Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/63fbf8-5cff-4991-8f27-a41a4834ecaa/1/rx8BBhHAGTYIKLb1wjcdeKd-5AU.roa
File:                     rx8BBhHAGTYIKLb1wjcdeKd-5AU.roa (raw, json)
Hash identifier:          f0EOvVskwxqcBng2DRgbbtUf1503ZVyhQv9/snzTYkg=
Subject key identifier:   AF:1F:01:06:11:C0:19:36:08:28:B6:F5:C2:37:1D:78:A7:7E:E4:05
Certificate issuer:       /CN=543c54067385a765b1d5617c43331956fb208e89
Certificate serial:       018CC9BBEC7531AE1144A83566549B611F47
Authority key identifier: 54:3C:54:06:73:85:A7:65:B1:D5:61:7C:43:33:19:56:FB:20:8E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VDxUBnOFp2Wx1WF8QzMZVvsgjok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/63fbf8-5cff-4991-8f27-a41a4834ecaa/1/rx8BBhHAGTYIKLb1wjcdeKd-5AU.roa
Signing time:             Tue 02 Jan 2024 10:33:05 +0000
ROA not before:           Tue 02 Jan 2024 10:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198595
IP address blocks:        185.202.124.0/24 maxlen: 24
                          185.202.125.0/24 maxlen: 24
                          185.202.126.0/24 maxlen: 24
                          185.202.127.0/24 maxlen: 24
                          91.236.57.0/24 maxlen: 24
                          2001:67c:104::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/63fbf8-5cff-4991-8f27-a41a4834ecaa/1/VDxUBnOFp2Wx1WF8QzMZVvsgjok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/63fbf8-5cff-4991-8f27-a41a4834ecaa/1/VDxUBnOFp2Wx1WF8QzMZVvsgjok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VDxUBnOFp2Wx1WF8QzMZVvsgjok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ec:75:31:ae:11:44:a8:35:66:54:9b:61:1f:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543c54067385a765b1d5617c43331956fb208e89
        Validity
            Not Before: Jan  2 10:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af1f010611c019360828b6f5c2371d78a77ee405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:24:fe:a7:2e:b7:7e:e5:35:55:8a:44:ab:78:
                    c2:0b:f7:7a:dd:8f:f7:cb:bc:d8:1e:ff:a8:4c:6b:
                    b4:67:fc:29:3a:cb:6c:9b:77:d2:f1:38:96:72:61:
                    a9:f9:8a:b8:c7:f2:71:f6:94:7d:4a:dd:7e:00:01:
                    02:da:7c:cd:f6:25:2e:cb:b9:5c:ae:70:b6:9d:64:
                    82:8d:9b:54:d6:3a:8c:fc:bf:38:40:1e:d6:f8:fe:
                    24:ff:dd:64:18:0c:9f:91:b3:c1:b2:9b:c7:5a:5f:
                    c7:0e:1f:2e:fc:e5:7a:7e:42:4c:c5:bb:7b:92:a3:
                    9a:aa:a6:93:58:29:5f:e2:36:8a:3f:5f:62:7c:4a:
                    74:67:14:99:73:85:bc:1e:95:a4:00:a2:89:43:f0:
                    b8:bb:31:33:11:e8:5d:54:64:06:59:aa:d7:0b:cb:
                    de:fc:e0:3f:5e:84:4e:1c:99:c5:90:38:66:86:b4:
                    33:aa:15:fd:a3:15:5f:af:cd:18:c0:7f:04:ba:22:
                    8b:99:e1:b5:4f:a3:b1:87:36:6c:21:9d:f0:6a:62:
                    a2:f4:e5:bb:d6:ef:83:80:11:84:7e:52:8e:72:13:
                    69:d1:73:8a:ba:11:98:3b:22:d3:65:1c:5e:f5:af:
                    c2:75:cb:b9:b3:dc:90:35:32:d6:d6:91:a8:27:b1:
                    f9:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:1F:01:06:11:C0:19:36:08:28:B6:F5:C2:37:1D:78:A7:7E:E4:05
            X509v3 Authority Key Identifier:
                keyid:54:3C:54:06:73:85:A7:65:B1:D5:61:7C:43:33:19:56:FB:20:8E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VDxUBnOFp2Wx1WF8QzMZVvsgjok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/63fbf8-5cff-4991-8f27-a41a4834ecaa/1/rx8BBhHAGTYIKLb1wjcdeKd-5AU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/63fbf8-5cff-4991-8f27-a41a4834ecaa/1/VDxUBnOFp2Wx1WF8QzMZVvsgjok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.57.0/24
                  185.202.124.0/22
                IPv6:
                  2001:67c:104::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:4d:e1:fe:ee:91:86:39:f6:09:71:3d:cf:f2:04:cc:5e:2f:
         d2:98:dd:2e:de:ac:10:24:98:dd:77:79:a7:92:6d:84:9c:97:
         e4:a8:cd:71:75:0d:13:1c:c6:df:2f:c5:d9:82:a6:74:97:e6:
         72:07:fe:43:e3:a8:e5:74:01:cf:ec:ff:99:78:b5:f4:ff:1c:
         87:40:6c:f1:cd:eb:c5:67:2a:31:a5:5a:d9:07:57:e7:a5:da:
         c0:7d:1a:ee:c7:92:2f:a3:31:56:80:e5:0c:48:10:02:35:70:
         e4:b5:41:19:61:93:a5:a4:1a:25:87:07:85:27:fa:46:1b:cf:
         6d:85:36:5b:97:85:d5:ee:9f:bb:3d:9e:fd:49:b3:7d:46:ac:
         2a:b4:8a:59:bb:c9:24:5f:ea:77:33:95:56:1e:5d:78:27:09:
         38:3c:f3:d5:55:5e:7a:3c:b5:33:6f:95:c2:b6:b8:15:ae:50:
         df:e6:92:4d:1e:e8:14:55:3c:52:5f:ea:3c:8e:9a:4d:d8:a5:
         28:cb:10:5f:b0:94:41:9d:1b:7e:74:68:76:e6:0e:12:a1:8d:
         30:ac:db:1a:41:31:07:aa:59:fd:ea:0a:31:35:45:70:78:06:
         24:bf:75:19:e7:ca:22:3b:a1:9b:9a:da:8b:ce:0d:da:91:a0:
         5d:d7:54:b5
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJu+x1Ma4RRKg1ZlSbYR9HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2M1NDA2NzM4NWE3NjViMWQ1NjE3YzQzMzMxOTU2ZmIy
MDhlODkwHhcNMjQwMTAyMTAzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjFmMDEwNjExYzAxOTM2MDgyOGI2ZjVjMjM3MWQ3OGE3N2VlNDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiT+py63fuU1VYpEq3jCC/d63Y/3
y7zYHv+oTGu0Z/wpOstsm3fS8TiWcmGp+Yq4x/Jx9pR9St1+AAEC2nzN9iUuy7lc
rnC2nWSCjZtU1jqM/L84QB7W+P4k/91kGAyfkbPBspvHWl/HDh8u/OV6fkJMxbt7
kqOaqqaTWClf4jaKP19ifEp0ZxSZc4W8HpWkAKKJQ/C4uzEzEehdVGQGWarXC8ve
/OA/XoROHJnFkDhmhrQzqhX9oxVfr80YwH8EuiKLmeG1T6OxhzZsIZ3wamKi9OW7
1u+DgBGEflKOchNp0XOKuhGYOyLTZRxe9a/Cdcu5s9yQNTLW1pGoJ7H5nQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFK8fAQYRwBk2CCi29cI3HXinfuQFMB8GA1UdIwQY
MBaAFFQ8VAZzhadlsdVhfEMzGVb7II6JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkR4VUJuT0ZwMld4MVdGOFF6TVpWdnNnam9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82M2ZiZjgtNWNmZi00OTkxLThmMjct
YTQxYTQ4MzRlY2FhLzEvcng4QkJoSEFHVFlJS0xiMXdqY2RlS2QtNUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82M2ZiZjgtNWNmZi00OTkxLThmMjctYTQxYTQ4MzRlY2Fh
LzEvVkR4VUJuT0ZwMld4MVdGOFF6TVpWdnNnam9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW+w5AwQC
ucp8MA8EAgACMAkDBwAgAQZ8AQQwDQYJKoZIhvcNAQELBQADggEBAJpN4f7ukYY5
9glxPc/yBMxeL9KY3S7erBAkmN13eaeSbYScl+SozXF1DRMcxt8vxdmCpnSX5nIH
/kPjqOV0Ac/s/5l4tfT/HIdAbPHN68VnKjGlWtkHV+el2sB9Gu7Hki+jMVaA5QxI
EAI1cOS1QRlhk6WkGiWHB4Un+kYbz22FNluXhdXun7s9nv1Js31GrCq0ilm7ySRf
6nczlVYeXXgnCTg889VVXno8tTNvlcK2uBWuUN/mkk0e6BRVPFJf6jyOmk3YpSjL
EF+wlEGdG350aHbmDhKhjTCs2xpBMQeqWf3qCjE1RXB4BiS/dRnnyiI7oZua2ovO
DdqRoF3XVLU=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:53:24 2024 by rpki-client on console-ams.rpki-client.org