Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/a47475-179b-477f-b554-29356341c5fd/1/cDk6SNrWIYfeQv6n0TF-iFDMb70.roa
File:                     cDk6SNrWIYfeQv6n0TF-iFDMb70.roa (raw, json)
Hash identifier:          JF+lRWFvj3PJrLeIWoMNIbJ9ykg1P5zZJNFnrADV2Po=
Subject key identifier:   70:39:3A:48:DA:D6:21:87:DE:42:FE:A7:D1:31:7E:88:50:CC:6F:BD
Certificate issuer:       /CN=2928db241541d6b6a6490004060aa71ad6ec189c
Certificate serial:       018CC34919D689993D5AA06122D89EB0A2EE
Authority key identifier: 29:28:DB:24:15:41:D6:B6:A6:49:00:04:06:0A:A7:1A:D6:EC:18:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KSjbJBVB1ramSQAEBgqnGtbsGJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/a47475-179b-477f-b554-29356341c5fd/1/cDk6SNrWIYfeQv6n0TF-iFDMb70.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213075
IP address blocks:        185.243.84.0/22 maxlen: 22
                          185.243.84.0/23 maxlen: 23
                          185.243.86.0/23 maxlen: 23
                          185.243.86.0/24 maxlen: 24
                          185.243.87.0/24 maxlen: 24
                          193.200.250.0/24 maxlen: 24
                          2a0d:d81::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/a47475-179b-477f-b554-29356341c5fd/1/KSjbJBVB1ramSQAEBgqnGtbsGJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/a47475-179b-477f-b554-29356341c5fd/1/KSjbJBVB1ramSQAEBgqnGtbsGJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KSjbJBVB1ramSQAEBgqnGtbsGJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:19:d6:89:99:3d:5a:a0:61:22:d8:9e:b0:a2:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2928db241541d6b6a6490004060aa71ad6ec189c
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70393a48dad62187de42fea7d1317e8850cc6fbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f0:de:f1:3a:dd:ca:4e:7e:2d:8e:00:64:4a:
                    68:55:2f:07:c4:a9:85:9f:35:ab:64:d5:1f:f1:74:
                    f8:5b:ae:0c:4a:d4:25:7e:22:6e:d3:70:b8:ba:03:
                    65:31:ae:a1:66:5d:f6:e6:98:66:7f:e5:b8:53:e9:
                    f2:fa:50:65:f1:60:65:e5:16:01:bf:ed:2d:48:da:
                    4d:9b:cf:2f:aa:93:03:dc:74:fa:da:d3:cc:25:88:
                    f6:b9:3f:62:90:12:05:71:df:01:26:f3:54:7e:14:
                    e7:a8:55:35:e9:7e:90:1e:0b:4d:21:a6:ad:bc:04:
                    33:2c:d7:49:33:fa:58:89:5f:68:d1:69:b2:ef:ca:
                    be:c8:f5:f2:a7:26:69:16:30:1d:ec:80:b2:f1:f8:
                    80:c5:1b:48:6a:32:6e:6c:00:e5:39:05:54:85:aa:
                    08:8b:16:b9:f5:31:25:05:7e:51:e6:d5:bd:cb:d9:
                    e8:c5:7b:db:61:42:c1:83:9b:1f:e8:9e:0c:d9:6e:
                    6e:aa:a9:2a:68:12:dd:8b:e9:c1:4f:c2:0a:48:c9:
                    8d:67:33:6f:29:d6:1c:5a:f0:0f:0f:be:22:cb:1a:
                    b3:55:55:a2:3d:07:1b:d8:b3:ec:92:3a:2d:c0:43:
                    27:8b:8d:4d:3a:8f:14:2a:87:39:a3:6a:60:25:2b:
                    2d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:39:3A:48:DA:D6:21:87:DE:42:FE:A7:D1:31:7E:88:50:CC:6F:BD
            X509v3 Authority Key Identifier:
