Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/MtNV3H76VBv8k53WlVvx0c0aOvo.roa
File:                     MtNV3H76VBv8k53WlVvx0c0aOvo.roa (raw, json)
Hash identifier:          sOOu6/a/RNv5da2LftcXJ/BJZSfwHHSJllefB0VVIIE=
Subject key identifier:   32:D3:55:DC:7E:FA:54:1B:FC:93:9D:D6:95:5B:F1:D1:CD:1A:3A:FA
Certificate issuer:       /CN=6dbd51576b4a93460a465af35e6bf550f5548894
Certificate serial:       018CC8DEDB232267065A6D189BB3F284A883
Authority key identifier: 6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/MtNV3H76VBv8k53WlVvx0c0aOvo.roa
Signing time:             Tue 02 Jan 2024 06:31:37 +0000
ROA not before:           Tue 02 Jan 2024 06:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209746
IP address blocks:        185.7.119.0/24 maxlen: 24
                          185.5.142.0/24 maxlen: 24
                          188.68.84.0/22 maxlen: 24
                          188.68.94.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:db:23:22:67:06:5a:6d:18:9b:b3:f2:84:a8:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dbd51576b4a93460a465af35e6bf550f5548894
        Validity
            Not Before: Jan  2 06:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32d355dc7efa541bfc939dd6955bf1d1cd1a3afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ba:af:e7:fe:0f:f6:ee:5e:6a:6b:72:18:84:
                    5c:12:22:b7:20:af:af:27:93:c0:7e:57:8c:57:5b:
                    18:39:d1:85:4f:0f:66:79:42:d7:4e:a9:60:62:34:
                    ec:0a:c2:3c:d5:83:52:8f:15:85:85:e2:ad:42:fd:
                    a2:95:03:4f:77:f0:6d:fb:12:c2:f7:02:c0:21:f6:
                    68:87:7c:5e:d7:95:46:e3:db:ca:1c:28:eb:b5:0d:
                    d5:af:9d:72:e0:14:1c:41:0d:3c:b3:ee:22:c2:ab:
                    cd:aa:66:1e:ae:03:04:21:aa:58:57:30:43:fd:f2:
                    8d:a6:8d:24:7c:08:63:87:17:ad:b6:d8:0e:13:69:
                    8f:2c:dd:e6:46:3e:49:0b:04:7d:6e:b4:e4:da:10:
                    33:ef:e0:95:67:16:3d:2b:05:8d:e3:92:4a:1d:aa:
                    e1:3b:7a:e9:96:5d:60:ee:13:0c:77:e3:2a:42:e9:
                    96:b4:20:47:28:18:7a:ec:a9:03:f9:0f:9f:08:b5:
                    e8:1f:9e:5a:b5:05:14:3e:4d:31:a6:63:d2:06:3e:
                    03:54:6b:b0:07:eb:00:89:ff:05:0f:79:eb:97:cf:
                    36:c7:3d:c1:1a:47:99:10:6b:70:b5:54:0a:22:f2:
                    f0:3d:61:c0:9c:df:93:c6:95:fd:ec:b2:7f:7a:0f:
                    f8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:D3:55:DC:7E:FA:54:1B:FC:93:9D:D6:95:5B:F1:D1:CD:1A:3A:FA
            X509v3 Authority Key Identifier:
                keyid:6D:BD:51:57:6B:4A:93:46:0A:46:5A:F3:5E:6B:F5:50:F5:54:88:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/MtNV3H76VBv8k53WlVvx0c0aOvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8ff537-71e0-403b-979e-1ef7ef17fa43/1/bb1RV2tKk0YKRlrzXmv1UPVUiJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.142.0/24
