Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/62641f-cf99-4514-b7d7-b2a23246e614/1/D5-hmjtrtgYQMHDgihgdUuEuRjo.roa
File:                     D5-hmjtrtgYQMHDgihgdUuEuRjo.roa (raw, json)
Hash identifier:          Jwv84Th6U1n31wPB3ObfBoeY7r3rAoG+rh2JlZ0MdEA=
Subject key identifier:   0F:9F:A1:9A:3B:6B:B6:06:10:30:70:E0:8A:18:1D:52:E1:2E:46:3A
Certificate issuer:       /CN=2f6f0ea0127a6e392195696380be5bb0474b01df
Certificate serial:       018CC4251E1927B2C79AF9D07AA4F97F16A4
Authority key identifier: 2F:6F:0E:A0:12:7A:6E:39:21:95:69:63:80:BE:5B:B0:47:4B:01:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L28OoBJ6bjkhlWljgL5bsEdLAd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/62641f-cf99-4514-b7d7-b2a23246e614/1/D5-hmjtrtgYQMHDgihgdUuEuRjo.roa
Signing time:             Mon 01 Jan 2024 08:30:16 +0000
ROA not before:           Mon 01 Jan 2024 08:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        45.90.132.0/22 maxlen: 22
                          185.134.84.0/22 maxlen: 22
                          2a0e:3c0::/29 maxlen: 29
                          2a06:ec00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/62641f-cf99-4514-b7d7-b2a23246e614/1/L28OoBJ6bjkhlWljgL5bsEdLAd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/62641f-cf99-4514-b7d7-b2a23246e614/1/L28OoBJ6bjkhlWljgL5bsEdLAd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L28OoBJ6bjkhlWljgL5bsEdLAd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1e:19:27:b2:c7:9a:f9:d0:7a:a4:f9:7f:16:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f6f0ea0127a6e392195696380be5bb0474b01df
        Validity
            Not Before: Jan  1 08:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f9fa19a3b6bb606103070e08a181d52e12e463a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:66:cb:96:46:ce:0b:56:ff:41:00:76:6f:b8:
                    17:7a:b0:29:8b:a4:6e:41:5c:7f:f7:0a:bf:80:8e:
                    5d:5d:07:68:20:72:15:47:4a:b0:19:de:3b:a4:8d:
                    aa:e5:30:df:28:65:7c:78:0f:50:05:0f:a9:51:eb:
                    0e:1d:16:76:db:37:9b:e1:23:e7:94:cb:c6:28:e0:
                    ab:0d:70:40:b7:b9:f2:1f:11:14:f7:8a:27:30:8d:
                    da:f2:a6:16:7b:a1:d9:22:b9:79:9a:d6:bb:6c:82:
                    ce:cd:39:b0:19:3e:e7:3b:44:21:cf:2a:58:61:c7:
                    05:2a:77:f4:79:55:02:88:25:cf:45:0c:47:4b:aa:
                    56:b4:09:c2:6b:74:30:e6:80:8e:2b:26:57:f8:54:
                    c7:ec:77:d0:e8:9c:f2:87:ba:6a:8c:cc:bc:e0:63:
                    35:40:58:b5:c5:c9:cc:29:f6:8d:bc:d6:c0:b3:47:
                    b0:2e:37:e5:1b:63:fe:78:c2:72:3d:9d:a3:f8:f3:
                    0b:41:c4:1a:ab:50:10:16:bb:ed:b2:6d:ca:3c:cf:
                    da:1b:cd:da:8b:40:60:12:85:e5:53:40:fe:be:a5:
                    e8:87:5f:3a:ac:02:a4:52:41:48:7b:79:15:53:1e:
                    35:24:d8:1e:35:c7:e4:c9:a3:b5:d6:e7:fa:c1:88:
                    20:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:9F:A1:9A:3B:6B:B6:06:10:30:70:E0:8A:18:1D:52:E1:2E:46:3A
            X509v3 Authority Key Identifier:
