Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/uf93E-i8pWNNbytXSeA3LndwURk.roa
File:                     uf93E-i8pWNNbytXSeA3LndwURk.roa (raw, json)
Hash identifier:          SpPZHOatrh8TvwULLLLQK8Wzj6IQyNe8QO4g2h/6lt0=
Subject key identifier:   B9:FF:77:13:E8:BC:A5:63:4D:6F:2B:57:49:E0:37:2E:77:70:51:19
Certificate issuer:       /CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Certificate serial:       018CC348CF8B8E03EB16C3E5223560BD353D
Authority key identifier: 0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/uf93E-i8pWNNbytXSeA3LndwURk.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33875
IP address blocks:        89.35.218.0/24 maxlen: 24
                          89.35.219.0/24 maxlen: 24
                          89.35.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cf:8b:8e:03:eb:16:c3:e5:22:35:60:bd:35:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9ff7713e8bca5634d6f2b5749e0372e77705119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ec:75:d0:13:5b:18:0f:b0:9e:6c:b5:06:ca:
                    26:ba:0f:be:9b:be:e4:db:0c:81:0f:c4:e8:91:eb:
                    10:08:95:3f:4d:66:03:68:fc:b8:3b:08:41:48:5f:
                    a6:0b:d6:95:30:1e:2c:c2:6c:77:5d:b4:0d:4b:2a:
                    12:1c:36:41:b8:6c:e4:e0:6b:5b:72:21:5a:db:e9:
                    6c:11:23:5c:47:96:22:55:65:89:d5:ac:1b:3b:c6:
                    88:02:b6:3c:5a:cb:3f:cf:57:c0:c6:39:63:49:7e:
                    d5:25:b4:3e:3d:48:cc:7a:83:1a:30:db:76:a2:de:
                    a9:9b:b2:c6:3c:64:f5:be:d0:86:00:ae:d1:d9:62:
                    4c:97:6e:d1:f9:01:a8:d2:53:28:69:f4:1b:dc:ad:
                    72:86:c2:c3:9a:56:78:6e:63:97:5d:3c:de:f4:c6:
                    17:20:16:18:94:a5:ba:5f:86:3d:6a:fa:4e:72:5b:
                    d0:11:28:5e:a8:fc:37:eb:0a:a9:e4:e9:ed:e0:b2:
                    c5:21:de:11:f7:15:cb:da:22:f3:78:97:bf:3d:b3:
                    f4:4a:49:98:cb:b1:0b:c4:fe:73:cf:57:6a:ab:93:
                    e1:af:92:3c:42:50:32:f2:9c:9d:13:8b:d5:78:db:
                    2b:63:de:64:7a:ec:46:68:d5:47:0b:13:f7:64:82:
                    05:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FF:77:13:E8:BC:A5:63:4D:6F:2B:57:49:E0:37:2E:77:70:51:19
            X509v3 Authority Key Identifier:
                keyid:0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/uf93E-i8pWNNbytXSeA3LndwURk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.218.0-89.35.220.255

    Signature Algorithm: sha256WithRSAEncryption
         49:6e:cf:f3:c6:65:9f:dd:70:b3:7b:21:d1:97:0f:09:44:e9:
         58:bd:b6:0f:c9:e1:97:60:9a:a4:7b:50:d8:11:d8:62:56:ae:
         5b:aa:67:bb:ea:5b:a1:73:16:be:55:d2:be:6b:2a:b5:91:21:
         22:1d:b7:e2:a2:d7:68:cf:37:c3:02:cd:db:2c:d7:e3:86:6e:
         2a:21:ef:a3:66:ac:e3:12:ad:da:28:14:0a:d9:b8:d7:d8:49:
         b1:ff:07:4a:0e:4e:da:20:7c:07:8f:66:07:c4:a1:89:5b:af:
         fd:c4:1a:b1:b9:f3:ac:21:22:84:74:8d:1b:46:8f:ed:c5:01:
         6d:12:a5:ef:80:b6:1f:46:c7:f0:bb:e7:64:2f:66:70:50:15:
         41:21:96:ee:a3:3e:2b:e1:d9:66:61:c2:8c:24:89:31:28:97:
         71:44:28:0a:65:2a:97:76:7b:31:ac:82:43:3c:2f:bd:45:11:
         98:7d:e9:99:a2:92:a3:b3:5e:54:9c:ad:d3:8c:6a:10:2d:76:
         16:bd:52:cb:d6:2e:3a:b8:33:dd:f9:04:8f:f3:c3:e9:1d:56:
         03:ad:7b:bb:c4:5b:b6:41:8c:f3:cc:31:a6:5d:6e:40:80:c7:
         43:e9:a7:44:6a:35:f8:0e:5e:a8:94:c2:e1:e1:33:78:6e:c9:
         7a:cd:ff:a3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSM+LjgPrFsPlIjVgvTU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNTU2YWNiNWYzYjk2MWI1Y2MyNGEyOTk1ZjM0ZWU5MWY3
OWRjMTYwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZmNzcxM2U4YmNhNTYzNGQ2ZjJiNTc0OWUwMzcyZTc3NzA1MTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmux10BNbGA+wnmy1Bsomug++m77k
2wyBD8TokesQCJU/TWYDaPy4OwhBSF+mC9aVMB4swmx3XbQNSyoSHDZBuGzk4Gtb
ciFa2+lsESNcR5YiVWWJ1awbO8aIArY8Wss/z1fAxjljSX7VJbQ+PUjMeoMaMNt2
ot6pm7LGPGT1vtCGAK7R2WJMl27R+QGo0lMoafQb3K1yhsLDmlZ4bmOXXTze9MYX
IBYYlKW6X4Y9avpOclvQESheqPw36wqp5Ont4LLFId4R9xXL2iLzeJe/PbP0SkmY
y7ELxP5zz1dqq5Phr5I8QlAy8pydE4vVeNsrY95keuxGaNVHCxP3ZIIFJQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLn/dxPovKVjTW8rV0ngNy53cFEZMB8GA1UdIwQY
MBaAFAtVastfO5YbXMJKKZXzTukfedwWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEt
ZDJiYmYzN2RhYmI0LzEvdWY5M0UtaThwV05OYnl0WFNlQTNMbmR3VVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEtZDJiYmYzN2RhYmI0
LzEvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFZI9oD
BABZI9wwDQYJKoZIhvcNAQELBQADggEBAEluz/PGZZ/dcLN7IdGXDwlE6Vi9tg/J
4ZdgmqR7UNgR2GJWrluqZ7vqW6FzFr5V0r5rKrWRISIdt+Ki12jPN8MCzdss1+OG
bioh76NmrOMSrdooFArZuNfYSbH/B0oOTtogfAePZgfEoYlbr/3EGrG586whIoR0
jRtGj+3FAW0Spe+Ath9Gx/C752QvZnBQFUEhlu6jPivh2WZhwowkiTEol3FEKApl
Kpd2ezGsgkM8L71FEZh96ZmikqOzXlScrdOMahAtdha9UsvWLjq4M935BI/zw+kd
VgOte7vEW7ZBjPPMMaZdbkCAx0Ppp0RqNfgOXqiUwuHhM3huyXrN/6M=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:48 2024 by rpki-client on console-ams.rpki-client.org