Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/aSDSVsOk4qsC08kLNXUYQTFhALM.roa
File:                     aSDSVsOk4qsC08kLNXUYQTFhALM.roa (raw, json)
Hash identifier:          iMkYLlB0o/627kQPa9aDJ2DBJ/HUPcjSgsjb3OxDim8=
Subject key identifier:   69:20:D2:56:C3:A4:E2:AB:02:D3:C9:0B:35:75:18:41:31:61:00:B3
Certificate issuer:       /CN=dc90e0aee1ecc31066cb744f8a7feedefb3f7930
Certificate serial:       018CC5DC5044DD8A37ACA1BC5FC89009B6F7
Authority key identifier: DC:90:E0:AE:E1:EC:C3:10:66:CB:74:4F:8A:7F:EE:DE:FB:3F:79:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/aSDSVsOk4qsC08kLNXUYQTFhALM.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     939
IP address blocks:        89.105.196.0/24 maxlen: 24
                          89.105.219.0/24 maxlen: 24
                          89.105.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/3JDgruHswxBmy3RPin_u3vs_eTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/3JDgruHswxBmy3RPin_u3vs_eTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 12:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:50:44:dd:8a:37:ac:a1:bc:5f:c8:90:09:b6:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc90e0aee1ecc31066cb744f8a7feedefb3f7930
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6920d256c3a4e2ab02d3c90b35751841316100b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d4:9a:4a:e5:12:31:ec:ea:92:48:93:42:32:
                    f0:62:c7:a3:09:0c:6d:c2:c5:c9:2c:f8:27:10:c9:
                    d9:ee:c7:75:70:fe:6c:2c:a6:86:7d:9d:ac:1f:38:
                    9e:ac:67:d9:db:31:cc:96:1e:60:6a:fe:d2:b7:6c:
                    9c:75:8e:2c:40:e5:c7:9f:bf:dc:88:5a:d4:21:93:
                    bf:54:35:af:c9:e5:51:bf:3f:5c:c8:f3:0b:56:ae:
                    f3:88:25:59:46:0c:03:57:a8:f3:fa:34:89:ab:62:
                    b5:28:3d:ff:ef:e6:6c:10:0e:92:d2:68:a8:b2:27:
                    f6:ad:e7:36:09:55:dc:36:2e:a6:bb:e3:ae:a7:6d:
                    ed:e5:a0:7a:62:ab:63:a2:4a:95:c5:e9:44:5f:8d:
                    a6:12:6a:8b:4e:08:7e:37:d4:8e:fb:dd:f2:99:f2:
                    fd:a6:51:91:8a:52:54:fb:a5:a2:53:e6:cd:44:5c:
                    50:3e:da:c1:56:78:8e:b6:92:4a:0d:d5:a1:b2:fc:
                    07:de:5d:a3:b9:4a:63:01:43:03:b6:cb:3f:5f:52:
                    fd:bf:db:89:4a:53:4f:1d:32:57:61:8f:52:c4:dd:
                    3a:6b:33:f6:86:77:8f:d5:98:4b:00:82:93:35:d7:
                    22:58:0b:14:1c:93:f7:00:75:44:8b:ac:1b:73:5d:
                    28:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:20:D2:56:C3:A4:E2:AB:02:D3:C9:0B:35:75:18:41:31:61:00:B3
            X509v3 Authority Key Identifier:
                keyid:DC:90:E0:AE:E1:EC:C3:10:66:CB:74:4F:8A:7F:EE:DE:FB:3F:79:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/aSDSVsOk4qsC08kLNXUYQTFhALM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/3JDgruHswxBmy3RPin_u3vs_eTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.105.196.0/24
