Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/Ug0y31yGl2J0nFHmhKDep2_41nE.roa
File:                     Ug0y31yGl2J0nFHmhKDep2_41nE.roa (raw, json)
Hash identifier:          ucxH8nh3JGfHyWk4oP8fy92T6lP2Okm+PJysr712HrQ=
Subject key identifier:   52:0D:32:DF:5C:86:97:62:74:9C:51:E6:84:A0:DE:A7:6F:F8:D6:71
Certificate issuer:       /CN=971a6cbb2df6e7faccc5853ba5400f1f470eab16
Certificate serial:       018CC8DF8363C571A9A0F364BF709971F68C
Authority key identifier: 97:1A:6C:BB:2D:F6:E7:FA:CC:C5:85:3B:A5:40:0F:1F:47:0E:AB:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxpsuy325_rMxYU7pUAPH0cOqxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/Ug0y31yGl2J0nFHmhKDep2_41nE.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59989
IP address blocks:        185.22.34.0/24 maxlen: 24
                          185.22.32.0/22 maxlen: 22
                          185.22.33.0/24 maxlen: 24
                          185.22.35.0/24 maxlen: 24
                          185.22.32.0/24 maxlen: 24
                          185.100.202.0/24 maxlen: 24
                          185.100.201.0/24 maxlen: 24
                          185.100.200.0/22 maxlen: 22
                          185.100.203.0/24 maxlen: 24
                          185.100.200.0/24 maxlen: 24
                          2a00:5e60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/lxpsuy325_rMxYU7pUAPH0cOqxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/lxpsuy325_rMxYU7pUAPH0cOqxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxpsuy325_rMxYU7pUAPH0cOqxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:83:63:c5:71:a9:a0:f3:64:bf:70:99:71:f6:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=971a6cbb2df6e7faccc5853ba5400f1f470eab16
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=520d32df5c869762749c51e684a0dea76ff8d671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:85:67:35:e9:e4:39:87:e5:0a:91:b1:2d:11:
                    bb:b1:81:2b:86:0c:26:48:d4:a1:8e:cc:20:e1:88:
                    c3:95:e8:5e:9c:08:19:2c:bf:ff:6b:b2:af:3c:2f:
                    a0:fc:c1:65:eb:39:d0:5b:34:0e:6c:59:00:28:2a:
                    00:63:09:78:ff:99:0d:a8:da:c3:ea:e9:ad:e1:11:
                    70:73:a8:87:3c:e6:f7:46:1e:b4:da:86:be:24:84:
                    58:ad:48:87:5c:3f:15:7b:3e:85:62:e4:da:1c:87:
                    ab:c4:c1:32:cb:af:cc:2c:58:53:49:c7:0c:b9:b9:
                    55:30:7c:c1:87:51:b0:9a:c3:d1:ec:0e:cc:a1:78:
                    70:30:c0:70:ea:8f:d8:a5:6d:da:c8:73:62:1e:72:
                    5e:1a:4b:7c:20:60:77:5f:8f:5c:1d:17:02:f9:0a:
                    45:fb:ab:7c:3f:fa:c3:81:14:c3:38:8e:c8:67:5f:
                    b6:e6:54:5e:d2:30:bb:d3:c4:98:09:ea:a8:2d:12:
                    9d:1a:02:4e:9e:14:86:47:0f:98:79:18:2c:ba:47:
                    82:fa:f2:51:40:7f:27:aa:29:96:45:48:a2:b0:4a:
                    19:fe:1c:ef:04:dc:db:f6:74:20:13:e8:95:f7:c8:
                    e1:51:21:59:79:e4:7e:40:76:11:32:34:77:74:47:
                    83:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:0D:32:DF:5C:86:97:62:74:9C:51:E6:84:A0:DE:A7:6F:F8:D6:71
            X509v3 Authority Key Identifier:
                keyid:97:1A:6C:BB:2D:F6:E7:FA:CC:C5:85:3B:A5:40:0F:1F:47:0E:AB:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxpsuy325_rMxYU7pUAPH0cOqxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/Ug0y31yGl2J0nFHmhKDep2_41nE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/lxpsuy325_rMxYU7pUAPH0cOqxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.32.0/22
                  185.100.200.0/22
                IPv6:
                  2a00:5e60::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:b0:b4:f9:38:47:ab:0c:c9:bf:46:05:ac:52:8c:05:2a:6e:
         c5:9a:1c:76:bd:1a:c1:61:c6:17:f0:b8:c5:96:62:59:26:9a:
         64:a9:7f:11:48:fa:27:70:33:6a:22:9b:fe:1f:1a:21:d1:52:
         cb:53:b8:05:14:ae:1f:a8:f0:a5:97:0c:b5:7e:33:6e:3b:14:
         55:a4:ed:70:41:b2:12:c6:b9:b4:63:8c:1d:8f:fc:21:33:97:
         4f:ca:92:b3:10:d0:5a:e5:05:45:fe:c8:f2:32:35:89:e2:15:
         79:ab:8c:e5:eb:46:d8:86:ea:cf:a2:73:47:0b:e1:47:8f:9f:
         e0:0e:76:93:e2:24:da:21:56:a7:7b:d1:17:59:a3:d2:bd:88:
         f2:e8:1b:a1:d9:77:a8:72:ca:06:a7:41:e4:61:81:81:ae:e1:
         f6:07:f4:70:1f:fd:50:a5:c5:5c:c1:d6:9c:83:04:14:54:11:
         9f:ce:32:7b:4e:a0:b0:2e:86:d0:d4:29:b5:36:c6:83:ef:77:
         c6:3a:04:04:09:f5:7a:84:20:95:f7:0c:63:8e:d3:80:0d:8c:
         f8:78:65:6d:12:ad:cb:35:cb:4a:8b:91:e2:04:34:33:d1:ee:
         8f:6a:13:93:e7:2c:7a:c6:05:c1:d2:f6:d0:51:18:8d:d5:ba:
         11:b8:a9:f8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI34NjxXGpoPNkv3CZcfaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MWE2Y2JiMmRmNmU3ZmFjY2M1ODUzYmE1NDAwZjFmNDcw
ZWFiMTYwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjBkMzJkZjVjODY5NzYyNzQ5YzUxZTY4NGEwZGVhNzZmZjhkNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYVnNenkOYflCpGxLRG7sYErhgwm
SNShjswg4YjDlehenAgZLL//a7KvPC+g/MFl6znQWzQObFkAKCoAYwl4/5kNqNrD
6umt4RFwc6iHPOb3Rh602oa+JIRYrUiHXD8Vez6FYuTaHIerxMEyy6/MLFhTSccM
ublVMHzBh1GwmsPR7A7MoXhwMMBw6o/YpW3ayHNiHnJeGkt8IGB3X49cHRcC+QpF
+6t8P/rDgRTDOI7IZ1+25lRe0jC708SYCeqoLRKdGgJOnhSGRw+YeRgsukeC+vJR
QH8nqimWRUiisEoZ/hzvBNzb9nQgE+iV98jhUSFZeeR+QHYRMjR3dEeD7QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFINMt9chpdidJxR5oSg3qdv+NZxMB8GA1UdIwQY
MBaAFJcabLst9uf6zMWFO6VADx9HDqsWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhwc3V5MzI1X3JNeFlVN3BVQVBIMGNPcXhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS83ZDNmMDAtZDQ4Yy00MTZmLTkxOWUt
ZGMwMzg5ZjkxNjdkLzEvVWcweTMxeUdsMkowbkZIbWhLRGVwMl80MW5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS83ZDNmMDAtZDQ4Yy00MTZmLTkxOWUtZGMwMzg5ZjkxNjdk
LzEvbHhwc3V5MzI1X3JNeFlVN3BVQVBIMGNPcXhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRYgAwQC
uWTIMA0EAgACMAcDBQAqAF5gMA0GCSqGSIb3DQEBCwUAA4IBAQBosLT5OEerDMm/
RgWsUowFKm7Fmhx2vRrBYcYX8LjFlmJZJppkqX8RSPoncDNqIpv+Hxoh0VLLU7gF
FK4fqPCllwy1fjNuOxRVpO1wQbISxrm0Y4wdj/whM5dPypKzENBa5QVF/sjyMjWJ
4hV5q4zl60bYhurPonNHC+FHj5/gDnaT4iTaIVane9EXWaPSvYjy6Buh2XeocsoG
p0HkYYGBruH2B/RwH/1QpcVcwdacgwQUVBGfzjJ7TqCwLobQ1Cm1NsaD73fGOgQE
CfV6hCCV9wxjjtOADYz4eGVtEq3LNctKi5HiBDQz0e6PahOT5yx6xgXB0vbQURiN
1boRuKn4
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:49 2024 by rpki-client on console-ams.rpki-client.org