Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/33e53d-bcee-423b-aa84-135bab090940/1/ey1W-CtA_36Oo5ZdrlMV0uM14xM.roa
File:                     ey1W-CtA_36Oo5ZdrlMV0uM14xM.roa (raw, json)
Hash identifier:          mpNGbOJtQgMw+PfIuLdK89gsF++sc3CnxJvlOP25CH4=
Subject key identifier:   7B:2D:56:F8:2B:40:FF:7E:8E:A3:96:5D:AE:53:15:D2:E3:35:E3:13
Certificate issuer:       /CN=987dccf5068829329cdac51d5d190fe1089cde9e
Certificate serial:       018CC9BC343A6E81B7A4A89BAFF9947B5ED5
Authority key identifier: 98:7D:CC:F5:06:88:29:32:9C:DA:C5:1D:5D:19:0F:E1:08:9C:DE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mH3M9QaIKTKc2sUdXRkP4Qic3p4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/33e53d-bcee-423b-aa84-135bab090940/1/ey1W-CtA_36Oo5ZdrlMV0uM14xM.roa
Signing time:             Tue 02 Jan 2024 10:33:23 +0000
ROA not before:           Tue 02 Jan 2024 10:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60789
IP address blocks:        185.26.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/33e53d-bcee-423b-aa84-135bab090940/1/mH3M9QaIKTKc2sUdXRkP4Qic3p4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/33e53d-bcee-423b-aa84-135bab090940/1/mH3M9QaIKTKc2sUdXRkP4Qic3p4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mH3M9QaIKTKc2sUdXRkP4Qic3p4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:34:3a:6e:81:b7:a4:a8:9b:af:f9:94:7b:5e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=987dccf5068829329cdac51d5d190fe1089cde9e
        Validity
            Not Before: Jan  2 10:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b2d56f82b40ff7e8ea3965dae5315d2e335e313
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:56:64:fd:b5:69:e9:58:3e:40:d6:56:db:31:
                    db:76:66:84:34:b4:25:18:4c:12:f1:5c:ec:18:4e:
                    7f:b7:86:0a:fc:58:43:c5:ad:03:38:bb:f0:00:f8:
                    21:e2:88:73:a3:01:85:a5:2b:7a:ab:9e:b7:31:52:
                    5b:42:5f:48:a3:8b:5e:70:54:f9:aa:79:66:4a:57:
                    30:4a:ff:6c:69:ea:a9:60:8f:ad:76:71:97:c2:2c:
                    20:95:bf:c4:14:7e:30:8e:18:ac:b8:82:ed:13:eb:
                    0f:82:21:3f:ce:68:27:89:1d:70:72:05:05:e9:8d:
                    5b:9a:a2:5a:89:21:5a:91:7d:61:c4:1a:96:be:a7:
                    0f:a8:95:0d:f4:46:16:dc:34:04:f0:05:a8:b4:50:
                    99:8a:f7:7d:1e:53:a8:fd:12:ee:63:36:c9:0e:66:
                    da:05:46:23:e8:47:2f:52:e3:bc:bf:9f:d6:ff:0f:
                    88:5b:bf:d4:56:6f:e0:93:62:c1:63:80:91:50:f9:
                    9d:02:8b:0b:a8:4a:c8:b8:3a:64:47:59:11:c5:42:
                    42:86:8f:6d:2f:c6:93:28:f9:34:bd:4e:83:85:70:
                    e1:e0:24:7c:8d:d4:14:e2:dd:a5:13:21:39:56:81:
                    2d:88:59:73:be:30:d7:fa:f1:ec:84:28:4c:27:b2:
                    71:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:2D:56:F8:2B:40:FF:7E:8E:A3:96:5D:AE:53:15:D2:E3:35:E3:13
            X509v3 Authority Key Identifier:
                keyid:98:7D:CC:F5:06:88:29:32:9C:DA:C5:1D:5D:19:0F:E1:08:9C:DE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mH3M9QaIKTKc2sUdXRkP4Qic3p4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/33e53d-bcee-423b-aa84-135bab090940/1/ey1W-CtA_36Oo5ZdrlMV0uM14xM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/33e53d-bcee-423b-aa84-135bab090940/1/mH3M9QaIKTKc2sUdXRkP4Qic3p4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:07:07:94:a6:f8:d2:54:93:6f:c6:fd:2c:50:08:d3:e9:62:
         0a:39:5a:e8:5b:bc:b9:ea:46:b1:70:59:02:b0:f4:98:db:3b:
         73:c7:13:6d:52:3a:ca:9c:d9:dc:8d:6f:7b:2f:70:f6:a3:85:
         8a:d0:2d:d2:42:1e:32:26:28:e7:f6:9f:cc:a4:b2:f2:93:ce:
         2a:71:31:84:54:b6:4d:1b:3f:83:81:9d:bc:ea:a4:4e:9a:25:
         52:8b:c5:6c:75:84:67:79:d6:1e:f5:2a:bb:c2:22:7f:07:27:
         0d:78:81:54:6c:92:e3:d3:86:8d:04:4e:dc:e6:56:98:b7:af:
         2a:c8:ff:0b:15:8e:3c:e6:4d:a7:6b:fb:9b:25:83:94:ed:b5:
         60:b6:fa:12:5c:ee:c5:45:74:42:7d:16:fb:5b:bc:2e:09:c8:
         8a:7f:32:27:a9:d6:0d:4c:93:ac:cc:a8:23:72:85:68:e3:7a:
         58:5b:cd:78:c2:32:5e:47:a8:14:4b:c9:26:3f:83:b4:22:ce:
         ed:06:54:b9:f3:a1:03:f3:34:10:1b:8e:f4:ee:77:09:96:65:
         b5:c0:ff:7f:b6:fb:7e:8d:09:04:18:bf:ca:3a:d4:52:62:df:
         e4:2c:f1:05:a3:7b:03:c0:45:73:11:af:e1:bc:9a:b2:23:37:
         88:6c:0b:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDQ6boG3pKibr/mUe17VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4N2RjY2Y1MDY4ODI5MzI5Y2RhYzUxZDVkMTkwZmUxMDg5
Y2RlOWUwHhcNMjQwMTAyMTAzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjJkNTZmODJiNDBmZjdlOGVhMzk2NWRhZTUzMTVkMmUzMzVlMzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolZk/bVp6Vg+QNZW2zHbdmaENLQl
GEwS8VzsGE5/t4YK/FhDxa0DOLvwAPgh4ohzowGFpSt6q563MVJbQl9Io4tecFT5
qnlmSlcwSv9saeqpYI+tdnGXwiwglb/EFH4wjhisuILtE+sPgiE/zmgniR1wcgUF
6Y1bmqJaiSFakX1hxBqWvqcPqJUN9EYW3DQE8AWotFCZivd9HlOo/RLuYzbJDmba
BUYj6EcvUuO8v5/W/w+IW7/UVm/gk2LBY4CRUPmdAosLqErIuDpkR1kRxUJCho9t
L8aTKPk0vU6DhXDh4CR8jdQU4t2lEyE5VoEtiFlzvjDX+vHshChMJ7Jx2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHstVvgrQP9+jqOWXa5TFdLjNeMTMB8GA1UdIwQY
MBaAFJh9zPUGiCkynNrFHV0ZD+EInN6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUgzTTlRYUlLVEtjMnNVZFhSa1A0UWljM3A0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zM2U1M2QtYmNlZS00MjNiLWFhODQt
MTM1YmFiMDkwOTQwLzEvZXkxVy1DdEFfMzZPbzVaZHJsTVYwdU0xNHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zM2U1M2QtYmNlZS00MjNiLWFhODQtMTM1YmFiMDkwOTQw
LzEvbUgzTTlRYUlLVEtjMnNVZFhSa1A0UWljM3A0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRokMA0G
CSqGSIb3DQEBCwUAA4IBAQA8BweUpvjSVJNvxv0sUAjT6WIKOVroW7y56kaxcFkC
sPSY2ztzxxNtUjrKnNncjW97L3D2o4WK0C3SQh4yJijn9p/MpLLyk84qcTGEVLZN
Gz+DgZ286qROmiVSi8VsdYRnedYe9Sq7wiJ/BycNeIFUbJLj04aNBE7c5laYt68q
yP8LFY485k2na/ubJYOU7bVgtvoSXO7FRXRCfRb7W7wuCciKfzInqdYNTJOszKgj
coVo43pYW814wjJeR6gUS8kmP4O0Is7tBlS586ED8zQQG4707ncJlmW1wP9/tvt+
jQkEGL/KOtRSYt/kLPEFo3sDwEVzEa/hvJqyIzeIbAug
-----END CERTIFICATE-----
Generated at Sat Nov 23 17:38:21 2024 by rpki-client on console-fra.rpki-client.org