Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/a0e90f-2198-442e-95fc-b7f63423f192/1/_8rJuTQOL6dA7I04wwPydxCa3_I.roa
File:                     _8rJuTQOL6dA7I04wwPydxCa3_I.roa (raw, json)
Hash identifier:          Cu5wVONAKbIO6p9xyDmta5EinVSBkwim6xF3jQ6wQkE=
Subject key identifier:   FF:CA:C9:B9:34:0E:2F:A7:40:EC:8D:38:C3:03:F2:77:10:9A:DF:F2
Certificate issuer:       /CN=84695c825129e3654a508b3bc529fe3a5b3839b1
Certificate serial:       018CC64B4B788F1763CE35FF3C0793BD91B8
Authority key identifier: 84:69:5C:82:51:29:E3:65:4A:50:8B:3B:C5:29:FE:3A:5B:38:39:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hGlcglEp42VKUIs7xSn-Ols4ObE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/a0e90f-2198-442e-95fc-b7f63423f192/1/_8rJuTQOL6dA7I04wwPydxCa3_I.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        194.56.216.0/23 maxlen: 23
                          194.56.222.0/23 maxlen: 23
                          2a0f:13c6::/31 maxlen: 31
                          2a0f:13c0::/31 maxlen: 31
                          2a0f:13c2::/31 maxlen: 31
                          2a0f:13c4::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/a0e90f-2198-442e-95fc-b7f63423f192/1/hGlcglEp42VKUIs7xSn-Ols4ObE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/a0e90f-2198-442e-95fc-b7f63423f192/1/hGlcglEp42VKUIs7xSn-Ols4ObE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hGlcglEp42VKUIs7xSn-Ols4ObE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4b:78:8f:17:63:ce:35:ff:3c:07:93:bd:91:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84695c825129e3654a508b3bc529fe3a5b3839b1
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffcac9b9340e2fa740ec8d38c303f277109adff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:9f:10:1a:25:a6:18:02:a7:24:95:50:8f:ec:
                    a9:0a:88:b8:5c:89:6d:4d:f8:f9:ee:ad:1a:6f:4a:
                    41:fa:74:25:47:88:65:e5:99:1c:ae:17:37:49:00:
                    01:e5:0b:ee:9a:81:9c:1d:ce:1d:1a:71:fb:d6:80:
                    f2:6f:2f:c8:56:fd:a6:c6:1a:94:9e:0b:4b:61:c4:
                    5f:af:61:81:56:09:c2:e7:3a:82:04:51:73:73:84:
                    f9:d0:ac:64:f0:15:c0:8c:61:36:94:d2:79:1b:cf:
                    ed:eb:48:69:14:f6:9b:58:b5:c2:08:c3:f7:ec:44:
                    d6:0f:3d:16:87:0a:4d:47:e2:1e:8b:99:9b:4f:df:
                    82:82:5d:ce:c4:6c:d9:0d:e7:f8:e0:0f:d2:b0:02:
                    43:44:0a:c9:e8:23:d0:f2:b7:9a:93:64:9c:66:db:
                    04:e6:49:cd:e8:77:dd:3e:85:70:1c:fe:c1:69:17:
                    22:3f:06:b6:5b:65:1d:48:ba:cf:93:39:9d:d4:89:
                    fb:a6:96:53:1a:ca:95:f6:88:49:c6:af:a0:81:67:
                    14:37:f6:61:33:59:f6:6f:40:3a:c8:dc:e9:08:a5:
                    b3:b9:41:0f:35:e8:02:59:af:0e:0e:b4:25:91:69:
                    f8:10:d0:01:e6:90:bd:2e:f6:f7:09:04:43:d0:d1:
                    63:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:CA:C9:B9:34:0E:2F:A7:40:EC:8D:38:C3:03:F2:77:10:9A:DF:F2
            X509v3 Authority Key Identifier:
