Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/PsgYUBK101HJIlARrE2pnssy6IU.roa
File:                     PsgYUBK101HJIlARrE2pnssy6IU.roa (raw, json)
Hash identifier:          QaEu3rtSqwigs6Cqdn/r0YiMRz7XQiOP8FKoqJV4jo4=
Subject key identifier:   3E:C8:18:50:12:B5:D3:51:C9:22:50:11:AC:4D:A9:9E:CB:32:E8:85
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       0191FAA7392D4AF4FEFE4074E30F935E1CAC
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/PsgYUBK101HJIlARrE2pnssy6IU.roa
Signing time:             Mon 16 Sep 2024 11:45:48 +0000
ROA not before:           Mon 16 Sep 2024 11:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        46.227.72.0/21 maxlen: 21
                          78.40.40.0/21 maxlen: 21
                          81.21.208.0/20 maxlen: 20
                          81.27.0.0/20 maxlen: 20
                          93.94.168.0/21 maxlen: 21
                          185.53.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fa:a7:39:2d:4a:f4:fe:fe:40:74:e3:0f:93:5e:1c:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: Sep 16 11:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ec8185012b5d351c9225011ac4da99ecb32e885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:77:a6:59:03:7e:a7:68:01:ea:34:fd:00:21:
                    b0:2f:20:2f:c8:00:8b:c8:2e:e7:ae:e0:cd:da:a4:
                    5f:64:71:4a:83:c0:2c:27:06:66:2c:88:35:55:5b:
                    60:52:89:06:da:78:18:63:0c:10:40:fd:24:be:c5:
                    4a:2c:ba:e3:72:93:46:a1:20:25:e2:92:f1:3b:6c:
                    0a:8c:6b:21:1e:3e:88:7d:76:cc:d8:55:c4:72:6a:
                    f7:fb:d8:99:2c:f5:d2:eb:43:5b:65:fd:7f:cd:c1:
                    56:e2:6c:c7:a9:8b:6c:5e:6a:4d:a2:77:24:51:7c:
                    83:38:fe:e5:27:a5:85:a8:26:19:6e:bc:f6:09:2f:
                    a8:9f:27:f3:1b:61:77:8e:95:57:a1:10:93:1b:1d:
                    66:44:bd:fc:73:44:35:aa:de:c4:db:0c:a7:de:63:
                    c7:82:05:c2:e0:54:f4:b2:29:6a:bb:48:2a:0c:2e:
                    0c:43:ee:85:66:ed:55:b3:dd:d9:97:31:16:d1:a8:
                    c9:6b:90:f2:18:36:6e:04:1e:96:ac:1d:b5:ec:d4:
                    08:56:50:9d:72:c4:64:0a:14:71:c9:ff:5b:b4:1e:
                    f0:05:8e:e6:c6:6c:bb:ef:25:76:2f:70:e5:27:ef:
                    53:37:54:df:16:21:88:9a:30:31:fc:14:6e:84:c3:
                    c3:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C8:18:50:12:B5:D3:51:C9:22:50:11:AC:4D:A9:9E:CB:32:E8:85
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/PsgYUBK101HJIlARrE2pnssy6IU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.227.72.0/21
                  78.40.40.0/21
                  81.21.208.0/20
                  81.27.0.0/20
                  93.94.168.0/21
                  185.53.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c8:d0:8a:ca:d1:bf:aa:3d:25:b9:ff:4b:77:5c:a8:33:31:d5:
         46:0c:de:fd:ac:97:7f:2b:80:c8:0f:84:c6:e0:d1:6e:0d:e2:
         8d:96:15:7d:51:c8:ff:cf:78:b1:99:c4:02:ef:af:5e:d5:a9:
         99:ba:31:11:66:27:62:41:e5:2b:8c:3f:5e:ae:55:49:ba:19:
         77:ff:c3:ed:03:f8:38:39:01:aa:58:bc:db:0b:e7:62:03:c8:
         7a:f9:06:9f:b4:19:9d:47:e7:1d:27:7b:66:0f:87:09:34:d7:
         88:13:b7:c4:3d:7e:b9:bd:21:71:fe:11:da:61:fd:92:d1:e4:
         29:21:07:29:79:99:19:a5:89:0b:db:9e:45:f9:25:4c:96:e5:
         9c:77:2e:59:09:e4:07:8a:a2:3d:13:4b:bb:39:b4:31:6e:bb:
         89:76:a9:b2:36:72:93:2f:d3:2f:f3:cd:92:c4:06:24:a5:46:
         6c:71:4d:64:b7:b8:4a:01:7e:05:e2:a6:be:7e:29:12:74:90:
         0d:84:ce:dd:9c:3b:d4:0e:3f:e4:ff:e1:d2:1e:d2:b6:e6:32:
         11:48:49:9d:42:2c:11:9d:81:7d:e7:2e:88:83:b3:0e:70:db:
         17:b7:dd:43:71:69:de:1c:68:82:d6:cd:c9:a3:15:65:f6:f0:
         fb:3d:20:ca
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZH6pzktSvT+/kB04w+TXhysMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjQwOTE2MTE0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWM4MTg1MDEyYjVkMzUxYzkyMjUwMTFhYzRkYTk5ZWNiMzJlODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHemWQN+p2gB6jT9ACGwLyAvyACL
yC7nruDN2qRfZHFKg8AsJwZmLIg1VVtgUokG2ngYYwwQQP0kvsVKLLrjcpNGoSAl
4pLxO2wKjGshHj6IfXbM2FXEcmr3+9iZLPXS60NbZf1/zcFW4mzHqYtsXmpNonck
UXyDOP7lJ6WFqCYZbrz2CS+onyfzG2F3jpVXoRCTGx1mRL38c0Q1qt7E2wyn3mPH
ggXC4FT0silqu0gqDC4MQ+6FZu1Vs93ZlzEW0ajJa5DyGDZuBB6WrB217NQIVlCd
csRkChRxyf9btB7wBY7mxmy77yV2L3DlJ+9TN1TfFiGImjAx/BRuhMPD1QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFD7IGFAStdNRySJQEaxNqZ7LMuiFMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvUHNnWVVCSzEwMUhKSWxBUnJFMnBuc3N5NklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQDLuNIAwQD
TigoAwQEURXQAwQEURsAAwQDXV6oAwQCuTXUMA0GCSqGSIb3DQEBCwUAA4IBAQDI
0IrK0b+qPSW5/0t3XKgzMdVGDN79rJd/K4DID4TG4NFuDeKNlhV9Ucj/z3ixmcQC
769e1amZujERZidiQeUrjD9erlVJuhl3/8PtA/g4OQGqWLzbC+diA8h6+QaftBmd
R+cdJ3tmD4cJNNeIE7fEPX65vSFx/hHaYf2S0eQpIQcpeZkZpYkL255F+SVMluWc
dy5ZCeQHiqI9E0u7ObQxbruJdqmyNnKTL9Mv882SxAYkpUZscU1kt7hKAX4F4qa+
fikSdJANhM7dnDvUDj/k/+HSHtK25jIRSEmdQiwRnYF95y6Ig7MOcNsXt91DcWne
HGiC1s3JoxVl9vD7PSDK
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:05:15 2024 by rpki-client on console-ams.rpki-client.org