Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/IKgvUcJUZp16rR_j84QruNO8gog.roa
File:                     IKgvUcJUZp16rR_j84QruNO8gog.roa (raw, json)
Hash identifier:          NvVVEKSAsUl4hmRuNYRiHzLGDsMB45r6YkgIUT2Nne4=
Subject key identifier:   20:A8:2F:51:C2:54:66:9D:7A:AD:1F:E3:F3:84:2B:B8:D3:BC:82:88
Certificate issuer:       /CN=f5e8e36be1dba073590382bb1ffff317653900d1
Certificate serial:       018CC94AC8218F505A89278ED5750FAB0CFB
Authority key identifier: F5:E8:E3:6B:E1:DB:A0:73:59:03:82:BB:1F:FF:F3:17:65:39:00:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ejja-HboHNZA4K7H__zF2U5ANE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/IKgvUcJUZp16rR_j84QruNO8gog.roa
Signing time:             Tue 02 Jan 2024 08:29:30 +0000
ROA not before:           Tue 02 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200003
IP address blocks:        185.39.104.0/22 maxlen: 22
                          185.39.104.0/24 maxlen: 24
                          185.39.105.0/24 maxlen: 24
                          185.39.107.0/24 maxlen: 24
                          185.39.106.0/24 maxlen: 24
                          2a04:7b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/9ejja-HboHNZA4K7H__zF2U5ANE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/9ejja-HboHNZA4K7H__zF2U5ANE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ejja-HboHNZA4K7H__zF2U5ANE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 05:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:c8:21:8f:50:5a:89:27:8e:d5:75:0f:ab:0c:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5e8e36be1dba073590382bb1ffff317653900d1
        Validity
            Not Before: Jan  2 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20a82f51c254669d7aad1fe3f3842bb8d3bc8288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:20:81:2b:a5:7c:ae:b8:2a:5d:9d:da:b5:55:
                    d0:1a:6b:19:ef:b6:c6:e1:a8:df:83:7b:c9:44:45:
                    84:a1:bf:15:b3:06:d0:57:55:7c:75:6e:99:1e:89:
                    c6:2a:17:cf:4f:0d:07:6f:9a:f9:e4:17:0c:90:92:
                    74:e7:95:09:b1:9d:73:cf:bf:9e:b2:de:14:bf:c0:
                    92:13:8c:11:88:d9:c9:53:82:d5:0f:13:ad:f0:0a:
                    d7:46:d1:61:36:89:18:6d:67:e5:2b:8a:d9:05:3a:
                    45:88:0c:f1:40:75:54:92:d9:6d:e5:bb:7c:6c:c0:
                    13:49:80:44:b3:e4:2f:c6:cc:03:12:d2:68:a4:1f:
                    15:ea:25:8e:74:1d:3b:b4:6c:46:38:57:8d:38:dc:
                    80:ab:b9:6c:34:3c:c2:b6:e4:db:fc:e6:ab:53:69:
                    38:9b:ea:9b:fb:7c:92:67:84:98:d3:d3:d5:12:14:
                    92:52:ba:6e:d1:ff:52:09:c0:3d:60:65:e8:98:18:
                    08:ab:3f:11:5e:90:cf:f6:94:bd:75:90:04:77:0d:
                    7e:56:5f:b3:b1:2f:9b:e4:22:86:5d:e8:70:1c:01:
                    05:2d:1b:69:29:a3:7f:85:e2:ba:d8:a8:36:9a:7e:
                    b4:13:19:29:7e:2d:c0:a3:d4:71:0e:b3:05:ab:4d:
                    ed:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A8:2F:51:C2:54:66:9D:7A:AD:1F:E3:F3:84:2B:B8:D3:BC:82:88
            X509v3 Authority Key Identifier:
                keyid:F5:E8:E3:6B:E1:DB:A0:73:59:03:82:BB:1F:FF:F3:17:65:39:00:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ejja-HboHNZA4K7H__zF2U5ANE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/IKgvUcJUZp16rR_j84QruNO8gog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1ec1d7-aced-4eaa-978c-2a990f2850fb/1/9ejja-HboHNZA4K7H__zF2U5ANE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.104.0/22
                IPv6:
                  2a04:7b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:84:ea:48:a9:79:6a:09:6a:01:48:04:39:6c:06:34:78:64:
         19:3f:b0:a7:59:d8:9d:2c:32:a9:84:07:46:b9:cb:93:97:3e:
         d8:7f:57:44:32:61:83:9e:cb:d5:48:ac:80:2a:cf:95:5e:be:
         f1:95:bb:f4:7c:92:81:bc:02:5d:9b:50:58:38:d2:ab:25:ca:
         ab:4d:6d:04:54:2f:53:4e:0a:14:4c:c6:3c:11:ef:51:2b:96:
         f0:53:9c:2b:75:1d:31:1f:86:3b:b5:39:68:d7:db:60:dc:cd:
         fc:76:b8:a5:0a:b0:18:f2:25:11:dd:d8:0a:74:ec:f0:d3:03:
         c1:a0:c8:17:b6:99:c4:31:0d:36:d3:bf:bf:3a:f5:6b:f9:84:
         7e:41:88:21:04:e9:28:27:d2:39:15:ec:eb:8d:20:c9:1d:a7:
         61:b2:58:30:61:b4:6c:0f:09:da:8d:2e:0c:af:19:34:9c:48:
         92:f1:bb:c0:de:c7:63:6f:92:65:88:10:2b:b0:17:86:c4:a1:
         a9:97:05:98:d8:e2:8a:36:d8:b5:79:38:96:14:1c:7e:ac:32:
         59:53:66:f1:38:4e:65:ef:63:37:38:e1:f7:a0:ea:2b:44:fa:
         e9:27:93:9b:69:bb:cc:fb:f6:7c:e7:9e:8f:3c:3f:bd:ae:bb:
         80:33:bb:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJSsghj1BaiSeO1XUPqwz7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZThlMzZiZTFkYmEwNzM1OTAzODJiYjFmZmZmMzE3NjUz
OTAwZDEwHhcNMjQwMTAyMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGE4MmY1MWMyNTQ2NjlkN2FhZDFmZTNmMzg0MmJiOGQzYmM4Mjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCCBK6V8rrgqXZ3atVXQGmsZ77bG
4ajfg3vJREWEob8VswbQV1V8dW6ZHonGKhfPTw0Hb5r55BcMkJJ055UJsZ1zz7+e
st4Uv8CSE4wRiNnJU4LVDxOt8ArXRtFhNokYbWflK4rZBTpFiAzxQHVUktlt5bt8
bMATSYBEs+QvxswDEtJopB8V6iWOdB07tGxGOFeNONyAq7lsNDzCtuTb/OarU2k4
m+qb+3ySZ4SY09PVEhSSUrpu0f9SCcA9YGXomBgIqz8RXpDP9pS9dZAEdw1+Vl+z
sS+b5CKGXehwHAEFLRtpKaN/heK62Kg2mn60Exkpfi3Ao9RxDrMFq03tAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCCoL1HCVGadeq0f4/OEK7jTvIKIMB8GA1UdIwQY
MBaAFPXo42vh26BzWQOCux//8xdlOQDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWVqamEtSGJvSE5aQTRLN0hfX3pGMlU1QU5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xZWMxZDctYWNlZC00ZWFhLTk3OGMt
MmE5OTBmMjg1MGZiLzEvSUtndlVjSlVacDE2clJfajg0UXJ1Tk84Z29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xZWMxZDctYWNlZC00ZWFhLTk3OGMtMmE5OTBmMjg1MGZi
LzEvOWVqamEtSGJvSE5aQTRLN0hfX3pGMlU1QU5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSdoMA0E
AgACMAcDBQMqBHtAMA0GCSqGSIb3DQEBCwUAA4IBAQAxhOpIqXlqCWoBSAQ5bAY0
eGQZP7CnWdidLDKphAdGucuTlz7Yf1dEMmGDnsvVSKyAKs+VXr7xlbv0fJKBvAJd
m1BYONKrJcqrTW0EVC9TTgoUTMY8Ee9RK5bwU5wrdR0xH4Y7tTlo19tg3M38dril
CrAY8iUR3dgKdOzw0wPBoMgXtpnEMQ0207+/OvVr+YR+QYghBOkoJ9I5FezrjSDJ
HadhslgwYbRsDwnajS4Mrxk0nEiS8bvA3sdjb5JliBArsBeGxKGplwWY2OKKNti1
eTiWFBx+rDJZU2bxOE5l72M3OOH3oOorRPrpJ5ObabvM+/Z8556PPD+9rruAM7um
-----END CERTIFICATE-----
Generated at Mon Jun 17 12:11:41 2024 by rpki-client on console-ams.rpki-client.org