Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/cYNE-hG5eywlCoZxuHfjH-2Ydzs.roa
File:                     cYNE-hG5eywlCoZxuHfjH-2Ydzs.roa (raw, json)
Hash identifier:          UygBE1NvPgiGle6gGtCyPJnUMzsLawk6ooE/v00Od3g=
Subject key identifier:   71:83:44:FA:11:B9:7B:2C:25:0A:86:71:B8:77:E3:1F:ED:98:77:3B
Certificate issuer:       /CN=568ae803b9ba38855401827b3eece14505a9c0f6
Certificate serial:       018CC56E702DA3ABF79D8DD4E5514ACAE808
Authority key identifier: 56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/cYNE-hG5eywlCoZxuHfjH-2Ydzs.roa
Signing time:             Mon 01 Jan 2024 14:29:58 +0000
ROA not before:           Mon 01 Jan 2024 14:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20764
IP address blocks:        79.141.208.0/20 maxlen: 20
                          80.64.96.0/20 maxlen: 20
                          80.64.98.28/32 maxlen: 32
                          81.27.240.0/20 maxlen: 20
                          185.5.160.0/22 maxlen: 22
                          81.27.253.0/24 maxlen: 24
                          2a00:1c28::/29 maxlen: 29
                          2a00:1c28::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:70:2d:a3:ab:f7:9d:8d:d4:e5:51:4a:ca:e8:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568ae803b9ba38855401827b3eece14505a9c0f6
        Validity
            Not Before: Jan  1 14:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=718344fa11b97b2c250a8671b877e31fed98773b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d1:ea:6b:76:58:36:bd:2d:d2:6b:e6:22:c9:
                    41:c1:e7:df:b8:59:c3:fc:6d:84:1a:85:bb:61:f4:
                    c5:c8:b4:5f:29:a2:a3:fb:f2:56:1f:18:e4:19:2e:
                    0f:24:6c:63:e3:cf:be:0c:c1:8c:d5:72:31:f5:f6:
                    61:95:6a:17:71:54:f1:fb:08:53:d6:3d:65:94:41:
                    26:30:ec:57:bd:78:98:4f:1e:1e:50:e9:52:dc:7f:
                    18:c5:be:cf:bd:a4:0f:9c:7d:33:4a:be:22:b7:07:
                    99:c2:76:17:7c:56:14:42:5b:7d:b5:aa:e1:bc:66:
                    7b:af:12:00:9d:8c:c5:d8:98:2d:09:a7:c4:e1:08:
                    73:70:54:ae:d7:d9:0b:f6:0b:fa:11:c2:d6:b3:92:
                    fc:4b:a2:4c:51:91:71:7d:5c:91:5e:59:8c:ee:31:
                    0a:10:95:2c:24:a7:13:c9:43:aa:31:55:36:ce:41:
                    60:5a:5b:8e:8c:9a:1c:76:1c:a7:be:23:2f:fb:2d:
                    d9:20:f1:80:28:50:5b:23:f1:ec:3d:e0:c1:b7:e5:
                    c0:84:2a:f5:55:88:ba:3f:88:08:ab:81:29:dd:ec:
                    63:2c:9e:ce:e7:c2:ba:ac:26:3b:43:71:61:c7:ad:
                    58:bd:87:d4:2a:f3:45:c7:eb:33:aa:89:1e:c2:42:
                    17:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:83:44:FA:11:B9:7B:2C:25:0A:86:71:B8:77:E3:1F:ED:98:77:3B
            X509v3 Authority Key Identifier:
