Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/9YuupHmmpdpZRIMFT3I7baZGqNE.roa
File:                     9YuupHmmpdpZRIMFT3I7baZGqNE.roa (raw, json)
Hash identifier:          lsZW98Tmevy02BiHWfFsy0RXV2xTXQsK+1mzAjecLm0=
Subject key identifier:   F5:8B:AE:A4:79:A6:A5:DA:59:44:83:05:4F:72:3B:6D:A6:46:A8:D1
Certificate issuer:       /CN=4127b0c0fe7c08935e258713fcf90fe958ee03ee
Certificate serial:       018CC5DBE8BF27BF2BF77E4488289A224AED
Authority key identifier: 41:27:B0:C0:FE:7C:08:93:5E:25:87:13:FC:F9:0F:E9:58:EE:03:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QSewwP58CJNeJYcT_PkP6VjuA-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/9YuupHmmpdpZRIMFT3I7baZGqNE.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212850
IP address blocks:        185.120.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/QSewwP58CJNeJYcT_PkP6VjuA-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/QSewwP58CJNeJYcT_PkP6VjuA-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QSewwP58CJNeJYcT_PkP6VjuA-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e8:bf:27:bf:2b:f7:7e:44:88:28:9a:22:4a:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4127b0c0fe7c08935e258713fcf90fe958ee03ee
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f58baea479a6a5da594483054f723b6da646a8d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d8:5d:08:7c:8a:43:7b:87:20:33:49:ea:17:
                    8d:7e:86:34:97:a3:ea:d4:47:ca:8c:7d:9a:c9:e0:
                    27:b8:62:91:ae:fc:5b:51:22:ba:0d:87:8b:05:ee:
                    72:31:9c:60:53:2e:ec:1c:1b:48:96:a1:22:98:28:
                    2f:67:cd:a0:c6:0e:c2:39:b5:48:2f:f4:d8:ee:7e:
                    7a:49:7e:65:c4:05:69:6a:cb:e6:56:92:8b:d9:c3:
                    31:11:b0:59:da:0e:b4:59:48:c2:eb:d4:09:45:37:
                    bd:30:7c:ea:11:7c:b1:61:69:58:1f:55:fe:22:b9:
                    bd:15:10:e4:8a:ca:d4:fe:6a:70:af:70:f6:21:1d:
                    2f:8b:40:fe:58:d9:0e:dc:74:08:bf:c8:bd:8b:b1:
                    c2:1c:93:b0:4a:76:96:8d:4b:c7:72:d4:1c:f7:26:
                    db:e1:f4:90:04:da:29:4e:9c:21:3c:8f:37:92:89:
                    a0:6a:92:be:b0:36:f4:13:04:12:3a:8e:d1:d1:b2:
                    6d:7e:d6:4f:63:f4:6e:3e:ea:16:49:fa:8f:54:41:
                    bd:a7:85:27:44:4a:2e:72:89:00:fe:f5:b4:97:e8:
                    97:90:21:ca:20:66:af:45:d3:1c:ac:41:95:8f:a6:
                    4a:71:b2:f8:ae:19:5a:d2:99:58:9c:f3:08:9f:c9:
                    16:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:8B:AE:A4:79:A6:A5:DA:59:44:83:05:4F:72:3B:6D:A6:46:A8:D1
            X509v3 Authority Key Identifier:
