Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/8kXKPLfqNX8t_Kg3Y6knQgG6R80.roa
File:                     8kXKPLfqNX8t_Kg3Y6knQgG6R80.roa (raw, json)
Hash identifier:          eBCjC0ABs0DwXSn6ajWZZEpDFipQaUudKldv5EtFv5o=
Subject key identifier:   F2:45:CA:3C:B7:EA:35:7F:2D:FC:A8:37:63:A9:27:42:01:BA:47:CD
Certificate issuer:       /CN=c5c5acc7f7ec2b45b43d2547c96464c008933d52
Certificate serial:       018CC94E56C7B1BAFAFC7BAB23514C15C7C5
Authority key identifier: C5:C5:AC:C7:F7:EC:2B:45:B4:3D:25:47:C9:64:64:C0:08:93:3D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xcWsx_fsK0W0PSVHyWRkwAiTPVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/8kXKPLfqNX8t_Kg3Y6knQgG6R80.roa
Signing time:             Tue 02 Jan 2024 08:33:23 +0000
ROA not before:           Tue 02 Jan 2024 08:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199229
IP address blocks:        185.2.20.0/22 maxlen: 22
                          2a02:6740::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/xcWsx_fsK0W0PSVHyWRkwAiTPVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/xcWsx_fsK0W0PSVHyWRkwAiTPVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xcWsx_fsK0W0PSVHyWRkwAiTPVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:56:c7:b1:ba:fa:fc:7b:ab:23:51:4c:15:c7:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5c5acc7f7ec2b45b43d2547c96464c008933d52
        Validity
            Not Before: Jan  2 08:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f245ca3cb7ea357f2dfca83763a9274201ba47cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9b:29:65:9f:4a:fe:33:a4:41:31:97:b1:02:
                    8a:ee:60:6d:df:ff:15:02:2b:42:59:da:7f:f0:12:
                    d1:f3:3b:22:02:1a:fd:ae:b8:6c:55:3c:3d:b1:80:
                    2a:0a:10:e2:59:bd:1c:b2:c6:0a:1f:31:2b:98:86:
                    6a:26:e0:da:34:a6:d9:73:44:56:49:20:9c:42:0b:
                    8b:a0:0d:e3:c5:5f:5d:7d:32:8c:b6:77:26:57:bb:
                    db:00:2f:21:71:fa:8c:95:3d:06:b7:3e:48:46:23:
                    fc:bb:5d:70:e4:40:69:45:df:bf:12:06:82:69:0b:
                    7e:29:8e:e8:77:70:c4:04:df:7d:ae:ff:42:3f:05:
                    43:3a:fc:cb:53:e1:4e:66:b2:e3:a5:1b:5d:8d:ec:
                    2e:b0:9a:ed:b5:af:26:fc:2c:c9:a2:d0:81:60:50:
                    26:d9:97:3b:f6:3c:05:cc:2f:fa:e4:51:38:55:03:
                    5d:65:8e:c6:50:ee:72:94:bb:cd:77:29:0d:bb:d3:
                    dc:50:c6:9b:8a:a6:75:4f:4b:de:66:82:28:b2:c2:
                    b6:cb:71:b4:5e:bc:5c:60:da:07:35:b9:37:4c:d1:
                    ef:d7:d6:b0:66:cd:8c:8e:0c:de:6c:f5:ba:e6:d8:
                    92:3e:bd:ac:22:d0:18:72:9b:9d:f9:8c:41:5a:ee:
                    90:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:45:CA:3C:B7:EA:35:7F:2D:FC:A8:37:63:A9:27:42:01:BA:47:CD
            X509v3 Authority Key Identifier:
                keyid:C5:C5:AC:C7:F7:EC:2B:45:B4:3D:25:47:C9:64:64:C0:08:93:3D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xcWsx_fsK0W0PSVHyWRkwAiTPVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/8kXKPLfqNX8t_Kg3Y6knQgG6R80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/xcWsx_fsK0W0PSVHyWRkwAiTPVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.20.0/22
                IPv6:
                  2a02:6740::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:07:ea:be:55:ef:c5:dc:70:36:51:e1:ab:5e:a2:90:b6:9e:
         69:f8:c2:88:1d:78:c5:f3:eb:cd:ca:7b:8e:ff:fa:69:94:c0:
         96:fb:ac:a8:16:67:37:be:3a:f6:ff:5f:d1:db:60:15:1f:7f:
         e6:51:26:b2:2d:17:d3:09:c9:1c:7c:d8:3f:40:b9:0b:2f:05:
         f2:72:2b:f1:54:2d:e4:5d:b0:07:5c:8f:49:2c:eb:53:e9:26:
         bb:5e:5d:94:bc:a0:d1:a0:e6:23:a5:a9:00:fe:33:bd:3a:83:
         35:2d:56:cb:e5:45:98:c8:8c:e0:a1:8d:3c:ea:8d:4f:60:6c:
         ac:5c:c5:e1:3c:6e:96:ba:9f:c2:11:7b:1f:9c:30:c6:b7:54:
         b3:a7:e4:84:a3:9c:77:ac:63:98:a7:3d:1a:7a:75:3c:25:f9:
         79:86:1f:93:7b:f6:0d:6d:16:3d:13:1d:cd:60:1a:b6:ca:8a:
         ea:4d:46:8f:08:48:13:a7:72:17:7a:a7:a1:17:95:ff:ff:ef:
         04:c4:88:7e:a2:88:7a:b0:74:2c:93:7a:24:9f:26:19:a9:bf:
         f2:f0:b0:56:ac:5a:90:5d:65:11:cd:3a:e7:d4:53:11:27:54:
         94:53:34:b9:10:b4:16:8d:0a:84:0d:20:42:66:17:47:43:3a:
         c4:31:5e:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTlbHsbr6/HurI1FMFcfFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YzVhY2M3ZjdlYzJiNDViNDNkMjU0N2M5NjQ2NGMwMDg5
MzNkNTIwHhcNMjQwMTAyMDgzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQ1Y2EzY2I3ZWEzNTdmMmRmY2E4Mzc2M2E5Mjc0MjAxYmE0N2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpspZZ9K/jOkQTGXsQKK7mBt3/8V
AitCWdp/8BLR8zsiAhr9rrhsVTw9sYAqChDiWb0cssYKHzErmIZqJuDaNKbZc0RW
SSCcQguLoA3jxV9dfTKMtncmV7vbAC8hcfqMlT0Gtz5IRiP8u11w5EBpRd+/EgaC
aQt+KY7od3DEBN99rv9CPwVDOvzLU+FOZrLjpRtdjewusJrtta8m/CzJotCBYFAm
2Zc79jwFzC/65FE4VQNdZY7GUO5ylLvNdykNu9PcUMabiqZ1T0veZoIossK2y3G0
XrxcYNoHNbk3TNHv19awZs2MjgzebPW65tiSPr2sItAYcpud+YxBWu6QZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPJFyjy36jV/LfyoN2OpJ0IBukfNMB8GA1UdIwQY
MBaAFMXFrMf37CtFtD0lR8lkZMAIkz1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGNXc3hfZnNLMFcwUFNWSHlXUmt3QWlUUFZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My85ZjUzNmQtMGRkNi00M2VhLWE5MTQt
OWMwODhjMzQ1YWU2LzEvOGtYS1BMZnFOWDh0X0tnM1k2a25RZ0c2UjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My85ZjUzNmQtMGRkNi00M2VhLWE5MTQtOWMwODhjMzQ1YWU2
LzEveGNXc3hfZnNLMFcwUFNWSHlXUmt3QWlUUFZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQIUMA0E
AgACMAcDBQAqAmdAMA0GCSqGSIb3DQEBCwUAA4IBAQCtB+q+Ve/F3HA2UeGrXqKQ
tp5p+MKIHXjF8+vNynuO//pplMCW+6yoFmc3vjr2/1/R22AVH3/mUSayLRfTCckc
fNg/QLkLLwXycivxVC3kXbAHXI9JLOtT6Sa7Xl2UvKDRoOYjpakA/jO9OoM1LVbL
5UWYyIzgoY086o1PYGysXMXhPG6Wup/CEXsfnDDGt1Szp+SEo5x3rGOYpz0aenU8
Jfl5hh+Te/YNbRY9Ex3NYBq2yorqTUaPCEgTp3IXeqehF5X//+8ExIh+ooh6sHQs
k3oknyYZqb/y8LBWrFqQXWURzTrn1FMRJ1SUUzS5ELQWjQqEDSBCZhdHQzrEMV7f
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:45:20 2024 by rpki-client on console-fra.rpki-client.org