Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/frQOIGlGBmJLWy7ubwkKLJlLQck.roa
File:                     frQOIGlGBmJLWy7ubwkKLJlLQck.roa (raw, json)
Hash identifier:          VU8Md4SnSeliWC3PUwRgWWhbjpVvoFNg1IFF08ncSU0=
Subject key identifier:   7E:B4:0E:20:69:46:06:62:4B:5B:2E:EE:6F:09:0A:2C:99:4B:41:C9
Certificate issuer:       /CN=b9762db1282ffd084761232038f81f5d29e640d5
Certificate serial:       018F646F24F7F3E6DE635540E64CB592DBDE
Authority key identifier: B9:76:2D:B1:28:2F:FD:08:47:61:23:20:38:F8:1F:5D:29:E6:40:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/frQOIGlGBmJLWy7ubwkKLJlLQck.roa
Signing time:             Fri 10 May 2024 21:35:56 +0000
ROA not before:           Fri 10 May 2024 21:35:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25795
IP address blocks:        185.139.32.0/23 maxlen: 24
                          2a07:12c0::/29 maxlen: 29
                          2a07:12c5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:64:6f:24:f7:f3:e6:de:63:55:40:e6:4c:b5:92:db:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9762db1282ffd084761232038f81f5d29e640d5
        Validity
            Not Before: May 10 21:35:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eb40e20694606624b5b2eee6f090a2c994b41c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:92:67:d6:c1:e0:ec:fd:7a:15:69:94:cd:de:
                    f4:24:a9:66:c3:ee:0e:6e:43:83:bc:20:b9:4e:db:
                    bf:6a:df:40:00:a3:ce:2d:b5:e7:a7:0d:04:4f:fb:
                    b2:c9:6b:d5:81:fd:c5:d0:3d:c3:17:df:74:02:41:
                    3a:0c:8d:4e:2e:d0:c7:1e:f8:79:79:ac:ed:3c:3c:
                    54:9e:5b:82:43:37:b6:2e:3d:3f:36:7e:6b:af:75:
                    2c:76:a0:c8:38:6a:e7:ba:cc:1c:cf:da:67:96:43:
                    ca:a4:80:fe:4b:e2:21:0d:33:10:d4:4e:41:2c:80:
                    e2:b8:2e:35:2c:5e:6c:fb:84:ec:71:26:72:15:6c:
                    a9:f2:0b:b0:13:52:1e:7e:6f:65:ff:b7:e6:8a:de:
                    f0:b3:8d:1a:3e:d0:ec:e5:71:63:45:46:90:06:6c:
                    5b:81:64:03:1b:88:35:15:9e:02:e8:2a:89:be:ad:
                    fd:17:1f:9c:ea:71:48:e5:c3:21:34:d2:0b:6e:a2:
                    36:e9:87:de:d7:fb:e1:2f:38:9f:1a:09:f4:4a:e1:
                    6f:33:20:19:da:2f:83:d8:1b:9c:49:cc:6c:b6:97:
                    54:c7:a9:1a:dd:1a:56:ac:8d:51:04:10:4f:74:12:
                    8d:65:0b:48:81:ae:ae:48:e0:30:78:e6:22:df:70:
                    6f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:B4:0E:20:69:46:06:62:4B:5B:2E:EE:6F:09:0A:2C:99:4B:41:C9
            X509v3 Authority Key Identifier:
                keyid:B9:76:2D:B1:28:2F:FD:08:47:61:23:20:38:F8:1F:5D:29:E6:40:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/frQOIGlGBmJLWy7ubwkKLJlLQck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.32.0/23
