Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/LV5NNz8kGnACN0PAubzQTkyTkrA.roa
File:                     LV5NNz8kGnACN0PAubzQTkyTkrA.roa (raw, json)
Hash identifier:          GsBwMa9xesOrZOnko4/XfoELEUOTRnzVYCLuzYe1VCo=
Subject key identifier:   2D:5E:4D:37:3F:24:1A:70:02:37:43:C0:B9:BC:D0:4E:4C:93:92:B0
Certificate issuer:       /CN=6810aa89239242dacc9d03e3af22d4e87a783414
Certificate serial:       018CC64B2FCCEEA21B1F90F5FC9977CB51BC
Authority key identifier: 68:10:AA:89:23:92:42:DA:CC:9D:03:E3:AF:22:D4:E8:7A:78:34:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/LV5NNz8kGnACN0PAubzQTkyTkrA.roa
Signing time:             Mon 01 Jan 2024 18:31:05 +0000
ROA not before:           Mon 01 Jan 2024 18:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51093
IP address blocks:        185.108.16.0/24 maxlen: 24
                          212.48.224.0/22 maxlen: 24
                          212.48.232.0/24 maxlen: 24
                          212.48.228.0/22 maxlen: 24
                          212.48.230.0/24 maxlen: 24
                          2a06:300::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2f:cc:ee:a2:1b:1f:90:f5:fc:99:77:cb:51:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6810aa89239242dacc9d03e3af22d4e87a783414
        Validity
            Not Before: Jan  1 18:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d5e4d373f241a70023743c0b9bcd04e4c9392b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:82:5f:2d:30:03:d4:d6:ea:72:d7:e4:bf:6e:
                    f6:2d:8a:47:85:92:6a:28:f9:f4:d6:f2:76:99:c9:
                    b6:f4:e3:3a:8b:c1:54:86:be:34:45:48:0d:b7:75:
                    9d:4c:99:84:eb:58:91:ae:fa:0d:a5:79:77:32:80:
                    8a:ec:22:26:61:e5:2d:4a:a6:b1:20:aa:f3:0d:e5:
                    48:17:11:37:f9:b2:ba:59:0e:9d:8d:c2:0b:0a:01:
                    05:da:7f:c2:5f:b5:70:b6:53:96:31:86:ec:ba:86:
                    23:57:0f:8b:4a:00:4e:16:df:89:30:1e:7a:ba:46:
                    b8:7a:fb:1d:7c:4f:25:67:a8:9b:ef:25:8e:8f:76:
                    44:1f:ba:78:bf:a0:09:9b:96:e5:5f:9a:d6:0b:17:
                    a7:ff:3b:ba:1e:49:2e:c2:33:a5:c3:0c:b9:57:1e:
                    c0:16:3c:56:9f:d2:3f:08:70:3c:68:9d:74:17:06:
                    17:00:01:4b:f0:6e:2e:4f:87:9e:63:32:5c:34:d6:
                    f9:35:a9:68:f1:7d:f6:e7:82:c9:9c:07:a6:f7:ac:
                    56:66:1e:2a:32:8e:b0:0c:c6:85:1d:7d:a0:f3:a9:
                    c9:36:df:cf:78:28:46:58:14:e8:9a:e1:58:7a:3b:
                    71:ab:dd:24:3a:90:f9:a5:ff:3b:c2:80:ae:ec:5e:
                    07:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:5E:4D:37:3F:24:1A:70:02:37:43:C0:B9:BC:D0:4E:4C:93:92:B0
            X509v3 Authority Key Identifier:
                keyid:68:10:AA:89:23:92:42:DA:CC:9D:03:E3:AF:22:D4:E8:7A:78:34:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/LV5NNz8kGnACN0PAubzQTkyTkrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.16.0/24