                  185.7.119.0/24
                  188.68.84.0/22
                  188.68.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:0d:64:0b:98:c1:4f:e2:38:8a:e1:bc:83:68:c7:56:23:6d:
         96:c6:00:b6:95:ab:76:49:8f:bd:a4:19:4b:18:80:94:de:d5:
         c8:9e:fe:ef:7d:fd:e5:79:b5:94:4a:de:e7:67:c9:d8:88:42:
         a6:99:89:09:6a:fb:d4:f2:d3:3c:e8:91:18:c5:5f:a4:95:31:
         55:cb:19:4f:59:0c:96:6c:27:eb:00:59:dc:0a:88:1d:ae:bd:
         5e:ce:11:48:aa:a6:be:4a:70:a6:cb:db:1d:4a:5f:83:12:68:
         fc:1c:67:8e:65:07:e5:c9:0c:e6:ca:ed:84:bf:93:7c:4f:40:
         00:8e:fa:36:b5:3e:3c:7b:bd:70:db:fa:fb:f2:82:e8:2b:37:
         40:f9:8b:71:04:8b:0f:2e:18:7f:92:9b:1f:5f:2b:0a:46:d3:
         79:85:64:db:da:52:1e:84:36:82:5e:7a:33:82:bc:ac:ab:9b:
         90:89:15:cb:22:e4:58:4b:6d:6d:74:f9:ce:c7:a0:39:b1:dd:
         50:1a:6a:29:b0:e4:f4:b1:a1:c4:ff:55:94:75:9b:6a:84:1a:
         d8:89:19:f1:9d:b1:6a:3f:fc:6b:66:78:ca:77:e2:21:ac:08:
         b9:c7:0c:0d:79:95:04:fd:fe:91:ab:50:f9:cc:62:4a:95:e1:
         a8:a4:f7:38
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzI3tsjImcGWm0Ym7PyhKiDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYmQ1MTU3NmI0YTkzNDYwYTQ2NWFmMzVlNmJmNTUwZjU1
NDg4OTQwHhcNMjQwMTAyMDYzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmQzNTVkYzdlZmE1NDFiZmM5MzlkZDY5NTViZjFkMWNkMWEzYWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbqv5/4P9u5eamtyGIRcEiK3IK+v
J5PAfleMV1sYOdGFTw9meULXTqlgYjTsCsI81YNSjxWFheKtQv2ilQNPd/Bt+xLC
9wLAIfZoh3xe15VG49vKHCjrtQ3Vr51y4BQcQQ08s+4iwqvNqmYergMEIapYVzBD
/fKNpo0kfAhjhxetttgOE2mPLN3mRj5JCwR9brTk2hAz7+CVZxY9KwWN45JKHarh
O3rpll1g7hMMd+MqQumWtCBHKBh67KkD+Q+fCLXoH55atQUUPk0xpmPSBj4DVGuw
B+sAif8FD3nrl882xz3BGkeZEGtwtVQKIvLwPWHAnN+TxpX97LJ/eg/4NQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDLTVdx++lQb/JOd1pVb8dHNGjr6MB8GA1UdIwQY
MBaAFG29UVdrSpNGCkZa815r9VD1VIiUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUt
MWVmN2VmMTdmYTQzLzEvTXROVjNINzZWQnY4azUzV2xWdngwYzBhT3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZmY1MzctNzFlMC00MDNiLTk3OWUtMWVmN2VmMTdmYTQz
LzEvYmIxUlYydEtrMFlLUmxyelhtdjFVUFZVaUpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuQWOAwQA
uQd3AwQCvERUAwQBvEReMA0GCSqGSIb3DQEBCwUAA4IBAQCYDWQLmMFP4jiK4byD
aMdWI22WxgC2lat2SY+9pBlLGICU3tXInv7vff3lebWUSt7nZ8nYiEKmmYkJavvU
8tM86JEYxV+klTFVyxlPWQyWbCfrAFncCogdrr1ezhFIqqa+SnCmy9sdSl+DEmj8
HGeOZQflyQzmyu2Ev5N8T0AAjvo2tT48e71w2/r78oLoKzdA+YtxBIsPLhh/kpsf
XysKRtN5hWTb2lIehDaCXnozgrysq5uQiRXLIuRYS21tdPnOx6A5sd1QGmopsOT0
saHE/1WUdZtqhBrYiRnxnbFqP/xrZnjKd+IhrAi5xwwNeZUE/f6Rq1D5zGJKleGo
pPc4
-----END CERTIFICATE-----
Generated at Sun Jun 16 04:12:59 2024 by rpki-client on console-ams.rpki-client.org