Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/df6f5f-e1ec-4343-9a21-a5cee11bbae8/1/fRvCQJ5O6gEVOnh_jH4kbyiX3IA.roa
File:                     fRvCQJ5O6gEVOnh_jH4kbyiX3IA.roa (raw, json)
Hash identifier:          g1zRLX5WycLOvBVJRmExPBoWabJP9pSzC3T9VLZ/QTA=
Subject key identifier:   7D:1B:C2:40:9E:4E:EA:01:15:3A:78:7F:8C:7E:24:6F:28:97:DC:80
Certificate issuer:       /CN=0e9a5c3283a6a16b4d205a7c564a382641cd8691
Certificate serial:       018CC42517E511D3115C127307F1D85FBFE7
Authority key identifier: 0E:9A:5C:32:83:A6:A1:6B:4D:20:5A:7C:56:4A:38:26:41:CD:86:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DppcMoOmoWtNIFp8Vko4JkHNhpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/df6f5f-e1ec-4343-9a21-a5cee11bbae8/1/fRvCQJ5O6gEVOnh_jH4kbyiX3IA.roa
Signing time:             Mon 01 Jan 2024 08:30:14 +0000
ROA not before:           Mon 01 Jan 2024 08:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204804
IP address blocks:        185.239.145.0/24 maxlen: 24
                          89.20.48.0/24 maxlen: 24
                          193.162.28.0/24 maxlen: 24
                          185.239.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/df6f5f-e1ec-4343-9a21-a5cee11bbae8/1/DppcMoOmoWtNIFp8Vko4JkHNhpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/df6f5f-e1ec-4343-9a21-a5cee11bbae8/1/DppcMoOmoWtNIFp8Vko4JkHNhpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DppcMoOmoWtNIFp8Vko4JkHNhpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:03:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:17:e5:11:d3:11:5c:12:73:07:f1:d8:5f:bf:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e9a5c3283a6a16b4d205a7c564a382641cd8691
        Validity
            Not Before: Jan  1 08:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d1bc2409e4eea01153a787f8c7e246f2897dc80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b1:c0:20:f9:a1:5c:c2:bc:ac:dd:f3:86:07:
                    d8:92:bc:09:91:00:29:e8:a7:11:3e:e8:57:bd:8d:
                    4d:1f:dd:38:22:e4:9e:d3:36:f2:a4:ba:6c:0f:eb:
                    81:7e:f5:a3:a1:7b:e9:fb:23:7e:67:d2:4f:06:89:
                    df:91:29:4f:8e:29:9c:11:48:ed:64:71:55:08:77:
                    7e:fa:09:74:4a:40:e1:c4:d8:b9:84:b2:41:93:03:
                    c0:14:5f:bc:cd:52:b9:a0:c4:e2:26:8b:65:0a:fc:
                    55:f3:a9:1c:92:1a:70:90:28:36:c8:de:46:68:7a:
                    38:60:dd:a6:db:4e:91:a2:f3:ed:7f:e6:af:cb:8d:
                    9f:57:50:7c:7e:ad:b0:37:95:74:a2:e0:a8:bf:05:
                    63:81:01:c1:5a:b0:32:ae:93:0a:00:11:5e:dd:44:
                    04:99:f1:0d:6c:59:a5:b0:06:83:96:0c:b5:c5:de:
                    50:12:f8:de:6c:72:12:cb:7c:d5:7b:78:4b:d0:7e:
                    95:93:8d:78:6e:32:b2:4c:70:8f:bf:8f:01:30:ca:
                    dc:fe:bc:56:a1:0e:3f:04:db:eb:1a:8c:81:09:72:
                    9f:27:28:f3:c1:e6:c0:51:30:e2:61:26:4b:0c:f0:
                    49:e6:c3:aa:ae:7e:07:71:45:cb:65:7d:dd:8a:fc:
                    5d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:1B:C2:40:9E:4E:EA:01:15:3A:78:7F:8C:7E:24:6F:28:97:DC:80
            X509v3 Authority Key Identifier:
                keyid:0E:9A:5C:32:83:A6:A1:6B:4D:20:5A:7C:56:4A:38:26:41:CD:86:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DppcMoOmoWtNIFp8Vko4JkHNhpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/df6f5f-e1ec-4343-9a21-a5cee11bbae8/1/fRvCQJ5O6gEVOnh_jH4kbyiX3IA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/df6f5f-e1ec-4343-9a21-a5cee11bbae8/1/DppcMoOmoWtNIFp8Vko4JkHNhpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.20.48.0/24
                  185.239.145.0-185.239.146.255
                  193.162.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:a5:3f:08:f6:aa:0a:c8:9f:87:19:30:cb:2b:a7:bc:bb:c7:
         c6:a0:a7:03:48:af:b1:ad:50:04:78:1b:14:6d:2a:bf:ce:d3:
         05:da:e4:02:8b:2e:0b:18:2a:9d:96:9c:bd:e2:2a:83:6d:8a:
         3b:c8:60:36:60:0f:a8:7b:84:d2:7e:3d:6d:fd:67:e3:cd:2b:
         ef:33:ff:b9:b2:b0:71:3c:23:88:32:72:97:c9:4f:5b:ad:c4:
         81:49:d6:01:77:4d:5c:59:13:c2:9a:23:a6:b8:cc:ae:67:8d:
         27:87:8f:e7:c8:9a:6a:f1:ba:6b:ed:b8:15:95:80:eb:22:57:
         24:3c:dc:de:af:46:90:d7:1b:71:b6:82:7f:4f:4e:fb:78:a5:
         13:5a:5c:42:b9:8a:6f:cb:61:ee:a1:8e:0a:ab:d3:90:5f:83:
         b4:02:fa:24:fc:cb:23:3f:0e:76:b2:1c:24:a4:45:71:d3:3e:
         ef:20:29:09:b3:fa:ec:91:01:ce:aa:3d:ce:3f:b5:de:7b:7b:
         e3:18:8d:f2:51:b8:41:cf:1b:b2:96:d8:48:d1:9f:56:da:6d:
         44:0a:ba:41:55:70:7b:fc:13:27:11:4f:19:85:e4:35:86:d1:
         e2:05:05:94:b4:88:9c:af:f9:92:c0:3d:17:16:72:4c:48:c2:
         af:84:bc:fd
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzEJRflEdMRXBJzB/HYX7/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOWE1YzMyODNhNmExNmI0ZDIwNWE3YzU2NGEzODI2NDFj
ZDg2OTEwHhcNMjQwMTAxMDgzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDFiYzI0MDllNGVlYTAxMTUzYTc4N2Y4YzdlMjQ2ZjI4OTdkYzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7HAIPmhXMK8rN3zhgfYkrwJkQAp
6KcRPuhXvY1NH904IuSe0zbypLpsD+uBfvWjoXvp+yN+Z9JPBonfkSlPjimcEUjt
ZHFVCHd++gl0SkDhxNi5hLJBkwPAFF+8zVK5oMTiJotlCvxV86kckhpwkCg2yN5G
aHo4YN2m206RovPtf+avy42fV1B8fq2wN5V0ouCovwVjgQHBWrAyrpMKABFe3UQE
mfENbFmlsAaDlgy1xd5QEvjebHISy3zVe3hL0H6Vk414bjKyTHCPv48BMMrc/rxW
oQ4/BNvrGoyBCXKfJyjzwebAUTDiYSZLDPBJ5sOqrn4HcUXLZX3divxdKwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFH0bwkCeTuoBFTp4f4x+JG8ol9yAMB8GA1UdIwQY
MBaAFA6aXDKDpqFrTSBafFZKOCZBzYaRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBwY01vT21vV3ROSUZwOFZrbzRKa0hOaHBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9kZjZmNWYtZTFlYy00MzQzLTlhMjEt
YTVjZWUxMWJiYWU4LzEvZlJ2Q1FKNU82Z0VWT25oX2pINGtieWlYM0lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9kZjZmNWYtZTFlYy00MzQzLTlhMjEtYTVjZWUxMWJiYWU4
LzEvRHBwY01vT21vV3ROSUZwOFZrbzRKa0hOaHBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAWRQwMAwD
BAC575EDBAC575IDBADBohwwDQYJKoZIhvcNAQELBQADggEBAC6lPwj2qgrIn4cZ
MMsrp7y7x8agpwNIr7GtUAR4GxRtKr/O0wXa5AKLLgsYKp2WnL3iKoNtijvIYDZg
D6h7hNJ+PW39Z+PNK+8z/7mysHE8I4gycpfJT1utxIFJ1gF3TVxZE8KaI6a4zK5n
jSeHj+fImmrxumvtuBWVgOsiVyQ83N6vRpDXG3G2gn9PTvt4pRNaXEK5im/LYe6h
jgqr05Bfg7QC+iT8yyM/DnayHCSkRXHTPu8gKQmz+uyRAc6qPc4/td57e+MYjfJR
uEHPG7KW2EjRn1babUQKukFVcHv8EycRTxmF5DWG0eIFBZS0iJyv+ZLAPRcWckxI
wq+EvP0=
-----END CERTIFICATE-----
Generated at Sat Jun 15 21:31:19 2024 by rpki-client on console-ams.rpki-client.org