                keyid:2F:6F:0E:A0:12:7A:6E:39:21:95:69:63:80:BE:5B:B0:47:4B:01:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L28OoBJ6bjkhlWljgL5bsEdLAd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/62641f-cf99-4514-b7d7-b2a23246e614/1/D5-hmjtrtgYQMHDgihgdUuEuRjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/62641f-cf99-4514-b7d7-b2a23246e614/1/L28OoBJ6bjkhlWljgL5bsEdLAd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.132.0/22
                  185.134.84.0/22
                IPv6:
                  2a06:ec00::/29
                  2a0e:3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:c7:45:12:3c:2b:67:49:99:69:6c:a3:35:fe:ca:9e:ec:75:
         54:03:22:c2:d7:63:e8:a6:2d:58:d9:6f:62:16:2a:c0:f3:06:
         2d:6c:d3:79:c5:e3:9a:09:36:af:2e:91:d0:43:59:f4:1e:49:
         d0:1a:78:02:0b:86:f1:09:81:ed:72:18:c5:4b:90:21:59:ea:
         fa:40:56:2e:66:64:7d:ee:d8:71:1e:fa:18:e3:88:75:c9:bc:
         55:a4:1a:f0:a4:e5:dc:b8:1d:66:46:5a:a2:3b:a2:db:55:c3:
         d7:7b:f5:49:d0:9b:af:c7:5d:b6:00:08:15:16:2b:42:58:a3:
         cd:b7:cc:a4:fe:bb:26:ee:cf:3d:81:e7:7d:d4:d7:a1:da:33:
         a0:66:b4:60:c2:b1:24:ef:ce:e3:c1:d1:2c:c0:60:be:36:c3:
         60:60:ef:9b:92:f5:92:8b:a6:3c:81:1f:62:57:02:3b:07:13:
         7b:d8:52:5e:ed:0b:44:a5:c0:48:82:0a:7f:b8:3b:46:36:c3:
         7d:46:0c:7a:e2:96:d6:37:19:55:66:ae:6b:4e:28:ee:c3:89:
         f1:68:3c:7f:74:29:85:3d:47:04:f0:94:d3:25:92:5d:69:65:
         13:f7:1a:24:15:84:c2:79:f4:22:8d:f7:31:fb:d6:21:9a:77:
         ec:0d:41:1f
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzEJR4ZJ7LHmvnQeqT5fxakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNmYwZWEwMTI3YTZlMzkyMTk1Njk2MzgwYmU1YmIwNDc0
YjAxZGYwHhcNMjQwMTAxMDgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjlmYTE5YTNiNmJiNjA2MTAzMDcwZTA4YTE4MWQ1MmUxMmU0NjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2bLlkbOC1b/QQB2b7gXerApi6Ru
QVx/9wq/gI5dXQdoIHIVR0qwGd47pI2q5TDfKGV8eA9QBQ+pUesOHRZ22zeb4SPn
lMvGKOCrDXBAt7nyHxEU94onMI3a8qYWe6HZIrl5mta7bILOzTmwGT7nO0QhzypY
YccFKnf0eVUCiCXPRQxHS6pWtAnCa3Qw5oCOKyZX+FTH7HfQ6Jzyh7pqjMy84GM1
QFi1xcnMKfaNvNbAs0ewLjflG2P+eMJyPZ2j+PMLQcQaq1AQFrvtsm3KPM/aG83a
i0BgEoXlU0D+vqXoh186rAKkUkFIe3kVUx41JNgeNcfkyaO11uf6wYggswIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFA+foZo7a7YGEDBw4IoYHVLhLkY6MB8GA1UdIwQY
MBaAFC9vDqASem45IZVpY4C+W7BHSwHfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDI4T29CSjZiamtobFdsamdMNWJzRWRMQWQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS82MjY0MWYtY2Y5OS00NTE0LWI3ZDct
YjJhMjMyNDZlNjE0LzEvRDUtaG1qdHJ0Z1lRTUhEZ2loZ2RVdUV1UmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS82MjY0MWYtY2Y5OS00NTE0LWI3ZDctYjJhMjMyNDZlNjE0
LzEvTDI4T29CSjZiamtobFdsamdMNWJzRWRMQWQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCLVqEAwQC
uYZUMBQEAgACMA4DBQMqBuwAAwUDKg4DwDANBgkqhkiG9w0BAQsFAAOCAQEAbMdF
EjwrZ0mZaWyjNf7Knux1VAMiwtdj6KYtWNlvYhYqwPMGLWzTecXjmgk2ry6R0ENZ
9B5J0Bp4AguG8QmB7XIYxUuQIVnq+kBWLmZkfe7YcR76GOOIdcm8VaQa8KTl3Lgd
ZkZaojui21XD13v1SdCbr8ddtgAIFRYrQlijzbfMpP67Ju7PPYHnfdTXodozoGa0
YMKxJO/O48HRLMBgvjbDYGDvm5L1koumPIEfYlcCOwcTe9hSXu0LRKXASIIKf7g7
RjbDfUYMeuKW1jcZVWaua04o7sOJ8Wg8f3QphT1HBPCU0yWSXWllE/caJBWEwnn0
Io33MfvWIZp37A1BHw==
-----END CERTIFICATE-----
Generated at Mon Jun 17 06:15:03 2024 by rpki-client on console-ams.rpki-client.org