Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/82f901-3f48-429a-8365-7af574941936/1/s8Ce173qI3z0YJEDY4-Rwm-NMhA.roa
File:                     s8Ce173qI3z0YJEDY4-Rwm-NMhA.roa (raw, json)
Hash identifier:          HG8XvJwuZMgeBqvZyMVZK1p3wcIpoT5zVZmU1qP+Jpc=
Subject key identifier:   B3:C0:9E:D7:BD:EA:23:7C:F4:60:91:03:63:8F:91:C2:6F:8D:32:10
Certificate issuer:       /CN=76f90cc123d0d20469d39c6c3455f31ea6123f4e
Certificate serial:       018CC6B8EF02DC5C3C6A3B82E42ECA49F701
Authority key identifier: 76:F9:0C:C1:23:D0:D2:04:69:D3:9C:6C:34:55:F3:1E:A6:12:3F:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dvkMwSPQ0gRp05xsNFXzHqYSP04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/82f901-3f48-429a-8365-7af574941936/1/s8Ce173qI3z0YJEDY4-Rwm-NMhA.roa
Signing time:             Mon 01 Jan 2024 20:30:57 +0000
ROA not before:           Mon 01 Jan 2024 20:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31127
IP address blocks:        92.245.192.0/19 maxlen: 20
                          185.22.176.0/22 maxlen: 23
                          88.80.224.0/19 maxlen: 20
                          217.144.16.0/20 maxlen: 21
                          2a01:108::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/82f901-3f48-429a-8365-7af574941936/1/dvkMwSPQ0gRp05xsNFXzHqYSP04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/82f901-3f48-429a-8365-7af574941936/1/dvkMwSPQ0gRp05xsNFXzHqYSP04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dvkMwSPQ0gRp05xsNFXzHqYSP04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ef:02:dc:5c:3c:6a:3b:82:e4:2e:ca:49:f7:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76f90cc123d0d20469d39c6c3455f31ea6123f4e
        Validity
            Not Before: Jan  1 20:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3c09ed7bdea237cf4609103638f91c26f8d3210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e2:09:eb:a7:ae:9d:db:8d:04:7b:e3:82:49:
                    5e:73:20:11:40:89:27:44:7b:cc:f8:21:82:e6:be:
                    73:bf:be:42:19:77:08:5a:e8:dc:b8:df:1e:b4:08:
                    ac:7a:e0:f9:65:d2:61:70:5d:1b:b4:c2:e6:10:f9:
                    3e:52:7e:8d:8d:44:00:8c:8d:82:21:d9:14:da:87:
                    0c:d1:e2:ba:1c:6e:eb:35:ac:83:bd:06:6a:6a:68:
                    c5:18:7e:64:14:d3:d8:45:47:60:15:ab:05:e9:af:
                    4a:20:85:7a:0a:90:18:e9:b8:4a:65:7d:f6:96:5a:
                    84:b8:d6:b8:07:29:04:e9:d2:60:4b:03:0a:02:1d:
                    d8:7c:02:e8:e5:58:49:99:c9:7a:d5:02:b2:df:01:
                    92:9d:03:b5:83:71:5f:45:ff:b5:5d:27:92:e4:56:
                    99:c5:61:d6:da:53:17:3b:db:ad:74:f2:a4:21:6b:
                    aa:ae:f3:34:da:ef:23:c0:23:8c:e8:62:d9:af:fa:
                    2a:5a:08:5b:71:e9:1d:1e:5d:ec:a5:d1:60:bc:6e:
                    ee:a2:e6:c9:28:e6:d4:00:9b:e0:c7:44:55:8f:9c:
                    ab:be:bd:72:cf:36:5d:cd:a4:ec:77:dc:5d:89:9a:
                    2e:68:84:70:63:ad:44:78:58:14:5e:76:32:a4:3e:
                    55:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C0:9E:D7:BD:EA:23:7C:F4:60:91:03:63:8F:91:C2:6F:8D:32:10
            X509v3 Authority Key Identifier:
                keyid:76:F9:0C:C1:23:D0:D2:04:69:D3:9C:6C:34:55:F3:1E:A6:12:3F:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dvkMwSPQ0gRp05xsNFXzHqYSP04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/82f901-3f48-429a-8365-7af574941936/1/s8Ce173qI3z0YJEDY4-Rwm-NMhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/82f901-3f48-429a-8365-7af574941936/1/dvkMwSPQ0gRp05xsNFXzHqYSP04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.224.0/19
                  92.245.192.0/19
                  185.22.176.0/22
                  217.144.16.0/20
                IPv6:
                  2a01:108::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:d6:47:ff:52:b3:0a:73:be:ad:ff:ef:9b:fb:09:1c:da:69:
         17:da:32:a4:7f:44:61:be:92:9d:d8:d4:54:2c:9f:70:95:21:
         97:ac:a4:6e:41:bb:46:14:be:e8:e2:6c:b3:30:13:ef:b0:dd:
         68:80:b9:4c:c0:e0:4b:15:17:28:8b:cd:cf:3d:66:b6:90:c0:
         c4:56:bb:ec:72:b8:18:50:1e:bf:9c:e4:32:b7:38:6f:d9:3e:
         8f:31:9c:cf:0b:79:2f:54:70:3f:70:cc:0d:72:27:f7:4b:e0:
         ec:55:b7:4c:d4:6e:92:7c:eb:ec:4d:5f:0a:93:a3:ff:8f:ed:
         f3:20:07:3a:ad:20:31:ed:d8:0d:98:2c:16:2c:d4:06:a3:e5:
         d9:77:fa:51:9d:97:f6:30:3d:23:0a:b6:0f:42:5b:ce:72:1b:
         2f:de:44:72:90:06:eb:3c:15:b5:e5:ed:86:8a:50:bd:a5:ed:
         c0:e7:7c:d9:c9:ec:90:95:d9:e8:cd:38:df:27:2e:ee:cf:c2:
         45:f0:ec:18:86:fa:0e:0d:11:3e:7a:04:9e:d3:cf:93:6b:0c:
         89:a0:31:44:c1:d7:8d:f6:10:84:e9:41:cd:93:cb:c9:55:ea:
         78:05:99:ba:ef:3e:83:b6:b7:86:d4:d7:44:70:3a:04:1d:02:
         74:94:b0:f0
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzGuO8C3Fw8ajuC5C7KSfcBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZjkwY2MxMjNkMGQyMDQ2OWQzOWM2YzM0NTVmMzFlYTYx
MjNmNGUwHhcNMjQwMTAxMjAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2MwOWVkN2JkZWEyMzdjZjQ2MDkxMDM2MzhmOTFjMjZmOGQzMjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteIJ66eunduNBHvjgklecyARQIkn
RHvM+CGC5r5zv75CGXcIWujcuN8etAiseuD5ZdJhcF0btMLmEPk+Un6NjUQAjI2C
IdkU2ocM0eK6HG7rNayDvQZqamjFGH5kFNPYRUdgFasF6a9KIIV6CpAY6bhKZX32
llqEuNa4BykE6dJgSwMKAh3YfALo5VhJmcl61QKy3wGSnQO1g3FfRf+1XSeS5FaZ
xWHW2lMXO9utdPKkIWuqrvM02u8jwCOM6GLZr/oqWghbcekdHl3spdFgvG7uoubJ
KObUAJvgx0RVj5yrvr1yzzZdzaTsd9xdiZouaIRwY61EeFgUXnYypD5VawIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLPAnte96iN89GCRA2OPkcJvjTIQMB8GA1UdIwQY
MBaAFHb5DMEj0NIEadOcbDRV8x6mEj9OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHZrTXdTUFEwZ1JwMDV4c05GWHpIcVlTUDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi84MmY5MDEtM2Y0OC00MjlhLTgzNjUt
N2FmNTc0OTQxOTM2LzEvczhDZTE3M3FJM3owWUpFRFk0LVJ3bS1OTWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi84MmY5MDEtM2Y0OC00MjlhLTgzNjUtN2FmNTc0OTQxOTM2
LzEvZHZrTXdTUFEwZ1JwMDV4c05GWHpIcVlTUDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQFWFDgAwQF
XPXAAwQCuRawAwQE2ZAQMA0EAgACMAcDBQAqAQEIMA0GCSqGSIb3DQEBCwUAA4IB
AQBc1kf/UrMKc76t/++b+wkc2mkX2jKkf0RhvpKd2NRULJ9wlSGXrKRuQbtGFL7o
4myzMBPvsN1ogLlMwOBLFRcoi83PPWa2kMDEVrvscrgYUB6/nOQytzhv2T6PMZzP
C3kvVHA/cMwNcif3S+DsVbdM1G6SfOvsTV8Kk6P/j+3zIAc6rSAx7dgNmCwWLNQG
o+XZd/pRnZf2MD0jCrYPQlvOchsv3kRykAbrPBW15e2GilC9pe3A53zZyeyQldno
zTjfJy7uz8JF8OwYhvoODRE+egSe08+TawyJoDFEwdeN9hCE6UHNk8vJVep4BZm6
7z6DtreG1NdEcDoEHQJ0lLDw
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:24:37 2024 by rpki-client on console-ams.rpki-client.org