                IPv6:
                  2a07:12c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:d2:98:53:c3:20:90:2e:fd:73:2f:5c:23:08:01:e4:28:e1:
         68:dc:e5:b5:72:1e:66:e9:1f:f4:59:27:ef:a2:e0:5b:89:97:
         69:ee:81:fd:f1:07:51:8c:74:64:2f:90:4e:2a:1f:0f:a6:d1:
         56:d5:b7:56:ab:24:eb:c4:f2:d4:27:97:44:c1:29:bc:4a:3d:
         88:a9:0e:1a:d4:53:16:8b:1d:22:b3:e8:c2:0a:25:33:72:22:
         c3:84:31:43:cd:69:24:45:25:4c:17:fb:71:7b:37:11:e0:2b:
         e6:5e:14:be:aa:79:54:a4:ea:dc:9b:fa:d3:29:9b:6a:e4:6a:
         5d:c5:7f:88:4b:85:5c:b8:2f:c5:c4:54:20:b6:cb:fd:d2:e9:
         3b:c9:18:21:86:3c:b1:55:d7:6d:96:c2:b8:59:2d:22:f8:39:
         e5:1c:1b:b8:18:96:df:fa:7c:2b:1e:04:a2:13:76:27:71:2c:
         bc:31:b3:73:ed:a6:39:4a:05:5d:14:11:67:f9:13:b4:2a:e6:
         42:74:57:ef:b6:be:b2:fe:bb:f3:eb:1b:1a:87:62:ed:4f:fb:
         81:99:b9:42:9b:2d:73:83:ea:e3:a8:5c:a9:b8:fb:50:d0:e6:
         e5:f6:b2:43:79:82:21:e0:a9:54:07:b8:ca:e7:62:1f:a4:99:
         bb:e3:c2:6e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY9kbyT38+beY1VA5ky1ktveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NzYyZGIxMjgyZmZkMDg0NzYxMjMyMDM4ZjgxZjVkMjll
NjQwZDUwHhcNMjQwNTEwMjEzNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWI0MGUyMDY5NDYwNjYyNGI1YjJlZWU2ZjA5MGEyYzk5NGI0MWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpJn1sHg7P16FWmUzd70JKlmw+4O
bkODvCC5Ttu/at9AAKPOLbXnpw0ET/uyyWvVgf3F0D3DF990AkE6DI1OLtDHHvh5
eaztPDxUnluCQze2Lj0/Nn5rr3UsdqDIOGrnuswcz9pnlkPKpID+S+IhDTMQ1E5B
LIDiuC41LF5s+4TscSZyFWyp8guwE1Iefm9l/7fmit7ws40aPtDs5XFjRUaQBmxb
gWQDG4g1FZ4C6CqJvq39Fx+c6nFI5cMhNNILbqI26Yfe1/vhLzifGgn0SuFvMyAZ
2i+D2BucScxstpdUx6ka3RpWrI1RBBBPdBKNZQtIga6uSOAweOYi33Bv0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH60DiBpRgZiS1su7m8JCiyZS0HJMB8GA1UdIwQY
MBaAFLl2LbEoL/0IR2EjIDj4H10p5kDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVhZdHNTZ3ZfUWhIWVNNZ09QZ2ZYU25tUU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mODE5MTUtNDA1ZS00YjU0LTljYjQt
NzBhNTU2YmE4YTExLzEvZnJRT0lHbEdCbUpMV3k3dWJ3a0tMSmxMUWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mODE5MTUtNDA1ZS00YjU0LTljYjQtNzBhNTU2YmE4YTEx
LzEvdVhZdHNTZ3ZfUWhIWVNNZ09QZ2ZYU25tUU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuYsgMA0E
AgACMAcDBQMqBxLAMA0GCSqGSIb3DQEBCwUAA4IBAQCI0phTwyCQLv1zL1wjCAHk
KOFo3OW1ch5m6R/0WSfvouBbiZdp7oH98QdRjHRkL5BOKh8PptFW1bdWqyTrxPLU
J5dEwSm8Sj2IqQ4a1FMWix0is+jCCiUzciLDhDFDzWkkRSVMF/txezcR4CvmXhS+
qnlUpOrcm/rTKZtq5GpdxX+IS4VcuC/FxFQgtsv90uk7yRghhjyxVddtlsK4WS0i
+DnlHBu4GJbf+nwrHgSiE3YncSy8MbNz7aY5SgVdFBFn+RO0KuZCdFfvtr6y/rvz
6xsah2LtT/uBmblCmy1zg+rjqFypuPtQ0Obl9rJDeYIh4KlUB7jK52IfpJm748Ju
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:29:42 2024 by rpki-client on console-ams.rpki-client.org