                  89.105.219.0-89.105.220.255

    Signature Algorithm: sha256WithRSAEncryption
         5e:91:c1:a9:17:ef:58:68:6e:45:6d:f1:9c:e2:2d:49:06:37:
         2a:cb:39:f8:53:39:c1:c0:ab:5c:5d:c6:1d:ee:de:47:35:27:
         cf:df:c7:b0:35:57:36:30:3d:3e:f8:ff:cf:e5:8f:c5:0d:2b:
         a2:1f:51:fe:36:c1:d6:02:27:e7:3b:f4:ea:c4:e7:1e:ae:d4:
         e5:76:69:b0:15:0e:5a:96:6a:72:00:6f:80:4b:df:2d:98:ae:
         62:e1:e1:37:56:6c:2a:0a:07:8d:5e:1b:35:b4:8c:c9:73:ac:
         8a:fd:c0:bb:e5:8a:27:3d:f7:f6:0b:44:3b:a5:33:b5:c1:63:
         ef:a0:9d:98:dc:7a:90:81:ca:25:0b:97:93:37:8a:55:75:af:
         8c:94:74:ae:5d:b6:16:b1:d7:fe:78:12:75:95:0c:d9:3a:f2:
         0b:7e:37:b1:88:1d:f6:88:37:2e:ef:35:a5:9b:ea:bc:0d:df:
         92:7c:f1:76:15:c7:1f:46:f1:e4:08:d1:0a:ce:97:7a:99:33:
         db:02:88:4d:2d:43:09:fc:52:10:51:64:88:a8:a0:8f:bc:07:
         24:ef:e9:89:0b:69:4d:bd:af:63:fe:8e:d3:b1:e2:97:33:4f:
         39:76:76:67:94:36:e5:0f:6f:52:d3:91:52:14:dd:b4:cf:ea:
         90:64:a4:2e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzF3FBE3Yo3rKG8X8iQCbb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjOTBlMGFlZTFlY2MzMTA2NmNiNzQ0ZjhhN2ZlZWRlZmIz
Zjc5MzAwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTIwZDI1NmMzYTRlMmFiMDJkM2M5MGIzNTc1MTg0MTMxNjEwMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNSaSuUSMezqkkiTQjLwYsejCQxt
wsXJLPgnEMnZ7sd1cP5sLKaGfZ2sHzierGfZ2zHMlh5gav7St2ycdY4sQOXHn7/c
iFrUIZO/VDWvyeVRvz9cyPMLVq7ziCVZRgwDV6jz+jSJq2K1KD3/7+ZsEA6S0mio
sif2rec2CVXcNi6mu+Oup23t5aB6YqtjokqVxelEX42mEmqLTgh+N9SO+93ymfL9
plGRilJU+6WiU+bNRFxQPtrBVniOtpJKDdWhsvwH3l2juUpjAUMDtss/X1L9v9uJ
SlNPHTJXYY9SxN06azP2hneP1ZhLAIKTNdciWAsUHJP3AHVEi6wbc10oWwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGkg0lbDpOKrAtPJCzV1GEExYQCzMB8GA1UdIwQY
MBaAFNyQ4K7h7MMQZst0T4p/7t77P3kwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0pEZ3J1SHN3eEJteTNSUGluX3UzdnNfZVRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84N2IyNjctNDljMi00MjY5LTlmNjYt
MDBiY2Q5YjkxYzFiLzEvYVNEU1ZzT2s0cXNDMDhrTE5YVVlRVEZoQUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84N2IyNjctNDljMi00MjY5LTlmNjYtMDBiY2Q5YjkxYzFi
LzEvM0pEZ3J1SHN3eEJteTNSUGluX3UzdnNfZVRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAWWnEMAwD
BABZadsDBABZadwwDQYJKoZIhvcNAQELBQADggEBAF6RwakX71hobkVt8ZziLUkG
NyrLOfhTOcHAq1xdxh3u3kc1J8/fx7A1VzYwPT74/8/lj8UNK6IfUf42wdYCJ+c7
9OrE5x6u1OV2abAVDlqWanIAb4BL3y2YrmLh4TdWbCoKB41eGzW0jMlzrIr9wLvl
iic99/YLRDulM7XBY++gnZjcepCByiULl5M3ilV1r4yUdK5dthax1/54EnWVDNk6
8gt+N7GIHfaINy7vNaWb6rwN35J88XYVxx9G8eQI0QrOl3qZM9sCiE0tQwn8UhBR
ZIiooI+8ByTv6YkLaU29r2P+jtOx4pczTzl2dmeUNuUPb1LTkVIU3bTP6pBkpC4=
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:28:04 2024 by rpki-client on console-ams.rpki-client.org