                keyid:56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/cYNE-hG5eywlCoZxuHfjH-2Ydzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.141.208.0/20
                  80.64.96.0/20
                  81.27.240.0/20
                  185.5.160.0/22
                IPv6:
                  2a00:1c28::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:15:54:ad:1d:cd:07:41:b8:45:b0:48:db:5e:ba:bb:e6:80:
         a9:dc:63:38:4a:fd:bd:18:c4:67:a8:35:7f:54:8c:50:6c:8b:
         a9:39:aa:62:fe:ba:42:f5:6a:bb:13:82:1c:aa:b4:82:b5:68:
         34:5a:9a:69:66:2f:d4:9c:fa:32:eb:ea:b8:4a:ee:97:48:e0:
         91:8c:73:70:31:38:94:c6:f8:35:5c:06:9e:02:a3:bd:10:be:
         88:a0:5f:6b:a9:6c:83:98:75:63:fc:9b:a6:7b:b0:a1:b8:cd:
         17:e8:47:9c:79:7c:e3:5d:ff:f9:44:5a:99:2e:24:eb:a9:0c:
         be:36:fd:eb:b4:bd:34:55:f6:fb:2f:11:1d:4e:06:9a:d8:fb:
         7d:0d:75:f2:d1:7a:a5:f1:24:33:2e:5e:43:4a:d5:f9:a3:b5:
         52:10:74:5c:08:b8:be:4d:f4:87:dd:a2:6a:8b:f4:96:e8:34:
         53:6a:fc:52:90:f6:97:fc:6e:9b:76:26:c1:fc:5e:8b:0b:d6:
         89:a7:86:7a:60:13:98:11:a2:c3:a9:7f:92:81:8c:b8:08:e1:
         d7:cd:80:d9:b3:58:ce:75:0d:8c:b5:8c:fc:12:84:62:6f:b5:
         de:5e:6a:e9:20:be:80:98:11:af:e2:0a:09:59:fd:28:00:9f:
         ef:61:8e:85
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzFbnAto6v3nY3U5VFKyugIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGFlODAzYjliYTM4ODU1NDAxODI3YjNlZWNlMTQ1MDVh
OWMwZjYwHhcNMjQwMTAxMTQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTgzNDRmYTExYjk3YjJjMjUwYTg2NzFiODc3ZTMxZmVkOTg3NzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNHqa3ZYNr0t0mvmIslBweffuFnD
/G2EGoW7YfTFyLRfKaKj+/JWHxjkGS4PJGxj48++DMGM1XIx9fZhlWoXcVTx+whT
1j1llEEmMOxXvXiYTx4eUOlS3H8Yxb7PvaQPnH0zSr4itweZwnYXfFYUQlt9tarh
vGZ7rxIAnYzF2JgtCafE4QhzcFSu19kL9gv6EcLWs5L8S6JMUZFxfVyRXlmM7jEK
EJUsJKcTyUOqMVU2zkFgWluOjJocdhynviMv+y3ZIPGAKFBbI/HsPeDBt+XAhCr1
VYi6P4gIq4Ep3exjLJ7O58K6rCY7Q3Fhx61YvYfUKvNFx+szqokewkIXXQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFHGDRPoRuXssJQqGcbh34x/tmHc7MB8GA1UdIwQY
MBaAFFaK6AO5ujiFVAGCez7s4UUFqcD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAt
OGVhZThiNzVlOWNhLzEvY1lORS1oRzVleXdsQ29aeHVIZmpILTJZZHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAtOGVhZThiNzVlOWNh
LzEvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQET43QAwQE
UEBgAwQEURvwAwQCuQWgMA0EAgACMAcDBQMqABwoMA0GCSqGSIb3DQEBCwUAA4IB
AQAPFVStHc0HQbhFsEjbXrq75oCp3GM4Sv29GMRnqDV/VIxQbIupOapi/rpC9Wq7
E4IcqrSCtWg0WpppZi/UnPoy6+q4Su6XSOCRjHNwMTiUxvg1XAaeAqO9EL6IoF9r
qWyDmHVj/Jume7ChuM0X6EeceXzjXf/5RFqZLiTrqQy+Nv3rtL00Vfb7LxEdTgaa
2Pt9DXXy0Xql8SQzLl5DStX5o7VSEHRcCLi+TfSH3aJqi/SW6DRTavxSkPaX/G6b
dibB/F6LC9aJp4Z6YBOYEaLDqX+SgYy4COHXzYDZs1jOdQ2MtYz8EoRib7XeXmrp
IL6AmBGv4goJWf0oAJ/vYY6F
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:11:55 2024 by rpki-client on console-ams.rpki-client.org