Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/gyPM0uOHBZiirtfLdAmAtikW5uo.roa
File:                     gyPM0uOHBZiirtfLdAmAtikW5uo.roa (raw, json)
Hash identifier:          imgp2hZ/sYP16xqvPleRdT3YhI3e8zr58Giezq+PxMw=
Subject key identifier:   83:23:CC:D2:E3:87:05:98:A2:AE:D7:CB:74:09:80:B6:29:16:E6:EA
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       01925E194E048CAB7A7CAB7D38070112B3D1
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/gyPM0uOHBZiirtfLdAmAtikW5uo.roa
Signing time:             Sat 05 Oct 2024 19:12:49 +0000
ROA not before:           Sat 05 Oct 2024 19:12:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211567
IP address blocks:        109.236.48.0/24 maxlen: 24
                          185.88.173.0/24 maxlen: 24
                          185.243.180.0/24 maxlen: 24
                          185.250.210.0/24 maxlen: 24
                          194.62.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:19:4e:04:8c:ab:7a:7c:ab:7d:38:07:01:12:b3:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Oct  5 19:12:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8323ccd2e3870598a2aed7cb740980b62916e6ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:26:3a:73:08:37:1e:eb:4c:84:7d:ed:c6:f6:
                    19:66:ac:ad:26:11:bc:53:90:37:ac:48:e4:57:44:
                    df:e3:62:2a:9e:76:3c:ae:50:a1:6d:39:6a:96:5c:
                    75:89:60:99:b1:49:40:90:5f:2c:20:b4:9e:83:32:
                    e4:ca:52:e1:04:8f:ca:45:a2:a5:eb:7b:b2:07:42:
                    78:bd:0c:d4:ae:b2:87:fd:d0:93:a9:7c:15:3c:65:
                    07:87:3b:21:1c:fa:7f:ad:c1:6c:cb:fb:36:1f:6a:
                    76:36:1d:5b:e7:00:7d:a5:1a:04:ed:5f:dc:ff:62:
                    f4:ed:cd:67:c0:ca:4e:4e:3e:14:4b:81:02:da:e8:
                    f1:0d:bf:33:a3:b1:8b:b0:30:f6:d7:0e:f8:07:5a:
                    4d:0a:d5:ec:44:f5:37:56:d3:1a:64:6a:1a:c3:3d:
                    88:83:eb:12:e1:b6:bb:2f:91:b1:76:88:6f:1f:7b:
                    c6:24:f4:c0:ae:bf:57:ad:28:c0:45:cf:b7:a3:32:
                    6b:c3:78:05:ef:ab:40:bf:ff:0a:e8:88:37:fe:e0:
                    c3:8d:19:68:fd:c8:49:13:8f:00:d9:83:4a:33:1b:
                    12:36:e5:0b:0b:d3:e0:a3:18:80:ef:c9:b8:16:f9:
                    e5:f7:21:7d:cb:5d:2f:a9:a2:09:45:70:6f:04:cb:
                    e2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:23:CC:D2:E3:87:05:98:A2:AE:D7:CB:74:09:80:B6:29:16:E6:EA
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/gyPM0uOHBZiirtfLdAmAtikW5uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.48.0/24
                  185.88.173.0/24
                  185.243.180.0/24
                  185.250.210.0/24
                  194.62.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:46:4f:96:7d:bb:f6:38:ea:fa:85:6e:f9:4b:12:d5:78:b4:
         7f:bc:a4:7d:89:75:0b:3a:63:e2:fb:b6:b9:12:11:66:ba:c3:
         38:28:17:ec:b4:fb:c2:de:a9:06:16:c4:6f:b6:21:37:4a:5d:
         9c:bb:99:ad:51:97:0f:69:cd:b2:0f:d2:e1:20:aa:7f:19:5a:
         a5:35:59:6b:7d:7a:9b:7f:00:8b:d3:64:da:e6:7b:7b:ef:83:
         58:14:54:37:44:bf:8a:6e:2d:4d:30:4e:a2:f4:09:11:09:11:
         60:9c:87:c7:a3:8f:92:05:cc:a4:d6:b1:63:f5:5f:95:b1:33:
         cd:4f:c7:94:26:08:2f:60:83:23:c2:89:2c:e7:9f:1b:2e:b1:
         d9:72:bc:19:49:ca:50:41:24:7b:ba:04:3b:1b:1d:4b:5e:98:
         a0:20:9b:d8:c9:df:b9:35:d0:bd:93:f1:74:9b:15:53:c7:ed:
         45:c0:4a:17:89:29:a2:9d:f3:d0:1e:eb:5d:db:e0:75:4d:db:
         65:5b:20:af:18:a8:e1:74:01:c8:9b:39:f9:ff:20:c6:4d:9c:
         c9:1a:09:ac:97:bb:fd:43:06:a8:97:4e:76:0a:2f:22:ab:34:
         c9:99:23:3e:dc:7d:1e:ed:49:99:34:84:e3:cd:58:1c:0d:17:
         49:00:7b:de
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZJeGU4EjKt6fKt9OAcBErPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQxMDA1MTkxMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzIzY2NkMmUzODcwNTk4YTJhZWQ3Y2I3NDA5ODBiNjI5MTZlNmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiY6cwg3HutMhH3txvYZZqytJhG8
U5A3rEjkV0Tf42IqnnY8rlChbTlqllx1iWCZsUlAkF8sILSegzLkylLhBI/KRaKl
63uyB0J4vQzUrrKH/dCTqXwVPGUHhzshHPp/rcFsy/s2H2p2Nh1b5wB9pRoE7V/c
/2L07c1nwMpOTj4US4EC2ujxDb8zo7GLsDD21w74B1pNCtXsRPU3VtMaZGoawz2I
g+sS4ba7L5GxdohvH3vGJPTArr9XrSjARc+3ozJrw3gF76tAv/8K6Ig3/uDDjRlo
/chJE48A2YNKMxsSNuULC9PgoxiA78m4Fvnl9yF9y10vqaIJRXBvBMvifQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIMjzNLjhwWYoq7Xy3QJgLYpFubqMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZ3lQTTB1T0hCWmlpcnRmTGRBbUF0aWtXNXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAbewwAwQA
uVitAwQAufO0AwQAufrSAwQAwj40MA0GCSqGSIb3DQEBCwUAA4IBAQBrRk+Wfbv2
OOr6hW75SxLVeLR/vKR9iXULOmPi+7a5EhFmusM4KBfstPvC3qkGFsRvtiE3Sl2c
u5mtUZcPac2yD9LhIKp/GVqlNVlrfXqbfwCL02Ta5nt774NYFFQ3RL+Kbi1NME6i
9AkRCRFgnIfHo4+SBcyk1rFj9V+VsTPNT8eUJggvYIMjwoks558bLrHZcrwZScpQ
QSR7ugQ7Gx1LXpigIJvYyd+5NdC9k/F0mxVTx+1FwEoXiSminfPQHutd2+B1Tdtl
WyCvGKjhdAHImzn5/yDGTZzJGgmsl7v9Qwaol052Ci8iqzTJmSM+3H0e7UmZNITj
zVgcDRdJAHve
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:56:23 2024 by rpki-client on console-ams.rpki-client.org