Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/aMcI3IXm06cgbR_KJnqGt28zZ-8.roa
File:                     aMcI3IXm06cgbR_KJnqGt28zZ-8.roa (raw, json)
Hash identifier:          chb/OvRT2T3jcGSvoKb8dvp5jFoWeKhTTEO6gGR8PXU=
Subject key identifier:   68:C7:08:DC:85:E6:D3:A7:20:6D:1F:CA:26:7A:86:B7:6F:33:67:EF
Certificate issuer:       /CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
Certificate serial:       018CC3490457D7CCA48B860AEB001D03BDE0
Authority key identifier: 39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/aMcI3IXm06cgbR_KJnqGt28zZ-8.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        90.159.208.0/20 maxlen: 20
                          90.159.224.0/20 maxlen: 20
                          90.159.224.0/21 maxlen: 21
                          90.159.220.0/24 maxlen: 24
                          90.159.232.0/22 maxlen: 22
                          90.159.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:04:57:d7:cc:a4:8b:86:0a:eb:00:1d:03:bd:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68c708dc85e6d3a7206d1fca267a86b76f3367ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cc:f2:f3:eb:1a:3c:5f:72:21:96:5e:eb:42:
                    82:93:37:0a:5e:a2:2d:83:27:f1:ab:a5:58:7c:1c:
                    46:b1:3e:08:b6:68:88:6c:a5:19:75:b4:db:69:82:
                    f7:1b:6e:2e:ed:49:3e:b5:cf:d4:80:d7:20:46:ea:
                    30:1d:21:17:11:9a:2c:ae:37:9a:8a:fb:19:1a:1d:
                    fb:38:a9:c0:bc:08:e3:9e:12:ce:9b:e7:ec:ec:78:
                    2f:73:59:67:b9:16:05:17:1c:1b:bd:cc:50:56:77:
                    79:7f:6e:ab:14:90:60:dd:e0:e0:17:7e:4d:85:a7:
                    3e:6e:e2:2b:cd:03:e3:51:a1:b6:96:64:ad:50:1a:
                    34:92:ab:52:13:19:71:1d:a6:fa:c1:e0:2f:bb:6a:
                    08:b2:36:6e:d2:18:9a:f3:bb:a2:33:4d:91:17:91:
                    28:83:0a:bf:bc:a0:11:2e:c3:85:85:2c:1a:25:2d:
                    a1:99:c0:73:44:e3:d7:e7:c0:45:45:84:99:15:57:
                    d2:02:25:e0:01:9a:11:42:7d:ca:3f:88:30:d4:d0:
                    7f:f2:4e:af:21:50:b1:29:0c:f0:27:a2:ff:05:61:
                    bf:af:e2:77:51:4c:ff:a3:36:4e:1f:d6:b1:75:33:
                    4e:b5:38:01:02:cf:e4:df:37:ec:c9:c7:f1:71:5e:
                    3f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C7:08:DC:85:E6:D3:A7:20:6D:1F:CA:26:7A:86:B7:6F:33:67:EF
            X509v3 Authority Key Identifier:
                keyid:39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/aMcI3IXm06cgbR_KJnqGt28zZ-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.159.208.0-90.159.239.255

    Signature Algorithm: sha256WithRSAEncryption
         0c:5d:0a:46:97:7a:c8:b6:de:47:d6:d1:e4:a7:86:1d:3b:e9:
         5e:58:72:47:f6:bf:29:57:f2:d0:d8:6f:40:65:c7:1b:d7:8c:
         3e:48:fc:50:04:7b:47:75:a2:89:1e:a1:82:20:44:90:6e:a9:
         a8:8f:65:a3:cf:b3:ea:d5:95:06:23:cc:72:06:ad:2e:62:85:
         e4:de:26:1b:0b:54:b5:e7:32:f2:45:28:5a:30:79:a5:65:1a:
         fc:10:d7:bb:ae:92:40:a9:e4:df:3a:ba:90:ac:95:52:85:0f:
         23:af:48:d7:3b:a7:9c:34:da:b3:39:a2:5a:d5:00:e1:5b:ba:
         2b:30:c8:5a:c2:2c:7e:b0:ea:65:7c:ed:53:f7:90:4e:89:cb:
         fa:6d:51:62:43:13:c1:24:ab:82:4e:e0:49:6a:40:73:58:9c:
         83:4c:d4:6a:cd:5b:40:39:27:ff:c0:3d:cd:07:fe:0b:9e:af:
         a5:40:49:32:d7:c1:99:b0:6c:ca:18:d4:f7:f8:ea:c6:0f:c0:
         bb:2e:72:18:69:25:6d:c4:8b:29:85:22:6c:75:2a:a4:87:86:
         8e:d6:2e:7b:13:e9:1a:bb:26:53:84:66:b3:ba:7f:74:25:57:
         69:25:83:7c:13:2b:56:7a:dc:fa:84:3f:59:8f:be:b0:1c:56:
         be:95:42:c1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSQRX18yki4YK6wAdA73gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTlmMmFkOTE1ODRiYWZmMDQ2NzQ0N2JhYzhmYjk3OGQx
ZjlkZDMwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM3MDhkYzg1ZTZkM2E3MjA2ZDFmY2EyNjdhODZiNzZmMzM2N2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMzy8+saPF9yIZZe60KCkzcKXqIt
gyfxq6VYfBxGsT4ItmiIbKUZdbTbaYL3G24u7Uk+tc/UgNcgRuowHSEXEZosrjea
ivsZGh37OKnAvAjjnhLOm+fs7Hgvc1lnuRYFFxwbvcxQVnd5f26rFJBg3eDgF35N
hac+buIrzQPjUaG2lmStUBo0kqtSExlxHab6weAvu2oIsjZu0hia87uiM02RF5Eo
gwq/vKARLsOFhSwaJS2hmcBzROPX58BFRYSZFVfSAiXgAZoRQn3KP4gw1NB/8k6v
IVCxKQzwJ6L/BWG/r+J3UUz/ozZOH9axdTNOtTgBAs/k3zfsycfxcV4/wwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGjHCNyF5tOnIG0fyiZ6hrdvM2fvMB8GA1UdIwQY
MBaAFDkZ8q2RWEuv8EZ0R7rI+5eNH53TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUt
MzJhYTY3MzFjMjkxLzEvYU1jSTNJWG0wNmNnYlJfS0pucUd0Mjh6Wi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUtMzJhYTY3MzFjMjkx
LzEvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBARan9AD
BARan+AwDQYJKoZIhvcNAQELBQADggEBAAxdCkaXesi23kfW0eSnhh076V5Yckf2
vylX8tDYb0BlxxvXjD5I/FAEe0d1ookeoYIgRJBuqaiPZaPPs+rVlQYjzHIGrS5i
heTeJhsLVLXnMvJFKFoweaVlGvwQ17uukkCp5N86upCslVKFDyOvSNc7p5w02rM5
olrVAOFbuiswyFrCLH6w6mV87VP3kE6Jy/ptUWJDE8Ekq4JO4ElqQHNYnINM1GrN
W0A5J//APc0H/guer6VASTLXwZmwbMoY1Pf46sYPwLsuchhpJW3EiymFImx1KqSH
ho7WLnsT6Rq7JlOEZrO6f3QlV2klg3wTK1Z63PqEP1mPvrAcVr6VQsE=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:15:44 2024 by rpki-client on console-ams.rpki-client.org