Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/uhYFYb6ockZ6tFuE_4kYKvxnVBQ.roa
File:                     uhYFYb6ockZ6tFuE_4kYKvxnVBQ.roa (raw, json)
Hash identifier:          5qCpg3PTgDiqk0Y93RwrEXfmvqEu2FcUmoOjb+/NWUE=
Subject key identifier:   BA:16:05:61:BE:A8:72:46:7A:B4:5B:84:FF:89:18:2A:FC:67:54:14
Certificate issuer:       /CN=34f47b73ee8fbedd25f41b3b17b2be08f5bf6563
Certificate serial:       018CCA29F75D422C3D701CE55B59E392B10B
Authority key identifier: 34:F4:7B:73:EE:8F:BE:DD:25:F4:1B:3B:17:B2:BE:08:F5:BF:65:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/uhYFYb6ockZ6tFuE_4kYKvxnVBQ.roa
Signing time:             Tue 02 Jan 2024 12:33:17 +0000
ROA not before:           Tue 02 Jan 2024 12:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        185.117.176.0/22 maxlen: 32
                          217.15.32.0/20 maxlen: 32
                          88.84.64.0/19 maxlen: 32
                          217.149.144.0/20 maxlen: 32
                          95.142.0.0/20 maxlen: 32
                          2a02:206a::/32 maxlen: 32
                          2a02:206d::/32 maxlen: 32
                          2a02:206b::/32 maxlen: 32
                          2a02:2068::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f7:5d:42:2c:3d:70:1c:e5:5b:59:e3:92:b1:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f47b73ee8fbedd25f41b3b17b2be08f5bf6563
        Validity
            Not Before: Jan  2 12:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba160561bea872467ab45b84ff89182afc675414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ed:0d:c8:39:9e:73:c6:c0:af:69:53:e8:8f:
                    51:cc:b2:74:ba:0f:b9:3c:f0:51:b4:65:70:98:0e:
                    ca:9a:24:36:88:4c:fc:fe:9e:5d:c0:9a:40:d0:19:
                    fe:8d:e8:2a:29:dc:35:4b:4e:01:a2:5a:91:86:3b:
                    ca:0c:90:87:f1:dd:d2:91:31:73:52:1e:e7:74:5a:
                    1e:83:03:58:5a:97:1e:8d:89:e5:a6:4f:88:fb:ef:
                    7f:6d:b5:f8:7c:5e:7f:6f:41:28:82:f3:84:7a:1f:
                    eb:c2:c2:d0:26:20:48:e4:90:8a:3a:1e:ca:a2:7c:
                    7d:40:13:44:8a:41:68:b8:d1:7e:b6:75:fd:8b:e3:
                    03:33:77:40:31:ef:f9:94:b0:8a:e8:d3:09:b9:3e:
                    db:cd:d1:fe:6e:33:b6:6f:57:3b:b4:c2:61:15:d9:
                    d8:fd:41:56:fb:9b:f8:01:28:19:28:e6:0c:5d:50:
                    18:2f:e7:6b:c6:5e:a8:21:a0:7a:ec:c7:0c:51:76:
                    4c:a3:5a:cd:62:b9:16:6a:51:4e:47:1c:4c:c9:96:
                    82:cb:b8:a4:fb:2a:3c:ad:b3:ce:e0:4c:b3:f8:99:
                    02:1b:53:7c:1e:25:7e:88:72:a6:60:8b:e2:be:cc:
                    a7:17:5c:28:0a:e8:e7:40:7e:e9:51:b4:fe:a2:d6:
                    a4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:16:05:61:BE:A8:72:46:7A:B4:5B:84:FF:89:18:2A:FC:67:54:14
            X509v3 Authority Key Identifier:
                keyid:34:F4:7B:73:EE:8F:BE:DD:25:F4:1B:3B:17:B2:BE:08:F5:BF:65:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/uhYFYb6ockZ6tFuE_4kYKvxnVBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.64.0/19