                  212.48.224.0-212.48.232.255
                IPv6:
                  2a06:300::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:91:6f:6b:fd:78:f6:10:3e:eb:29:85:65:eb:df:b1:74:ce:
         ea:86:43:bd:6b:88:51:34:93:93:f8:08:be:d0:3d:aa:21:bb:
         e4:0d:9c:d3:60:9f:68:59:21:91:d2:43:e4:34:ef:7c:73:5b:
         f8:b0:13:58:60:d9:f2:8a:f9:78:1f:5b:bf:64:b6:c3:ca:ed:
         32:b1:78:c1:94:2e:87:ef:e6:0f:28:06:ca:83:67:2b:35:9d:
         61:1b:be:be:4f:90:79:d4:60:8a:a6:d9:34:e2:e6:e5:ce:db:
         17:02:15:c0:bb:06:5f:61:c5:cf:48:dd:f3:12:07:36:14:56:
         4d:d4:e5:3c:32:e3:fd:88:ff:28:c1:cb:48:ff:0d:87:e4:30:
         da:aa:1c:7a:25:db:c5:e6:dc:3c:58:bf:b7:a6:2b:2e:4f:26:
         ac:4f:ca:65:0c:31:30:e0:bb:d8:9c:16:aa:5c:5c:fd:4b:ca:
         23:10:51:d3:d3:26:5e:f2:ea:5c:f0:35:57:d2:33:af:35:d9:
         9d:bb:c1:e4:7e:1d:cd:f1:63:36:fc:00:7a:15:b8:11:d3:b1:
         e4:cd:4a:62:88:b2:bd:ec:0b:94:4f:42:a9:95:72:e4:5b:44:
         6f:73:cf:37:62:67:54:e1:29:bd:8b:9b:1c:68:b4:c0:bf:be:
         d8:f6:c8:a5
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzGSy/M7qIbH5D1/Jl3y1G8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTBhYTg5MjM5MjQyZGFjYzlkMDNlM2FmMjJkNGU4N2E3
ODM0MTQwHhcNMjQwMTAxMTgzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDVlNGQzNzNmMjQxYTcwMDIzNzQzYzBiOWJjZDA0ZTRjOTM5MmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4JfLTAD1Nbqctfkv272LYpHhZJq
KPn01vJ2mcm29OM6i8FUhr40RUgNt3WdTJmE61iRrvoNpXl3MoCK7CImYeUtSqax
IKrzDeVIFxE3+bK6WQ6djcILCgEF2n/CX7VwtlOWMYbsuoYjVw+LSgBOFt+JMB56
uka4evsdfE8lZ6ib7yWOj3ZEH7p4v6AJm5blX5rWCxen/zu6HkkuwjOlwwy5Vx7A
FjxWn9I/CHA8aJ10FwYXAAFL8G4uT4eeYzJcNNb5Nalo8X3254LJnAem96xWZh4q
Mo6wDMaFHX2g86nJNt/PeChGWBTomuFYejtxq90kOpD5pf87woCu7F4HhwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFC1eTTc/JBpwAjdDwLm80E5Mk5KwMB8GA1UdIwQY
MBaAFGgQqokjkkLazJ0D468i1Oh6eDQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJDcWlTT1NRdHJNblFQanJ5TFU2SHA0TkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wMjQ0ZTQtNzNlMy00NDlkLWEwNmEt
MWY2ODk5MzViOTBmLzEvTFY1Tk56OGtHbkFDTjBQQXVielFUa3lUa3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wMjQ0ZTQtNzNlMy00NDlkLWEwNmEtMWY2ODk5MzViOTBm
LzEvYUJDcWlTT1NRdHJNblFQanJ5TFU2SHA0TkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQAuWwQMAwD
BAXUMOADBADUMOgwDQQCAAIwBwMFAyoGAwAwDQYJKoZIhvcNAQELBQADggEBALOR
b2v9ePYQPusphWXr37F0zuqGQ71riFE0k5P4CL7QPaohu+QNnNNgn2hZIZHSQ+Q0
73xzW/iwE1hg2fKK+XgfW79ktsPK7TKxeMGULofv5g8oBsqDZys1nWEbvr5PkHnU
YIqm2TTi5uXO2xcCFcC7Bl9hxc9I3fMSBzYUVk3U5Twy4/2I/yjBy0j/DYfkMNqq
HHol28Xm3DxYv7emKy5PJqxPymUMMTDgu9icFqpcXP1LyiMQUdPTJl7y6lzwNVfS
M6812Z27weR+Hc3xYzb8AHoVuBHTseTNSmKIsr3sC5RPQqmVcuRbRG9zzzdiZ1Th
Kb2LmxxotMC/vtj2yKU=
-----END CERTIFICATE-----
Generated at Sun Jun 16 04:47:24 2024 by rpki-client on console-ams.rpki-client.org