Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/d40773-cf2d-4198-8b3f-727ab6d07ff2/1/gwnhfksbEDFvoQHHgbm1Kbss0Ss.roa
File:                     gwnhfksbEDFvoQHHgbm1Kbss0Ss.roa (raw, json)
Hash identifier:          R8LINBS/WUtxAb73fc11HttPimd6MYyxIcBLTIXvr3c=
Subject key identifier:   83:09:E1:7E:4B:1B:10:31:6F:A1:01:C7:81:B9:B5:29:BB:2C:D1:2B
Certificate issuer:       /CN=cc01833c7ee5f343ff093b6c4e6151d0e3645768
Certificate serial:       018CC56EE5BBC5DBCF811B62A9DC25C02C7E
Authority key identifier: CC:01:83:3C:7E:E5:F3:43:FF:09:3B:6C:4E:61:51:D0:E3:64:57:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zAGDPH7l80P_CTtsTmFR0ONkV2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/d40773-cf2d-4198-8b3f-727ab6d07ff2/1/gwnhfksbEDFvoQHHgbm1Kbss0Ss.roa
Signing time:             Mon 01 Jan 2024 14:30:28 +0000
ROA not before:           Mon 01 Jan 2024 14:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213002
IP address blocks:        185.210.95.0/24 maxlen: 24
                          185.210.92.0/24 maxlen: 24
                          185.210.93.0/24 maxlen: 24
                          185.210.94.0/24 maxlen: 24
                          2a0b:5540::/33 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/d40773-cf2d-4198-8b3f-727ab6d07ff2/1/zAGDPH7l80P_CTtsTmFR0ONkV2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/d40773-cf2d-4198-8b3f-727ab6d07ff2/1/zAGDPH7l80P_CTtsTmFR0ONkV2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zAGDPH7l80P_CTtsTmFR0ONkV2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e5:bb:c5:db:cf:81:1b:62:a9:dc:25:c0:2c:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc01833c7ee5f343ff093b6c4e6151d0e3645768
        Validity
            Not Before: Jan  1 14:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8309e17e4b1b10316fa101c781b9b529bb2cd12b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5a:14:2e:90:30:67:eb:32:35:2e:52:2a:2e:
                    98:8b:f3:8d:88:67:fb:a9:4b:68:59:e8:42:32:85:
                    18:3d:7d:31:52:08:a1:0e:84:3d:b6:93:03:f6:c4:
                    4e:0f:a3:d0:cd:e3:e6:37:13:3f:b0:8f:6c:0d:21:
                    bf:7d:61:c4:5c:6d:34:89:1f:01:b1:5f:4f:04:05:
                    d8:b2:46:1c:ef:8e:05:6e:89:d3:48:ce:04:dd:aa:
                    26:e7:95:c7:35:37:53:53:2e:21:71:32:3f:1f:87:
                    48:21:ff:c7:f9:2a:48:83:01:e8:7c:98:0d:05:0c:
                    72:8c:72:31:5e:f7:74:71:5c:63:df:22:ba:e6:92:
                    37:c7:23:6c:8c:21:26:5d:e1:51:f2:21:ba:a6:1b:
                    51:46:5e:4a:cb:3b:4e:0c:da:45:6e:cc:cd:bb:28:
                    ef:f2:ef:7c:ee:1c:f3:86:b9:ef:27:19:5a:11:90:
                    64:af:49:69:8c:65:09:fa:a2:73:f9:30:54:a8:61:
                    2c:e7:ba:d0:6d:3e:09:6b:13:07:64:29:f6:ef:0b:
                    b2:b1:6f:8e:95:1a:e2:78:9e:33:4b:87:4d:9d:8a:
                    4b:36:5f:e2:bb:5f:2b:6a:1d:0a:ec:04:97:cd:ba:
                    af:d2:89:31:39:27:17:e6:ab:3d:bc:c1:a8:04:9f:
                    e1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:09:E1:7E:4B:1B:10:31:6F:A1:01:C7:81:B9:B5:29:BB:2C:D1:2B
            X509v3 Authority Key Identifier:
                keyid:CC:01:83:3C:7E:E5:F3:43:FF:09:3B:6C:4E:61:51:D0:E3:64:57:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zAGDPH7l80P_CTtsTmFR0ONkV2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/d40773-cf2d-4198-8b3f-727ab6d07ff2/1/gwnhfksbEDFvoQHHgbm1Kbss0Ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/d40773-cf2d-4198-8b3f-727ab6d07ff2/1/zAGDPH7l80P_CTtsTmFR0ONkV2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.92.0/22
                IPv6:
                  2a0b:5540::/33

    Signature Algorithm: sha256WithRSAEncryption
         26:39:90:88:e8:b0:e0:08:9a:3b:ae:51:57:ec:92:94:6f:09:
         e8:95:b5:29:18:7b:fb:c3:5d:fe:75:47:c1:13:68:45:71:f9:
         cf:d3:8f:57:05:2c:b7:34:2b:28:42:d4:5e:96:94:ee:ce:30:
         ff:fd:93:03:bb:5e:28:49:3d:71:61:fb:f6:6d:6b:85:cf:ba:
         99:06:03:58:65:76:69:e9:6b:09:ae:12:a3:9f:20:e5:d8:94:
         8d:89:23:99:e1:19:3b:8a:c5:ad:74:a1:a0:3f:6f:f1:66:24:
         e8:a6:c4:55:63:76:e7:3c:31:7b:f9:41:fe:9c:96:43:fa:38:
         bd:da:38:a6:1a:b8:a7:61:94:82:85:8d:a6:d1:c0:1c:3c:29:
         db:42:25:88:b0:44:e3:ab:41:fc:fb:21:bd:de:bc:d4:b8:e3:
         12:c0:e3:13:84:a1:40:70:a1:16:e9:05:f3:46:bf:62:cd:db:
         63:f5:01:7c:e4:04:a4:81:db:0b:bb:d7:9b:0e:07:e2:44:1f:
         f1:03:7c:50:37:be:ca:95:a4:e7:0b:2f:e7:aa:99:3f:eb:d7:
         6f:13:16:78:c0:1a:21:a3:8a:17:5d:bd:a4:eb:47:22:af:30:
         ca:55:cb:7c:b4:eb:45:f4:5c:9b:b6:df:03:0c:0b:f6:7e:f8:
         ca:7e:91:f5
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzFbuW7xdvPgRtiqdwlwCx+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMDE4MzNjN2VlNWYzNDNmZjA5M2I2YzRlNjE1MWQwZTM2
NDU3NjgwHhcNMjQwMTAxMTQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzA5ZTE3ZTRiMWIxMDMxNmZhMTAxYzc4MWI5YjUyOWJiMmNkMTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01oULpAwZ+syNS5SKi6Yi/ONiGf7
qUtoWehCMoUYPX0xUgihDoQ9tpMD9sROD6PQzePmNxM/sI9sDSG/fWHEXG00iR8B
sV9PBAXYskYc744FbonTSM4E3aom55XHNTdTUy4hcTI/H4dIIf/H+SpIgwHofJgN
BQxyjHIxXvd0cVxj3yK65pI3xyNsjCEmXeFR8iG6phtRRl5KyztODNpFbszNuyjv
8u987hzzhrnvJxlaEZBkr0lpjGUJ+qJz+TBUqGEs57rQbT4JaxMHZCn27wuysW+O
lRrieJ4zS4dNnYpLNl/iu18rah0K7ASXzbqv0okxOScX5qs9vMGoBJ/hLQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFIMJ4X5LGxAxb6EBx4G5tSm7LNErMB8GA1UdIwQY
MBaAFMwBgzx+5fND/wk7bE5hUdDjZFdoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekFHRFBIN2w4MFBfQ1R0c1RtRlIwT05rVjJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9kNDA3NzMtY2YyZC00MTk4LThiM2Yt
NzI3YWI2ZDA3ZmYyLzEvZ3duaGZrc2JFREZ2b1FISGdibTFLYnNzMFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9kNDA3NzMtY2YyZC00MTk4LThiM2YtNzI3YWI2ZDA3ZmYy
LzEvekFHRFBIN2w4MFBfQ1R0c1RtRlIwT05rVjJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCudJcMA4E
AgACMAgDBgcqC1VAADANBgkqhkiG9w0BAQsFAAOCAQEAJjmQiOiw4AiaO65RV+yS
lG8J6JW1KRh7+8Nd/nVHwRNoRXH5z9OPVwUstzQrKELUXpaU7s4w//2TA7teKEk9
cWH79m1rhc+6mQYDWGV2aelrCa4So58g5diUjYkjmeEZO4rFrXShoD9v8WYk6KbE
VWN25zwxe/lB/pyWQ/o4vdo4phq4p2GUgoWNptHAHDwp20IliLBE46tB/Pshvd68
1LjjEsDjE4ShQHChFukF80a/Ys3bY/UBfOQEpIHbC7vXmw4H4kQf8QN8UDe+ypWk
5wsv56qZP+vXbxMWeMAaIaOKF129pOtHIq8wylXLfLTrRfRcm7bfAwwL9n74yn6R
9Q==
-----END CERTIFICATE-----
Generated at Sat Nov 23 17:12:43 2024 by rpki-client on console-ams.rpki-client.org