Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/9e982d-ad5b-4100-8d9d-d1efceec34c1/1/aQeRZssLVoMJ6LnNxId8_niwOZ4.roa
File:                     aQeRZssLVoMJ6LnNxId8_niwOZ4.roa (raw, json)
Hash identifier:          3fcxtKu7beVwCzli8MMmfZ0rc0nV+SW+hq/ZV02bOSI=
Subject key identifier:   69:07:91:66:CB:0B:56:83:09:E8:B9:CD:C4:87:7C:FE:78:B0:39:9E
Certificate issuer:       /CN=99b0425b71c2b51cd7ebe47d3efe7cb9861b4d82
Certificate serial:       018CC26D32A45AA622160F3F4EFD1007E30A
Authority key identifier: 99:B0:42:5B:71:C2:B5:1C:D7:EB:E4:7D:3E:FE:7C:B9:86:1B:4D:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mbBCW3HCtRzX6-R9Pv58uYYbTYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/9e982d-ad5b-4100-8d9d-d1efceec34c1/1/aQeRZssLVoMJ6LnNxId8_niwOZ4.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208611
IP address blocks:        185.122.10.0/24 maxlen: 24
                          185.122.8.0/24 maxlen: 24
                          185.122.11.0/24 maxlen: 24
                          185.122.9.0/24 maxlen: 24
                          185.194.240.0/24 maxlen: 24
                          185.194.243.0/24 maxlen: 24
                          185.194.241.0/24 maxlen: 24
                          185.194.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/9e982d-ad5b-4100-8d9d-d1efceec34c1/1/mbBCW3HCtRzX6-R9Pv58uYYbTYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/9e982d-ad5b-4100-8d9d-d1efceec34c1/1/mbBCW3HCtRzX6-R9Pv58uYYbTYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mbBCW3HCtRzX6-R9Pv58uYYbTYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:32:a4:5a:a6:22:16:0f:3f:4e:fd:10:07:e3:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99b0425b71c2b51cd7ebe47d3efe7cb9861b4d82
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69079166cb0b568309e8b9cdc4877cfe78b0399e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bc:84:e2:93:a6:48:6b:29:82:f7:24:1d:f7:
                    e1:cb:1d:2b:89:52:94:28:ca:cf:51:3f:f5:e5:8d:
                    d5:40:02:65:0a:83:6c:7b:35:4c:19:35:a2:60:c6:
                    43:e9:4a:9a:17:b3:49:7b:7e:b3:d9:62:8e:71:3d:
                    b1:a9:dc:8d:31:dc:06:ad:27:0b:7a:03:52:e3:96:
                    d6:c3:31:ab:85:ec:91:5e:95:39:79:56:26:2f:1a:
                    da:1a:eb:67:75:a8:4a:ea:a1:e1:d4:14:a4:be:68:
                    92:80:fa:02:ed:3c:49:80:e6:04:00:28:c3:be:3c:
                    e5:66:42:5f:2c:d9:19:02:13:e5:0c:63:d8:72:57:
                    b3:6d:36:16:0a:00:dc:c6:cc:e8:ab:c8:bb:98:1b:
                    fd:a7:fd:b1:d1:ae:8a:f2:00:73:90:6d:bf:34:2e:
                    24:8c:55:92:58:c4:1b:30:ae:b9:b7:e6:4c:73:7f:
                    be:59:ee:e6:56:61:dd:a4:8d:44:12:18:09:44:53:
                    a8:cd:ae:45:d1:e7:1d:2c:8d:32:d1:47:2c:18:75:
                    76:5a:25:90:06:31:9f:20:30:b0:0d:0d:a2:a2:de:
                    45:3e:50:0e:ef:99:65:a5:64:68:db:43:92:5e:9d:
                    fb:65:aa:98:97:47:d5:3c:4e:e6:b2:3d:a8:77:9d:
                    5d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:07:91:66:CB:0B:56:83:09:E8:B9:CD:C4:87:7C:FE:78:B0:39:9E
            X509v3 Authority Key Identifier:
                keyid:99:B0:42:5B:71:C2:B5:1C:D7:EB:E4:7D:3E:FE:7C:B9:86:1B:4D:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mbBCW3HCtRzX6-R9Pv58uYYbTYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/9e982d-ad5b-4100-8d9d-d1efceec34c1/1/aQeRZssLVoMJ6LnNxId8_niwOZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/9e982d-ad5b-4100-8d9d-d1efceec34c1/1/mbBCW3HCtRzX6-R9Pv58uYYbTYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.8.0/22
                  185.194.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:f4:d7:f2:3a:ec:60:42:33:7c:35:68:c3:55:c9:5c:89:63:
         6f:11:03:b6:b1:93:80:78:e2:11:3e:e0:ea:7d:0b:92:1e:fc:
         70:55:83:bd:84:77:2f:9d:02:98:2d:49:3c:22:cc:74:05:25:
         de:41:84:24:6b:9d:a7:2d:fc:3c:d0:3f:0c:ee:63:30:27:65:
         f9:41:a6:0e:29:3f:a3:de:ea:1f:65:d3:79:0c:82:a7:17:ef:
         87:a0:84:6f:7f:60:ab:d4:5e:52:ee:7d:1a:76:ad:06:99:f5:
         57:03:d2:50:fc:72:de:99:53:63:6f:54:11:bd:77:51:f1:73:
         68:54:24:57:e2:d6:75:70:c6:20:21:af:a4:22:1f:1f:cf:19:
         ed:1f:37:55:22:99:f4:8b:15:6b:57:9b:ec:9a:11:c7:cc:3c:
         1e:14:1b:eb:24:b5:cf:59:d4:09:48:da:e2:55:29:ae:d2:4e:
         f7:c4:03:ea:cf:7f:b9:34:03:14:04:42:fe:f2:9f:e1:b0:bc:
         c8:f7:5a:06:e5:48:96:88:3d:a4:94:45:68:30:7d:5e:1d:de:
         d8:0f:fe:90:a9:50:bb:58:d1:0a:d4:3c:bd:01:f2:96:29:6f:
         9b:90:e4:89:bc:f7:29:30:6c:de:d2:60:f8:2e:7f:e6:83:d3:
         82:7d:7f:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbTKkWqYiFg8/Tv0QB+MKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5YjA0MjViNzFjMmI1MWNkN2ViZTQ3ZDNlZmU3Y2I5ODYx
YjRkODIwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTA3OTE2NmNiMGI1NjgzMDllOGI5Y2RjNDg3N2NmZTc4YjAzOTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7yE4pOmSGspgvckHffhyx0riVKU
KMrPUT/15Y3VQAJlCoNsezVMGTWiYMZD6UqaF7NJe36z2WKOcT2xqdyNMdwGrScL
egNS45bWwzGrheyRXpU5eVYmLxraGutndahK6qHh1BSkvmiSgPoC7TxJgOYEACjD
vjzlZkJfLNkZAhPlDGPYclezbTYWCgDcxszoq8i7mBv9p/2x0a6K8gBzkG2/NC4k
jFWSWMQbMK65t+ZMc3++We7mVmHdpI1EEhgJRFOoza5F0ecdLI0y0UcsGHV2WiWQ
BjGfIDCwDQ2iot5FPlAO75llpWRo20OSXp37ZaqYl0fVPE7msj2od51diwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGkHkWbLC1aDCei5zcSHfP54sDmeMB8GA1UdIwQY
MBaAFJmwQltxwrUc1+vkfT7+fLmGG02CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWJCQ1czSEN0UnpYNi1SOVB2NTh1WVliVFlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni85ZTk4MmQtYWQ1Yi00MTAwLThkOWQt
ZDFlZmNlZWMzNGMxLzEvYVFlUlpzc0xWb01KNkxuTnhJZDhfbml3T1o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni85ZTk4MmQtYWQ1Yi00MTAwLThkOWQtZDFlZmNlZWMzNGMx
LzEvbWJCQ1czSEN0UnpYNi1SOVB2NTh1WVliVFlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXoIAwQC
ucLwMA0GCSqGSIb3DQEBCwUAA4IBAQCH9NfyOuxgQjN8NWjDVclciWNvEQO2sZOA
eOIRPuDqfQuSHvxwVYO9hHcvnQKYLUk8Isx0BSXeQYQka52nLfw80D8M7mMwJ2X5
QaYOKT+j3uofZdN5DIKnF++HoIRvf2Cr1F5S7n0adq0GmfVXA9JQ/HLemVNjb1QR
vXdR8XNoVCRX4tZ1cMYgIa+kIh8fzxntHzdVIpn0ixVrV5vsmhHHzDweFBvrJLXP
WdQJSNriVSmu0k73xAPqz3+5NAMUBEL+8p/hsLzI91oG5UiWiD2klEVoMH1eHd7Y
D/6QqVC7WNEK1Dy9AfKWKW+bkOSJvPcpMGze0mD4Ln/mg9OCfX/a
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:20:17 2024 by rpki-client on console-ams.rpki-client.org