Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/811e73-cf30-494d-acac-8420ae9e0622/1/h0kmkGrFBOzt5v0CadgdRMML0Vs.roa
File:                     h0kmkGrFBOzt5v0CadgdRMML0Vs.roa (raw, json)
Hash identifier:          KySeJR1ImOZjk3OXHk4uL03a+8VhH+bgym0fdLvSRMI=
Subject key identifier:   87:49:26:90:6A:C5:04:EC:ED:E6:FD:02:69:D8:1D:44:C3:0B:D1:5B
Certificate issuer:       /CN=a8801be2363f211bd2f57818adeaf9c0dbe14bdb
Certificate serial:       018CC26CFA315E6E1BEFB010104EC7E0F6C9
Authority key identifier: A8:80:1B:E2:36:3F:21:1B:D2:F5:78:18:AD:EA:F9:C0:DB:E1:4B:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qIAb4jY_IRvS9XgYrer5wNvhS9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/811e73-cf30-494d-acac-8420ae9e0622/1/h0kmkGrFBOzt5v0CadgdRMML0Vs.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.66.203.0/24 maxlen: 24
                          185.66.202.0/24 maxlen: 24
                          185.237.4.0/24 maxlen: 24
                          185.237.7.0/24 maxlen: 24
                          185.237.6.0/24 maxlen: 24
                          185.237.5.0/24 maxlen: 24
                          82.115.214.0/24 maxlen: 24
                          2a07:e3c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/811e73-cf30-494d-acac-8420ae9e0622/1/qIAb4jY_IRvS9XgYrer5wNvhS9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/811e73-cf30-494d-acac-8420ae9e0622/1/qIAb4jY_IRvS9XgYrer5wNvhS9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qIAb4jY_IRvS9XgYrer5wNvhS9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fa:31:5e:6e:1b:ef:b0:10:10:4e:c7:e0:f6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8801be2363f211bd2f57818adeaf9c0dbe14bdb
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=874926906ac504ecede6fd0269d81d44c30bd15b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fb:ca:0f:e8:d1:d4:dd:a8:c3:d2:0b:8d:96:
                    48:69:45:a4:69:2f:b0:8c:93:9f:23:84:5b:e7:97:
                    8f:14:92:ee:be:34:8d:62:8c:15:66:ac:49:30:a6:
                    e3:56:b2:55:07:23:de:19:a1:16:20:e6:24:8d:9c:
                    a3:8b:a7:61:51:23:05:95:c4:77:13:77:a5:41:c1:
                    ba:08:80:eb:41:54:0e:27:f6:a0:a1:9b:e0:6a:70:
                    f4:f4:45:80:0f:dd:90:4e:d4:ce:4c:51:3b:54:cb:
                    90:53:15:7f:bb:76:5d:33:35:4c:3c:5d:cf:04:4d:
                    d9:d7:ee:79:7e:4b:05:a1:ed:c7:f8:74:00:e2:d4:
                    fe:91:b7:4b:6f:1b:04:b0:09:47:aa:64:6e:b2:20:
                    00:5e:43:60:ae:9d:35:38:47:9e:ba:dc:44:a8:fe:
                    4b:a7:f6:43:d3:7a:1a:6d:a1:e8:c2:7d:e4:af:92:
                    e6:bf:19:f2:ac:50:ef:67:78:f3:5f:c9:01:a4:2e:
                    1c:6a:80:ff:b4:66:2a:30:95:06:84:8a:eb:df:2d:
                    6d:56:ac:a1:a8:5b:24:6a:6a:d5:dd:25:99:86:da:
                    73:82:09:fd:07:8b:0d:1e:13:b9:c4:2e:42:af:e6:
                    bb:ab:33:30:da:e5:c3:08:55:7c:da:bf:3f:b3:32:
                    09:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:49:26:90:6A:C5:04:EC:ED:E6:FD:02:69:D8:1D:44:C3:0B:D1:5B
            X509v3 Authority Key Identifier:
                keyid:A8:80:1B:E2:36:3F:21:1B:D2:F5:78:18:AD:EA:F9:C0:DB:E1:4B:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qIAb4jY_IRvS9XgYrer5wNvhS9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/811e73-cf30-494d-acac-8420ae9e0622/1/h0kmkGrFBOzt5v0CadgdRMML0Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/811e73-cf30-494d-acac-8420ae9e0622/1/qIAb4jY_IRvS9XgYrer5wNvhS9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.214.0/24
                  185.66.202.0/23
                  185.237.4.0/22
                IPv6:
                  2a07:e3c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:40:ad:e5:ba:a9:e0:b7:8e:03:0b:10:43:80:d5:a4:aa:e9:
         e6:87:b7:4c:5e:2b:57:15:8e:e9:bd:31:d4:87:76:79:dc:ff:
         97:36:74:79:bd:cc:31:95:4e:98:ea:4e:e7:0f:6e:b8:85:0a:
         1a:e8:c7:cd:27:0c:c9:fc:dc:13:5c:1d:2a:5f:b6:7a:98:b0:
         2d:1d:ac:90:9a:22:19:ce:d6:be:df:97:15:e4:9b:b2:2d:b8:
         07:01:1e:d9:6f:37:e8:24:6b:6a:41:57:00:55:3b:c5:39:74:
         50:79:b8:c7:df:4a:43:9a:6b:7a:43:33:0a:31:d1:65:47:7e:
         bc:a3:98:32:89:06:b3:ee:5b:c7:bc:e8:ce:ec:a9:d5:7a:9a:
         1c:21:71:52:c4:22:cb:4c:fb:8a:74:95:8b:67:f7:8a:b3:0f:
         05:60:ec:94:74:2e:54:b0:fd:52:1d:75:7a:36:0b:74:4e:e2:
         30:b3:de:2e:23:e1:01:8d:ad:42:c5:25:37:41:11:9b:d8:bf:
         81:8d:6b:bf:07:84:ca:b8:88:02:d3:84:2d:61:31:49:e7:95:
         7b:21:c7:39:0b:90:39:fe:5d:ed:39:ca:f5:7e:1a:31:d5:b0:
         dd:9c:b4:75:ad:20:47:9b:00:36:bb:63:a3:58:3f:22:f8:e6:
         12:8e:5e:5c
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzCbPoxXm4b77AQEE7H4PbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ODAxYmUyMzYzZjIxMWJkMmY1NzgxOGFkZWFmOWMwZGJl
MTRiZGIwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzQ5MjY5MDZhYzUwNGVjZWRlNmZkMDI2OWQ4MWQ0NGMzMGJkMTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifvKD+jR1N2ow9ILjZZIaUWkaS+w
jJOfI4Rb55ePFJLuvjSNYowVZqxJMKbjVrJVByPeGaEWIOYkjZyji6dhUSMFlcR3
E3elQcG6CIDrQVQOJ/agoZvganD09EWAD92QTtTOTFE7VMuQUxV/u3ZdMzVMPF3P
BE3Z1+55fksFoe3H+HQA4tT+kbdLbxsEsAlHqmRusiAAXkNgrp01OEeeutxEqP5L
p/ZD03oabaHown3kr5LmvxnyrFDvZ3jzX8kBpC4caoD/tGYqMJUGhIrr3y1tVqyh
qFskamrV3SWZhtpzggn9B4sNHhO5xC5Cr+a7qzMw2uXDCFV82r8/szIJrQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIdJJpBqxQTs7eb9AmnYHUTDC9FbMB8GA1UdIwQY
MBaAFKiAG+I2PyEb0vV4GK3q+cDb4UvbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUlBYjRqWV9JUnZTOVhnWXJlcjV3TnZoUzlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS84MTFlNzMtY2YzMC00OTRkLWFjYWMt
ODQyMGFlOWUwNjIyLzEvaDBrbWtHckZCT3p0NXYwQ2FkZ2RSTU1MMFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS84MTFlNzMtY2YzMC00OTRkLWFjYWMtODQyMGFlOWUwNjIy
LzEvcUlBYjRqWV9JUnZTOVhnWXJlcjV3TnZoUzlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAUnPWAwQB
uULKAwQCue0EMA8EAgACMAkDBwAqB+PAAAAwDQYJKoZIhvcNAQELBQADggEBAIpA
reW6qeC3jgMLEEOA1aSq6eaHt0xeK1cVjum9MdSHdnnc/5c2dHm9zDGVTpjqTucP
briFChrox80nDMn83BNcHSpftnqYsC0drJCaIhnO1r7flxXkm7ItuAcBHtlvN+gk
a2pBVwBVO8U5dFB5uMffSkOaa3pDMwox0WVHfryjmDKJBrPuW8e86M7sqdV6mhwh
cVLEIstM+4p0lYtn94qzDwVg7JR0LlSw/VIddXo2C3RO4jCz3i4j4QGNrULFJTdB
EZvYv4GNa78HhMq4iALThC1hMUnnlXshxzkLkDn+Xe05yvV+GjHVsN2ctHWtIEeb
ADa7Y6NYPyL45hKOXlw=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:35:32 2024 by rpki-client on console-fra.rpki-client.org