Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/K8gabvy8-WIZdmOmHDVW9mhDxw0.roa
File:                     K8gabvy8-WIZdmOmHDVW9mhDxw0.roa (raw, json)
Hash identifier:          mMfrmV2uKJyzwNtov3DPM+9Ac2aoxCHjrBXn1WPYozY=
Subject key identifier:   2B:C8:1A:6E:FC:BC:F9:62:19:76:63:A6:1C:35:56:F6:68:43:C7:0D
Certificate issuer:       /CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
Certificate serial:       01874C1A23BE10B4F5C0E86B6DD060E3D2EB
Authority key identifier: B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/K8gabvy8-WIZdmOmHDVW9mhDxw0.roa
Signing time:             Tue 04 Apr 2023 11:49:54 +0000
ROA not before:           Tue 04 Apr 2023 11:49:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51561
IP address blocks:        185.168.132.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.crl
                          rsync://rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
                          rsync://rpki.ripe.net/repository/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Jul 2023 14:08:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4c:1a:23:be:10:b4:f5:c0:e8:6b:6d:d0:60:e3:d2:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
        Validity
            Not Before: Apr  4 11:49:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2bc81a6efcbcf962197663a61c3556f66843c70d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f0:06:97:f8:a3:39:13:35:dc:45:79:91:a3:
                    54:27:61:a1:5f:d9:18:2e:f1:58:3c:29:eb:11:da:
                    5f:62:12:f8:b8:93:b0:e0:ca:e2:1a:28:88:34:06:
                    ed:36:8a:cf:07:b1:11:70:5f:a5:ba:ae:6c:f1:c2:
                    4d:71:50:a2:5a:4a:a0:05:89:b0:10:43:4c:48:a7:
                    ef:0a:8f:db:d3:1a:f3:e1:42:f5:2e:ab:c2:b5:8c:
                    ee:97:a8:a6:b2:d8:99:3f:ff:e0:c1:5e:9f:88:f3:
                    f7:9d:1a:49:a5:2c:65:81:c9:f2:7c:af:a1:5d:b7:
                    b6:aa:93:b9:79:ef:df:57:29:0c:3f:9f:29:97:b9:
                    26:68:8d:ae:55:2f:5e:9b:f5:d6:40:fa:72:0b:be:
                    e2:cf:f7:12:b9:f0:05:ec:ab:4c:e1:c1:81:be:83:
                    30:82:0e:df:65:e2:c5:a3:4c:6c:03:8d:cb:bf:b7:
                    fb:86:3a:6d:ec:89:1e:f1:4c:b4:4c:02:f9:06:a1:
                    78:a9:f9:7d:87:dd:f2:06:23:4a:87:79:cc:ba:d4:
                    b2:8b:6c:7e:90:f0:51:a1:54:4c:9b:16:f4:e4:72:
                    6e:a2:84:fd:59:91:9b:d6:7a:90:36:a3:92:d0:01:
                    72:89:b3:fc:28:4a:85:48:cb:59:57:4b:8b:64:c6:
                    cc:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:C8:1A:6E:FC:BC:F9:62:19:76:63:A6:1C:35:56:F6:68:43:C7:0D
            X509v3 Authority Key Identifier:
                keyid:B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/K8gabvy8-WIZdmOmHDVW9mhDxw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:c3:d0:9e:4e:ab:c6:cf:9f:40:73:81:88:70:0a:26:a5:15:
         82:6f:fe:be:0a:63:9e:a3:8f:2f:0f:6e:7c:10:28:4f:70:be:
         9d:d5:25:e2:37:a1:e3:d9:ec:bf:cc:00:b7:f6:49:6b:f6:a2:
         b2:a1:4f:34:49:a4:67:97:26:2a:fb:98:ec:74:53:a8:59:ca:
         50:d8:b4:a7:25:3f:c9:64:cb:d8:60:43:12:e4:ca:c8:ad:64:
         b0:e6:75:82:88:c0:45:ca:96:f5:da:66:5e:64:5a:f7:4b:a7:
         2a:be:11:be:a2:3e:fe:e4:5a:41:2e:6a:97:9b:03:2d:59:d3:
         22:98:72:17:49:72:13:db:93:bb:57:06:4c:b8:77:77:0e:54:
         4d:72:57:38:ba:27:e7:26:cb:83:98:5c:3b:93:54:d5:34:3e:
         54:e1:9d:da:e7:6e:35:80:87:07:88:9d:1d:5a:1b:6b:db:4b:
         c3:bc:b3:ba:ed:94:ca:8f:81:ea:fb:aa:d1:bd:42:33:89:e2:
         c3:5b:e2:cc:77:39:61:45:63:dc:d6:9c:e2:30:fc:4a:17:64:
         2f:cd:66:4b:dc:c7:4f:a3:7e:d9:0c:5b:c4:ca:d8:4a:cd:2b:
         f8:72:f1:cf:6b:88:47:a5:31:4e:87:38:e0:c2:07:e5:12:fe:
         cd:99:95:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdMGiO+ELT1wOhrbdBg49LrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NWEwNTY2ZDBiNjNhMWY4NjJkODM0NThlNGYyZWE2ZmQ4
ZjdkMjEwHhcNMjMwNDA0MTE0OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmM4MWE2ZWZjYmNmOTYyMTk3NjYzYTYxYzM1NTZmNjY4NDNjNzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/AGl/ijORM13EV5kaNUJ2GhX9kY
LvFYPCnrEdpfYhL4uJOw4MriGiiINAbtNorPB7ERcF+luq5s8cJNcVCiWkqgBYmw
EENMSKfvCo/b0xrz4UL1LqvCtYzul6imstiZP//gwV6fiPP3nRpJpSxlgcnyfK+h
Xbe2qpO5ee/fVykMP58pl7kmaI2uVS9em/XWQPpyC77iz/cSufAF7KtM4cGBvoMw
gg7fZeLFo0xsA43Lv7f7hjpt7Ike8Uy0TAL5BqF4qfl9h93yBiNKh3nMutSyi2x+
kPBRoVRMmxb05HJuooT9WZGb1nqQNqOS0AFyibP8KEqFSMtZV0uLZMbMswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvIGm78vPliGXZjphw1VvZoQ8cNMB8GA1UdIwQY
MBaAFLdaBWbQtjofhi2DRY5PLqb9j30hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQt
ODNmNjAxYzNmYjU5LzEvSzhnYWJ2eTgtV0laZG1PbUhEVlc5bWhEeHcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQtODNmNjAxYzNmYjU5
LzEvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaiEMA0G
CSqGSIb3DQEBCwUAA4IBAQAmw9CeTqvGz59Ac4GIcAompRWCb/6+CmOeo48vD258
EChPcL6d1SXiN6Hj2ey/zAC39klr9qKyoU80SaRnlyYq+5jsdFOoWcpQ2LSnJT/J
ZMvYYEMS5MrIrWSw5nWCiMBFypb12mZeZFr3S6cqvhG+oj7+5FpBLmqXmwMtWdMi
mHIXSXIT25O7VwZMuHd3DlRNclc4uifnJsuDmFw7k1TVND5U4Z3a5241gIcHiJ0d
Whtr20vDvLO67ZTKj4Hq+6rRvUIzieLDW+LMdzlhRWPc1pziMPxKF2QvzWZL3MdP
o37ZDFvEythKzSv4cvHPa4hHpTFOhzjgwgflEv7NmZWY
-----END CERTIFICATE-----
Generated at Wed Jul 19 22:49:08 2023 by rpki-client on console-ams.rpki-client.org