Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/FU8QC8vTzSAtHJlYowlxJCwYOHY.roa
File:                     FU8QC8vTzSAtHJlYowlxJCwYOHY.roa (raw, json)
Hash identifier:          ZscWMGU48m3X+Cq1v9F3IhuS9LU5acJGwDf1ZDnmzcI=
Subject key identifier:   15:4F:10:0B:CB:D3:CD:20:2D:1C:99:58:A3:09:71:24:2C:18:38:76
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       01906E8AF585956CEC9657C2C2E179584F16
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/FU8QC8vTzSAtHJlYowlxJCwYOHY.roa
Signing time:             Mon 01 Jul 2024 13:45:18 +0000
ROA not before:           Mon 01 Jul 2024 13:45:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49770
IP address blocks:        185.149.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6e:8a:f5:85:95:6c:ec:96:57:c2:c2:e1:79:58:4f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jul  1 13:45:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=154f100bcbd3cd202d1c9958a30971242c183876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8b:a5:ec:02:76:1e:2f:7a:3f:cf:51:2a:82:
                    e7:a6:90:81:e9:0a:12:2a:9c:94:f9:54:cc:c2:f1:
                    20:39:c6:6d:57:f7:02:d9:2f:47:43:12:fd:05:06:
                    fd:0a:a1:1b:06:00:fb:f2:5b:8e:90:c0:f2:d6:48:
                    10:fa:41:46:c3:db:f7:bb:cd:67:37:3a:93:d4:6c:
                    0a:45:fe:e7:47:50:e4:b9:c8:48:a9:fd:2f:eb:63:
                    4e:26:fa:c4:1b:45:5a:d4:a6:9b:8d:5b:27:f4:1e:
                    e3:20:1b:f1:31:44:25:66:cb:a1:6e:b2:be:77:15:
                    5b:de:e1:2a:46:cd:e2:5e:26:0b:1e:7b:b0:65:54:
                    59:2e:91:0f:e9:fd:79:91:c2:e2:93:11:c2:f7:43:
                    9d:93:2b:f6:f8:59:fc:9c:a6:63:6c:d6:bd:cd:1b:
                    30:4c:95:84:e2:1c:0b:2a:7c:e3:6a:81:00:ac:59:
                    26:c7:50:47:b0:c0:c8:67:02:6d:22:e9:5c:97:14:
                    d5:3a:ed:09:9a:4e:29:56:09:d4:db:6d:fe:6b:d8:
                    93:0d:50:79:48:8f:46:de:f7:6c:7f:c6:af:a5:8a:
                    f3:7f:d6:ba:29:7c:b3:20:de:5b:fb:db:70:29:1b:
                    ee:0c:1b:e4:63:20:06:f9:5d:01:5c:17:11:6d:82:
                    59:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4F:10:0B:CB:D3:CD:20:2D:1C:99:58:A3:09:71:24:2C:18:38:76
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/FU8QC8vTzSAtHJlYowlxJCwYOHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:e4:72:fe:1c:25:5b:ab:fc:c7:90:1b:4d:46:85:54:53:ad:
         32:c3:c7:21:af:64:cf:fd:09:4b:f4:2d:c0:69:e2:97:c3:b8:
         43:94:bb:42:9b:90:bf:ce:6a:52:45:b0:74:7b:1f:c9:17:95:
         62:a3:9f:6a:04:a8:2c:94:ac:f6:09:c9:43:6d:e8:62:9e:d6:
         2f:24:e0:96:07:f6:b7:e0:42:ea:bc:11:3c:cb:70:e4:56:e6:
         37:50:f0:e9:61:eb:6f:0c:4e:d8:48:b6:dc:60:c4:47:d0:79:
         31:54:02:e3:67:1f:67:65:fc:6e:e0:52:4a:b6:4b:8c:a8:0c:
         7f:f6:ed:ba:7e:39:51:30:af:01:e4:5a:6f:53:b9:58:7a:6a:
         9a:bc:8a:b3:bf:d8:d8:34:f3:c3:45:6a:78:5a:1c:0c:11:b2:
         62:da:0a:6b:58:7e:8d:3a:14:84:0e:4a:f9:b2:27:b1:23:46:
         35:f2:96:56:df:7b:ae:64:0e:6f:5f:cd:b6:5a:ae:dc:d1:cc:
         2f:6d:2b:df:54:f7:16:1e:be:89:6b:21:21:e2:28:5a:7c:8b:
         07:83:22:34:bd:54:8e:fe:dd:97:4e:e4:7b:1e:5c:d7:d3:1a:
         48:ec:fb:27:54:38:f8:9a:ab:4d:15:94:c3:f1:e7:f3:ae:7b:
         32:1d:94:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBuivWFlWzsllfCwuF5WE8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwNzAxMTM0NTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTRmMTAwYmNiZDNjZDIwMmQxYzk5NThhMzA5NzEyNDJjMTgzODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYul7AJ2Hi96P89RKoLnppCB6QoS
KpyU+VTMwvEgOcZtV/cC2S9HQxL9BQb9CqEbBgD78luOkMDy1kgQ+kFGw9v3u81n
NzqT1GwKRf7nR1DkuchIqf0v62NOJvrEG0Va1KabjVsn9B7jIBvxMUQlZsuhbrK+
dxVb3uEqRs3iXiYLHnuwZVRZLpEP6f15kcLikxHC90Odkyv2+Fn8nKZjbNa9zRsw
TJWE4hwLKnzjaoEArFkmx1BHsMDIZwJtIulclxTVOu0Jmk4pVgnU223+a9iTDVB5
SI9G3vdsf8avpYrzf9a6KXyzIN5b+9twKRvuDBvkYyAG+V0BXBcRbYJZjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVPEAvL080gLRyZWKMJcSQsGDh2MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvRlU4UUM4dlR6U0F0SEpsWW93bHhKQ3dZT0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZV7MA0G
CSqGSIb3DQEBCwUAA4IBAQA25HL+HCVbq/zHkBtNRoVUU60yw8chr2TP/QlL9C3A
aeKXw7hDlLtCm5C/zmpSRbB0ex/JF5Vio59qBKgslKz2CclDbehintYvJOCWB/a3
4ELqvBE8y3DkVuY3UPDpYetvDE7YSLbcYMRH0HkxVALjZx9nZfxu4FJKtkuMqAx/
9u26fjlRMK8B5FpvU7lYemqavIqzv9jYNPPDRWp4WhwMEbJi2gprWH6NOhSEDkr5
siexI0Y18pZW33uuZA5vX822Wq7c0cwvbSvfVPcWHr6JayEh4ihafIsHgyI0vVSO
/t2XTuR7HlzX0xpI7PsnVDj4mqtNFZTD8efzrnsyHZRS
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:41:54 2024 by rpki-client on console-ams.rpki-client.org