Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/ab586e-4b2a-47f6-ace8-d292ab7ce9fa/1/NgiZIvgfSE3gRbXKWGjL7-RX4JA.roa
File:                     NgiZIvgfSE3gRbXKWGjL7-RX4JA.roa (raw, json)
Hash identifier:          s1nxacAoqwvGw7o6uKwGOjxFDbTY351bALOZ7RPT8kE=
Subject key identifier:   36:08:99:22:F8:1F:48:4D:E0:45:B5:CA:58:68:CB:EF:E4:57:E0:90
Certificate issuer:       /CN=0350df78fc785813724ec66648df9b494f9b8da7
Certificate serial:       018CC6B8664E98004657A0BA086D1CBBD07D
Authority key identifier: 03:50:DF:78:FC:78:58:13:72:4E:C6:66:48:DF:9B:49:4F:9B:8D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A1DfePx4WBNyTsZmSN-bSU-bjac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/ab586e-4b2a-47f6-ace8-d292ab7ce9fa/1/NgiZIvgfSE3gRbXKWGjL7-RX4JA.roa
Signing time:             Mon 01 Jan 2024 20:30:22 +0000
ROA not before:           Mon 01 Jan 2024 20:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59905
IP address blocks:        185.92.125.0/24 maxlen: 24
                          185.92.126.0/24 maxlen: 24
                          185.92.127.0/24 maxlen: 24
                          91.220.77.0/24 maxlen: 24
                          185.49.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/ab586e-4b2a-47f6-ace8-d292ab7ce9fa/1/A1DfePx4WBNyTsZmSN-bSU-bjac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/ab586e-4b2a-47f6-ace8-d292ab7ce9fa/1/A1DfePx4WBNyTsZmSN-bSU-bjac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A1DfePx4WBNyTsZmSN-bSU-bjac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:66:4e:98:00:46:57:a0:ba:08:6d:1c:bb:d0:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0350df78fc785813724ec66648df9b494f9b8da7
        Validity
            Not Before: Jan  1 20:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36089922f81f484de045b5ca5868cbefe457e090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:36:00:6e:17:3d:9e:99:ec:b6:52:bf:91:7e:
                    70:30:5a:6b:56:8c:be:74:a3:65:2c:99:a6:36:db:
                    85:51:c3:3c:ef:2f:86:24:28:5e:11:13:2a:36:26:
                    fb:91:d8:d7:01:75:65:cf:3b:ce:ef:bf:72:70:56:
                    af:f7:23:f5:00:df:b7:b0:fe:46:1b:bc:bc:b3:dd:
                    77:9a:60:f8:da:41:3b:bf:35:ac:c0:55:0b:5b:f9:
                    cc:0a:75:70:ce:64:fd:1c:f3:89:fb:f0:b5:3a:b4:
                    51:8e:b1:c7:d3:40:ac:0b:9b:d0:21:6d:5a:eb:04:
                    36:dc:4a:94:f9:49:ae:da:93:d0:b4:aa:cd:bb:98:
                    1d:77:59:8d:99:b2:73:76:1e:22:cd:d3:e5:96:ff:
                    9c:ee:a3:25:9e:42:ee:65:5a:6b:a4:ec:da:07:53:
                    47:14:2b:e5:03:80:52:0b:64:ca:4a:d6:7b:01:65:
                    f8:b7:be:55:a3:22:73:9c:31:4a:05:9a:a3:4a:26:
                    a1:44:05:9c:31:a5:45:62:ea:53:eb:74:fa:bf:c0:
                    5c:77:07:4d:e1:6c:fc:02:66:f5:5f:22:59:7a:5f:
                    9d:10:1f:1a:9f:5c:71:2d:bd:0f:1e:43:7a:8f:16:
                    2b:e9:fc:bf:de:c6:e1:7d:42:66:78:c3:b4:b7:e5:
                    48:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:08:99:22:F8:1F:48:4D:E0:45:B5:CA:58:68:CB:EF:E4:57:E0:90
            X509v3 Authority Key Identifier:
