Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/aN8UljDEm_o4M7UpCKHXqtl4tC8.roa
File:                     aN8UljDEm_o4M7UpCKHXqtl4tC8.roa (raw, json)
Hash identifier:          c/++N5dSkVvG6l1KY47hs3LQEim1sNgBP02+4pU5EpQ=
Subject key identifier:   68:DF:14:96:30:C4:9B:FA:38:33:B5:29:08:A1:D7:AA:D9:78:B4:2F
Certificate issuer:       /CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
Certificate serial:       018CC5001FDDB809A71FA54F94872FD2D256
Authority key identifier: CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/aN8UljDEm_o4M7UpCKHXqtl4tC8.roa
Signing time:             Mon 01 Jan 2024 12:29:28 +0000
ROA not before:           Mon 01 Jan 2024 12:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20485
IP address blocks:        188.168.184.0/23 maxlen: 23
                          188.168.186.0/24 maxlen: 24
                          188.168.208.0/22 maxlen: 22
                          188.168.138.0/23 maxlen: 23
                          188.168.136.0/22 maxlen: 22
                          188.168.60.0/22 maxlen: 22
                          188.168.68.0/23 maxlen: 23
                          188.168.80.0/21 maxlen: 21
                          188.168.88.0/22 maxlen: 22
                          188.168.100.0/22 maxlen: 22
                          188.244.192.0/20 maxlen: 20
                          188.168.248.0/21 maxlen: 21
                          188.168.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/z0pxf4-huwNZJ0IjrNriK3Dma-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/z0pxf4-huwNZJ0IjrNriK3Dma-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1f:dd:b8:09:a7:1f:a5:4f:94:87:2f:d2:d2:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
        Validity
            Not Before: Jan  1 12:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68df149630c49bfa3833b52908a1d7aad978b42f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:94:39:c8:e3:10:d9:19:25:b8:c9:25:82:2b:
                    0e:20:c7:63:f3:23:55:6a:2d:c2:62:84:80:1e:1e:
                    e5:ad:cc:2e:8e:ae:88:de:a4:95:ac:d4:08:20:cf:
                    2b:6f:01:a6:8a:a5:08:36:40:af:a0:8f:9c:88:63:
                    26:ab:46:1f:15:ec:b1:74:1b:15:44:7a:f3:b9:ba:
                    7e:f8:6b:4c:d9:5b:44:c5:a4:00:93:83:f4:67:7e:
                    6e:38:4f:1a:9b:f5:8d:72:5b:73:b9:ee:37:3d:d5:
                    e9:a2:7c:ba:14:2e:31:6b:58:68:9a:c6:0b:c3:a9:
                    fb:1b:7b:db:74:79:40:1d:d7:79:fe:c2:ec:2e:f9:
                    51:58:ec:28:fb:0b:c3:c9:da:b8:9a:76:b0:5c:74:
                    5b:ed:b7:c8:f3:82:a5:df:d5:eb:2d:d8:f7:b5:5b:
                    53:b2:15:a5:a1:46:10:4d:97:20:b3:9a:1d:5d:5d:
                    1c:5b:8c:7b:da:b1:a1:32:74:d8:77:f7:75:60:16:
                    71:b7:47:f3:8b:fe:d1:ab:2c:91:bf:2d:b8:37:00:
                    45:46:6b:90:d5:1b:96:11:02:51:15:8d:9b:4b:fb:
                    0d:8a:b3:10:17:24:4b:b1:ee:7a:44:dc:48:05:4b:
                    ed:ca:ae:7b:47:14:a1:89:dd:8d:96:a6:b1:ed:31:
                    8b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DF:14:96:30:C4:9B:FA:38:33:B5:29:08:A1:D7:AA:D9:78:B4:2F
            X509v3 Authority Key Identifier:
                keyid:CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/aN8UljDEm_o4M7UpCKHXqtl4tC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/z0pxf4-huwNZJ0IjrNriK3Dma-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.168.34.0/23
                  188.168.60.0/22
                  188.168.68.0/23
                  188.168.80.0-188.168.91.255
                  188.168.100.0/22
                  188.168.136.0/22
                  188.168.184.0-188.168.186.255
                  188.168.208.0/22
                  188.168.248.0/21
                  188.244.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         15:52:5e:65:12:b8:9e:8f:a0:c8:56:1f:5b:1a:e5:18:40:ce:
         31:a6:43:65:d1:08:73:4a:41:fa:4a:30:89:22:6b:1a:f8:0b:
         68:39:30:7a:2b:e0:c9:38:6f:0b:45:fe:45:b7:bc:7f:9f:39:
         20:29:94:8a:cd:09:eb:49:49:ca:58:5b:1c:8e:27:cf:dd:71:
         75:45:8e:54:b8:7a:e8:3d:1b:61:d7:a4:b1:0d:65:ff:94:75:
         17:c9:ac:83:08:ae:89:9d:03:47:40:27:79:ab:78:0b:c7:f4:
         d0:17:e5:a6:19:da:73:16:a4:4e:29:39:81:34:67:03:d5:1e:
         d2:64:d6:e5:b5:f1:51:fa:ab:3c:13:df:f2:84:c5:fb:69:bd:
         01:fd:c1:3a:35:78:da:ca:65:84:46:c7:40:ef:77:2c:8c:30:
         ef:b4:d4:8e:f0:ae:c8:b8:aa:7c:41:cc:fc:01:77:64:e9:04:
         0b:77:9d:59:89:5e:d5:fe:ef:87:f5:39:70:c1:ec:5b:87:6e:
         e5:49:f3:e9:ee:7e:31:83:93:64:bb:f7:a3:0b:f7:89:7b:14:
         41:5f:1c:d0:89:db:3b:57:52:6b:2c:41:37:33:df:4a:a4:34:
         41:9d:8a:21:7b:37:a8:e4:47:0d:0e:dc:6f:b9:42:49:77:ea:
         02:cd:97:86
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYzFAB/duAmnH6VPlIcv0tJWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNGE3MTdmOGZhMWJiMDM1OTI3NDIyM2FjZGFlMjJiNzBl
NjZiZWMwHhcNMjQwMTAxMTIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRmMTQ5NjMwYzQ5YmZhMzgzM2I1MjkwOGExZDdhYWQ5NzhiNDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZQ5yOMQ2RkluMklgisOIMdj8yNV
ai3CYoSAHh7lrcwujq6I3qSVrNQIIM8rbwGmiqUINkCvoI+ciGMmq0YfFeyxdBsV
RHrzubp++GtM2VtExaQAk4P0Z35uOE8am/WNcltzue43PdXpony6FC4xa1homsYL
w6n7G3vbdHlAHdd5/sLsLvlRWOwo+wvDydq4mnawXHRb7bfI84Kl39XrLdj3tVtT
shWloUYQTZcgs5odXV0cW4x72rGhMnTYd/d1YBZxt0fzi/7RqyyRvy24NwBFRmuQ
1RuWEQJRFY2bS/sNirMQFyRLse56RNxIBUvtyq57RxShid2Nlqax7TGLowIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFGjfFJYwxJv6ODO1KQih16rZeLQvMB8GA1UdIwQY
MBaAFM9KcX+PobsDWSdCI6za4itw5mvsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTkt
NmFhYTZiMDIxNjBkLzEvYU44VWxqREVtX280TTdVcENLSFhxdGw0dEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTktNmFhYTZiMDIxNjBk
LzEvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQBvKgiAwQC
vKg8AwQBvKhEMAwDBAS8qFADBAK8qFgDBAK8qGQDBAK8qIgwDAMEA7youAMEALyo
ugMEAryo0AMEA7yo+AMEBLz0wDANBgkqhkiG9w0BAQsFAAOCAQEAFVJeZRK4no+g
yFYfWxrlGEDOMaZDZdEIc0pB+kowiSJrGvgLaDkweivgyThvC0X+Rbe8f585ICmU
is0J60lJylhbHI4nz91xdUWOVLh66D0bYdeksQ1l/5R1F8msgwiuiZ0DR0Aneat4
C8f00BflphnacxakTik5gTRnA9Ue0mTW5bXxUfqrPBPf8oTF+2m9Af3BOjV42spl
hEbHQO93LIww77TUjvCuyLiqfEHM/AF3ZOkEC3edWYle1f7vh/U5cMHsW4du5Unz
6e5+MYOTZLv3owv3iXsUQV8c0InbO1dSayxBNzPfSqQ0QZ2KIXs3qORHDQ7cb7lC
SXfqAs2Xhg==
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:06:18 2024 by rpki-client on console-ams.rpki-client.org