                keyid:29:28:DB:24:15:41:D6:B6:A6:49:00:04:06:0A:A7:1A:D6:EC:18:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KSjbJBVB1ramSQAEBgqnGtbsGJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a47475-179b-477f-b554-29356341c5fd/1/cDk6SNrWIYfeQv6n0TF-iFDMb70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a47475-179b-477f-b554-29356341c5fd/1/KSjbJBVB1ramSQAEBgqnGtbsGJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.84.0/22
                  193.200.250.0/24
                IPv6:
                  2a0d:d81::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:d6:8c:1c:2e:6b:4e:28:26:27:25:f0:40:97:25:c4:24:d5:
         6f:30:09:ef:d2:72:19:bd:3c:38:13:06:e8:57:ae:fc:1f:88:
         a2:28:46:56:ab:e6:ac:4a:a0:56:be:e4:83:ef:b8:3e:4a:b7:
         ef:2a:40:d7:3d:b6:02:f6:58:02:3a:bc:cd:87:c8:26:56:b0:
         99:fa:b1:3f:fb:7c:df:27:aa:d6:55:92:ff:1e:cc:ae:df:40:
         a6:e0:83:f4:e8:59:70:10:bd:c3:19:98:f9:5a:09:2a:14:ff:
         31:27:89:d2:31:ce:4c:b2:53:cc:64:3e:6a:62:42:69:7d:74:
         4c:82:c2:0a:de:d5:4b:c0:c8:38:85:ae:28:6e:1a:3b:eb:69:
         69:de:15:59:8f:19:ab:b4:10:fe:3c:5a:39:38:6d:98:e1:0f:
         7a:ef:0c:ab:0a:24:a1:00:48:6d:62:39:4b:60:7a:d9:59:11:
         f7:24:d7:77:78:9a:66:b7:74:c9:58:01:4e:83:60:0f:3d:12:
         9e:31:2d:96:30:64:fa:ee:4b:29:87:be:00:50:5c:26:17:6b:
         2e:ba:93:45:8f:a6:a3:70:78:5e:d5:47:fb:93:7f:ec:86:4c:
         bb:1e:6c:13:da:3a:f7:34:5d:9e:91:a0:3f:7f:d2:3b:46:c1:
         05:76:d3:26
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSRnWiZk9WqBhItiesKLuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MjhkYjI0MTU0MWQ2YjZhNjQ5MDAwNDA2MGFhNzFhZDZl
YzE4OWMwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDM5M2E0OGRhZDYyMTg3ZGU0MmZlYTdkMTMxN2U4ODUwY2M2ZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPDe8Trdyk5+LY4AZEpoVS8HxKmF
nzWrZNUf8XT4W64MStQlfiJu03C4ugNlMa6hZl325phmf+W4U+ny+lBl8WBl5RYB
v+0tSNpNm88vqpMD3HT62tPMJYj2uT9ikBIFcd8BJvNUfhTnqFU16X6QHgtNIaat
vAQzLNdJM/pYiV9o0Wmy78q+yPXypyZpFjAd7ICy8fiAxRtIajJubADlOQVUhaoI
ixa59TElBX5R5tW9y9noxXvbYULBg5sf6J4M2W5uqqkqaBLdi+nBT8IKSMmNZzNv
KdYcWvAPD74iyxqzVVWiPQcb2LPskjotwEMni41NOo8UKoc5o2pgJSstjwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHA5Okja1iGH3kL+p9ExfohQzG+9MB8GA1UdIwQY
MBaAFCko2yQVQda2pkkABAYKpxrW7BicMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1NqYkpCVkIxcmFtU1FBRUJncW5HdGJzR0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hNDc0NzUtMTc5Yi00NzdmLWI1NTQt
MjkzNTYzNDFjNWZkLzEvY0RrNlNOcldJWWZlUXY2bjBURi1pRkRNYjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9hNDc0NzUtMTc5Yi00NzdmLWI1NTQtMjkzNTYzNDFjNWZk
LzEvS1NqYkpCVkIxcmFtU1FBRUJncW5HdGJzR0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCufNUAwQA
wcj6MA0EAgACMAcDBQAqDQ2BMA0GCSqGSIb3DQEBCwUAA4IBAQBc1owcLmtOKCYn
JfBAlyXEJNVvMAnv0nIZvTw4EwboV678H4iiKEZWq+asSqBWvuSD77g+SrfvKkDX
PbYC9lgCOrzNh8gmVrCZ+rE/+3zfJ6rWVZL/Hsyu30Cm4IP06FlwEL3DGZj5Wgkq
FP8xJ4nSMc5MslPMZD5qYkJpfXRMgsIK3tVLwMg4ha4obho762lp3hVZjxmrtBD+
PFo5OG2Y4Q967wyrCiShAEhtYjlLYHrZWRH3JNd3eJpmt3TJWAFOg2APPRKeMS2W
MGT67ksph74AUFwmF2suupNFj6ajcHhe1Uf7k3/shky7HmwT2jr3NF2ekaA/f9I7
RsEFdtMm
-----END CERTIFICATE-----
Generated at Sat Nov 23 14:51:18 2024 by rpki-client on console-ams.rpki-client.org