Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/kPq5mHyAwtRZgkVRIU2ztGZn3DU.roa
File:                     kPq5mHyAwtRZgkVRIU2ztGZn3DU.roa (raw, json)
Hash identifier:          3Uj8/Yiw4HIPOzjr6m5kOfTZ0UdyB58yW1QjoqA3oRY=
Subject key identifier:   90:FA:B9:98:7C:80:C2:D4:59:82:45:51:21:4D:B3:B4:66:67:DC:35
Certificate issuer:       /CN=36fe3a91263e2e8319c2a678e629851d09e77f0d
Certificate serial:       018CC424E8EBE5698A667B67569EFA541A40
Authority key identifier: 36:FE:3A:91:26:3E:2E:83:19:C2:A6:78:E6:29:85:1D:09:E7:7F:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nv46kSY-LoMZwqZ45imFHQnnfw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/kPq5mHyAwtRZgkVRIU2ztGZn3DU.roa
Signing time:             Mon 01 Jan 2024 08:30:02 +0000
ROA not before:           Mon 01 Jan 2024 08:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199319
IP address blocks:        185.228.140.0/22 maxlen: 22
                          185.38.224.0/22 maxlen: 22
                          2a00:fb20:8000::/33 maxlen: 33
                          2a00:fb20::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/Nv46kSY-LoMZwqZ45imFHQnnfw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/Nv46kSY-LoMZwqZ45imFHQnnfw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nv46kSY-LoMZwqZ45imFHQnnfw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e8:eb:e5:69:8a:66:7b:67:56:9e:fa:54:1a:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36fe3a91263e2e8319c2a678e629851d09e77f0d
        Validity
            Not Before: Jan  1 08:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90fab9987c80c2d459824551214db3b46667dc35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:12:de:91:9d:a2:73:9e:2f:6a:f3:b0:f1:89:
                    8c:79:33:b1:82:8f:f4:48:dd:69:79:32:10:61:99:
                    da:19:7e:21:9a:83:cf:a6:65:35:4f:e1:1a:91:cf:
                    ee:41:ba:42:32:02:cd:aa:35:ca:64:f1:94:90:62:
                    48:c4:24:9f:8a:d7:34:71:65:8b:84:a4:59:cc:6d:
                    74:86:b5:a9:21:8a:ca:f2:f8:ac:36:63:a5:d6:72:
                    ea:3b:20:a7:a3:80:93:b6:21:c1:6f:9d:b8:13:ee:
                    5c:73:45:5e:b3:0e:1b:23:b5:b0:a4:66:78:58:2b:
                    a3:a9:14:8f:88:fd:9c:e9:f1:b7:76:aa:5d:b6:a2:
                    cf:22:67:13:84:4f:52:18:0f:43:f2:9d:a9:46:50:
                    02:8a:89:ff:ec:fe:03:cd:7d:bb:9d:47:08:8e:57:
                    20:47:95:bc:a8:ab:59:d9:dc:f4:f1:e9:a2:e4:e4:
                    38:22:7e:81:60:89:e6:e8:40:da:0a:29:51:c5:c3:
                    78:03:56:21:68:dc:18:11:af:09:3a:80:60:b8:07:
                    de:bf:89:ab:74:c4:bf:35:b3:19:41:84:7f:c8:da:
                    32:30:aa:0d:24:04:ee:92:15:fe:94:68:07:7e:54:
                    7f:bc:b3:38:3b:42:67:d5:82:0b:b1:16:f6:71:a3:
                    66:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:FA:B9:98:7C:80:C2:D4:59:82:45:51:21:4D:B3:B4:66:67:DC:35
            X509v3 Authority Key Identifier:
