Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/5Gsk8M6y6oeqBdfajNFr-_m_icg.roa
File:                     5Gsk8M6y6oeqBdfajNFr-_m_icg.roa (raw, json)
Hash identifier:          EDn3xPyZllZVC0VyExUs+YbyW+n8VNYyZH+6E5upsrs=
Subject key identifier:   E4:6B:24:F0:CE:B2:EA:87:AA:05:D7:DA:8C:D1:6B:FB:F9:BF:89:C8
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC7276BAEDF2616F0704DC9687A5A2795
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/5Gsk8M6y6oeqBdfajNFr-_m_icg.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201549
IP address blocks:        85.219.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6b:ae:df:26:16:f0:70:4d:c9:68:7a:5a:27:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e46b24f0ceb2ea87aa05d7da8cd16bfbf9bf89c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:25:9f:9b:4a:a0:f8:a4:32:57:eb:0e:ac:c7:
                    d8:8f:f9:1d:b6:6a:97:aa:3b:82:9b:30:93:18:96:
                    75:f1:3f:96:4d:28:b0:29:90:b4:aa:69:43:a5:b1:
                    01:25:42:4a:e6:cf:35:42:b0:08:d3:56:84:2b:0f:
                    4b:6f:8f:2b:86:0e:86:c2:49:7c:0a:7e:03:f1:80:
                    eb:0d:ff:f7:f2:c3:59:11:53:3d:e9:ae:d8:77:a6:
                    f3:6c:c2:b7:5f:cc:18:af:9a:8c:72:7b:0f:e6:e7:
                    dd:31:e9:a0:aa:e8:e2:e9:63:ad:f3:34:eb:e1:b3:
                    88:32:d6:f2:8b:b0:c9:26:83:e8:95:2d:3c:54:f4:
                    8b:b2:33:f1:77:8c:7b:80:0e:80:e2:15:4a:7e:a5:
                    76:80:c3:79:f1:e2:45:8c:b8:1f:ea:b5:9e:12:fc:
                    71:3e:68:f7:fe:df:55:0f:93:6c:8b:af:17:ff:8e:
                    cf:41:81:b7:6f:93:22:63:d3:fb:23:e6:18:7a:90:
                    1c:94:7d:ac:67:f9:fb:ea:e3:5a:25:be:6c:65:6f:
                    66:6b:dc:d3:f6:c1:da:ce:4a:4c:6c:6e:99:29:5e:
                    b1:ed:2e:6b:e7:15:47:8c:9e:6d:57:a7:44:fb:da:
                    77:58:2b:ef:9f:c4:0b:4f:c8:67:12:3f:3d:12:da:
                    ea:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:6B:24:F0:CE:B2:EA:87:AA:05:D7:DA:8C:D1:6B:FB:F9:BF:89:C8
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/5Gsk8M6y6oeqBdfajNFr-_m_icg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:cb:80:e8:49:af:ad:b7:56:cc:a8:b7:b3:dc:d9:d5:cd:d3:
         ea:67:3a:a9:d5:11:14:33:dc:7a:ff:8b:75:4f:b7:50:9d:2d:
         54:32:9f:de:22:a8:9d:2f:f5:d0:15:76:f0:99:59:8e:69:ab:
         87:5c:ed:a4:7a:84:e9:d1:dd:b1:0b:a5:df:37:33:ac:b3:35:
         0e:8f:8c:5c:3d:98:c4:c4:30:c5:7f:a6:df:70:c4:9a:f3:9f:
         e6:25:18:b7:cb:b2:11:94:3f:77:37:9f:81:63:2a:8f:60:9d:
         7c:62:ba:cf:85:32:c5:57:76:a5:5a:e3:08:50:53:28:f7:27:
         6d:93:6c:9d:60:dc:aa:c6:18:3c:47:74:a7:86:ca:65:bc:67:
         aa:90:be:af:be:02:92:36:29:11:c8:55:77:35:6f:ba:fc:03:
         cb:7e:43:70:22:16:61:26:a9:ec:aa:d3:42:8b:2a:b1:e8:26:
         c7:d5:31:fd:71:06:93:2b:b2:ad:28:6f:51:2c:44:58:88:ac:
         61:f8:fb:08:b9:96:c1:c1:53:d4:11:4a:e6:0f:67:9f:eb:6e:
         d6:12:4a:f2:17:c8:4d:fe:85:ab:34:88:55:37:19:c8:c9:e0:
         7d:74:3f:48:e8:bb:f3:7f:7f:2f:4e:6b:a5:80:de:06:f7:38:
         cc:a0:50:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2uu3yYW8HBNyWh6WieVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDZiMjRmMGNlYjJlYTg3YWEwNWQ3ZGE4Y2QxNmJmYmY5YmY4OWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApiWfm0qg+KQyV+sOrMfYj/kdtmqX
qjuCmzCTGJZ18T+WTSiwKZC0qmlDpbEBJUJK5s81QrAI01aEKw9Lb48rhg6Gwkl8
Cn4D8YDrDf/38sNZEVM96a7Yd6bzbMK3X8wYr5qMcnsP5ufdMemgquji6WOt8zTr
4bOIMtbyi7DJJoPolS08VPSLsjPxd4x7gA6A4hVKfqV2gMN58eJFjLgf6rWeEvxx
Pmj3/t9VD5Nsi68X/47PQYG3b5MiY9P7I+YYepAclH2sZ/n76uNaJb5sZW9ma9zT
9sHazkpMbG6ZKV6x7S5r5xVHjJ5tV6dE+9p3WCvvn8QLT8hnEj89EtrqCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORrJPDOsuqHqgXX2ozRa/v5v4nIMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvNUdzazhNNnk2b2VxQmRmYWpORnItX21faWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVduUMA0G
CSqGSIb3DQEBCwUAA4IBAQBEy4DoSa+tt1bMqLez3NnVzdPqZzqp1REUM9x6/4t1
T7dQnS1UMp/eIqidL/XQFXbwmVmOaauHXO2keoTp0d2xC6XfNzOsszUOj4xcPZjE
xDDFf6bfcMSa85/mJRi3y7IRlD93N5+BYyqPYJ18YrrPhTLFV3alWuMIUFMo9ydt
k2ydYNyqxhg8R3SnhsplvGeqkL6vvgKSNikRyFV3NW+6/APLfkNwIhZhJqnsqtNC
iyqx6CbH1TH9cQaTK7KtKG9RLERYiKxh+PsIuZbBwVPUEUrmD2ef627WEkryF8hN
/oWrNIhVNxnIyeB9dD9I6Lvzf38vTmulgN4G9zjMoFBn
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:13:44 2024 by rpki-client on console-fra.rpki-client.org