Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/us_YEYNVrzQaivNprR6B6znFSg4.roa
File:                     us_YEYNVrzQaivNprR6B6znFSg4.roa (raw, json)
Hash identifier:          cZYbzkGSSxkVMR7sQizgxL0GT28JkKskZu6UREgJxT4=
Subject key identifier:   BA:CF:D8:11:83:55:AF:34:1A:8A:F3:69:AD:1E:81:EB:39:C5:4A:0E
Certificate issuer:       /CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
Certificate serial:       018CC5DC467D954FAD80C1014C0A06C6FA60
Authority key identifier: E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/us_YEYNVrzQaivNprR6B6znFSg4.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     65725
IP address blocks:        160.218.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:46:7d:95:4f:ad:80:c1:01:4c:0a:06:c6:fa:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bacfd8118355af341a8af369ad1e81eb39c54a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:38:42:15:cc:a0:ec:59:47:58:ef:6a:fd:76:
                    52:5f:86:57:bf:d7:16:73:f4:d3:9b:21:15:69:be:
                    a9:ad:22:7b:c4:9d:c1:92:65:66:07:c5:64:7b:15:
                    3b:cb:c4:38:3f:92:e4:8c:f2:a6:2c:8a:50:4d:36:
                    75:ea:b5:1f:d2:ee:ef:51:96:8d:3d:42:33:d3:71:
                    e9:72:98:10:3e:2e:f8:9d:76:32:b3:47:8a:22:a3:
                    0a:6e:48:9d:8f:29:1b:ac:06:48:a2:c5:fd:1c:14:
                    f3:c9:f0:11:8d:c1:6f:76:b4:03:4e:71:19:45:22:
                    fd:5b:f6:18:00:fd:f8:62:35:1f:83:ae:d1:1e:9f:
                    14:ac:9b:15:c0:2e:35:5f:ff:ba:49:42:05:a7:75:
                    27:85:ab:c8:bf:27:eb:ba:2d:db:44:0f:23:78:90:
                    86:0f:e5:69:01:e4:84:a5:d2:03:cf:01:74:da:c5:
                    08:65:96:df:a7:a9:10:3c:64:05:50:58:dc:f0:b5:
                    81:02:70:7c:5d:00:0a:71:8a:16:f2:c7:e0:98:e2:
                    58:92:65:50:77:34:1f:23:9f:d7:74:88:51:5d:92:
                    17:bc:42:a4:02:84:39:f2:a7:48:99:7e:c1:bc:33:
                    2e:90:9d:3a:02:d3:98:a9:b6:22:ed:98:da:7a:1e:
                    58:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:CF:D8:11:83:55:AF:34:1A:8A:F3:69:AD:1E:81:EB:39:C5:4A:0E
            X509v3 Authority Key Identifier:
                keyid:E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/us_YEYNVrzQaivNprR6B6znFSg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.218.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:22:16:44:71:58:45:7e:12:37:05:9f:76:e3:36:e6:14:44:
         f0:68:43:a8:32:46:3c:c3:28:b8:74:6d:ad:a0:5b:e8:72:f0:
         86:25:61:32:96:fe:a0:07:37:d6:c6:26:be:d8:b6:ae:77:75:
         d9:0a:57:bd:df:a0:53:3e:34:f3:4b:de:8a:de:38:8f:7c:c8:
         9b:6b:45:9a:85:ff:67:c9:9d:28:74:c7:57:c4:12:84:3e:25:
         01:2b:46:35:d9:85:45:44:75:9b:20:ee:72:dc:c8:8c:c4:eb:
         77:d0:52:58:f5:85:1a:dd:66:04:82:2b:48:cc:93:d7:c9:a2:
         67:23:fd:71:e7:45:41:dc:f8:ce:9b:e1:5e:28:35:f1:db:2c:
         d7:a3:a4:e0:4d:4d:cf:af:77:50:c1:af:87:4c:37:33:05:ce:
         59:d2:a1:89:7e:f7:40:31:b7:ec:5d:08:da:e0:04:aa:6f:ae:
         a0:25:11:eb:c1:b2:a3:7c:dd:2c:86:4a:e9:2b:94:fe:80:18:
         a0:bc:dc:57:c8:83:45:e4:a4:79:2c:4b:5b:c9:1d:b1:a2:d8:
         ed:ba:e7:33:98:2c:a4:34:aa:07:c0:12:76:b2:08:41:63:f2:
         88:23:79:83:c0:c2:7c:49:09:a0:0a:a2:af:6b:66:8a:21:52:
         c0:66:36:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EZ9lU+tgMEBTAoGxvpgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDZjNmU4YmNlZDQwYmQwMzJkMTc3MThjMWIxZTM5YWU4
NDFhZTgwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWNmZDgxMTgzNTVhZjM0MWE4YWYzNjlhZDFlODFlYjM5YzU0YTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDhCFcyg7FlHWO9q/XZSX4ZXv9cW
c/TTmyEVab6prSJ7xJ3BkmVmB8VkexU7y8Q4P5LkjPKmLIpQTTZ16rUf0u7vUZaN
PUIz03HpcpgQPi74nXYys0eKIqMKbkidjykbrAZIosX9HBTzyfARjcFvdrQDTnEZ
RSL9W/YYAP34YjUfg67RHp8UrJsVwC41X/+6SUIFp3UnhavIvyfrui3bRA8jeJCG
D+VpAeSEpdIDzwF02sUIZZbfp6kQPGQFUFjc8LWBAnB8XQAKcYoW8sfgmOJYkmVQ
dzQfI5/XdIhRXZIXvEKkAoQ58qdImX7BvDMukJ06AtOYqbYi7Zjaeh5YmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrP2BGDVa80Gorzaa0eges5xUoOMB8GA1UdIwQY
MBaAFOXWxui87UC9Ay0XcYwbHjmuhBroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQt
YmQyNDliNjI1Nzk3LzEvdXNfWUVZTlZyelFhaXZOcHJSNkI2em5GU2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQtYmQyNDliNjI1Nzk3
LzEvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCoNrUMA0G
CSqGSIb3DQEBCwUAA4IBAQB9IhZEcVhFfhI3BZ924zbmFETwaEOoMkY8wyi4dG2t
oFvocvCGJWEylv6gBzfWxia+2Laud3XZCle936BTPjTzS96K3jiPfMiba0Wahf9n
yZ0odMdXxBKEPiUBK0Y12YVFRHWbIO5y3MiMxOt30FJY9YUa3WYEgitIzJPXyaJn
I/1x50VB3PjOm+FeKDXx2yzXo6TgTU3Pr3dQwa+HTDczBc5Z0qGJfvdAMbfsXQja
4ASqb66gJRHrwbKjfN0shkrpK5T+gBigvNxXyINF5KR5LEtbyR2xotjtuuczmCyk
NKoHwBJ2sghBY/KII3mDwMJ8SQmgCqKva2aKIVLAZjYq
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:17:09 2024 by rpki-client on console-fra.rpki-client.org