Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/ynWUBIiGRTnEPy0g31Meau9WVhU.roa
File:                     ynWUBIiGRTnEPy0g31Meau9WVhU.roa (raw, json)
Hash identifier:          2mBGuJK6iOkh0sWAywik4dzxE4/NsZAu/zzrRQUcmKE=
Subject key identifier:   CA:75:94:04:88:86:45:39:C4:3F:2D:20:DF:53:1E:6A:EF:56:56:15
Certificate issuer:       /CN=8a7b09ab545851c789d2caa8942ba39cea13e93e
Certificate serial:       018CC6B8C0B5EC800AECF9885F0C236F3DF3
Authority key identifier: 8A:7B:09:AB:54:58:51:C7:89:D2:CA:A8:94:2B:A3:9C:EA:13:E9:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/insJq1RYUceJ0sqolCujnOoT6T4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/ynWUBIiGRTnEPy0g31Meau9WVhU.roa
Signing time:             Mon 01 Jan 2024 20:30:45 +0000
ROA not before:           Mon 01 Jan 2024 20:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43193
IP address blocks:        185.176.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/insJq1RYUceJ0sqolCujnOoT6T4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/insJq1RYUceJ0sqolCujnOoT6T4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/insJq1RYUceJ0sqolCujnOoT6T4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c0:b5:ec:80:0a:ec:f9:88:5f:0c:23:6f:3d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a7b09ab545851c789d2caa8942ba39cea13e93e
        Validity
            Not Before: Jan  1 20:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca75940488864539c43f2d20df531e6aef565615
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:79:98:01:3d:ce:5a:8a:a1:2c:ce:e9:52:f1:
                    01:c0:3b:1f:54:79:88:ad:93:7d:bc:21:06:9e:8e:
                    6b:7a:77:10:3f:83:14:90:a7:d1:2b:6a:df:57:3c:
                    ad:07:8e:03:dc:12:6b:5f:f4:ca:a4:f0:e7:5c:4a:
                    b1:a1:0a:0c:2c:84:63:cc:f2:03:d3:bf:17:33:71:
                    6f:f7:dd:18:59:a8:04:23:bf:40:e6:57:6f:d5:5e:
                    2d:5b:45:5e:2e:b1:b2:3e:d8:0f:ae:b9:38:41:91:
                    94:c2:b7:fe:48:ae:88:fe:39:7b:e5:b9:ca:e6:76:
                    8c:a7:b7:d6:66:22:d4:f7:15:05:4c:02:cc:3a:bc:
                    8c:fb:15:04:8a:e6:a1:cc:6b:a7:19:f2:af:d9:9d:
                    67:ef:4a:03:4b:c5:13:32:e6:74:3d:ab:ca:d9:14:
                    2b:bd:d5:39:91:e8:f9:8e:a7:60:eb:cb:92:52:c1:
                    f2:df:7e:6a:8f:f3:cb:66:9a:91:f3:2c:43:e0:23:
                    a0:19:55:cd:e5:77:22:35:a3:9e:df:c7:f2:bb:98:
                    9c:d1:c2:60:98:61:75:c5:a7:8b:d5:c8:5f:9c:ab:
                    a7:24:be:12:4f:61:ac:88:ed:0b:c8:43:91:b6:16:
                    61:8d:80:52:9a:47:48:98:53:79:be:db:be:1a:08:
                    30:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:75:94:04:88:86:45:39:C4:3F:2D:20:DF:53:1E:6A:EF:56:56:15
            X509v3 Authority Key Identifier:
                keyid:8A:7B:09:AB:54:58:51:C7:89:D2:CA:A8:94:2B:A3:9C:EA:13:E9:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/insJq1RYUceJ0sqolCujnOoT6T4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/ynWUBIiGRTnEPy0g31Meau9WVhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/731f56-a2a1-4c75-95c3-5e7dc828d05d/1/insJq1RYUceJ0sqolCujnOoT6T4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:b5:5e:d6:24:8e:3f:35:79:5b:50:9f:cf:20:2e:18:2c:ae:
         9c:59:ff:bd:0c:9e:ed:b0:84:d3:27:4f:dc:05:86:01:33:b1:
         e8:60:92:00:f2:c2:e8:68:ac:6f:07:45:ce:ee:74:8f:32:0a:
         89:24:22:ce:33:fc:cb:ec:5d:a0:31:fc:c7:dc:ec:31:55:e4:
         5d:cb:54:89:8c:28:e5:57:ea:5d:86:3d:04:c5:d7:94:19:6d:
         ad:a2:5a:d1:d6:b5:d0:87:c2:5e:b4:f7:0f:57:8b:df:57:6e:
         35:79:a9:38:9e:ce:cb:99:a7:87:fb:c7:d0:b0:15:35:c2:80:
         68:da:63:e0:8e:3f:20:33:37:77:d0:3a:08:1e:aa:b7:83:bb:
         4a:9e:f1:f7:12:ba:f8:b5:54:2d:59:ad:11:f8:70:79:70:5f:
         34:cd:e1:39:99:d7:34:2b:8f:07:3f:5b:a7:8d:1d:62:28:91:
         d9:99:e8:af:a7:7b:77:e4:6e:40:bd:36:9f:a6:88:32:3a:37:
         c2:6f:28:85:10:8c:9f:e5:72:dd:fb:ca:65:31:40:c9:65:4c:
         99:3c:ea:17:73:21:cc:c0:e3:90:f9:f9:82:6a:15:28:d9:03:
         7a:18:86:c0:e2:24:99:17:64:7d:b0:bc:9a:e7:b7:b4:1e:aa:
         d4:28:6c:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuMC17IAK7PmIXwwjbz3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhN2IwOWFiNTQ1ODUxYzc4OWQyY2FhODk0MmJhMzljZWEx
M2U5M2UwHhcNMjQwMTAxMjAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTc1OTQwNDg4ODY0NTM5YzQzZjJkMjBkZjUzMWU2YWVmNTY1NjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nmYAT3OWoqhLM7pUvEBwDsfVHmI
rZN9vCEGno5rencQP4MUkKfRK2rfVzytB44D3BJrX/TKpPDnXEqxoQoMLIRjzPID
078XM3Fv990YWagEI79A5ldv1V4tW0VeLrGyPtgPrrk4QZGUwrf+SK6I/jl75bnK
5naMp7fWZiLU9xUFTALMOryM+xUEiuahzGunGfKv2Z1n70oDS8UTMuZ0PavK2RQr
vdU5kej5jqdg68uSUsHy335qj/PLZpqR8yxD4COgGVXN5XciNaOe38fyu5ic0cJg
mGF1xaeL1chfnKunJL4ST2GsiO0LyEORthZhjYBSmkdImFN5vtu+GggwPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMp1lASIhkU5xD8tIN9THmrvVlYVMB8GA1UdIwQY
MBaAFIp7CatUWFHHidLKqJQro5zqE+k+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW5zSnExUllVY2VKMHNxb2xDdWpuT29UNlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83MzFmNTYtYTJhMS00Yzc1LTk1YzMt
NWU3ZGM4MjhkMDVkLzEveW5XVUJJaUdSVG5FUHkwZzMxTWVhdTlXVmhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83MzFmNTYtYTJhMS00Yzc1LTk1YzMtNWU3ZGM4MjhkMDVk
LzEvaW5zSnExUllVY2VKMHNxb2xDdWpuT29UNlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubCkMA0G
CSqGSIb3DQEBCwUAA4IBAQCltV7WJI4/NXlbUJ/PIC4YLK6cWf+9DJ7tsITTJ0/c
BYYBM7HoYJIA8sLoaKxvB0XO7nSPMgqJJCLOM/zL7F2gMfzH3OwxVeRdy1SJjCjl
V+pdhj0ExdeUGW2tolrR1rXQh8JetPcPV4vfV241eak4ns7LmaeH+8fQsBU1woBo
2mPgjj8gMzd30DoIHqq3g7tKnvH3Err4tVQtWa0R+HB5cF80zeE5mdc0K48HP1un
jR1iKJHZmeivp3t35G5AvTafpogyOjfCbyiFEIyf5XLd+8plMUDJZUyZPOoXcyHM
wOOQ+fmCahUo2QN6GIbA4iSZF2R9sLya57e0HqrUKGyv
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:23:01 2024 by rpki-client on console-fra.rpki-client.org