Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/pmwU6sKZe9fJrGcBWSKo92c0Mn0.roa
File:                     pmwU6sKZe9fJrGcBWSKo92c0Mn0.roa (raw, json)
Hash identifier:          HjTqvcOVAzkkcavjx6RQH2VNv+w2qaayvgI5fLEvkU4=
Subject key identifier:   A6:6C:14:EA:C2:99:7B:D7:C9:AC:67:01:59:22:A8:F7:67:34:32:7D
Certificate issuer:       /CN=bef2158a0f2a42617a821a0b4fcc9c9a93f4246d
Certificate serial:       018CC3493502144980E3913ACBBE12E2A383
Authority key identifier: BE:F2:15:8A:0F:2A:42:61:7A:82:1A:0B:4F:CC:9C:9A:93:F4:24:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vvIVig8qQmF6ghoLT8ycmpP0JG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/pmwU6sKZe9fJrGcBWSKo92c0Mn0.roa
Signing time:             Mon 01 Jan 2024 04:30:03 +0000
ROA not before:           Mon 01 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.255.32.0/23 maxlen: 24
                          185.255.34.0/23 maxlen: 24
                          185.68.58.0/24 maxlen: 24
                          185.68.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/vvIVig8qQmF6ghoLT8ycmpP0JG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/vvIVig8qQmF6ghoLT8ycmpP0JG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vvIVig8qQmF6ghoLT8ycmpP0JG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:35:02:14:49:80:e3:91:3a:cb:be:12:e2:a3:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bef2158a0f2a42617a821a0b4fcc9c9a93f4246d
        Validity
            Not Before: Jan  1 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a66c14eac2997bd7c9ac67015922a8f76734327d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:76:1e:4f:a5:ac:7a:89:f9:e0:48:83:fc:85:
                    6d:c5:d1:2b:cf:2d:7d:e8:5a:45:5a:a0:80:c2:da:
                    79:04:cc:e5:d3:3b:09:56:21:43:50:92:62:1e:82:
                    c2:c1:bd:36:7e:90:dc:4d:06:5e:fb:71:0a:7f:e3:
                    bd:37:82:f6:46:46:32:88:be:90:2a:6d:16:70:23:
                    86:6c:f6:f3:c2:11:29:ab:49:7a:fa:3b:d7:0f:58:
                    e3:6a:b6:74:f2:62:7c:00:35:2b:b3:28:e1:5e:4b:
                    f0:67:7c:b1:39:1a:78:db:fd:f6:9f:0d:57:f0:ee:
                    04:84:0f:0e:59:a9:e7:eb:6a:02:37:b9:82:85:6a:
                    12:30:4f:fe:1a:06:8a:67:cb:f3:37:d0:55:29:6a:
                    c3:13:d4:99:97:8b:13:15:4e:7f:0b:27:4e:5c:3e:
                    45:d4:0f:59:cd:7e:9e:1e:a5:ef:7c:c8:0b:d9:5d:
                    18:3a:88:03:14:16:9e:0d:80:c3:68:ef:ea:99:70:
                    09:56:c3:29:13:d5:7c:f9:65:9e:e5:16:92:b9:77:
                    8d:3a:67:ff:f7:18:76:e5:db:e7:c1:6f:75:04:b1:
                    08:e3:49:c5:c8:9b:b1:07:c0:c4:37:59:83:5a:63:
                    07:bc:f9:95:cb:f2:fa:f2:8c:d7:18:b8:48:62:e2:
                    4a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:6C:14:EA:C2:99:7B:D7:C9:AC:67:01:59:22:A8:F7:67:34:32:7D
            X509v3 Authority Key Identifier:
                keyid:BE:F2:15:8A:0F:2A:42:61:7A:82:1A:0B:4F:CC:9C:9A:93:F4:24:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vvIVig8qQmF6ghoLT8ycmpP0JG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/pmwU6sKZe9fJrGcBWSKo92c0Mn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/vvIVig8qQmF6ghoLT8ycmpP0JG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.58.0/23
                  185.255.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:78:7a:48:d7:90:5d:9a:fd:20:f5:fc:69:07:fa:4b:b1:25:
         00:89:6e:ae:7c:d5:6e:88:6d:42:cf:dc:e9:b8:29:ed:bf:86:
         d4:f0:f4:68:04:7b:94:79:be:2c:cd:4a:72:ba:d0:5c:89:e7:
         db:7f:31:42:9f:ff:1a:88:e9:8c:1c:6f:34:c6:c1:d0:f9:48:
         fb:2b:21:76:9d:01:6b:da:a0:5e:3a:a1:3e:fe:79:e3:f2:fe:
         8b:5a:3e:94:ee:bf:88:b3:6e:87:2d:f9:05:01:04:5c:a0:01:
         01:60:00:50:c6:22:ae:74:0f:9b:a5:a2:04:bd:36:d9:ee:a4:
         07:20:f7:e8:3d:3d:a1:38:13:20:a9:a6:02:3e:ff:78:21:36:
         11:ce:bb:2f:5b:84:13:c5:9f:9e:2a:ca:ee:6f:d7:fd:a9:e0:
         e2:cc:ec:b8:27:ad:ad:01:37:52:ac:77:7a:b3:be:10:52:50:
         17:46:8b:8a:64:d2:6a:4e:e6:66:0a:2a:ff:34:f7:f4:32:63:
         6f:22:e7:04:ee:e2:13:88:0e:45:d8:a0:44:ba:60:44:e1:f3:
         63:bf:e3:cf:33:5a:e7:7d:0e:86:0e:c9:59:5b:d2:03:b6:c8:
         01:bc:86:a1:0c:8b:47:1f:50:6e:11:26:60:d3:19:f2:30:e5:
         d3:f6:4f:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSTUCFEmA45E6y74S4qODMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlZjIxNThhMGYyYTQyNjE3YTgyMWEwYjRmY2M5YzlhOTNm
NDI0NmQwHhcNMjQwMTAxMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjZjMTRlYWMyOTk3YmQ3YzlhYzY3MDE1OTIyYThmNzY3MzQzMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXYeT6Wseon54EiD/IVtxdErzy19
6FpFWqCAwtp5BMzl0zsJViFDUJJiHoLCwb02fpDcTQZe+3EKf+O9N4L2RkYyiL6Q
Km0WcCOGbPbzwhEpq0l6+jvXD1jjarZ08mJ8ADUrsyjhXkvwZ3yxORp42/32nw1X
8O4EhA8OWann62oCN7mChWoSME/+GgaKZ8vzN9BVKWrDE9SZl4sTFU5/CydOXD5F
1A9ZzX6eHqXvfMgL2V0YOogDFBaeDYDDaO/qmXAJVsMpE9V8+WWe5RaSuXeNOmf/
9xh25dvnwW91BLEI40nFyJuxB8DEN1mDWmMHvPmVy/L68ozXGLhIYuJKPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKZsFOrCmXvXyaxnAVkiqPdnNDJ9MB8GA1UdIwQY
MBaAFL7yFYoPKkJheoIaC0/MnJqT9CRtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnZJVmlnOHFRbUY2Z2hvTFQ4eWNtcFAwSkcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS80MmQ4MjEtNzRhZi00Y2VkLTk0ZWEt
MDI3YjU4ZTZmZGM1LzEvcG13VTZzS1plOWZKckdjQldTS285MmMwTW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS80MmQ4MjEtNzRhZi00Y2VkLTk0ZWEtMDI3YjU4ZTZmZGM1
LzEvdnZJVmlnOHFRbUY2Z2hvTFQ4eWNtcFAwSkcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuUQ6AwQC
uf8gMA0GCSqGSIb3DQEBCwUAA4IBAQCseHpI15Bdmv0g9fxpB/pLsSUAiW6ufNVu
iG1Cz9zpuCntv4bU8PRoBHuUeb4szUpyutBciefbfzFCn/8aiOmMHG80xsHQ+Uj7
KyF2nQFr2qBeOqE+/nnj8v6LWj6U7r+Is26HLfkFAQRcoAEBYABQxiKudA+bpaIE
vTbZ7qQHIPfoPT2hOBMgqaYCPv94ITYRzrsvW4QTxZ+eKsrub9f9qeDizOy4J62t
ATdSrHd6s74QUlAXRouKZNJqTuZmCir/NPf0MmNvIucE7uITiA5F2KBEumBE4fNj
v+PPM1rnfQ6GDslZW9IDtsgBvIahDItHH1BuESZg0xnyMOXT9k+G
-----END CERTIFICATE-----
Generated at Mon Nov 25 01:45:16 2024 by rpki-client on console-fra.rpki-client.org