tFGbNN8ZVt5isvEwUDJaVlG2zvWX2VRrIVxj6AeO
Fp0eKOh2cK5+42VZ8RmJZYDvY3uZm1SfA56Gil2TAAfn8sDCTX4x+EfGHiZ4Fc1b
8nGi59C8Jykpo0E8Ol7JR0eTeyfTV1R2eEvsGp0hQrco5kpzLdeS8+ACZD3qHTI4
r/P4ehd2iuxUrE5XQFTive0YBwBITcSHHhBXHnD+GTTikpPa4yJW6lbV0BwsCVv3
qCAfIGWxqBdKp/VzPp/FhQzmt1RKE/GSGrb/sEtadVRjV5qSTlByS/NrRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWoPRripKfD/fCyVyS6eJtqNdoLMB8GA1UdIwQY
MBaAFOgQdOMoIsi+86fcsxKAglvSdUXJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkJCMDR5Z2l5TDd6cDl5ekVvQ0NXOUoxUmNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84NzRkMjctZjJhYy00ODk3LTk2ZjQt
M2U0ZTg0ZjM1Y2QwLzEvNWFnOUd1S2twOFA5OExKWEpMcDRtMm8xMmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84NzRkMjctZjJhYy00ODk3LTk2ZjQtM2U0ZTg0ZjM1Y2Qw
LzEvNkJCMDR5Z2l5TDd6cDl5ekVvQ0NXOUoxUmNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRQYMA0G
CSqGSIb3DQEBCwUAA4IBAQA62Bv1XN/jvS96nN+3c4XRG72XUHn2z8gmftW8R4Jt
L7obgQIJ1j98KUZfx9r9DVzgqqdGNVvZGNMcWydigpsnolDnpWNAYenKT/cYTe6b
k856RIAjwZPn/gqiiJfufOKkztAlrCSy5Anvx6/fAiUxN4wgTeo4S0R950Aueb+u
wQrK+SZWn22468r9Cp8seCoiFGo8PRp/mTpATGL+h25Y30uNwCthGn9sbjakpwsB
rvVBTQ6YFSBUpiRIDcDLunggJskKLbHtTduyi+3HVu4m7a6R6lxVY8LYuc4SoKac
SjUK/4OfklWyjCusKwpIu4S0TexUEkSzUPJT+IEfxPKY
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:29:16 2024 by rpki-client on console-ams.rpki-client.org