                keyid:84:69:5C:82:51:29:E3:65:4A:50:8B:3B:C5:29:FE:3A:5B:38:39:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hGlcglEp42VKUIs7xSn-Ols4ObE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/a0e90f-2198-442e-95fc-b7f63423f192/1/_8rJuTQOL6dA7I04wwPydxCa3_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/a0e90f-2198-442e-95fc-b7f63423f192/1/hGlcglEp42VKUIs7xSn-Ols4ObE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.216.0/23
                  194.56.222.0/23
                IPv6:
                  2a0f:13c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:2e:6f:f7:73:d2:b3:15:17:e2:b5:b5:bf:a5:81:55:c5:03:
         4c:8e:02:28:18:40:db:7f:23:d6:c8:3d:51:c3:df:c4:9d:ab:
         94:a7:1b:76:bb:6e:74:53:1f:7c:5b:43:a6:22:6c:bb:8c:38:
         70:fe:ff:a2:62:bf:71:b7:09:47:12:39:f9:00:95:27:07:f2:
         a3:5f:4f:47:0d:36:4b:53:82:52:fe:af:4f:8e:bd:10:fa:7a:
         e8:eb:ab:e3:32:53:0a:51:06:0f:a1:74:aa:7c:2f:d2:99:99:
         5f:d6:78:e4:d5:be:ea:62:c3:3b:98:c6:21:9d:0f:0c:f3:4f:
         28:18:56:74:42:54:43:f6:d3:e6:aa:f7:62:bb:05:fd:d2:6d:
         99:08:53:35:46:73:62:26:23:f0:e6:43:94:31:e4:fa:65:1a:
         eb:68:e9:c0:91:9c:b7:e2:12:bd:53:c5:44:e0:83:f5:f3:4e:
         4b:9b:cb:dd:be:8b:4d:39:a6:b0:bf:75:41:de:d1:f5:68:32:
         b0:4f:fb:29:cc:df:53:a8:c5:91:c6:f6:4b:6b:ff:a5:a1:0d:
         3b:09:e8:ad:c9:7d:66:7e:23:33:94:d7:e7:d6:fc:1d:77:40:
         5e:54:d3:82:af:fe:f3:d0:56:cf:5b:b0:43:db:b0:b0:a7:90:
         06:60:77:ad
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGS0t4jxdjzjX/PAeTvZG4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0Njk1YzgyNTEyOWUzNjU0YTUwOGIzYmM1MjlmZTNhNWIz
ODM5YjEwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmNhYzliOTM0MGUyZmE3NDBlYzhkMzhjMzAzZjI3NzEwOWFkZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgp8QGiWmGAKnJJVQj+ypCoi4XIlt
Tfj57q0ab0pB+nQlR4hl5Zkcrhc3SQAB5QvumoGcHc4dGnH71oDyby/IVv2mxhqU
ngtLYcRfr2GBVgnC5zqCBFFzc4T50Kxk8BXAjGE2lNJ5G8/t60hpFPabWLXCCMP3
7ETWDz0WhwpNR+Iei5mbT9+Cgl3OxGzZDef44A/SsAJDRArJ6CPQ8reak2ScZtsE
5knN6HfdPoVwHP7BaRciPwa2W2UdSLrPkzmd1In7ppZTGsqV9ohJxq+ggWcUN/Zh
M1n2b0A6yNzpCKWzuUEPNegCWa8ODrQlkWn4ENAB5pC9Lvb3CQRD0NFjLwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP/Kybk0Di+nQOyNOMMD8ncQmt/yMB8GA1UdIwQY
MBaAFIRpXIJRKeNlSlCLO8Up/jpbODmxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEdsY2dsRXA0MlZLVUlzN3hTbi1PbHM0T2JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9hMGU5MGYtMjE5OC00NDJlLTk1ZmMt
YjdmNjM0MjNmMTkyLzEvXzhySnVUUU9MNmRBN0kwNHd3UHlkeENhM19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9hMGU5MGYtMjE5OC00NDJlLTk1ZmMtYjdmNjM0MjNmMTky
LzEvaEdsY2dsRXA0MlZLVUlzN3hTbi1PbHM0T2JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwjjYAwQB
wjjeMA0EAgACMAcDBQMqDxPAMA0GCSqGSIb3DQEBCwUAA4IBAQAjLm/3c9KzFRfi
tbW/pYFVxQNMjgIoGEDbfyPWyD1Rw9/EnauUpxt2u250Ux98W0OmImy7jDhw/v+i
Yr9xtwlHEjn5AJUnB/KjX09HDTZLU4JS/q9Pjr0Q+nro66vjMlMKUQYPoXSqfC/S
mZlf1njk1b7qYsM7mMYhnQ8M808oGFZ0QlRD9tPmqvdiuwX90m2ZCFM1RnNiJiPw
5kOUMeT6ZRrraOnAkZy34hK9U8VE4IP1805Lm8vdvotNOaawv3VB3tH1aDKwT/sp
zN9TqMWRxvZLa/+loQ07CeityX1mfiMzlNfn1vwdd0BeVNOCr/7z0FbPW7BD27Cw
p5AGYHet
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:08:31 2024 by rpki-client on console-ams.rpki-client.org