Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/edecb7-bd59-4ebe-b201-6cf131c1caac/1/U8exogbXmh0pspjX2P2PCr7Jrqg.roa
File:                     U8exogbXmh0pspjX2P2PCr7Jrqg.roa (raw, json)
Hash identifier:          aLfYvJPLerhyKOI4hRBk9uzzv8WBUTqbZ3grEOEIAwo=
Subject key identifier:   53:C7:B1:A2:06:D7:9A:1D:29:B2:98:D7:D8:FD:8F:0A:BE:C9:AE:A8
Certificate issuer:       /CN=6c66d5cb2f9cad3f4843f714a4dc62d7213debe8
Certificate serial:       018CC3B6EE9E0F2155437255BC6DCC9D4A3C
Authority key identifier: 6C:66:D5:CB:2F:9C:AD:3F:48:43:F7:14:A4:DC:62:D7:21:3D:EB:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bGbVyy-crT9IQ_cUpNxi1yE96-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/edecb7-bd59-4ebe-b201-6cf131c1caac/1/U8exogbXmh0pspjX2P2PCr7Jrqg.roa
Signing time:             Mon 01 Jan 2024 06:29:54 +0000
ROA not before:           Mon 01 Jan 2024 06:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205042
IP address blocks:        188.74.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/edecb7-bd59-4ebe-b201-6cf131c1caac/1/bGbVyy-crT9IQ_cUpNxi1yE96-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/edecb7-bd59-4ebe-b201-6cf131c1caac/1/bGbVyy-crT9IQ_cUpNxi1yE96-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bGbVyy-crT9IQ_cUpNxi1yE96-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ee:9e:0f:21:55:43:72:55:bc:6d:cc:9d:4a:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c66d5cb2f9cad3f4843f714a4dc62d7213debe8
        Validity
            Not Before: Jan  1 06:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53c7b1a206d79a1d29b298d7d8fd8f0abec9aea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:62:d2:ae:05:8b:33:14:cc:ab:69:bf:c5:46:
                    f8:ee:21:9d:3d:56:38:f1:16:a4:0d:ce:14:a6:88:
                    a2:84:01:12:de:09:e7:94:c9:a2:b9:ca:35:d8:d9:
                    e6:80:af:87:55:29:81:de:55:5d:74:ff:02:97:5a:
                    de:62:d1:ca:77:a8:31:cb:da:48:80:ed:e1:e0:70:
                    94:03:aa:ba:56:ec:a6:cb:fe:0d:cd:c9:27:79:70:
                    35:33:25:f5:0a:8c:f8:59:90:ac:c4:db:40:70:1b:
                    15:f4:3f:99:09:48:c8:74:ae:a9:b1:7a:c8:bd:a7:
                    c2:2e:be:eb:a9:d8:ce:24:02:5d:c7:92:e2:b6:5d:
                    72:ef:97:95:0d:f8:78:a3:14:c1:70:5e:e4:61:00:
                    1c:dd:49:2a:92:31:83:ab:1d:21:00:c3:fa:8d:67:
                    c7:f0:c7:ca:b9:5a:d0:14:42:6b:ae:cc:9f:9e:ff:
                    4d:50:1b:6f:65:fc:55:2e:b5:20:cd:ad:fe:e9:1f:
                    4e:c9:1c:5f:43:6f:bc:d6:8a:fd:99:4b:ee:e6:6e:
                    cd:85:b3:e5:6c:2f:24:e5:4d:3a:13:49:1f:a7:ef:
                    fa:0b:b5:8e:ca:35:f7:82:ec:ab:3c:8f:f4:42:3f:
                    ca:01:bc:7f:27:54:90:7b:b1:df:cc:dd:17:61:84:
                    a9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C7:B1:A2:06:D7:9A:1D:29:B2:98:D7:D8:FD:8F:0A:BE:C9:AE:A8
            X509v3 Authority Key Identifier:
                keyid:6C:66:D5:CB:2F:9C:AD:3F:48:43:F7:14:A4:DC:62:D7:21:3D:EB:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bGbVyy-crT9IQ_cUpNxi1yE96-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/edecb7-bd59-4ebe-b201-6cf131c1caac/1/U8exogbXmh0pspjX2P2PCr7Jrqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/edecb7-bd59-4ebe-b201-6cf131c1caac/1/bGbVyy-crT9IQ_cUpNxi1yE96-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.74.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         13:b9:8c:11:74:6a:a7:39:c9:98:d3:0d:b4:21:ef:46:55:21:
         8f:f0:e3:db:29:28:d6:7c:f3:ea:6b:82:da:13:d2:b5:b9:43:
         79:1d:b7:05:1a:8c:d6:97:d8:c8:fe:e0:12:96:70:24:1a:40:
         14:77:84:d6:d6:f8:e5:04:56:a2:3f:c6:79:76:9f:43:f3:e9:
         d6:e2:c2:2f:04:26:f5:8d:ab:9c:6c:b7:db:7f:3a:45:c4:f2:
         42:3f:17:af:be:27:a7:f1:10:85:93:d0:bb:8e:cb:8d:f8:a8:
         9a:77:a8:00:f9:f5:7e:92:c0:0f:f9:cd:89:9a:5e:2b:a4:7b:
         78:85:da:0c:6f:a6:b8:ef:da:c5:45:2d:13:8b:91:ac:9c:9a:
         a8:c2:ea:9e:5d:4c:9b:b3:b9:2a:c2:c5:9d:eb:24:39:a9:db:
         3d:c1:0e:b7:96:28:12:ff:e0:50:63:d9:1e:3a:d7:25:49:38:
         ab:58:33:e0:5f:e7:ed:16:24:09:d1:a6:f7:bc:3c:b6:cd:4a:
         39:60:7f:b8:c3:e3:36:ae:a6:d1:ff:9f:77:36:cc:f6:30:c2:
         0c:ee:ac:3f:11:d6:e4:c5:b8:3c:7e:1c:88:c3:c0:21:a7:ee:
         2b:a3:6b:46:04:f8:ce:5d:6d:e0:7e:e8:20:35:20:7b:51:93:
         8e:e1:93:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtu6eDyFVQ3JVvG3MnUo8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNjZkNWNiMmY5Y2FkM2Y0ODQzZjcxNGE0ZGM2MmQ3MjEz
ZGViZTgwHhcNMjQwMTAxMDYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2M3YjFhMjA2ZDc5YTFkMjliMjk4ZDdkOGZkOGYwYWJlYzlhZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGLSrgWLMxTMq2m/xUb47iGdPVY4
8RakDc4UpoiihAES3gnnlMmiuco12NnmgK+HVSmB3lVddP8Cl1reYtHKd6gxy9pI
gO3h4HCUA6q6Vuymy/4NzckneXA1MyX1Coz4WZCsxNtAcBsV9D+ZCUjIdK6psXrI
vafCLr7rqdjOJAJdx5Litl1y75eVDfh4oxTBcF7kYQAc3UkqkjGDqx0hAMP6jWfH
8MfKuVrQFEJrrsyfnv9NUBtvZfxVLrUgza3+6R9OyRxfQ2+81or9mUvu5m7NhbPl
bC8k5U06E0kfp+/6C7WOyjX3guyrPI/0Qj/KAbx/J1SQe7HfzN0XYYSpNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPHsaIG15odKbKY19j9jwq+ya6oMB8GA1UdIwQY
MBaAFGxm1csvnK0/SEP3FKTcYtchPevoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkdiVnl5LWNyVDlJUV9jVXBOeGkxeUU5Ni1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9lZGVjYjctYmQ1OS00ZWJlLWIyMDEt
NmNmMTMxYzFjYWFjLzEvVThleG9nYlhtaDBwc3BqWDJQMlBDcjdKcnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9lZGVjYjctYmQ1OS00ZWJlLWIyMDEtNmNmMTMxYzFjYWFj
LzEvYkdiVnl5LWNyVDlJUV9jVXBOeGkxeUU5Ni1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEvEowMA0G
CSqGSIb3DQEBCwUAA4IBAQATuYwRdGqnOcmY0w20Ie9GVSGP8OPbKSjWfPPqa4La
E9K1uUN5HbcFGozWl9jI/uASlnAkGkAUd4TW1vjlBFaiP8Z5dp9D8+nW4sIvBCb1
jaucbLfbfzpFxPJCPxevvien8RCFk9C7jsuN+Kiad6gA+fV+ksAP+c2Jml4rpHt4
hdoMb6a479rFRS0Ti5GsnJqowuqeXUybs7kqwsWd6yQ5qds9wQ63ligS/+BQY9ke
OtclSTirWDPgX+ftFiQJ0ab3vDy2zUo5YH+4w+M2rqbR/593Nsz2MMIM7qw/Edbk
xbg8fhyIw8Ahp+4ro2tGBPjOXW3gfuggNSB7UZOO4ZPw
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:36:24 2024 by rpki-client on console-ams.rpki-client.org