                  95.142.0.0/20
                  185.117.176.0/22
                  217.15.32.0/20
                  217.149.144.0/20
                IPv6:
                  2a02:2068::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:30:bc:30:0a:73:8a:e6:23:4b:63:c4:12:4c:07:91:82:28:
         22:77:05:46:d7:be:90:b4:63:cf:f2:a7:d3:f4:5e:a1:ae:b8:
         31:45:f6:0e:13:64:3c:81:e7:f2:d3:a1:94:92:b3:4d:b6:70:
         13:f4:ec:83:d9:7d:ee:99:4c:b6:15:3f:6f:51:d6:04:6f:cb:
         4e:ff:7f:ea:98:4b:fb:c2:25:fe:85:e7:fa:f1:f8:56:3f:af:
         bb:46:18:d6:15:5d:17:90:93:19:ae:56:0d:21:55:7e:1a:d5:
         35:7a:04:c9:a2:ec:4b:b9:fa:01:67:d9:d9:14:60:fe:b0:89:
         88:4c:11:6b:48:d1:08:7c:3c:4d:3c:69:18:90:9f:c3:06:31:
         9b:d1:59:c0:6a:d0:fb:f4:52:2a:34:8f:25:19:0a:60:58:e2:
         e5:d9:73:2f:e2:ef:74:81:6a:f3:50:f8:2b:23:a0:99:de:35:
         ce:0b:64:9d:3e:01:fc:33:18:51:32:40:a9:fb:35:3f:4d:fb:
         03:2e:e9:55:8e:a3:08:01:86:f2:d4:f5:d0:69:ad:91:9a:95:
         98:95:38:54:52:ad:9a:bf:f9:e1:4b:d6:62:d3:5b:24:5b:ba:
         a2:63:2d:cf:f5:12:ab:60:c5:06:27:45:de:e9:fc:fc:51:00:
         0a:0a:6f:80
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzKKfddQiw9cBzlW1njkrELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjQ3YjczZWU4ZmJlZGQyNWY0MWIzYjE3YjJiZTA4ZjVi
ZjY1NjMwHhcNMjQwMTAyMTIzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTE2MDU2MWJlYTg3MjQ2N2FiNDViODRmZjg5MTgyYWZjNjc1NDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+0NyDmec8bAr2lT6I9RzLJ0ug+5
PPBRtGVwmA7KmiQ2iEz8/p5dwJpA0Bn+jegqKdw1S04BolqRhjvKDJCH8d3SkTFz
Uh7ndFoegwNYWpcejYnlpk+I++9/bbX4fF5/b0EogvOEeh/rwsLQJiBI5JCKOh7K
onx9QBNEikFouNF+tnX9i+MDM3dAMe/5lLCK6NMJuT7bzdH+bjO2b1c7tMJhFdnY
/UFW+5v4ASgZKOYMXVAYL+drxl6oIaB67McMUXZMo1rNYrkWalFORxxMyZaCy7ik
+yo8rbPO4Eyz+JkCG1N8HiV+iHKmYIvivsynF1woCujnQH7pUbT+otak5QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFLoWBWG+qHJGerRbhP+JGCr8Z1QUMB8GA1UdIwQY
MBaAFDT0e3Puj77dJfQbOxeyvgj1v2VjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBSN2MtNlB2dDBsOUJzN0Y3Sy1DUFdfWldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wZmM1YzktNGVjNi00ZGY2LTgyYzQt
ZDg3ZTQwNDdmODUzLzEvdWhZRlliNm9ja1o2dEZ1RV80a1lLdnhuVkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wZmM1YzktNGVjNi00ZGY2LTgyYzQtZDg3ZTQwNDdmODUz
LzEvTlBSN2MtNlB2dDBsOUJzN0Y3Sy1DUFdfWldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFWFRAAwQE
X44AAwQCuXWwAwQE2Q8gAwQE2ZWQMA0EAgACMAcDBQMqAiBoMA0GCSqGSIb3DQEB
CwUAA4IBAQB7MLwwCnOK5iNLY8QSTAeRgigidwVG176QtGPP8qfT9F6hrrgxRfYO
E2Q8gefy06GUkrNNtnAT9OyD2X3umUy2FT9vUdYEb8tO/3/qmEv7wiX+hef68fhW
P6+7RhjWFV0XkJMZrlYNIVV+GtU1egTJouxLufoBZ9nZFGD+sImITBFrSNEIfDxN
PGkYkJ/DBjGb0VnAatD79FIqNI8lGQpgWOLl2XMv4u90gWrzUPgrI6CZ3jXOC2Sd
PgH8MxhRMkCp+zU/TfsDLulVjqMIAYby1PXQaa2RmpWYlThUUq2av/nhS9Zi01sk
W7qiYy3P9RKrYMUGJ0Xe6fz8UQAKCm+A
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:34:22 2024 by rpki-client on console-ams.rpki-client.org