                keyid:36:FE:3A:91:26:3E:2E:83:19:C2:A6:78:E6:29:85:1D:09:E7:7F:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nv46kSY-LoMZwqZ45imFHQnnfw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/kPq5mHyAwtRZgkVRIU2ztGZn3DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e96ef4-4f45-47c0-bebf-fa3e0901f240/1/Nv46kSY-LoMZwqZ45imFHQnnfw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.224.0/22
                  185.228.140.0/22
                IPv6:
                  2a00:fb20::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:57:16:cd:4a:a7:cd:14:ef:b3:a6:31:f5:fb:90:ad:6c:2c:
         84:ca:fa:8b:9e:a6:a4:4c:91:e1:de:43:9b:ca:66:65:4a:02:
         ca:1e:fa:43:63:44:7f:7e:33:04:b4:1b:56:7d:58:9c:2a:32:
         af:dd:90:5f:be:77:9e:85:1c:14:c1:43:be:8d:41:c0:7b:4f:
         97:07:81:95:dd:24:87:a5:58:9a:d8:82:bd:e9:05:6b:ac:74:
         0d:db:5d:7a:44:94:5f:5f:53:b8:65:b3:db:64:b0:6e:2c:4b:
         6d:51:3a:9b:54:ef:ce:4e:24:cf:cc:ac:41:90:93:01:86:cd:
         d3:e3:aa:a1:14:22:f7:90:1c:3f:5f:4f:89:50:b5:7b:91:39:
         e8:5c:ad:84:5c:c0:96:04:cb:fd:72:b7:ae:cc:b4:27:33:44:
         e8:8f:fa:c7:22:8f:12:d3:65:6a:3a:b8:0f:f4:2c:c3:db:3c:
         97:58:70:e8:11:1f:40:60:dd:b3:61:16:6b:3c:b6:8a:b2:18:
         9e:f7:ba:20:ca:13:f8:b9:de:82:d7:5b:3f:ac:49:e3:0d:0c:
         59:32:f7:45:67:b5:d0:9e:bf:a5:91:e3:0e:ad:48:bb:d0:96:
         13:55:8e:5f:64:88:ec:42:c7:10:55:00:f4:02:11:6a:33:10:
         ef:9a:1e:71
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJOjr5WmKZntnVp76VBpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZmUzYTkxMjYzZTJlODMxOWMyYTY3OGU2Mjk4NTFkMDll
NzdmMGQwHhcNMjQwMTAxMDgzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGZhYjk5ODdjODBjMmQ0NTk4MjQ1NTEyMTRkYjNiNDY2NjdkYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRLekZ2ic54vavOw8YmMeTOxgo/0
SN1peTIQYZnaGX4hmoPPpmU1T+Eakc/uQbpCMgLNqjXKZPGUkGJIxCSfitc0cWWL
hKRZzG10hrWpIYrK8visNmOl1nLqOyCno4CTtiHBb524E+5cc0Vesw4bI7WwpGZ4
WCujqRSPiP2c6fG3dqpdtqLPImcThE9SGA9D8p2pRlACion/7P4DzX27nUcIjlcg
R5W8qKtZ2dz08emi5OQ4In6BYInm6EDaCilRxcN4A1YhaNwYEa8JOoBguAfev4mr
dMS/NbMZQYR/yNoyMKoNJATukhX+lGgHflR/vLM4O0Jn1YILsRb2caNmpQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJD6uZh8gMLUWYJFUSFNs7RmZ9w1MB8GA1UdIwQY
MBaAFDb+OpEmPi6DGcKmeOYphR0J538NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnY0NmtTWS1Mb01ad3FaNDVpbUZIUW5uZncwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lOTZlZjQtNGY0NS00N2MwLWJlYmYt
ZmEzZTA5MDFmMjQwLzEva1BxNW1IeUF3dFJaZ2tWUklVMnp0R1puM0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lOTZlZjQtNGY0NS00N2MwLWJlYmYtZmEzZTA5MDFmMjQw
LzEvTnY0NmtTWS1Mb01ad3FaNDVpbUZIUW5uZncwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuSbgAwQC
ueSMMA0EAgACMAcDBQAqAPsgMA0GCSqGSIb3DQEBCwUAA4IBAQAaVxbNSqfNFO+z
pjH1+5CtbCyEyvqLnqakTJHh3kObymZlSgLKHvpDY0R/fjMEtBtWfVicKjKv3ZBf
vneehRwUwUO+jUHAe0+XB4GV3SSHpVia2IK96QVrrHQN2116RJRfX1O4ZbPbZLBu
LEttUTqbVO/OTiTPzKxBkJMBhs3T46qhFCL3kBw/X0+JULV7kTnoXK2EXMCWBMv9
creuzLQnM0Toj/rHIo8S02VqOrgP9CzD2zyXWHDoER9AYN2zYRZrPLaKshie97og
yhP4ud6C11s/rEnjDQxZMvdFZ7XQnr+lkeMOrUi70JYTVY5fZIjsQscQVQD0AhFq
MxDvmh5x
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:13:16 2024 by rpki-client on console-fra.rpki-client.org