                keyid:03:50:DF:78:FC:78:58:13:72:4E:C6:66:48:DF:9B:49:4F:9B:8D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A1DfePx4WBNyTsZmSN-bSU-bjac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/ab586e-4b2a-47f6-ace8-d292ab7ce9fa/1/NgiZIvgfSE3gRbXKWGjL7-RX4JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/ab586e-4b2a-47f6-ace8-d292ab7ce9fa/1/A1DfePx4WBNyTsZmSN-bSU-bjac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.77.0/24
                  185.49.220.0/22
                  185.92.125.0-185.92.127.255

    Signature Algorithm: sha256WithRSAEncryption
         2c:f4:47:c0:6a:35:d1:d6:a1:c3:d6:1e:bd:db:ed:dd:46:9a:
         d8:2b:7d:bc:78:ce:5f:f8:c2:4d:eb:03:d6:23:e8:ea:54:cc:
         4c:7a:07:1f:4d:39:5f:96:c4:65:07:79:0c:0d:50:87:e7:bf:
         be:76:18:2d:0f:17:7a:ac:10:1d:d0:dc:de:61:59:24:cc:03:
         79:65:ff:5d:30:f0:91:56:5c:01:08:90:77:69:7e:85:24:22:
         46:bb:7b:5b:f0:64:6a:e6:ff:3d:43:d3:19:b8:16:d7:fe:f1:
         d1:de:50:8a:05:c4:1d:09:39:cc:f2:a2:b3:cc:e0:c2:f0:9c:
         c5:bf:64:33:74:88:49:bc:b2:65:c9:90:d7:23:62:0f:c2:06:
         bb:07:99:a9:2f:86:3b:c1:6a:80:70:3d:77:95:b8:a0:72:9e:
         0e:3f:16:89:e0:cb:ec:3b:7a:66:86:da:34:a2:18:c0:08:8e:
         3e:48:b6:8d:e3:87:a7:f4:12:a2:f4:6c:e8:56:00:df:c4:9e:
         4e:97:23:2d:c8:df:92:53:5d:1c:d0:fb:76:9d:72:40:86:5b:
         8f:60:12:27:f4:60:ce:79:17:f1:61:07:6a:0d:8f:fa:f3:98:
         cd:0e:0c:33:a6:2f:17:d5:f4:72:22:d4:d3:4f:7f:3e:40:f4:
         41:be:3e:d6
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzGuGZOmABGV6C6CG0cu9B9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNTBkZjc4ZmM3ODU4MTM3MjRlYzY2NjQ4ZGY5YjQ5NGY5
YjhkYTcwHhcNMjQwMTAxMjAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjA4OTkyMmY4MWY0ODRkZTA0NWI1Y2E1ODY4Y2JlZmU0NTdlMDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjYAbhc9npnstlK/kX5wMFprVoy+
dKNlLJmmNtuFUcM87y+GJCheERMqNib7kdjXAXVlzzvO779ycFav9yP1AN+3sP5G
G7y8s913mmD42kE7vzWswFULW/nMCnVwzmT9HPOJ+/C1OrRRjrHH00CsC5vQIW1a
6wQ23EqU+Umu2pPQtKrNu5gdd1mNmbJzdh4izdPllv+c7qMlnkLuZVprpOzaB1NH
FCvlA4BSC2TKStZ7AWX4t75VoyJznDFKBZqjSiahRAWcMaVFYupT63T6v8BcdwdN
4Wz8Amb1XyJZel+dEB8an1xxLb0PHkN6jxYr6fy/3sbhfUJmeMO0t+VIfQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDYImSL4H0hN4EW1ylhoy+/kV+CQMB8GA1UdIwQY
MBaAFANQ33j8eFgTck7GZkjfm0lPm42nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTFEZmVQeDRXQk55VHNabVNOLWJTVS1iamFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9hYjU4NmUtNGIyYS00N2Y2LWFjZTgt
ZDI5MmFiN2NlOWZhLzEvTmdpWkl2Z2ZTRTNnUmJYS1dHakw3LVJYNEpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9hYjU4NmUtNGIyYS00N2Y2LWFjZTgtZDI5MmFiN2NlOWZh
LzEvQTFEZmVQeDRXQk55VHNabVNOLWJTVS1iamFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAW9xNAwQC
uTHcMAwDBAC5XH0DBAe5XAAwDQYJKoZIhvcNAQELBQADggEBACz0R8BqNdHWocPW
Hr3b7d1Gmtgrfbx4zl/4wk3rA9Yj6OpUzEx6Bx9NOV+WxGUHeQwNUIfnv752GC0P
F3qsEB3Q3N5hWSTMA3ll/10w8JFWXAEIkHdpfoUkIka7e1vwZGrm/z1D0xm4Ftf+
8dHeUIoFxB0JOczyorPM4MLwnMW/ZDN0iEm8smXJkNcjYg/CBrsHmakvhjvBaoBw
PXeVuKByng4/Fongy+w7emaG2jSiGMAIjj5Ito3jh6f0EqL0bOhWAN/Enk6XIy3I
35JTXRzQ+3adckCGW49gEif0YM55F/FhB2oNj/rzmM0ODDOmLxfV9HIi1NNPfz5A
9EG+PtY=
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:15:04 2024 by rpki-client on console-fra.rpki-client.org