Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/p0CXUiRg3NCy_IiyPa6_KKT_ySw.roa
File:                     p0CXUiRg3NCy_IiyPa6_KKT_ySw.roa (raw, json)
Hash identifier:          WvMNBnH47W63yOd4ijCSIrg3us9ein+aGUwf5gNVM9w=
Subject key identifier:   A7:40:97:52:24:60:DC:D0:B2:FC:88:B2:3D:AE:BF:28:A4:FF:C9:2C
Certificate issuer:       /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial:       018D7725187A8C241AFB47AB93B23EEFDBFF
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/p0CXUiRg3NCy_IiyPa6_KKT_ySw.roa
Signing time:             Mon 05 Feb 2024 02:42:16 +0000
ROA not before:           Mon 05 Feb 2024 02:42:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6898
IP address blocks:        185.155.176.0/22 maxlen: 22
                          185.155.184.0/24 maxlen: 24
                          185.155.185.0/24 maxlen: 24
                          2a00:bd00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:77:25:18:7a:8c:24:1a:fb:47:ab:93:b2:3e:ef:db:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
        Validity
            Not Before: Feb  5 02:42:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a74097522460dcd0b2fc88b23daebf28a4ffc92c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8d:3c:0f:81:ce:c5:26:5e:84:84:bd:0e:06:
                    a5:95:4f:13:63:3b:02:b4:01:77:bd:32:f5:30:67:
                    d9:ef:83:2f:b6:98:93:d6:78:8d:c8:2d:73:db:c7:
                    e7:6d:94:9f:69:c9:cb:3d:ce:e2:8f:6d:6d:5c:d8:
                    6c:a4:e9:16:a9:11:6a:01:1a:1c:1f:16:19:44:ec:
                    20:d4:34:75:f5:4f:5d:29:4b:34:e4:a1:6b:53:3c:
                    04:50:1c:65:4c:8b:86:5f:9d:9a:39:31:13:f8:e6:
                    61:a3:bc:95:56:40:ed:ed:50:ce:cd:89:f5:b5:c1:
                    40:91:73:cc:71:11:75:a8:3e:c7:80:90:3e:4d:cd:
                    e6:c3:2f:93:d7:e1:09:92:8a:8c:bd:3a:f1:3b:57:
                    01:4c:64:11:d2:96:47:f8:31:7d:fc:77:33:ae:98:
                    71:76:99:7c:77:60:23:43:5b:55:a4:b3:fd:81:31:
                    b7:dc:dc:97:99:d3:9a:d3:1f:99:61:81:26:cf:ab:
                    7e:19:45:39:20:cc:f9:ac:c4:ee:10:33:e5:5d:11:
                    1b:10:4c:37:ae:c2:6d:bf:35:e1:30:27:85:50:68:
                    07:40:58:a1:40:8f:0c:4f:71:fd:fc:64:46:4c:8a:
                    17:fc:02:0f:08:27:7a:0d:e5:bd:da:37:60:a1:83:
                    55:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:40:97:52:24:60:DC:D0:B2:FC:88:B2:3D:AE:BF:28:A4:FF:C9:2C
            X509v3 Authority Key Identifier:
                keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/p0CXUiRg3NCy_IiyPa6_KKT_ySw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.176.0/22
                  185.155.184.0/23
                IPv6:
                  2a00:bd00::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:47:85:91:16:58:a5:90:70:92:21:d3:fa:21:d0:23:94:cf:
         b2:32:aa:c9:94:eb:21:c4:60:4c:25:eb:d8:6f:4b:ed:57:05:
         b9:f2:66:88:36:c3:24:fe:32:80:e3:a2:b0:a9:6e:d1:29:f5:
         95:0f:27:2b:23:8c:6b:1d:47:78:e6:b0:e9:fe:fc:41:8c:91:
         0b:7c:87:54:bf:47:8c:43:15:c6:34:cd:ea:3c:00:c2:a6:f0:
         8c:cc:d3:ac:6d:bf:04:00:d2:d4:cf:7d:3d:b3:9a:a6:79:e9:
         aa:2e:6c:e8:d9:b1:fa:9c:ce:3e:53:4c:ce:a3:b9:2e:2c:8e:
         84:da:c8:9a:c2:76:1e:1d:84:f2:ea:0e:61:c6:01:da:0f:3d:
         7a:45:5e:81:d0:01:3b:41:cf:3e:04:95:bb:ec:65:57:a3:77:
         9e:2f:3c:3a:aa:2c:fe:2d:3d:a6:82:5b:27:10:d7:40:c5:f3:
         3a:c7:e9:c5:e4:53:26:29:1f:b6:a6:a2:05:00:09:df:b7:e1:
         9f:5b:dc:95:94:5b:ea:d6:2a:09:8e:77:72:0f:ce:00:cd:f4:
         df:ed:80:a5:bd:10:83:dd:68:d3:a7:16:00:66:c8:c7:af:0c:
         00:3a:29:25:2a:08:74:49:61:88:a5:e4:52:af:37:3e:ef:00:
         76:3c:aa:c5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY13JRh6jCQa+0erk7I+79v/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjQwMjA1MDI0MjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzQwOTc1MjI0NjBkY2QwYjJmYzg4YjIzZGFlYmYyOGE0ZmZjOTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAso08D4HOxSZehIS9DgallU8TYzsC
tAF3vTL1MGfZ74MvtpiT1niNyC1z28fnbZSfacnLPc7ij21tXNhspOkWqRFqARoc
HxYZROwg1DR19U9dKUs05KFrUzwEUBxlTIuGX52aOTET+OZho7yVVkDt7VDOzYn1
tcFAkXPMcRF1qD7HgJA+Tc3mwy+T1+EJkoqMvTrxO1cBTGQR0pZH+DF9/Hczrphx
dpl8d2AjQ1tVpLP9gTG33NyXmdOa0x+ZYYEmz6t+GUU5IMz5rMTuEDPlXREbEEw3
rsJtvzXhMCeFUGgHQFihQI8MT3H9/GRGTIoX/AIPCCd6DeW92jdgoYNVVQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKdAl1IkYNzQsvyIsj2uvyik/8ksMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvcDBDWFVpUmczTkN5X0lpeVBhNl9LS1RfeVN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuZuwAwQB
uZu4MA0EAgACMAcDBQAqAL0AMA0GCSqGSIb3DQEBCwUAA4IBAQCkR4WRFlilkHCS
IdP6IdAjlM+yMqrJlOshxGBMJevYb0vtVwW58maINsMk/jKA46KwqW7RKfWVDycr
I4xrHUd45rDp/vxBjJELfIdUv0eMQxXGNM3qPADCpvCMzNOsbb8EANLUz309s5qm
eemqLmzo2bH6nM4+U0zOo7kuLI6E2siawnYeHYTy6g5hxgHaDz16RV6B0AE7Qc8+
BJW77GVXo3eeLzw6qiz+LT2mglsnENdAxfM6x+nF5FMmKR+2pqIFAAnft+GfW9yV
lFvq1ioJjndyD84AzfTf7YClvRCD3WjTpxYAZsjHrwwAOiklKgh0SWGIpeRSrzc+
7wB2PKrF
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:45:47 2024 by rpki-client on console-ams.rpki-client.org