Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/9fb171-11f4-4c5f-83e7-2ed1fde68516/1/UOMV9Ybrd_tAcVHqTWmjGDNoYBU.roa
File:                     UOMV9Ybrd_tAcVHqTWmjGDNoYBU.roa (raw, json)
Hash identifier:          ZY5xYbSSfdTH+OCsgxV1iiBrF2a/yBFsq8Gz+KaQsZA=
Subject key identifier:   50:E3:15:F5:86:EB:77:FB:40:71:51:EA:4D:69:A3:18:33:68:60:15
Certificate issuer:       /CN=12449447ebdaf2d44a498b3dae525a2f5227f18a
Certificate serial:       018CC7276E3E3DF9FCBB75F762B3C498C3DD
Authority key identifier: 12:44:94:47:EB:DA:F2:D4:4A:49:8B:3D:AE:52:5A:2F:52:27:F1:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EkSUR-va8tRKSYs9rlJaL1In8Yo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/9fb171-11f4-4c5f-83e7-2ed1fde68516/1/UOMV9Ybrd_tAcVHqTWmjGDNoYBU.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209138
IP address blocks:        185.167.104.0/22 maxlen: 22
                          185.167.104.0/24 maxlen: 24
                          185.167.105.0/24 maxlen: 24
                          185.167.106.0/24 maxlen: 24
                          185.167.107.0/24 maxlen: 24
                          2a0f:62c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/9fb171-11f4-4c5f-83e7-2ed1fde68516/1/EkSUR-va8tRKSYs9rlJaL1In8Yo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/9fb171-11f4-4c5f-83e7-2ed1fde68516/1/EkSUR-va8tRKSYs9rlJaL1In8Yo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EkSUR-va8tRKSYs9rlJaL1In8Yo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 16:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6e:3e:3d:f9:fc:bb:75:f7:62:b3:c4:98:c3:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12449447ebdaf2d44a498b3dae525a2f5227f18a
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50e315f586eb77fb407151ea4d69a31833686015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:45:ba:99:ae:36:c7:c4:1d:ba:99:c2:2d:65:
                    84:83:31:e2:41:fd:b8:0b:f3:94:f5:2e:cb:87:d0:
                    a8:c9:c4:5e:9d:21:0c:09:16:e0:49:f1:81:c4:7d:
                    a2:5b:5f:74:6c:0b:a2:61:d0:3e:06:06:5a:0a:38:
                    56:7b:88:8b:de:f1:f4:23:02:f0:8a:6c:cb:fa:05:
                    ad:21:a8:7b:3c:70:73:9c:c5:b3:fd:7d:f1:a1:9e:
                    d8:19:ac:ab:7b:97:f9:41:f6:50:6f:0c:35:cb:00:
                    4f:ad:ef:69:ff:4d:2e:ae:76:47:5c:42:4b:41:56:
                    dd:86:e0:d5:68:37:8e:12:03:05:e8:33:0d:c9:51:
                    f9:ca:87:1e:87:6c:2a:b3:4f:cb:f4:e8:c2:8f:ea:
                    4a:58:07:93:8f:23:52:d6:9d:50:fb:24:f7:4d:fb:
                    c9:b1:ca:8f:58:c5:4c:9e:d1:0c:f7:20:96:74:8a:
                    f7:55:c4:94:52:b1:49:af:12:bd:ea:25:dc:2a:c2:
                    8f:13:bd:fa:55:c6:a9:cc:94:83:a9:18:b2:1d:b6:
                    59:58:66:f7:1d:87:27:3b:ae:57:2e:44:27:af:88:
                    f7:5b:97:7e:1c:fd:46:ca:8d:06:0d:19:bc:94:c2:
                    ba:73:15:50:c4:e5:59:66:05:92:f1:a4:3b:cf:91:
                    ec:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E3:15:F5:86:EB:77:FB:40:71:51:EA:4D:69:A3:18:33:68:60:15
            X509v3 Authority Key Identifier:
                keyid:12:44:94:47:EB:DA:F2:D4:4A:49:8B:3D:AE:52:5A:2F:52:27:F1:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EkSUR-va8tRKSYs9rlJaL1In8Yo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/9fb171-11f4-4c5f-83e7-2ed1fde68516/1/UOMV9Ybrd_tAcVHqTWmjGDNoYBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/9fb171-11f4-4c5f-83e7-2ed1fde68516/1/EkSUR-va8tRKSYs9rlJaL1In8Yo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.104.0/22
                IPv6:
                  2a0f:62c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:5e:25:6b:86:9b:f4:c9:ea:ca:60:c9:c1:66:64:be:db:a0:
         0a:39:86:75:1e:bf:da:fe:90:3e:45:22:ab:78:e8:b6:27:df:
         19:ac:af:f6:96:2b:a1:a0:11:6f:fc:63:69:da:74:eb:6b:fb:
         19:ef:e1:46:3b:3d:2f:a6:59:b9:0e:59:69:6b:15:58:0d:99:
         88:78:04:f3:d8:50:2f:0c:10:49:c1:86:2e:47:73:9d:28:6c:
         1f:80:f7:61:cd:9c:09:40:60:f4:19:ae:60:dc:9c:04:87:c0:
         c1:e8:47:97:69:7f:b3:22:9d:f7:c0:c4:bf:65:a0:51:99:53:
         e7:f8:84:8a:9f:b3:82:2e:04:44:c6:84:aa:66:c2:3e:51:c1:
         01:8f:34:e3:d1:57:d6:ac:f8:f3:21:59:4a:ee:4a:a2:a1:c1:
         56:eb:5f:9a:fa:43:2b:a9:46:c2:bd:4c:60:54:0d:27:6a:f7:
         0b:a0:87:e6:e4:a4:dc:f2:9c:4e:4d:93:6a:6c:bb:88:46:5b:
         48:57:ae:07:39:4b:0b:6f:e1:76:bd:96:3b:6b:de:66:ab:32:
         0b:4e:4c:b8:0a:dd:3e:64:0b:51:23:61:55:e3:65:e6:aa:22:
         4f:3b:ef:c5:1d:6a:1b:65:6d:8a:f2:ba:c5:1a:59:5a:4d:7b:
         75:61:ab:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJ24+Pfn8u3X3YrPEmMPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNDQ5NDQ3ZWJkYWYyZDQ0YTQ5OGIzZGFlNTI1YTJmNTIy
N2YxOGEwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGUzMTVmNTg2ZWI3N2ZiNDA3MTUxZWE0ZDY5YTMxODMzNjg2MDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UW6ma42x8QdupnCLWWEgzHiQf24
C/OU9S7Lh9CoycRenSEMCRbgSfGBxH2iW190bAuiYdA+BgZaCjhWe4iL3vH0IwLw
imzL+gWtIah7PHBznMWz/X3xoZ7YGayre5f5QfZQbww1ywBPre9p/00urnZHXEJL
QVbdhuDVaDeOEgMF6DMNyVH5yoceh2wqs0/L9OjCj+pKWAeTjyNS1p1Q+yT3TfvJ
scqPWMVMntEM9yCWdIr3VcSUUrFJrxK96iXcKsKPE736VcapzJSDqRiyHbZZWGb3
HYcnO65XLkQnr4j3W5d+HP1Gyo0GDRm8lMK6cxVQxOVZZgWS8aQ7z5HstQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFDjFfWG63f7QHFR6k1poxgzaGAVMB8GA1UdIwQY
MBaAFBJElEfr2vLUSkmLPa5SWi9SJ/GKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWtTVVItdmE4dFJLU1lzOXJsSmFMMUluOFlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy85ZmIxNzEtMTFmNC00YzVmLTgzZTct
MmVkMWZkZTY4NTE2LzEvVU9NVjlZYnJkX3RBY1ZIcVRXbWpHRE5vWUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy85ZmIxNzEtMTFmNC00YzVmLTgzZTctMmVkMWZkZTY4NTE2
LzEvRWtTVVItdmE4dFJLU1lzOXJsSmFMMUluOFlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuadoMA0E
AgACMAcDBQMqD2LAMA0GCSqGSIb3DQEBCwUAA4IBAQBfXiVrhpv0yerKYMnBZmS+
26AKOYZ1Hr/a/pA+RSKreOi2J98ZrK/2liuhoBFv/GNp2nTra/sZ7+FGOz0vplm5
DllpaxVYDZmIeATz2FAvDBBJwYYuR3OdKGwfgPdhzZwJQGD0Ga5g3JwEh8DB6EeX
aX+zIp33wMS/ZaBRmVPn+ISKn7OCLgRExoSqZsI+UcEBjzTj0VfWrPjzIVlK7kqi
ocFW61+a+kMrqUbCvUxgVA0navcLoIfm5KTc8pxOTZNqbLuIRltIV64HOUsLb+F2
vZY7a95mqzILTky4Ct0+ZAtRI2FV42XmqiJPO+/FHWobZW2K8rrFGllaTXt1YauT
-----END CERTIFICATE-----
Generated at Fri Dec 27 23:31:14 2024 by rpki-client on console-ams.rpki-client.org