Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/yJdumWwVYiSKS8VI5gvTdgFpbeU.roa
File:                     yJdumWwVYiSKS8VI5gvTdgFpbeU.roa (raw, json)
Hash identifier:          hBIzIO3zEnYPx7vs9kl6JN5yTUWVMJQ4gdpi7rOxflw=
Subject key identifier:   C8:97:6E:99:6C:15:62:24:8A:4B:C5:48:E6:0B:D3:76:01:69:6D:E5
Certificate issuer:       /CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
Certificate serial:       018CC56E164ED73E07E50562189E0E0E5E2B
Authority key identifier: FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/yJdumWwVYiSKS8VI5gvTdgFpbeU.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207088
IP address blocks:        195.210.96.0/22 maxlen: 22
                          195.210.104.0/22 maxlen: 22
                          195.210.116.0/22 maxlen: 22
                          195.210.120.0/22 maxlen: 22
                          2a0a:a200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:16:4e:d7:3e:07:e5:05:62:18:9e:0e:0e:5e:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8976e996c1562248a4bc548e60bd37601696de5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:aa:41:bb:41:e2:7b:76:16:a9:ae:47:06:04:
                    5d:8d:77:54:d4:2d:1e:4d:78:d6:ab:38:2f:fd:b3:
                    d2:ac:e3:21:3b:88:94:32:38:6d:45:5b:fd:87:ce:
                    3e:ea:ac:ec:4b:08:81:c2:dd:28:df:85:05:32:19:
                    f1:a9:06:56:a0:7a:5f:7e:25:a6:d6:cc:1e:62:84:
                    76:7d:b1:3d:12:0b:06:75:75:0d:bb:75:1d:0f:bd:
                    15:46:d8:12:7d:1c:bf:03:db:2d:30:59:60:e1:e5:
                    63:ea:26:27:23:b2:05:65:51:6c:8e:5f:91:84:a4:
                    f0:25:b9:cc:f8:42:87:28:95:52:e1:e0:8a:11:7a:
                    e8:77:11:0a:58:4f:ac:b7:35:ec:21:16:8b:9f:f1:
                    1c:85:f8:91:c1:c3:90:a9:8b:51:22:f2:8d:f6:fd:
                    bf:ae:3c:98:f8:d4:37:97:4c:0f:42:d5:21:6c:e4:
                    c2:40:bf:99:e3:a9:a3:86:ad:35:a6:13:99:24:cb:
                    2a:93:cf:cf:05:a7:b0:2a:c6:8a:46:cc:af:ce:48:
                    52:23:4b:10:16:38:b3:6a:8a:3c:48:11:78:da:3d:
                    63:b6:79:c9:7b:e3:3b:da:64:a6:49:c4:a2:bc:6f:
                    68:b2:af:ee:db:db:31:ef:c2:8a:bd:a7:e4:c1:db:
                    25:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:97:6E:99:6C:15:62:24:8A:4B:C5:48:E6:0B:D3:76:01:69:6D:E5
            X509v3 Authority Key Identifier:
                keyid:FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/yJdumWwVYiSKS8VI5gvTdgFpbeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.210.96.0/22
                  195.210.104.0/22
                  195.210.116.0-195.210.123.255
                IPv6:
                  2a0a:a200::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:55:c6:a3:71:8a:88:98:ad:ef:64:01:c8:55:ba:f8:58:c3:
         24:44:a6:8d:de:86:c7:6d:6b:28:3a:44:9f:b7:35:e7:65:c5:
         a1:36:2e:61:60:56:e7:73:0c:f3:f7:d4:79:28:5c:c3:de:0b:
         bc:0a:b1:a6:f9:d3:8e:76:02:22:4d:8e:97:02:07:b9:5a:bd:
         17:d5:c3:2a:32:59:b5:cb:67:86:5b:2b:76:2d:84:de:db:e4:
         b0:27:6a:24:30:66:20:cf:95:41:70:f4:44:be:7e:56:f6:53:
         52:87:79:60:6a:ef:23:a1:9f:88:81:7f:9e:fd:a6:b8:61:cb:
         08:d1:ef:33:fa:ec:29:9b:69:fe:bf:30:c5:8a:ec:8e:32:54:
         73:1a:7e:00:dd:52:38:98:cf:a6:c5:94:23:39:22:84:04:f1:
         ab:c2:ac:7e:7a:41:e0:13:5c:28:9f:11:99:17:1c:f2:02:44:
         c9:d1:b2:2f:95:53:a4:bd:76:98:ea:47:0d:b5:05:4c:c1:66:
         15:26:dd:78:79:43:42:62:9d:8b:14:a2:6f:a0:42:17:d7:15:
         c0:a1:d4:99:37:d6:b5:95:d6:24:32:3f:66:63:11:0c:97:aa:
         7a:cf:71:e4:00:1f:aa:2c:af:2b:18:30:0e:f7:c8:f3:96:c6:
         5c:dc:95:1c
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzFbhZO1z4H5QViGJ4ODl4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYjg0ZDlmOGY5ZTMzMTU2NTg5YTVlYmY3MjIyMDNhODk5
ZTBhNTEwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODk3NmU5OTZjMTU2MjI0OGE0YmM1NDhlNjBiZDM3NjAxNjk2ZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsapBu0Hie3YWqa5HBgRdjXdU1C0e
TXjWqzgv/bPSrOMhO4iUMjhtRVv9h84+6qzsSwiBwt0o34UFMhnxqQZWoHpffiWm
1sweYoR2fbE9EgsGdXUNu3UdD70VRtgSfRy/A9stMFlg4eVj6iYnI7IFZVFsjl+R
hKTwJbnM+EKHKJVS4eCKEXrodxEKWE+stzXsIRaLn/EchfiRwcOQqYtRIvKN9v2/
rjyY+NQ3l0wPQtUhbOTCQL+Z46mjhq01phOZJMsqk8/PBaewKsaKRsyvzkhSI0sQ
Fjizaoo8SBF42j1jtnnJe+M72mSmScSivG9osq/u29sx78KKvafkwdslMQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFMiXbplsFWIkikvFSOYL03YBaW3lMB8GA1UdIwQY
MBaAFP64TZ+PnjMVZYml6/ciIDqJngpRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMt
YWYxY2MyMzE3ZTM5LzEveUpkdW1Xd1ZZaVNLUzhWSTVndlRkZ0ZwYmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMtYWYxY2MyMzE3ZTM5
LzEvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQCw9JgAwQC
w9JoMAwDBALD0nQDBALD0ngwDQQCAAIwBwMFAyoKogAwDQYJKoZIhvcNAQELBQAD
ggEBAD1VxqNxioiYre9kAchVuvhYwyREpo3ehsdtayg6RJ+3NedlxaE2LmFgVudz
DPP31HkoXMPeC7wKsab50452AiJNjpcCB7lavRfVwyoyWbXLZ4ZbK3YthN7b5LAn
aiQwZiDPlUFw9ES+flb2U1KHeWBq7yOhn4iBf579prhhywjR7zP67Cmbaf6/MMWK
7I4yVHMafgDdUjiYz6bFlCM5IoQE8avCrH56QeATXCifEZkXHPICRMnRsi+VU6S9
dpjqRw21BUzBZhUm3Xh5Q0JinYsUom+gQhfXFcCh1Jk31rWV1iQyP2ZjEQyXqnrP
ceQAH6osrysYMA73yPOWxlzclRw=
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:35:04 2024 by rpki-client on console-ams.rpki-client.org