Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/iCxZRNuboLSQ_A-b_9ZCwnTR7Sw.roa
File:                     iCxZRNuboLSQ_A-b_9ZCwnTR7Sw.roa (raw, json)
Hash identifier:          up+wwDvYKUVV9SGfbmiipQPTpyc8xi4mM9X2/7uPTio=
Subject key identifier:   88:2C:59:44:DB:9B:A0:B4:90:FC:0F:9B:FF:D6:42:C2:74:D1:ED:2C
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       018CC801552D2A604E2273F960B17F0465F3
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/iCxZRNuboLSQ_A-b_9ZCwnTR7Sw.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20765
IP address blocks:        185.126.35.32/27 maxlen: 27
                          185.126.35.80/28 maxlen: 28
                          185.126.35.64/28 maxlen: 28
                          185.126.35.0/27 maxlen: 27

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:55:2d:2a:60:4e:22:73:f9:60:b1:7f:04:65:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=882c5944db9ba0b490fc0f9bffd642c274d1ed2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c2:15:7b:e6:9b:4d:98:25:cc:0a:68:9d:0a:
                    fa:55:6e:cc:ed:2e:9e:ec:fe:15:19:6d:9b:c4:dc:
                    23:4f:ad:03:70:65:61:0b:66:e1:07:fe:36:6b:2c:
                    6c:65:a5:b9:ec:54:06:64:84:d7:1b:22:31:cb:93:
                    13:db:5c:ad:58:b5:de:32:16:ea:e5:8b:c2:47:a6:
                    df:41:c5:bc:ef:02:f3:03:26:b0:bd:03:67:f3:15:
                    ee:a3:b6:2b:11:a1:07:92:89:77:43:a2:20:6f:02:
                    d1:c0:8c:04:a1:a3:ef:c6:a3:dc:b1:bc:ca:19:e5:
                    2a:a8:e7:55:ba:d7:dc:62:8f:51:ae:2d:1d:36:e5:
                    f6:ba:c7:3f:53:f2:79:0b:c9:42:ab:3c:6a:f0:a5:
                    8b:3d:26:28:3f:06:fe:94:e2:62:b1:c5:91:32:f7:
                    bb:3c:26:b9:8f:35:35:59:23:bb:a4:d5:37:df:ed:
                    14:77:9d:22:30:7f:7a:68:e3:7d:4f:4b:32:c3:cd:
                    ac:c4:3f:b5:f6:ea:da:5e:c4:41:46:ef:90:b6:bb:
                    7c:04:c9:7b:d9:ae:0b:96:f4:70:96:3e:65:cd:bb:
                    78:da:92:cb:1e:a8:e7:a3:ac:54:be:b0:17:fc:c1:
                    2e:2e:a4:b7:1c:82:51:ee:69:c7:d1:e3:70:30:15:
                    dc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:2C:59:44:DB:9B:A0:B4:90:FC:0F:9B:FF:D6:42:C2:74:D1:ED:2C
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/iCxZRNuboLSQ_A-b_9ZCwnTR7Sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.35.0-185.126.35.95

    Signature Algorithm: sha256WithRSAEncryption
         4c:aa:b6:e3:0b:a7:e9:97:59:51:10:58:e0:5f:a0:6d:a2:ad:
         f2:11:19:09:ce:bf:7c:6a:b6:9a:c6:34:1d:59:1d:4a:41:0b:
         9b:14:5d:57:b2:18:a9:8d:a6:49:13:b8:7d:12:36:89:49:09:
         b7:52:c3:89:c9:7b:b2:49:58:66:25:1c:27:be:fa:e5:27:98:
         e7:8c:d9:54:ce:d3:24:88:95:d6:26:9b:19:d4:0e:9e:08:95:
         27:d7:f2:f7:da:d5:e9:71:8c:1c:a0:e7:e0:bd:83:3d:11:ca:
         c3:7e:30:4b:6e:31:ee:c9:6d:3f:57:97:f6:a4:3f:62:68:bd:
         ba:9f:e9:aa:1d:67:db:56:2c:ce:9f:b2:a0:bf:5c:bc:76:ed:
         a2:cd:a1:47:d3:09:68:7c:ed:be:c3:3c:c2:a4:f6:cc:16:c1:
         69:20:a5:ac:96:72:e4:a0:5a:67:d2:0f:c3:6a:2e:eb:57:49:
         a3:fb:fb:ae:e0:09:29:99:31:56:d1:8a:a6:0a:cf:07:13:37:
         ff:54:15:b4:0b:15:1f:e7:27:a6:e3:bf:8d:ba:11:ce:45:75:
         fc:ee:4c:8a:a4:9e:8e:b4:3c:25:4c:10:ad:c9:f3:7f:4f:18:
         9a:b5:e2:06:6e:6c:33:33:c3:66:3b:3c:66:a8:fe:d0:47:77:
         b5:c1:d3:63
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAYzIAVUtKmBOInP5YLF/BGXzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODJjNTk0NGRiOWJhMGI0OTBmYzBmOWJmZmQ2NDJjMjc0ZDFlZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8IVe+abTZglzAponQr6VW7M7S6e
7P4VGW2bxNwjT60DcGVhC2bhB/42ayxsZaW57FQGZITXGyIxy5MT21ytWLXeMhbq
5YvCR6bfQcW87wLzAyawvQNn8xXuo7YrEaEHkol3Q6IgbwLRwIwEoaPvxqPcsbzK
GeUqqOdVutfcYo9Rri0dNuX2usc/U/J5C8lCqzxq8KWLPSYoPwb+lOJiscWRMve7
PCa5jzU1WSO7pNU33+0Ud50iMH96aON9T0syw82sxD+19uraXsRBRu+Qtrt8BMl7
2a4LlvRwlj5lzbt42pLLHqjno6xUvrAX/MEuLqS3HIJR7mnH0eNwMBXcrQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFIgsWUTbm6C0kPwPm//WQsJ00e0sMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvaUN4WlJOdWJvTFNRX0EtYl85WkN3blRSN1N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAATAPMA0DBAC5fiMD
BQW5fiNAMA0GCSqGSIb3DQEBCwUAA4IBAQBMqrbjC6fpl1lREFjgX6Btoq3yERkJ
zr98araaxjQdWR1KQQubFF1XshipjaZJE7h9EjaJSQm3UsOJyXuySVhmJRwnvvrl
J5jnjNlUztMkiJXWJpsZ1A6eCJUn1/L32tXpcYwcoOfgvYM9EcrDfjBLbjHuyW0/
V5f2pD9iaL26n+mqHWfbVizOn7Kgv1y8du2izaFH0wlofO2+wzzCpPbMFsFpIKWs
lnLkoFpn0g/Dai7rV0mj+/uu4AkpmTFW0YqmCs8HEzf/VBW0CxUf5yem47+NuhHO
RXX87kyKpJ6OtDwlTBCtyfN/TxiateIGbmwzM8NmOzxmqP7QR3e1wdNj
-----END CERTIFICATE-----
Generated at Sun Jun 16 04:08:20 2024 by rpki-client on console-ams.rpki-client.org