Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/yp4Aaee4CkXQq6i1ISJ9NOw-YqU.roa
File:                     yp4Aaee4CkXQq6i1ISJ9NOw-YqU.roa (raw, json)
Hash identifier:          CvZygV9izRAniDR5eTdKs0kVM2mtX3Q1jfeBcO2bQSo=
Subject key identifier:   CA:9E:00:69:E7:B8:0A:45:D0:AB:A8:B5:21:22:7D:34:EC:3E:62:A5
Certificate issuer:       /CN=3474210c28413e26284822abe83ad6d7c0f764fa
Certificate serial:       018CC500E6C31EF59744A0ECEBAB0C1E17E6
Authority key identifier: 34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/yp4Aaee4CkXQq6i1ISJ9NOw-YqU.roa
Signing time:             Mon 01 Jan 2024 12:30:19 +0000
ROA not before:           Mon 01 Jan 2024 12:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47557
IP address blocks:        185.68.44.0/24 maxlen: 24
                          185.68.46.0/24 maxlen: 24
                          185.68.45.0/24 maxlen: 24
                          91.206.20.0/24 maxlen: 24
                          2a07:c880::/29 maxlen: 29
                          2a07:c883::/32 maxlen: 32
                          2a07:c881::/32 maxlen: 32
                          2a07:c882::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Nov 2024 02:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e6:c3:1e:f5:97:44:a0:ec:eb:ab:0c:1e:17:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3474210c28413e26284822abe83ad6d7c0f764fa
        Validity
            Not Before: Jan  1 12:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca9e0069e7b80a45d0aba8b521227d34ec3e62a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f9:5b:66:3d:56:d1:71:5f:30:37:49:5d:e2:
                    83:c5:b5:40:88:cb:38:93:16:f1:99:93:d7:16:65:
                    57:50:28:06:16:59:c3:32:2e:b3:6b:53:74:41:26:
                    8a:83:c2:d4:22:9f:71:53:4f:60:e4:10:cf:d9:9f:
                    15:2a:9d:b5:89:96:a3:56:1d:0e:15:62:51:2d:60:
                    44:b3:7f:8e:32:83:32:3c:1c:ba:d5:07:49:38:7c:
                    e4:85:f0:73:20:2c:58:80:2e:f2:1f:3e:20:ab:a6:
                    2e:1b:93:8d:46:92:12:5a:0a:41:01:7d:e6:98:f4:
                    a2:ef:e2:a3:7e:98:ac:0e:8d:51:d1:2a:00:ba:12:
                    2d:0e:39:4e:d6:3e:17:41:b7:b8:b2:13:4e:60:0d:
                    61:22:a1:27:04:f8:88:da:25:b0:5a:4f:83:1e:83:
                    c1:85:80:58:1f:51:d2:67:e1:c4:ac:e0:a0:f0:b1:
                    ce:1e:06:ae:f8:ef:e2:bb:b6:d2:ca:9a:93:a0:58:
                    9c:87:42:67:45:b7:db:55:4c:92:0f:68:9e:d2:2d:
                    07:6a:e5:b0:ee:91:77:0d:16:27:aa:41:d8:b2:d1:
                    73:a5:90:d1:ed:1d:3a:1b:a9:be:83:3e:fe:bd:45:
                    28:12:de:eb:a5:72:9b:d2:bf:06:44:be:f3:54:c1:
                    87:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:9E:00:69:E7:B8:0A:45:D0:AB:A8:B5:21:22:7D:34:EC:3E:62:A5
            X509v3 Authority Key Identifier:
                keyid:34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/yp4Aaee4CkXQq6i1ISJ9NOw-YqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.20.0/24
                  185.68.44.0-185.68.46.255
                IPv6:
                  2a07:c880::/29

    Signature Algorithm: sha256WithRSAEncryption
         c9:bd:d1:90:bc:f0:a6:df:47:34:e6:5e:f0:c9:84:4f:bc:f3:
         21:c6:e4:5b:ca:01:c7:c9:7d:0d:20:77:be:44:f5:e8:a4:c1:
         ac:11:ff:af:3b:51:82:80:61:2d:5e:f0:49:80:9b:40:df:4d:
         d9:4d:44:b3:b5:f4:07:80:ec:a5:85:d4:af:33:47:08:3e:2c:
         a7:ab:63:79:6f:7e:f5:27:bd:41:bb:bc:48:7a:72:a3:84:e1:
         10:90:f9:79:04:ea:e1:ff:a9:a6:a2:94:ed:4c:ea:aa:f3:b1:
         5d:c9:b8:ed:9b:c1:d3:75:49:12:a2:44:fc:4e:6e:ac:84:fd:
         7f:1f:e1:8f:99:48:1d:f9:98:8c:d9:0f:1b:28:5f:c0:88:d3:
         27:91:bb:3e:9c:7a:f9:55:ff:2f:cc:d0:6f:44:64:e1:e1:dd:
         15:aa:4d:d3:c9:fe:a3:95:fe:9f:4f:06:dc:d3:8f:52:02:38:
         1d:c3:ff:6f:70:e0:ca:f2:35:04:b2:e4:15:97:31:81:1d:b0:
         96:76:72:ad:88:04:dc:bd:65:7c:fa:8f:70:47:86:ba:4b:d1:
         7f:48:63:3a:86:a0:43:b3:ca:56:f1:e8:1a:b1:e0:ee:fc:2a:
         88:1e:ca:a1:79:5d:b2:32:d1:d3:05:b8:8b:e8:b8:c7:68:7f:
         b4:cc:88:c3
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzFAObDHvWXRKDs66sMHhfmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NzQyMTBjMjg0MTNlMjYyODQ4MjJhYmU4M2FkNmQ3YzBm
NzY0ZmEwHhcNMjQwMTAxMTIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTllMDA2OWU3YjgwYTQ1ZDBhYmE4YjUyMTIyN2QzNGVjM2U2MmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuflbZj1W0XFfMDdJXeKDxbVAiMs4
kxbxmZPXFmVXUCgGFlnDMi6za1N0QSaKg8LUIp9xU09g5BDP2Z8VKp21iZajVh0O
FWJRLWBEs3+OMoMyPBy61QdJOHzkhfBzICxYgC7yHz4gq6YuG5ONRpISWgpBAX3m
mPSi7+KjfpisDo1R0SoAuhItDjlO1j4XQbe4shNOYA1hIqEnBPiI2iWwWk+DHoPB
hYBYH1HSZ+HErOCg8LHOHgau+O/iu7bSypqToFich0JnRbfbVUySD2ie0i0HauWw
7pF3DRYnqkHYstFzpZDR7R06G6m+gz7+vUUoEt7rpXKb0r8GRL7zVMGHPwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFMqeAGnnuApF0KuotSEifTTsPmKlMB8GA1UdIwQY
MBaAFDR0IQwoQT4mKEgiq+g61tfA92T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5Yzkt
YjBjNzRiNzZlMTgyLzEveXA0QWFlZTRDa1hRcTZpMUlTSjlOT3ctWXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5YzktYjBjNzRiNzZlMTgy
LzEvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQAW84UMAwD
BAK5RCwDBAC5RC4wDQQCAAIwBwMFAyoHyIAwDQYJKoZIhvcNAQELBQADggEBAMm9
0ZC88KbfRzTmXvDJhE+88yHG5FvKAcfJfQ0gd75E9eikwawR/687UYKAYS1e8EmA
m0DfTdlNRLO19AeA7KWF1K8zRwg+LKerY3lvfvUnvUG7vEh6cqOE4RCQ+XkE6uH/
qaailO1M6qrzsV3JuO2bwdN1SRKiRPxObqyE/X8f4Y+ZSB35mIzZDxsoX8CI0yeR
uz6cevlV/y/M0G9EZOHh3RWqTdPJ/qOV/p9PBtzTj1ICOB3D/29w4MryNQSy5BWX
MYEdsJZ2cq2IBNy9ZXz6j3BHhrpL0X9IYzqGoEOzylbx6Bqx4O78KogeyqF5XbIy
0dMFuIvouMdof7TMiMM=
-----END CERTIFICATE-----
Generated at Fri Nov 29 07:19:21 2024 by rpki-client on console-ams.rpki-client.org