Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/KWyhHXZXhHyi_-yry-IIMkO12Ao.roa
File:                     KWyhHXZXhHyi_-yry-IIMkO12Ao.roa (raw, json)
Hash identifier:          pl72D5DODw4173c5V2ugBGS3R7tDyLJ4Qw/5lr3IWs4=
Subject key identifier:   29:6C:A1:1D:76:57:84:7C:A2:FF:EC:AB:CB:E2:08:32:43:B5:D8:0A
Certificate issuer:       /CN=c950d7b1975a3703ae27b31ad2f932ae46a4cc94
Certificate serial:       018CC8DF16644BA52BC432BBDC95CF59D11C
Authority key identifier: C9:50:D7:B1:97:5A:37:03:AE:27:B3:1A:D2:F9:32:AE:46:A4:CC:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/KWyhHXZXhHyi_-yry-IIMkO12Ao.roa
Signing time:             Tue 02 Jan 2024 06:31:52 +0000
ROA not before:           Tue 02 Jan 2024 06:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        185.136.128.0/22 maxlen: 24
                          2a03:a4e0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:16:64:4b:a5:2b:c4:32:bb:dc:95:cf:59:d1:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c950d7b1975a3703ae27b31ad2f932ae46a4cc94
        Validity
            Not Before: Jan  2 06:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=296ca11d7657847ca2ffecabcbe2083243b5d80a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:96:e2:b9:a5:07:72:8b:ce:97:ca:7b:d4:59:
                    c7:ad:9a:3b:6c:10:57:98:9e:1e:96:c4:3c:7d:e1:
                    63:d9:8e:16:5c:e5:bf:79:1a:e1:a6:e0:5c:9a:f8:
                    4e:48:79:3f:b3:0d:fe:47:01:f6:86:60:bf:a0:70:
                    ac:a3:5d:d0:9b:78:6d:8e:70:34:6b:56:2a:5e:bc:
                    a3:8f:f2:0b:77:1d:d1:6b:e2:8a:35:3c:f4:71:15:
                    b4:c2:8d:b3:7e:1c:f0:83:6a:53:19:17:16:b3:33:
                    36:cc:f4:7d:8f:1a:cd:ca:c3:43:99:d7:4e:85:0b:
                    54:30:a5:53:e3:fd:c7:d8:be:f3:9e:aa:c4:41:56:
                    bc:c3:4b:3f:42:88:4c:9e:d1:be:e7:94:99:45:55:
                    21:6c:23:0f:60:d6:2c:d1:06:3b:e0:b1:b3:03:93:
                    1c:86:a2:88:a7:b6:13:58:70:86:a1:d5:e1:96:b9:
                    30:77:2c:c4:fb:d4:fd:02:66:62:0d:6a:66:66:74:
                    b5:d3:11:33:94:05:eb:4b:da:ba:9d:cd:76:79:63:
                    14:ef:9a:72:f3:ac:a3:a9:43:9f:f1:2a:b7:2c:16:
                    93:0b:80:b3:d1:46:f7:b4:6e:a1:f9:28:0d:8d:85:
                    70:de:83:16:3f:6e:55:a1:ff:60:73:52:e7:4a:09:
                    5e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6C:A1:1D:76:57:84:7C:A2:FF:EC:AB:CB:E2:08:32:43:B5:D8:0A
            X509v3 Authority Key Identifier:
                keyid:C9:50:D7:B1:97:5A:37:03:AE:27:B3:1A:D2:F9:32:AE:46:A4:CC:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/KWyhHXZXhHyi_-yry-IIMkO12Ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0c7318-b348-4b24-b9e5-c6a8821adea9/1/yVDXsZdaNwOuJ7Ma0vkyrkakzJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.128.0/22
