Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/GeamoSvRj0HWUG4CmLwa5wjHR-k.roa
File:                     GeamoSvRj0HWUG4CmLwa5wjHR-k.roa (raw, json)
Hash identifier:          jazD90mE2SbzFRfRT//p2IxE7zBgezzV0FWI65CtI7g=
Subject key identifier:   19:E6:A6:A1:2B:D1:8F:41:D6:50:6E:02:98:BC:1A:E7:08:C7:47:E9
Certificate issuer:       /CN=8c186a56ea84c13c62768a9d17bae133cedf1045
Certificate serial:       018CCA2A37186B83347C78DBE45AA6CE24A0
Authority key identifier: 8C:18:6A:56:EA:84:C1:3C:62:76:8A:9D:17:BA:E1:33:CE:DF:10:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/GeamoSvRj0HWUG4CmLwa5wjHR-k.roa
Signing time:             Tue 02 Jan 2024 12:33:33 +0000
ROA not before:           Tue 02 Jan 2024 12:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198440
IP address blocks:        185.102.148.0/22 maxlen: 24
                          37.48.224.0/24 maxlen: 24
                          37.48.229.0/24 maxlen: 24
                          37.48.230.0/24 maxlen: 24
                          62.64.128.0/21 maxlen: 24
                          62.64.136.0/22 maxlen: 24
                          188.74.64.0/19 maxlen: 24
                          62.64.144.0/20 maxlen: 24
                          217.168.248.0/21 maxlen: 24
                          2a05:87c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/jBhqVuqEwTxidoqdF7rhM87fEEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/jBhqVuqEwTxidoqdF7rhM87fEEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:37:18:6b:83:34:7c:78:db:e4:5a:a6:ce:24:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c186a56ea84c13c62768a9d17bae133cedf1045
        Validity
            Not Before: Jan  2 12:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19e6a6a12bd18f41d6506e0298bc1ae708c747e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c7:51:7e:19:41:d6:73:0f:57:81:37:3c:39:
                    84:0c:25:7f:c9:3a:a5:cd:43:0b:53:11:2c:4b:a4:
                    31:ab:3f:69:20:11:3a:ea:a1:52:0e:30:42:4b:3a:
                    13:ea:64:6f:25:c0:a6:5a:64:32:34:4b:77:02:46:
                    f6:b9:78:9b:ec:92:3a:10:4a:b6:00:a4:ce:3c:67:
                    b3:11:a4:16:77:4a:09:9a:79:aa:d8:c1:8a:3b:63:
                    26:11:ad:0f:a1:c6:f8:38:38:9f:d2:ce:02:7e:fb:
                    4d:f3:03:68:1b:ab:61:c0:c3:e0:7a:00:6f:be:dd:
                    41:98:ba:6a:42:86:47:f1:dc:46:2d:7b:44:d4:0d:
                    91:07:be:69:3d:00:9d:12:ab:b5:5b:99:14:8c:2c:
                    a1:40:07:3f:f2:a1:86:1f:7c:5a:91:cb:11:18:43:
                    d0:16:9a:5b:3f:3d:c6:92:19:dc:a4:bb:a6:41:73:
                    81:20:98:2e:3c:c4:22:47:c8:2a:65:72:e6:82:86:
                    ee:92:2d:57:be:5b:48:66:8e:bc:4e:02:6b:99:1c:
                    d4:2c:fc:b7:b9:f8:54:e3:21:eb:4f:4c:25:b3:e9:
                    c7:79:0b:89:dc:af:d8:33:99:2d:f0:fb:3a:5d:7a:
                    be:1c:47:ba:41:9b:3a:07:de:dd:55:fa:da:22:f5:
                    cd:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E6:A6:A1:2B:D1:8F:41:D6:50:6E:02:98:BC:1A:E7:08:C7:47:E9
            X509v3 Authority Key Identifier:
                keyid:8C:18:6A:56:EA:84:C1:3C:62:76:8A:9D:17:BA:E1:33:CE:DF:10:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBhqVuqEwTxidoqdF7rhM87fEEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/GeamoSvRj0HWUG4CmLwa5wjHR-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c8ec95-b5f5-44fb-b93d-2092af647070/1/jBhqVuqEwTxidoqdF7rhM87fEEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.48.224.0/24
                  37.48.229.0-37.48.230.255
                  62.64.128.0-62.64.139.255
                  62.64.144.0/20
                  185.102.148.0/22
                  188.74.64.0/19
                  217.168.248.0/21
                IPv6:
                  2a05:87c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         cb:bc:4c:51:0c:e3:a5:bb:20:59:66:80:a2:f9:f3:36:65:09:
         0c:ac:02:98:c1:b2:41:a0:ff:e9:25:e8:c1:3f:d2:c5:22:8f:
         a9:f6:11:89:b1:44:4d:1e:38:40:90:a6:a8:cc:a9:b7:69:02:
         f6:34:d6:b4:29:dc:0d:37:aa:7d:58:ea:04:6a:ec:3e:ba:a1:
         35:16:8f:68:35:8c:21:b7:f2:ff:e6:dd:50:c9:fa:b9:71:6f:
         f0:7f:25:20:62:2a:38:af:89:c8:ae:9f:ad:30:41:d0:59:1d:
         7f:89:e4:8a:05:0d:e1:65:c2:11:9a:2a:05:13:bf:39:60:1c:
         e9:8b:19:a0:6c:f7:52:f2:9d:1f:dd:2f:f4:16:ee:ea:1d:d4:
         e7:e8:2e:c3:92:bc:db:b7:fd:ed:10:09:ce:6c:c9:83:af:68:
         ed:58:6e:26:fc:f3:1a:59:4d:25:30:0e:7b:61:3d:7a:fc:21:
         38:11:24:4a:6e:39:2d:6d:db:95:27:83:29:ef:d6:65:14:f9:
         de:8d:7d:3e:ed:1c:54:1e:db:2f:98:91:ad:24:0a:31:d9:d3:
         a4:7e:dd:e0:5f:80:fe:eb:40:f9:de:38:8e:78:63:ab:9b:fb:
         f8:b7:9f:20:54:32:ed:b3:08:9c:18:2d:4f:26:8a:31:8e:06:
         71:24:77:6b
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYzKKjcYa4M0fHjb5FqmziSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMTg2YTU2ZWE4NGMxM2M2Mjc2OGE5ZDE3YmFlMTMzY2Vk
ZjEwNDUwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWU2YTZhMTJiZDE4ZjQxZDY1MDZlMDI5OGJjMWFlNzA4Yzc0N2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMdRfhlB1nMPV4E3PDmEDCV/yTql
zUMLUxEsS6Qxqz9pIBE66qFSDjBCSzoT6mRvJcCmWmQyNEt3Akb2uXib7JI6EEq2
AKTOPGezEaQWd0oJmnmq2MGKO2MmEa0Pocb4ODif0s4CfvtN8wNoG6thwMPgegBv
vt1BmLpqQoZH8dxGLXtE1A2RB75pPQCdEqu1W5kUjCyhQAc/8qGGH3xakcsRGEPQ
FppbPz3GkhncpLumQXOBIJguPMQiR8gqZXLmgobuki1XvltIZo68TgJrmRzULPy3
ufhU4yHrT0wls+nHeQuJ3K/YM5kt8Ps6XXq+HEe6QZs6B97dVfraIvXNywIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFBnmpqEr0Y9B1lBuApi8GucIx0fpMB8GA1UdIwQY
MBaAFIwYalbqhME8YnaKnRe64TPO3xBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakJocVZ1cUV3VHhpZG9xZEY3cmhNODdmRUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jOGVjOTUtYjVmNS00NGZiLWI5M2Qt
MjA5MmFmNjQ3MDcwLzEvR2VhbW9TdlJqMEhXVUc0Q21Md2E1d2pIUi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jOGVjOTUtYjVmNS00NGZiLWI5M2QtMjA5MmFmNjQ3MDcw
LzEvakJocVZ1cUV3VHhpZG9xZEY3cmhNODdmRUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBABAIAATA6AwQAJTDgMAwD
BAAlMOUDBAAlMOYwDAMEBz5AgAMEAj5AiAMEBD5AkAMEArlmlAMEBbxKQAMEA9mo
+DANBAIAAjAHAwUDKgWHwDANBgkqhkiG9w0BAQsFAAOCAQEAy7xMUQzjpbsgWWaA
ovnzNmUJDKwCmMGyQaD/6SXowT/SxSKPqfYRibFETR44QJCmqMypt2kC9jTWtCnc
DTeqfVjqBGrsPrqhNRaPaDWMIbfy/+bdUMn6uXFv8H8lIGIqOK+JyK6frTBB0Fkd
f4nkigUN4WXCEZoqBRO/OWAc6YsZoGz3UvKdH90v9Bbu6h3U5+guw5K827f97RAJ
zmzJg69o7VhuJvzzGllNJTAOe2E9evwhOBEkSm45LW3blSeDKe/WZRT53o19Pu0c
VB7bL5iRrSQKMdnTpH7d4F+A/utA+d44jnhjq5v7+LefIFQy7bMInBgtTyaKMY4G
cSR3aw==
-----END CERTIFICATE-----
Generated at Sat Jun 15 21:18:22 2024 by rpki-client on console-ams.rpki-client.org