Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/67CdTiNYozCDfzsAx5MIvi7c4LI.roa
File:                     67CdTiNYozCDfzsAx5MIvi7c4LI.roa (raw, json)
Hash identifier:          H9MMMNuDkAt3TJd4bU13MEXWbtJgGTBkV2CPkBNZcLk=
Subject key identifier:   EB:B0:9D:4E:23:58:A3:30:83:7F:3B:00:C7:93:08:BE:2E:DC:E0:B2
Certificate issuer:       /CN=874b591b5d8f076eaf472e3ea45d3b5c8e1350a1
Certificate serial:       018CC4245234492E58DA9C44436B1871F1E7
Authority key identifier: 87:4B:59:1B:5D:8F:07:6E:AF:47:2E:3E:A4:5D:3B:5C:8E:13:50:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0tZG12PB26vRy4-pF07XI4TUKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/67CdTiNYozCDfzsAx5MIvi7c4LI.roa
Signing time:             Mon 01 Jan 2024 08:29:23 +0000
ROA not before:           Mon 01 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207945
IP address blocks:        194.63.152.0/22 maxlen: 22
                          185.183.72.0/22 maxlen: 22
                          2a0f:6b80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/h0tZG12PB26vRy4-pF07XI4TUKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/h0tZG12PB26vRy4-pF07XI4TUKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0tZG12PB26vRy4-pF07XI4TUKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:52:34:49:2e:58:da:9c:44:43:6b:18:71:f1:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874b591b5d8f076eaf472e3ea45d3b5c8e1350a1
        Validity
            Not Before: Jan  1 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebb09d4e2358a330837f3b00c79308be2edce0b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:47:a2:4d:c4:0e:9a:a5:13:c7:8a:eb:17:fc:
                    59:9a:d0:91:28:9b:be:09:77:6f:98:5d:24:90:03:
                    21:76:99:d3:7a:35:94:48:09:74:7e:eb:54:6e:36:
                    9e:fa:72:30:11:4b:f9:a2:cc:67:c7:e8:e3:df:cb:
                    1e:7f:2b:fb:02:9c:38:81:f0:3b:e4:31:21:d2:d5:
                    34:68:63:3d:0a:a3:fb:ca:43:1a:5d:ae:dc:c6:42:
                    49:70:22:c0:b5:69:39:93:01:3b:d6:15:ba:f9:92:
                    59:2a:2d:3e:c8:4e:3f:0f:4a:53:85:41:6b:03:0e:
                    81:1e:fc:d1:34:3e:d0:79:06:1e:e6:7a:19:b8:4a:
                    00:81:67:5c:54:44:ec:40:50:4d:ae:7f:b1:d9:11:
                    ca:95:44:7a:31:81:bf:33:7f:a0:eb:70:21:b9:42:
                    1e:ee:dc:b5:11:37:dd:2d:08:35:a0:72:e8:3d:be:
                    b7:aa:4c:f5:b4:2e:b1:da:4d:a8:fd:53:07:61:f9:
                    67:d1:96:f4:a1:f0:1e:9b:f5:f9:bd:b7:6f:3a:1e:
                    27:63:0b:7f:ad:24:ad:74:a5:3b:5f:47:eb:22:d1:
                    ff:b1:62:19:d7:6c:a4:48:eb:db:80:43:f5:cd:4c:
                    b0:af:86:8d:a0:86:a7:d1:f3:93:1d:18:7c:20:2f:
                    c8:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:B0:9D:4E:23:58:A3:30:83:7F:3B:00:C7:93:08:BE:2E:DC:E0:B2
            X509v3 Authority Key Identifier:
                keyid:87:4B:59:1B:5D:8F:07:6E:AF:47:2E:3E:A4:5D:3B:5C:8E:13:50:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0tZG12PB26vRy4-pF07XI4TUKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/67CdTiNYozCDfzsAx5MIvi7c4LI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/h0tZG12PB26vRy4-pF07XI4TUKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.72.0/22
                  194.63.152.0/22
                IPv6:
                  2a0f:6b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:49:0f:9d:ab:c5:03:50:5c:bd:1e:63:f2:ae:0a:1d:b4:11:
         b4:92:ca:0b:f4:cc:c5:81:ef:ad:3e:4e:90:49:f6:3f:63:c7:
         3e:96:fa:80:3f:fe:e7:f3:ae:86:b1:cf:af:75:bd:c2:04:45:
         cf:59:72:8e:37:0a:52:8e:95:64:25:ce:2e:3b:78:e0:a5:35:
         fb:89:3d:61:d2:11:f3:63:fc:21:b6:7d:9c:ef:bd:ad:31:c5:
         1b:d4:73:fc:7d:50:ea:d0:16:60:b2:ad:24:98:d6:c7:09:85:
         44:1c:3a:ae:86:b8:f9:c3:5d:98:cf:67:d9:0b:0d:19:22:20:
         de:4e:67:6b:83:80:e3:97:9f:38:73:02:d4:7d:a7:ce:66:30:
         5a:4d:cb:70:ff:e6:db:d8:d8:45:62:b4:cd:aa:df:09:3d:2f:
         c7:b4:6d:4b:45:34:ec:e3:23:01:d3:0e:8d:70:02:a7:1a:6b:
         c8:ea:b7:dd:13:1c:2c:7f:66:88:af:bd:4a:80:a1:18:bd:c9:
         37:80:7c:d8:c4:e4:c1:6b:dc:a9:95:2b:a4:9d:76:14:7f:9e:
         ae:3e:87:8b:cd:ed:55:e7:5d:c7:08:de:6a:f8:fa:6c:2d:9f:
         30:b6:c5:f6:6c:55:98:2c:c8:e6:a6:3c:5f:47:7a:22:fd:8b:
         ae:4c:08:cf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJFI0SS5Y2pxEQ2sYcfHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGI1OTFiNWQ4ZjA3NmVhZjQ3MmUzZWE0NWQzYjVjOGUx
MzUwYTEwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmIwOWQ0ZTIzNThhMzMwODM3ZjNiMDBjNzkzMDhiZTJlZGNlMGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6EeiTcQOmqUTx4rrF/xZmtCRKJu+
CXdvmF0kkAMhdpnTejWUSAl0futUbjae+nIwEUv5osxnx+jj38sefyv7Apw4gfA7
5DEh0tU0aGM9CqP7ykMaXa7cxkJJcCLAtWk5kwE71hW6+ZJZKi0+yE4/D0pThUFr
Aw6BHvzRND7QeQYe5noZuEoAgWdcVETsQFBNrn+x2RHKlUR6MYG/M3+g63AhuUIe
7ty1ETfdLQg1oHLoPb63qkz1tC6x2k2o/VMHYfln0Zb0ofAem/X5vbdvOh4nYwt/
rSStdKU7X0frItH/sWIZ12ykSOvbgEP1zUywr4aNoIan0fOTHRh8IC/I2QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOuwnU4jWKMwg387AMeTCL4u3OCyMB8GA1UdIwQY
MBaAFIdLWRtdjwdur0cuPqRdO1yOE1ChMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB0WkcxMlBCMjZ2Unk0LXBGMDdYSTRUVUtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jYWQ1MjEtZGFiZS00OWE4LWJjZTQt
MGM2YTY3ODIwYTU4LzEvNjdDZFRpTllvekNEZnpzQXg1TUl2aTdjNExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jYWQ1MjEtZGFiZS00OWE4LWJjZTQtMGM2YTY3ODIwYTU4
LzEvaDB0WkcxMlBCMjZ2Unk0LXBGMDdYSTRUVUtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCubdIAwQC
wj+YMA0EAgACMAcDBQMqD2uAMA0GCSqGSIb3DQEBCwUAA4IBAQBaSQ+dq8UDUFy9
HmPyrgodtBG0ksoL9MzFge+tPk6QSfY/Y8c+lvqAP/7n866Gsc+vdb3CBEXPWXKO
NwpSjpVkJc4uO3jgpTX7iT1h0hHzY/whtn2c772tMcUb1HP8fVDq0BZgsq0kmNbH
CYVEHDquhrj5w12Yz2fZCw0ZIiDeTmdrg4Djl584cwLUfafOZjBaTctw/+bb2NhF
YrTNqt8JPS/HtG1LRTTs4yMB0w6NcAKnGmvI6rfdExwsf2aIr71KgKEYvck3gHzY
xOTBa9yplSuknXYUf56uPoeLze1V513HCN5q+PpsLZ8wtsX2bFWYLMjmpjxfR3oi
/YuuTAjP
-----END CERTIFICATE-----
Generated at Mon Jun 17 08:56:02 2024 by rpki-client on console-ams.rpki-client.org