                IPv6:
                  2a03:a4e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:47:b8:6f:70:f2:41:80:81:3d:50:fc:81:ea:9f:ff:ff:0d:
         6c:82:2b:a7:22:bf:42:8a:44:a7:80:be:61:63:26:92:79:f8:
         40:7e:b8:59:4a:c9:59:b6:65:2e:24:e5:68:f4:82:be:b1:97:
         25:d6:96:2a:11:08:b3:e0:48:54:da:cb:c2:94:96:11:ac:96:
         2b:4a:53:01:44:14:5e:9d:7d:d2:74:b1:47:58:a8:f1:90:a9:
         90:f1:75:b8:c1:dc:7e:67:77:7f:49:79:72:e0:e0:61:07:4e:
         a0:9a:52:98:d0:ac:b6:e9:a1:2a:0d:b7:7f:b3:74:2d:19:88:
         ca:95:c1:9e:8b:28:c1:df:fb:e8:57:29:48:cd:0b:0e:9a:dd:
         77:98:eb:98:31:59:62:bf:cb:c4:e3:42:64:cd:3e:c9:f8:5a:
         85:d9:bf:16:70:06:a6:88:15:1b:77:b8:39:c7:e7:4b:d6:b1:
         45:15:c3:07:6f:09:26:42:24:f4:0a:e2:db:0b:1a:7a:8a:64:
         b4:03:71:49:24:c7:7c:57:e5:69:98:2c:73:f5:f7:c6:52:a7:
         76:37:7b:ea:fc:53:ba:c0:60:fb:22:02:a6:64:a2:4f:b7:f0:
         cc:b0:49:58:ba:60:6c:d3:7f:b5:50:ed:43:b4:de:7a:b9:20:
         44:16:38:b6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3xZkS6UrxDK73JXPWdEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NTBkN2IxOTc1YTM3MDNhZTI3YjMxYWQyZjkzMmFlNDZh
NGNjOTQwHhcNMjQwMTAyMDYzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZjYTExZDc2NTc4NDdjYTJmZmVjYWJjYmUyMDgzMjQzYjVkODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJbiuaUHcovOl8p71FnHrZo7bBBX
mJ4elsQ8feFj2Y4WXOW/eRrhpuBcmvhOSHk/sw3+RwH2hmC/oHCso13Qm3htjnA0
a1YqXryjj/ILdx3Ra+KKNTz0cRW0wo2zfhzwg2pTGRcWszM2zPR9jxrNysNDmddO
hQtUMKVT4/3H2L7znqrEQVa8w0s/QohMntG+55SZRVUhbCMPYNYs0QY74LGzA5Mc
hqKIp7YTWHCGodXhlrkwdyzE+9T9AmZiDWpmZnS10xEzlAXrS9q6nc12eWMU75py
86yjqUOf8Sq3LBaTC4Cz0Ub3tG6h+SgNjYVw3oMWP25Vof9gc1LnSgle9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFClsoR12V4R8ov/sq8viCDJDtdgKMB8GA1UdIwQY
MBaAFMlQ17GXWjcDriezGtL5Mq5GpMyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVZEWHNaZGFOd091SjdNYTB2a3lya2FrekpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wYzczMTgtYjM0OC00YjI0LWI5ZTUt
YzZhODgyMWFkZWE5LzEvS1d5aEhYWlhoSHlpXy15cnktSUlNa08xMkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wYzczMTgtYjM0OC00YjI0LWI5ZTUtYzZhODgyMWFkZWE5
LzEveVZEWHNaZGFOd091SjdNYTB2a3lya2FrekpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYiAMA0E
AgACMAcDBQAqA6TgMA0GCSqGSIb3DQEBCwUAA4IBAQBLR7hvcPJBgIE9UPyB6p//
/w1sgiunIr9CikSngL5hYyaSefhAfrhZSslZtmUuJOVo9IK+sZcl1pYqEQiz4EhU
2svClJYRrJYrSlMBRBRenX3SdLFHWKjxkKmQ8XW4wdx+Z3d/SXly4OBhB06gmlKY
0Ky26aEqDbd/s3QtGYjKlcGeiyjB3/voVylIzQsOmt13mOuYMVliv8vE40JkzT7J
+FqF2b8WcAamiBUbd7g5x+dL1rFFFcMHbwkmQiT0CuLbCxp6imS0A3FJJMd8V+Vp
mCxz9ffGUqd2N3vq/FO6wGD7IgKmZKJPt/DMsElYumBs03+1UO1DtN56uSBEFji2
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:00:31 2024 by rpki-client on console-ams.rpki-client.org