                keyid:41:27:B0:C0:FE:7C:08:93:5E:25:87:13:FC:F9:0F:E9:58:EE:03:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QSewwP58CJNeJYcT_PkP6VjuA-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/9YuupHmmpdpZRIMFT3I7baZGqNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/QSewwP58CJNeJYcT_PkP6VjuA-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:86:02:b5:ab:68:3f:00:b0:81:52:73:a5:3c:4c:18:5a:27:
         1e:6c:38:7b:87:b8:a7:54:2a:b9:dd:5f:8b:73:f7:21:6d:a4:
         46:8f:fd:8c:60:b0:2b:f2:9b:23:77:0e:8c:3f:4b:b0:a1:d1:
         de:2a:ac:02:e4:37:49:aa:b6:ba:6c:98:96:e8:fb:4a:46:07:
         e2:61:01:7e:aa:bb:ed:44:02:f2:be:cf:f1:0f:cc:8e:82:59:
         0f:03:cd:37:85:95:bd:a6:0e:7d:d3:9e:6c:57:78:41:44:e8:
         de:c4:79:55:19:25:c9:7f:71:6f:dd:5e:5c:3c:13:4c:55:f3:
         73:89:0c:39:9f:49:8f:59:2e:33:ba:e6:c1:bb:04:1b:56:b8:
         36:68:92:74:4d:9f:c4:4e:ab:b1:08:94:7d:c3:ec:e8:a9:26:
         2d:cb:1a:b0:60:f6:4f:c1:2e:50:4b:a6:30:f2:86:1d:32:4a:
         15:af:04:4b:23:41:fb:6d:ca:88:e2:48:f6:b6:fa:60:23:e1:
         70:31:27:d0:0a:57:45:bb:29:ee:a7:0b:bb:24:35:07:e7:b7:
         fe:e8:02:fe:f3:91:53:19:35:63:a9:6a:a8:b4:04:4b:59:5e:
         24:dd:bb:df:e7:62:e3:56:20:9a:b0:75:8b:57:7c:9d:ee:e9:
         c2:63:bc:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+i/J78r935EiCiaIkrtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMjdiMGMwZmU3YzA4OTM1ZTI1ODcxM2ZjZjkwZmU5NThl
ZTAzZWUwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNThiYWVhNDc5YTZhNWRhNTk0NDgzMDU0ZjcyM2I2ZGE2NDZhOGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9hdCHyKQ3uHIDNJ6heNfoY0l6Pq
1EfKjH2ayeAnuGKRrvxbUSK6DYeLBe5yMZxgUy7sHBtIlqEimCgvZ82gxg7CObVI
L/TY7n56SX5lxAVpasvmVpKL2cMxEbBZ2g60WUjC69QJRTe9MHzqEXyxYWlYH1X+
Irm9FRDkisrU/mpwr3D2IR0vi0D+WNkO3HQIv8i9i7HCHJOwSnaWjUvHctQc9ybb
4fSQBNopTpwhPI83komgapK+sDb0EwQSOo7R0bJtftZPY/RuPuoWSfqPVEG9p4Un
REoucokA/vW0l+iXkCHKIGavRdMcrEGVj6ZKcbL4rhla0plYnPMIn8kWNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWLrqR5pqXaWUSDBU9yO22mRqjRMB8GA1UdIwQY
MBaAFEEnsMD+fAiTXiWHE/z5D+lY7gPuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVNld3dQNThDSk5lSlljVF9Qa1A2Vmp1QS00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iZTI5MDMtMzUzOC00NmZmLWFhZTQt
YmQxZDQ4ZDUxMmNlLzEvOVl1dXBIbW1wZHBaUklNRlQzSTdiYVpHcU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iZTI5MDMtMzUzOC00NmZmLWFhZTQtYmQxZDQ4ZDUxMmNl
LzEvUVNld3dQNThDSk5lSlljVF9Qa1A2Vmp1QS00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXiMMA0G
CSqGSIb3DQEBCwUAA4IBAQBLhgK1q2g/ALCBUnOlPEwYWicebDh7h7inVCq53V+L
c/chbaRGj/2MYLAr8psjdw6MP0uwodHeKqwC5DdJqra6bJiW6PtKRgfiYQF+qrvt
RALyvs/xD8yOglkPA803hZW9pg59055sV3hBROjexHlVGSXJf3Fv3V5cPBNMVfNz
iQw5n0mPWS4zuubBuwQbVrg2aJJ0TZ/ETquxCJR9w+zoqSYtyxqwYPZPwS5QS6Yw
8oYdMkoVrwRLI0H7bcqI4kj2tvpgI+FwMSfQCldFuynupwu7JDUH57f+6AL+85FT
GTVjqWqotARLWV4k3bvf52LjViCasHWLV3yd7unCY7xm
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:31:36 2024 by rpki-client on console-ams.rpki-client.org