Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/Yi42xy7xwSC9Mz4ie1JHpYpCkNs.roa
File:                     Yi42xy7xwSC9Mz4ie1JHpYpCkNs.roa (raw, json)
Hash identifier:          /NO4oAAn57oLJvbGPvE6JhCXOIdZoKwu1k/xOre+u4Q=
Subject key identifier:   62:2E:36:C7:2E:F1:C1:20:BD:33:3E:22:7B:52:47:A5:8A:42:90:DB
Certificate issuer:       /CN=28164a5757fdd5725a60844f2ae7ef73b107a4c0
Certificate serial:       018CC424FDCD8B4958F5B3179C1659E91CC3
Authority key identifier: 28:16:4A:57:57:FD:D5:72:5A:60:84:4F:2A:E7:EF:73:B1:07:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBZKV1f91XJaYIRPKufvc7EHpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/Yi42xy7xwSC9Mz4ie1JHpYpCkNs.roa
Signing time:             Mon 01 Jan 2024 08:30:07 +0000
ROA not before:           Mon 01 Jan 2024 08:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206377
IP address blocks:        185.178.180.0/22 maxlen: 22
                          2a0a:6780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/KBZKV1f91XJaYIRPKufvc7EHpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/KBZKV1f91XJaYIRPKufvc7EHpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBZKV1f91XJaYIRPKufvc7EHpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 10:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fd:cd:8b:49:58:f5:b3:17:9c:16:59:e9:1c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28164a5757fdd5725a60844f2ae7ef73b107a4c0
        Validity
            Not Before: Jan  1 08:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=622e36c72ef1c120bd333e227b5247a58a4290db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a9:5f:7a:ac:0d:4b:25:37:ea:f8:81:fb:e4:
                    d0:5d:48:d9:3f:42:ba:20:a1:f1:2f:29:4d:a3:51:
                    83:1a:4d:92:19:58:e1:aa:78:9e:7b:41:30:90:b1:
                    b8:5e:0f:74:0d:20:08:a9:4a:3c:6c:10:31:ab:c0:
                    93:72:76:33:43:a5:39:3c:e0:ed:98:06:13:e9:85:
                    2c:1d:21:d8:df:b3:7d:41:a7:20:1e:fa:13:7d:ac:
                    3c:38:f9:ba:11:4c:65:1b:cf:8d:46:4d:f5:b7:ed:
                    78:42:c3:c9:02:50:b5:c7:fb:e4:be:34:d3:59:65:
                    6a:07:6f:fb:6a:7b:2d:ab:68:98:e9:71:12:66:d0:
                    24:be:57:ee:32:2c:15:c0:04:ac:c1:74:21:c7:8f:
                    9d:38:c0:f6:d6:81:a5:a4:5d:60:c5:09:f3:25:48:
                    61:f4:86:7d:6f:88:c4:4d:6d:09:36:5f:19:73:ac:
                    ab:e0:b2:ee:4b:aa:ba:80:91:38:c3:c8:7c:6f:26:
                    fc:28:4c:55:b0:b0:71:d0:a0:bf:79:b1:87:04:2c:
                    a4:a1:08:61:f9:24:cc:c2:72:11:0b:3d:a9:65:67:
                    64:33:c1:a2:81:73:bc:2b:6b:cd:c1:cf:e5:3d:80:
                    cc:95:08:d9:89:4b:76:ab:ae:92:00:56:63:65:9c:
                    8c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:2E:36:C7:2E:F1:C1:20:BD:33:3E:22:7B:52:47:A5:8A:42:90:DB
            X509v3 Authority Key Identifier:
                keyid:28:16:4A:57:57:FD:D5:72:5A:60:84:4F:2A:E7:EF:73:B1:07:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBZKV1f91XJaYIRPKufvc7EHpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/Yi42xy7xwSC9Mz4ie1JHpYpCkNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/KBZKV1f91XJaYIRPKufvc7EHpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.180.0/22
                IPv6:
                  2a0a:6780::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:8d:4e:48:df:3b:60:25:44:49:92:03:02:67:09:75:cb:17:
         dc:16:b2:e7:f0:f4:0b:69:25:1f:b2:5a:aa:6e:ce:36:cf:ee:
         02:29:a9:75:67:c3:b7:43:13:42:a1:77:38:46:cf:dd:5a:34:
         ef:dd:52:25:df:f6:2b:8e:c2:10:40:63:82:f8:13:97:73:2d:
         70:99:28:50:94:84:05:02:22:ae:fc:2d:76:78:28:d4:6b:b6:
         20:59:e8:e4:9f:dc:f6:82:30:1f:e8:08:f9:4d:2a:cc:50:7a:
         8c:f3:8e:6f:f6:1f:76:b9:53:97:03:5d:9c:7e:0b:3e:6f:5a:
         b6:2e:46:97:70:d3:52:dd:7a:01:f1:60:54:f5:66:d1:db:d6:
         81:20:6b:40:84:ba:3e:dd:a1:76:98:20:bb:cf:74:53:fb:88:
         78:35:18:90:d4:cc:71:49:9a:96:46:da:53:61:4a:9f:c2:a4:
         9d:67:06:c7:18:35:c4:c1:5d:dd:e4:37:28:c3:5c:0f:ee:f6:
         44:56:06:9a:b2:0c:1b:ba:63:04:c1:d3:7d:c4:ca:ec:35:1a:
         ea:d0:a6:ea:b1:b0:02:0c:65:ce:76:70:84:6b:fe:f7:3b:06:
         9b:42:71:ab:b5:12:d3:42:f6:0f:6d:24:fa:a9:25:9c:59:08:
         5c:31:cd:89
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJP3Ni0lY9bMXnBZZ6RzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTY0YTU3NTdmZGQ1NzI1YTYwODQ0ZjJhZTdlZjczYjEw
N2E0YzAwHhcNMjQwMTAxMDgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjJlMzZjNzJlZjFjMTIwYmQzMzNlMjI3YjUyNDdhNThhNDI5MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKlfeqwNSyU36viB++TQXUjZP0K6
IKHxLylNo1GDGk2SGVjhqniee0EwkLG4Xg90DSAIqUo8bBAxq8CTcnYzQ6U5PODt
mAYT6YUsHSHY37N9QacgHvoTfaw8OPm6EUxlG8+NRk31t+14QsPJAlC1x/vkvjTT
WWVqB2/7anstq2iY6XESZtAkvlfuMiwVwASswXQhx4+dOMD21oGlpF1gxQnzJUhh
9IZ9b4jETW0JNl8Zc6yr4LLuS6q6gJE4w8h8byb8KExVsLBx0KC/ebGHBCykoQhh
+STMwnIRCz2pZWdkM8GigXO8K2vNwc/lPYDMlQjZiUt2q66SAFZjZZyMswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGIuNscu8cEgvTM+IntSR6WKQpDbMB8GA1UdIwQY
MBaAFCgWSldX/dVyWmCETyrn73OxB6TAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JaS1YxZjkxWEphWUlSUEt1ZnZjN0VIcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NTUzNWItZTYzMC00NTdmLThhMDEt
YWVhZTViYmMzOTIwLzEvWWk0Mnh5N3h3U0M5TXo0aWUxSkhwWXBDa05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NTUzNWItZTYzMC00NTdmLThhMDEtYWVhZTViYmMzOTIw
LzEvS0JaS1YxZjkxWEphWUlSUEt1ZnZjN0VIcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubK0MA0E
AgACMAcDBQMqCmeAMA0GCSqGSIb3DQEBCwUAA4IBAQBsjU5I3ztgJURJkgMCZwl1
yxfcFrLn8PQLaSUfslqqbs42z+4CKal1Z8O3QxNCoXc4Rs/dWjTv3VIl3/YrjsIQ
QGOC+BOXcy1wmShQlIQFAiKu/C12eCjUa7YgWejkn9z2gjAf6Aj5TSrMUHqM845v
9h92uVOXA12cfgs+b1q2LkaXcNNS3XoB8WBU9WbR29aBIGtAhLo+3aF2mCC7z3RT
+4h4NRiQ1MxxSZqWRtpTYUqfwqSdZwbHGDXEwV3d5Dcow1wP7vZEVgaasgwbumME
wdN9xMrsNRrq0KbqsbACDGXOdnCEa/73OwabQnGrtRLTQvYPbST6qSWcWQhcMc2J
-----END CERTIFICATE-----
Generated at Sat Nov 23 18:59:24 2024 by rpki-client on console-fra.rpki-client.org