Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/1-yyqtq8po52u9bKb0S36SkvdR9I.roa
File:                     1-yyqtq8po52u9bKb0S36SkvdR9I.roa (raw, json)
Hash identifier:          TW3XPZHExeyfTADITKyqaOWcLnYZ4LVRMCrC/JmfiP8=
Subject key identifier:   FB:2C:AA:B6:AF:29:A3:9D:AE:F5:B2:9B:D1:2D:FA:4A:4B:DD:47:D2
Certificate issuer:       /CN=b078ae499057eb06838abd3edcc3091204a7f227
Certificate serial:       0190306EA7CF42E2C382E8FE37906DFB802D
Authority key identifier: B0:78:AE:49:90:57:EB:06:83:8A:BD:3E:DC:C3:09:12:04:A7:F2:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sHiuSZBX6waDir0-3MMJEgSn8ic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/1-yyqtq8po52u9bKb0S36SkvdR9I.roa
Signing time:             Wed 19 Jun 2024 12:17:56 +0000
ROA not before:           Wed 19 Jun 2024 12:17:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16347
IP address blocks:        185.138.104.0/22 maxlen: 24
                          2a03:a6e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/sHiuSZBX6waDir0-3MMJEgSn8ic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/sHiuSZBX6waDir0-3MMJEgSn8ic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sHiuSZBX6waDir0-3MMJEgSn8ic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:6e:a7:cf:42:e2:c3:82:e8:fe:37:90:6d:fb:80:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b078ae499057eb06838abd3edcc3091204a7f227
        Validity
            Not Before: Jun 19 12:17:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb2caab6af29a39daef5b29bd12dfa4a4bdd47d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c2:0e:11:7b:e1:1e:15:69:5b:ff:da:0d:b8:
                    07:50:84:15:6d:16:0e:5f:2f:e6:96:20:f5:c5:55:
                    78:e4:34:46:0c:b2:98:5d:4e:a4:c2:82:5c:64:5e:
                    0d:8b:b1:c9:a3:11:2b:ea:3f:96:51:75:d3:85:9c:
                    2c:16:a6:9f:92:2b:fb:ef:9e:1f:16:ab:fa:09:45:
                    18:37:5d:f2:51:bc:e6:ce:ee:af:35:8c:bb:4b:86:
                    aa:1c:01:8a:44:97:78:54:dd:3d:ed:11:ff:5d:8c:
                    ee:93:5c:3b:21:de:6c:85:5b:f2:33:75:39:c4:f0:
                    a2:74:7a:64:3d:c6:65:2f:c5:ab:d8:aa:5c:d7:83:
                    1c:1a:b8:3c:1d:3e:fe:59:4f:96:cb:7a:93:0a:89:
                    d6:42:ad:b3:0c:c6:b8:47:61:1b:6e:f5:63:8d:4a:
                    e5:e7:ac:b8:7c:c9:59:c0:39:dd:23:a3:38:fb:14:
                    97:9f:93:2f:26:a1:b3:1a:df:bc:bb:79:ea:d9:4f:
                    83:21:d7:7b:0c:53:e0:b9:38:f6:5a:29:c5:aa:aa:
                    5d:db:59:1f:83:43:1d:30:ef:d6:b4:d3:f6:d6:5d:
                    9a:a1:18:e9:c7:c2:24:f8:1f:66:1d:66:08:04:57:
                    c7:4f:5b:d2:41:97:23:9b:51:de:87:ff:14:72:e6:
                    2d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2C:AA:B6:AF:29:A3:9D:AE:F5:B2:9B:D1:2D:FA:4A:4B:DD:47:D2
            X509v3 Authority Key Identifier:
                keyid:B0:78:AE:49:90:57:EB:06:83:8A:BD:3E:DC:C3:09:12:04:A7:F2:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHiuSZBX6waDir0-3MMJEgSn8ic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/1-yyqtq8po52u9bKb0S36SkvdR9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/3b3da8-45e7-4a81-ab2e-4d60e76622db/1/sHiuSZBX6waDir0-3MMJEgSn8ic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.104.0/22
                IPv6:
                  2a03:a6e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:e3:d4:2f:ed:70:18:70:9f:bc:cb:c4:c9:86:85:9a:44:08:
         d9:26:a2:9f:3a:b5:2a:76:b2:0d:44:f2:63:d5:9e:27:83:8b:
         ee:af:58:da:21:cd:f6:b9:84:76:b7:c1:6e:54:90:70:3b:9f:
         ab:47:d4:5b:a1:3b:79:3e:60:89:d9:fb:bc:49:ce:7c:fc:b0:
         96:9c:fd:0d:8c:37:0c:dc:e6:32:b7:9b:b3:5d:a0:aa:cd:50:
         9e:69:fa:63:6a:5a:75:78:7e:28:b7:bb:fe:3f:ea:85:7d:18:
         0b:51:e3:7f:16:b1:31:1d:23:42:67:bd:9b:a9:58:c0:d5:9d:
         46:fd:34:79:60:a1:92:fe:86:85:f7:8d:9f:f3:6a:d1:7a:4e:
         9b:04:34:a8:fc:8c:50:da:a3:92:dc:84:b4:1b:ba:60:44:58:
         35:ac:9f:3d:bb:ab:b6:aa:82:a3:df:c9:c2:24:63:38:55:33:
         8d:6f:4c:35:e1:f1:cb:bc:d4:41:20:38:d3:ec:57:c7:28:0c:
         a4:70:c8:4d:ee:8f:b0:ae:fc:e8:a1:c2:f2:46:ef:e1:46:60:
         d5:d7:eb:1c:6b:0f:9e:59:2f:7b:cd:32:95:fc:43:86:1e:51:
         60:ef:75:79:45:c3:04:b8:14:6e:49:b0:29:ef:bb:96:a8:19:
         a8:5a:52:44
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZAwbqfPQuLDguj+N5Bt+4AtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNzhhZTQ5OTA1N2ViMDY4MzhhYmQzZWRjYzMwOTEyMDRh
N2YyMjcwHhcNMjQwNjE5MTIxNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJjYWFiNmFmMjlhMzlkYWVmNWIyOWJkMTJkZmE0YTRiZGQ0N2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8IOEXvhHhVpW//aDbgHUIQVbRYO
Xy/mliD1xVV45DRGDLKYXU6kwoJcZF4Ni7HJoxEr6j+WUXXThZwsFqafkiv7754f
Fqv6CUUYN13yUbzmzu6vNYy7S4aqHAGKRJd4VN097RH/XYzuk1w7Id5shVvyM3U5
xPCidHpkPcZlL8Wr2Kpc14McGrg8HT7+WU+Wy3qTConWQq2zDMa4R2EbbvVjjUrl
56y4fMlZwDndI6M4+xSXn5MvJqGzGt+8u3nq2U+DIdd7DFPguTj2WinFqqpd21kf
g0MdMO/WtNP21l2aoRjpx8Ik+B9mHWYIBFfHT1vSQZcjm1Heh/8UcuYtXQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPssqravKaOdrvWym9Et+kpL3UfSMB8GA1UdIwQY
MBaAFLB4rkmQV+sGg4q9PtzDCRIEp/InMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hpdVNaQlg2d2FEaXIwLTNNTUpFZ1NuOGljLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8zYjNkYTgtNDVlNy00YTgxLWFiMmUt
NGQ2MGU3NjYyMmRiLzEvMS15eXF0cThwbzUydTliS2IwUzM2U2t2ZFI5SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzcvM2IzZGE4LTQ1ZTctNGE4MS1hYjJlLTRkNjBlNzY2MjJk
Yi8xL3NIaXVTWkJYNndhRGlyMC0zTU1KRWdTbjhpYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArmKaDAN
BAIAAjAHAwUAKgOm4DANBgkqhkiG9w0BAQsFAAOCAQEAC+PUL+1wGHCfvMvEyYaF
mkQI2Sainzq1KnayDUTyY9WeJ4OL7q9Y2iHN9rmEdrfBblSQcDufq0fUW6E7eT5g
idn7vEnOfPywlpz9DYw3DNzmMrebs12gqs1Qnmn6Y2padXh+KLe7/j/qhX0YC1Hj
fxaxMR0jQme9m6lYwNWdRv00eWChkv6GhfeNn/Nq0XpOmwQ0qPyMUNqjktyEtBu6
YERYNayfPburtqqCo9/JwiRjOFUzjW9MNeHxy7zUQSA40+xXxygMpHDITe6PsK78
6KHC8kbv4UZg1dfrHGsPnlkve80ylfxDhh5RYO91eUXDBLgUbkmwKe+7lqgZqFpS
RA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:42:08 2024 by rpki-client on console-ams.rpki-client.org