Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/e22192-be00-48c0-a711-7f96c9f05f54/1/yH9vyg4xtGqTxp9p-vGiYSiSBEY.roa
File:                     yH9vyg4xtGqTxp9p-vGiYSiSBEY.roa (raw, json)
Hash identifier:          /ckunZohpD2LwFf44t8473mmV9TLI/iiOdzuYcE3gY4=
Subject key identifier:   C8:7F:6F:CA:0E:31:B4:6A:93:C6:9F:69:FA:F1:A2:61:28:92:04:46
Certificate issuer:       /CN=0bcbf748e9f4998685d0c965d2dfdf0f362a5052
Certificate serial:       018CC8013EEFE8A5D914C91F64673B6F2A54
Authority key identifier: 0B:CB:F7:48:E9:F4:99:86:85:D0:C9:65:D2:DF:DF:0F:36:2A:50:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C8v3SOn0mYaF0Mll0t_fDzYqUFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/e22192-be00-48c0-a711-7f96c9f05f54/1/yH9vyg4xtGqTxp9p-vGiYSiSBEY.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48781
IP address blocks:        185.33.246.0/24 maxlen: 24
                          185.33.244.0/24 maxlen: 24
                          91.107.0.0/18 maxlen: 19
                          95.128.240.0/21 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/e22192-be00-48c0-a711-7f96c9f05f54/1/C8v3SOn0mYaF0Mll0t_fDzYqUFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/e22192-be00-48c0-a711-7f96c9f05f54/1/C8v3SOn0mYaF0Mll0t_fDzYqUFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C8v3SOn0mYaF0Mll0t_fDzYqUFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3e:ef:e8:a5:d9:14:c9:1f:64:67:3b:6f:2a:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bcbf748e9f4998685d0c965d2dfdf0f362a5052
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c87f6fca0e31b46a93c69f69faf1a26128920446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:81:e4:81:48:b5:0f:96:d7:08:83:62:4e:94:
                    59:40:af:3a:b9:bd:c8:ee:19:a4:36:12:5e:4d:6d:
                    c8:d8:bc:c9:b7:a9:fe:75:69:ca:81:c3:e8:2d:36:
                    3b:95:22:25:d9:82:d8:a8:14:14:81:70:28:1d:5a:
                    51:6d:46:49:23:c5:fd:10:a2:86:f7:e1:c7:5f:0c:
                    44:a3:ab:bd:96:22:6b:e1:21:04:24:0c:ec:43:58:
                    77:28:0e:52:b6:7e:6a:b6:3e:38:af:80:20:c3:5e:
                    7e:6b:6b:b0:7a:93:68:91:a5:09:72:37:2f:d7:aa:
                    58:0c:62:7e:3a:cd:9a:54:e2:4a:9c:5b:92:e4:56:
                    a9:c8:46:39:c8:2c:71:b8:47:95:ec:1d:c2:d0:ac:
                    7b:8e:b7:f9:44:62:8a:1e:d4:59:dd:56:91:1f:6d:
                    c9:6e:cc:b6:e0:28:ce:87:9c:3f:87:da:60:3a:7c:
                    93:71:ed:5f:da:3a:dc:d6:81:3d:c2:1e:a0:58:df:
                    b4:01:e2:59:e6:a4:ee:3a:95:d2:9d:cd:71:ed:28:
                    9e:60:50:74:01:9e:22:d1:fe:c2:88:8d:02:86:80:
                    92:b8:88:2e:7a:f5:ae:0f:ff:51:e9:c4:ea:88:96:
                    40:ed:16:a7:c2:4d:c1:52:be:49:a2:b1:47:72:9b:
                    86:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:7F:6F:CA:0E:31:B4:6A:93:C6:9F:69:FA:F1:A2:61:28:92:04:46
            X509v3 Authority Key Identifier:
                keyid:0B:CB:F7:48:E9:F4:99:86:85:D0:C9:65:D2:DF:DF:0F:36:2A:50:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C8v3SOn0mYaF0Mll0t_fDzYqUFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/e22192-be00-48c0-a711-7f96c9f05f54/1/yH9vyg4xtGqTxp9p-vGiYSiSBEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/e22192-be00-48c0-a711-7f96c9f05f54/1/C8v3SOn0mYaF0Mll0t_fDzYqUFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.107.0.0/18
                  95.128.240.0/21
                  185.33.244.0/24
                  185.33.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:4c:e5:4c:41:11:0d:c7:80:a8:24:39:9d:f0:ee:b4:3d:7a:
         60:21:88:3d:4c:ce:92:b1:d4:29:6a:16:e7:99:ab:c4:74:f0:
         bd:5f:e3:1c:7c:62:f5:a2:ca:fc:fa:0e:37:7f:b0:f8:18:48:
         a9:39:57:9e:b7:9d:51:0a:ef:99:74:a8:81:bc:d9:ab:6f:3d:
         c0:30:29:ef:d2:78:46:5d:6f:52:c5:8d:a8:5e:da:46:a5:5e:
         52:b2:d8:9c:24:2b:4a:f1:82:97:05:aa:6b:d6:f7:0c:4f:17:
         8a:75:36:4f:c9:e7:a5:d8:8d:39:9c:c5:22:3a:78:42:e1:ee:
         33:20:3a:48:7e:52:de:9d:00:da:dc:70:8d:bb:c3:83:a0:e4:
         d7:a6:2d:e7:a5:f4:0a:6a:18:dc:82:36:c8:1a:49:c0:91:b9:
         67:31:54:e5:7b:89:3f:c2:25:f1:2b:e2:40:b3:14:c8:26:5f:
         23:83:98:ca:72:8e:0e:eb:f5:3d:df:ad:f0:3a:f6:6e:bd:9f:
         f3:22:19:45:d5:67:87:c6:dc:b7:58:24:be:b1:71:18:1e:7f:
         89:5c:f0:d5:c3:8b:9d:9f:a1:bc:3f:ae:53:21:4e:65:1b:df:
         44:f1:8b:c9:5d:74:86:0f:c1:1c:38:d7:d0:86:af:13:ba:56:
         b5:91:c7:02
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzIAT7v6KXZFMkfZGc7bypUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiY2JmNzQ4ZTlmNDk5ODY4NWQwYzk2NWQyZGZkZjBmMzYy
YTUwNTIwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODdmNmZjYTBlMzFiNDZhOTNjNjlmNjlmYWYxYTI2MTI4OTIwNDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYHkgUi1D5bXCINiTpRZQK86ub3I
7hmkNhJeTW3I2LzJt6n+dWnKgcPoLTY7lSIl2YLYqBQUgXAoHVpRbUZJI8X9EKKG
9+HHXwxEo6u9liJr4SEEJAzsQ1h3KA5Stn5qtj44r4Agw15+a2uwepNokaUJcjcv
16pYDGJ+Os2aVOJKnFuS5FapyEY5yCxxuEeV7B3C0Kx7jrf5RGKKHtRZ3VaRH23J
bsy24CjOh5w/h9pgOnyTce1f2jrc1oE9wh6gWN+0AeJZ5qTuOpXSnc1x7SieYFB0
AZ4i0f7CiI0ChoCSuIguevWuD/9R6cTqiJZA7Ranwk3BUr5JorFHcpuGVQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMh/b8oOMbRqk8afafrxomEokgRGMB8GA1UdIwQY
MBaAFAvL90jp9JmGhdDJZdLf3w82KlBSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzh2M1NPbjBtWWFGME1sbDB0X2ZEellxVUZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9lMjIxOTItYmUwMC00OGMwLWE3MTEt
N2Y5NmM5ZjA1ZjU0LzEveUg5dnlnNHh0R3FUeHA5cC12R2lZU2lTQkVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9lMjIxOTItYmUwMC00OGMwLWE3MTEtN2Y5NmM5ZjA1ZjU0
LzEvQzh2M1NPbjBtWWFGME1sbDB0X2ZEellxVUZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQGW2sAAwQD
X4DwAwQAuSH0AwQAuSH2MA0GCSqGSIb3DQEBCwUAA4IBAQCHTOVMQRENx4CoJDmd
8O60PXpgIYg9TM6SsdQpahbnmavEdPC9X+McfGL1osr8+g43f7D4GEipOVeet51R
Cu+ZdKiBvNmrbz3AMCnv0nhGXW9SxY2oXtpGpV5SsticJCtK8YKXBapr1vcMTxeK
dTZPyeel2I05nMUiOnhC4e4zIDpIflLenQDa3HCNu8ODoOTXpi3npfQKahjcgjbI
GknAkblnMVTle4k/wiXxK+JAsxTIJl8jg5jKco4O6/U9363wOvZuvZ/zIhlF1WeH
xty3WCS+sXEYHn+JXPDVw4udn6G8P65TIU5lG99E8YvJXXSGD8EcONfQhq8Tula1
kccC
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:23:40 2024 by rpki-client on console-ams.rpki-client.org