Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/y02pMvabXiUHXfszzuw4tsQ9f3Y.roa
File:                     y02pMvabXiUHXfszzuw4tsQ9f3Y.roa (raw, json)
Hash identifier:          TnjAyIua6I2FKkaCX+4CimLwOool++Dsd02yEVGqYjo=
Subject key identifier:   CB:4D:A9:32:F6:9B:5E:25:07:5D:FB:33:CE:EC:38:B6:C4:3D:7F:76
Certificate issuer:       /CN=1b78dbf3e859582fd1eda2f2dcde5422295146f1
Certificate serial:       018CC4930883E462A6F8AD503C7B114F58B1
Authority key identifier: 1B:78:DB:F3:E8:59:58:2F:D1:ED:A2:F2:DC:DE:54:22:29:51:46:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G3jb8-hZWC_R7aLy3N5UIilRRvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/y02pMvabXiUHXfszzuw4tsQ9f3Y.roa
Signing time:             Mon 01 Jan 2024 10:30:19 +0000
ROA not before:           Mon 01 Jan 2024 10:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15600
IP address blocks:        5.172.128.0/20 maxlen: 20
                          185.74.136.0/22 maxlen: 22
                          2a00:d4e0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/G3jb8-hZWC_R7aLy3N5UIilRRvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/G3jb8-hZWC_R7aLy3N5UIilRRvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G3jb8-hZWC_R7aLy3N5UIilRRvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:08:83:e4:62:a6:f8:ad:50:3c:7b:11:4f:58:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b78dbf3e859582fd1eda2f2dcde5422295146f1
        Validity
            Not Before: Jan  1 10:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb4da932f69b5e25075dfb33ceec38b6c43d7f76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:36:ea:44:6a:8c:4f:97:3a:02:ab:67:03:a0:
                    d9:88:21:3b:64:f5:d8:6f:ab:a2:6d:9e:b6:ca:29:
                    a7:1f:7c:a6:34:70:fb:e8:1f:f0:3b:14:9b:72:d4:
                    18:25:6d:d0:22:1d:c9:de:04:c9:09:fd:5c:de:a9:
                    8a:2c:b9:3d:f7:5f:05:c6:fe:91:f5:3c:07:58:17:
                    5a:72:d1:8f:61:e4:ca:2f:ac:d8:79:6b:df:83:f1:
                    16:d9:33:dc:9a:f2:a3:2a:2c:0b:7c:34:34:82:06:
                    33:aa:5b:2c:99:3e:b0:4d:76:94:68:48:71:a3:37:
                    a1:71:83:e6:f4:9e:a8:c8:68:91:25:b1:25:e7:bc:
                    c4:af:c1:54:35:94:f1:b1:18:7b:e3:84:76:d1:ae:
                    21:c3:4a:7d:de:66:d9:6d:49:28:a7:2d:cd:6b:20:
                    15:7a:17:3a:0d:9a:a3:78:9b:89:f8:d7:dc:6c:5f:
                    25:14:53:cd:92:b3:75:04:c5:36:21:8e:15:9c:ee:
                    80:61:4c:a2:7d:c7:cd:b6:fa:ce:f4:1b:41:99:b9:
                    f3:50:07:55:3a:83:e3:be:4e:eb:2d:5e:d9:13:50:
                    72:ac:d2:e6:29:cc:f9:6d:78:0e:5d:95:6c:bd:32:
                    cf:8c:89:ed:58:c3:8c:0a:3f:45:85:fb:07:05:08:
                    52:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:4D:A9:32:F6:9B:5E:25:07:5D:FB:33:CE:EC:38:B6:C4:3D:7F:76
            X509v3 Authority Key Identifier:
                keyid:1B:78:DB:F3:E8:59:58:2F:D1:ED:A2:F2:DC:DE:54:22:29:51:46:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G3jb8-hZWC_R7aLy3N5UIilRRvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/y02pMvabXiUHXfszzuw4tsQ9f3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/99b535-c42b-4e01-8793-722294783e9e/1/G3jb8-hZWC_R7aLy3N5UIilRRvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.128.0/20
                  185.74.136.0/22
                IPv6:
                  2a00:d4e0::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:5a:f5:b7:54:6d:4d:ea:aa:89:c6:09:d4:78:9e:99:e7:b4:
         1e:60:b5:b8:85:c6:0c:da:8a:c0:b9:37:0e:34:51:18:7f:75:
         ac:9f:dc:45:43:95:1a:e6:e0:ee:53:56:93:f2:87:f7:4a:b2:
         91:6b:b4:1b:77:e9:4a:e2:70:36:8f:b4:91:bc:07:c4:87:98:
         8a:17:33:4c:f8:26:9f:3d:1f:5a:90:49:12:37:7c:d1:50:5d:
         fd:3b:eb:11:a0:83:65:42:51:0a:11:32:d6:c5:09:27:84:ae:
         c1:fe:6f:c5:b8:7b:6c:97:84:99:59:be:79:2c:37:30:eb:e3:
         20:4f:69:03:da:0a:c5:0b:b6:3a:3c:13:ed:8a:25:78:57:bf:
         d3:41:e5:d2:6d:47:76:85:44:b4:19:4d:f4:d2:75:23:db:e7:
         b6:7b:50:c7:c4:85:cb:b6:d4:45:fd:a8:9e:42:8c:0f:65:f4:
         7e:d8:87:e1:dd:5b:dc:e5:15:4e:7c:fd:6d:43:69:3a:d6:fa:
         2f:80:89:2b:0b:8f:bc:bb:c8:25:b2:6d:dc:f4:18:7a:86:10:
         25:46:8e:94:17:c9:16:89:d5:3f:90:2d:b4:d1:e9:32:ca:b6:
         5d:71:a6:9b:3d:1e:2e:3f:be:94:4a:67:4b:5b:69:04:01:93:
         09:42:1d:8e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEkwiD5GKm+K1QPHsRT1ixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNzhkYmYzZTg1OTU4MmZkMWVkYTJmMmRjZGU1NDIyMjk1
MTQ2ZjEwHhcNMjQwMTAxMTAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjRkYTkzMmY2OWI1ZTI1MDc1ZGZiMzNjZWVjMzhiNmM0M2Q3Zjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjbqRGqMT5c6AqtnA6DZiCE7ZPXY
b6uibZ62yimnH3ymNHD76B/wOxSbctQYJW3QIh3J3gTJCf1c3qmKLLk9918Fxv6R
9TwHWBdactGPYeTKL6zYeWvfg/EW2TPcmvKjKiwLfDQ0ggYzqlssmT6wTXaUaEhx
ozehcYPm9J6oyGiRJbEl57zEr8FUNZTxsRh744R20a4hw0p93mbZbUkopy3NayAV
ehc6DZqjeJuJ+NfcbF8lFFPNkrN1BMU2IY4VnO6AYUyifcfNtvrO9BtBmbnzUAdV
OoPjvk7rLV7ZE1ByrNLmKcz5bXgOXZVsvTLPjIntWMOMCj9FhfsHBQhSHQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMtNqTL2m14lB137M87sOLbEPX92MB8GA1UdIwQY
MBaAFBt42/PoWVgv0e2i8tzeVCIpUUbxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzNqYjgtaFpXQ19SN2FMeTNONVVJaWxSUnZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85OWI1MzUtYzQyYi00ZTAxLTg3OTMt
NzIyMjk0NzgzZTllLzEveTAycE12YWJYaVVIWGZzenp1dzR0c1E5ZjNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85OWI1MzUtYzQyYi00ZTAxLTg3OTMtNzIyMjk0NzgzZTll
LzEvRzNqYjgtaFpXQ19SN2FMeTNONVVJaWxSUnZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEBayAAwQC
uUqIMA0EAgACMAcDBQMqANTgMA0GCSqGSIb3DQEBCwUAA4IBAQABWvW3VG1N6qqJ
xgnUeJ6Z57QeYLW4hcYM2orAuTcONFEYf3Wsn9xFQ5Ua5uDuU1aT8of3SrKRa7Qb
d+lK4nA2j7SRvAfEh5iKFzNM+CafPR9akEkSN3zRUF39O+sRoINlQlEKETLWxQkn
hK7B/m/FuHtsl4SZWb55LDcw6+MgT2kD2grFC7Y6PBPtiiV4V7/TQeXSbUd2hUS0
GU300nUj2+e2e1DHxIXLttRF/aieQowPZfR+2Ifh3Vvc5RVOfP1tQ2k61vovgIkr
C4+8u8glsm3c9Bh6hhAlRo6UF8kWidU/kC200ekyyrZdcaabPR4uP76USmdLW2kE
AZMJQh2O
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:44:07 2024 by rpki-client on console-ams.rpki-client.org