Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/uIKX8t6tTImBh1iZQn16or_6d3Q.roa
File:                     uIKX8t6tTImBh1iZQn16or_6d3Q.roa (raw, json)
Hash identifier:          T1A//JrN/0KqesEvZD0WRnyQxl4tuAbyJYkUfGRrZpc=
Subject key identifier:   B8:82:97:F2:DE:AD:4C:89:81:87:58:99:42:7D:7A:A2:BF:FA:77:74
Certificate issuer:       /CN=af4ef4a8ed3711b6acd68c0f48f621831fd5aaae
Certificate serial:       018CC7958CA4DBD757E65E3E6C8BCA6C7FC1
Authority key identifier: AF:4E:F4:A8:ED:37:11:B6:AC:D6:8C:0F:48:F6:21:83:1F:D5:AA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r070qO03Ebas1owPSPYhgx_Vqq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/uIKX8t6tTImBh1iZQn16or_6d3Q.roa
Signing time:             Tue 02 Jan 2024 00:31:55 +0000
ROA not before:           Tue 02 Jan 2024 00:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207141
IP address blocks:        185.164.253.0/24 maxlen: 24
                          185.164.252.0/24 maxlen: 24
                          185.164.252.0/22 maxlen: 24
                          185.206.237.0/24 maxlen: 24
                          185.206.239.0/24 maxlen: 24
                          185.206.236.0/24 maxlen: 24
                          185.206.236.0/22 maxlen: 24
                          185.206.238.0/24 maxlen: 24
                          2a0b:1b40::/29 maxlen: 29
                          2a0b:b400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/r070qO03Ebas1owPSPYhgx_Vqq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/r070qO03Ebas1owPSPYhgx_Vqq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r070qO03Ebas1owPSPYhgx_Vqq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8c:a4:db:d7:57:e6:5e:3e:6c:8b:ca:6c:7f:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af4ef4a8ed3711b6acd68c0f48f621831fd5aaae
        Validity
            Not Before: Jan  2 00:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b88297f2dead4c8981875899427d7aa2bffa7774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:6a:95:e8:67:58:78:f0:f2:6b:81:89:2d:c8:
                    d5:61:7f:5f:14:47:65:88:5b:0f:1c:02:f5:12:ef:
                    66:42:22:b2:be:41:8c:a5:ba:90:b9:7f:60:8a:15:
                    39:ba:ed:1c:53:e3:2c:f5:89:0d:60:7c:f5:c8:0a:
                    db:e5:98:d9:25:22:3f:b6:87:f4:6e:8c:d7:c9:b5:
                    96:47:11:05:f8:47:02:f1:fd:ab:09:2b:9e:3b:a4:
                    5c:63:ce:0a:61:0b:91:4b:3b:dc:b1:94:07:51:99:
                    2c:e6:53:c0:ab:98:cc:ea:04:01:b6:47:88:78:25:
                    41:27:0c:df:b7:27:de:26:95:f9:9d:9c:2e:6f:f8:
                    d5:48:fe:31:0d:0c:29:74:7e:41:5a:94:b8:62:4a:
                    74:e4:b1:71:af:87:4a:f0:ba:02:88:ad:e8:d6:63:
                    8b:49:83:38:ba:c7:23:59:67:8f:ca:15:2d:77:a8:
                    39:de:8b:24:cf:ec:c7:70:18:4a:f5:2e:5c:d3:5c:
                    97:9e:f5:78:0a:bc:71:54:c1:b2:55:03:54:78:a7:
                    20:ce:87:c1:fa:bc:f4:c9:e5:ca:9d:0d:79:cc:28:
                    9f:1b:18:48:9b:de:e7:f1:ee:95:d9:93:a7:90:7b:
                    52:d1:fb:c8:d5:96:56:14:e3:a7:3a:6b:4a:d4:00:
                    4d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:82:97:F2:DE:AD:4C:89:81:87:58:99:42:7D:7A:A2:BF:FA:77:74
            X509v3 Authority Key Identifier:
                keyid:AF:4E:F4:A8:ED:37:11:B6:AC:D6:8C:0F:48:F6:21:83:1F:D5:AA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r070qO03Ebas1owPSPYhgx_Vqq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/uIKX8t6tTImBh1iZQn16or_6d3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/r070qO03Ebas1owPSPYhgx_Vqq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.252.0/22
                  185.206.236.0/22
                IPv6:
                  2a0b:1b40::/29
                  2a0b:b400::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:bd:55:9d:a0:b6:b7:89:c9:be:19:98:fe:e6:24:78:ec:a9:
         05:fc:1f:b1:5f:0f:7e:75:bc:79:1c:8e:84:de:5a:44:b1:bf:
         19:e3:2e:0e:df:7b:e0:75:aa:7f:bf:0b:0b:76:f6:48:04:04:
         00:12:aa:6d:bd:2e:d1:50:10:79:23:e6:e6:e0:1c:62:60:d4:
         a1:c1:94:6e:91:18:45:3e:df:16:b5:49:65:3e:bf:27:65:6b:
         ad:c0:64:e1:ee:7a:17:86:46:85:ce:0d:85:64:ab:fc:c1:52:
         5a:80:22:9a:13:08:e1:2b:b9:10:db:b9:f7:73:04:17:77:e0:
         16:ac:5f:d3:dc:fb:3b:9b:28:3c:f3:a3:d4:6a:17:4f:eb:f6:
         46:43:a6:f6:d3:93:27:c3:00:ce:2f:f4:c9:c8:af:e5:9d:2c:
         c4:1f:54:f9:f9:cb:ed:5b:c7:c4:3c:30:80:81:ea:5b:01:be:
         bc:08:74:da:d2:0e:fb:46:3f:a3:de:ec:9d:d0:43:0d:38:dc:
         79:11:f7:29:d5:60:2c:ef:d8:ea:80:6f:1e:35:50:36:e4:9c:
         ac:99:76:52:b6:32:38:ce:3b:6a:48:d4:5f:8e:01:19:ba:15:
         f0:eb:7f:0b:7f:23:ec:b1:a2:05:be:dd:f4:a2:d3:ad:20:6c:
         c3:b9:6d:d8
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzHlYyk29dX5l4+bIvKbH/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNGVmNGE4ZWQzNzExYjZhY2Q2OGMwZjQ4ZjYyMTgzMWZk
NWFhYWUwHhcNMjQwMTAyMDAzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODgyOTdmMmRlYWQ0Yzg5ODE4NzU4OTk0MjdkN2FhMmJmZmE3Nzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymqV6GdYePDya4GJLcjVYX9fFEdl
iFsPHAL1Eu9mQiKyvkGMpbqQuX9gihU5uu0cU+Ms9YkNYHz1yArb5ZjZJSI/tof0
bozXybWWRxEF+EcC8f2rCSueO6RcY84KYQuRSzvcsZQHUZks5lPAq5jM6gQBtkeI
eCVBJwzftyfeJpX5nZwub/jVSP4xDQwpdH5BWpS4Ykp05LFxr4dK8LoCiK3o1mOL
SYM4uscjWWePyhUtd6g53oskz+zHcBhK9S5c01yXnvV4CrxxVMGyVQNUeKcgzofB
+rz0yeXKnQ15zCifGxhIm97n8e6V2ZOnkHtS0fvI1ZZWFOOnOmtK1ABN0wIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFLiCl/LerUyJgYdYmUJ9eqK/+nd0MB8GA1UdIwQY
MBaAFK9O9KjtNxG2rNaMD0j2IYMf1aquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjA3MHFPMDNFYmFzMW93UFNQWWhneF9WcXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9lOGY0YjMtMjEyMC00ZWNiLTk2MDkt
Y2I5YzU4ZjUxMGNiLzEvdUlLWDh0NnRUSW1CaDFpWlFuMTZvcl82ZDNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9lOGY0YjMtMjEyMC00ZWNiLTk2MDktY2I5YzU4ZjUxMGNi
LzEvcjA3MHFPMDNFYmFzMW93UFNQWWhneF9WcXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCuaT8AwQC
uc7sMBQEAgACMA4DBQMqCxtAAwUDKgu0ADANBgkqhkiG9w0BAQsFAAOCAQEAMr1V
naC2t4nJvhmY/uYkeOypBfwfsV8PfnW8eRyOhN5aRLG/GeMuDt974HWqf78LC3b2
SAQEABKqbb0u0VAQeSPm5uAcYmDUocGUbpEYRT7fFrVJZT6/J2VrrcBk4e56F4ZG
hc4NhWSr/MFSWoAimhMI4Su5ENu593MEF3fgFqxf09z7O5soPPOj1GoXT+v2RkOm
9tOTJ8MAzi/0yciv5Z0sxB9U+fnL7VvHxDwwgIHqWwG+vAh02tIO+0Y/o97sndBD
DTjceRH3KdVgLO/Y6oBvHjVQNuScrJl2UrYyOM47akjUX44BGboV8Ot/C38j7LGi
Bb7d9KLTrSBsw7lt2A==
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:04:03 2024 by rpki-client on console-ams.rpki-client.org