Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/kCg9WFKo3GKon-AvXzKjrVj2YVU.roa
File:                     kCg9WFKo3GKon-AvXzKjrVj2YVU.roa (raw, json)
Hash identifier:          9rdBOn9rDBOONIOIiYQ9srUByIIvYKf8KYO2fcsNd/I=
Subject key identifier:   90:28:3D:58:52:A8:DC:62:A8:9F:E0:2F:5F:32:A3:AD:58:F6:61:55
Certificate issuer:       /CN=99e7209a8c9b176fbf623edf3ee0b82007fc2c40
Certificate serial:       018CC5DC4C8836BB43A19F10BED13DF87C6F
Authority key identifier: 99:E7:20:9A:8C:9B:17:6F:BF:62:3E:DF:3E:E0:B8:20:07:FC:2C:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/kCg9WFKo3GKon-AvXzKjrVj2YVU.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43494
IP address blocks:        185.89.244.0/23 maxlen: 23
                          185.89.246.0/23 maxlen: 23
                          212.158.176.0/24 maxlen: 24
                          78.40.2.0/23 maxlen: 23
                          78.40.4.0/22 maxlen: 22
                          185.86.236.0/24 maxlen: 24
                          185.86.236.0/22 maxlen: 24
                          2a00:a9c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4c:88:36:bb:43:a1:9f:10:be:d1:3d:f8:7c:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99e7209a8c9b176fbf623edf3ee0b82007fc2c40
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90283d5852a8dc62a89fe02f5f32a3ad58f66155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a6:fe:12:6d:55:34:8f:55:f0:84:dd:c5:7c:
                    0f:b3:7c:d9:2e:8c:db:c4:03:a4:41:b4:6a:69:a4:
                    58:d9:59:b3:b9:12:c1:54:ae:01:1c:41:ce:5d:b9:
                    06:70:2c:8b:08:ba:fd:be:63:8b:f5:1a:61:81:d4:
                    48:98:e0:d2:50:79:a5:c9:39:6b:45:18:f9:de:57:
                    60:d8:65:54:c2:f9:a7:6c:41:93:8d:1d:87:da:f1:
                    39:a2:78:c7:f5:e2:3e:0b:d5:53:54:81:40:22:8b:
                    f4:af:a4:bc:fe:9e:2c:d0:50:c9:e2:51:97:2e:53:
                    1f:0d:7e:5c:62:c3:a5:1a:16:2d:0a:b2:21:6d:4b:
                    4b:6a:af:bd:c3:3d:e8:cd:87:9c:b3:3d:d9:81:ab:
                    be:a5:43:b2:83:76:71:cf:50:36:ef:c1:78:06:43:
                    10:f5:4c:a9:17:4e:0f:f2:62:5c:0d:5a:01:c9:87:
                    77:5c:e3:6d:37:a3:b9:f9:9f:7e:e7:ff:ff:22:3e:
                    eb:92:68:74:42:f4:8a:28:16:2b:96:7b:9d:4b:45:
                    6b:f5:7e:17:89:70:dc:39:b9:e6:62:7a:da:a2:dd:
                    a6:a5:dc:af:74:49:b3:99:1d:7f:6e:dc:cf:78:81:
                    87:f9:5b:43:1b:ef:6b:b2:a7:c1:55:73:94:0f:6c:
                    41:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:28:3D:58:52:A8:DC:62:A8:9F:E0:2F:5F:32:A3:AD:58:F6:61:55
            X509v3 Authority Key Identifier:
                keyid:99:E7:20:9A:8C:9B:17:6F:BF:62:3E:DF:3E:E0:B8:20:07:FC:2C:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mecgmoybF2-_Yj7fPuC4IAf8LEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/kCg9WFKo3GKon-AvXzKjrVj2YVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/ef5856-bbc0-45a4-891e-b2dcc1863e8b/1/mecgmoybF2-_Yj7fPuC4IAf8LEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.2.0-78.40.7.255
                  185.86.236.0/22
                  185.89.244.0/22
                  212.158.176.0/24
                IPv6:
                  2a00:a9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:d9:51:93:5b:97:e9:2d:e6:a7:25:cd:db:20:20:b9:28:f8:
         f1:b2:fb:e4:0b:90:bc:e3:a1:5a:a7:18:c4:8c:50:a1:41:47:
         6d:2b:5d:e0:df:97:6a:4c:9a:60:04:1c:6a:7a:7a:6d:7c:5a:
         d0:ae:2d:6d:59:d5:ec:64:38:33:ad:d6:5c:c7:bf:44:54:20:
         96:77:e4:33:2e:8e:1f:ab:2e:10:74:b8:79:4e:9f:d1:78:ec:
         22:55:1e:d8:4d:bd:2f:69:c4:e6:c6:d1:80:b6:60:ef:7d:31:
         19:27:30:07:e5:7b:1b:59:5b:53:42:49:e4:8e:52:d0:44:d0:
         2f:5b:ea:02:75:52:ec:a0:bd:f1:f2:1a:75:e2:55:4e:04:89:
         c0:93:c5:ac:f7:d0:d8:3c:4d:16:45:9e:fa:34:f9:f8:8a:49:
         d0:f1:70:f4:11:2d:af:13:c8:09:e7:ff:df:e8:2f:bd:5d:44:
         13:af:18:7e:f6:d8:a4:a0:3d:70:4b:53:28:2a:49:43:5f:fc:
         e4:8d:4c:18:03:f5:3f:11:f5:55:cc:da:d7:19:10:c0:b3:2b:
         7c:67:0d:df:60:ba:fe:46:92:30:7e:07:1b:82:49:c3:59:2d:
         89:c2:2d:23:d3:57:b7:04:0a:2d:c0:6d:77:16:3a:43:25:4b:
         bf:26:e0:cb
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzF3EyINrtDoZ8QvtE9+HxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZTcyMDlhOGM5YjE3NmZiZjYyM2VkZjNlZTBiODIwMDdm
YzJjNDAwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDI4M2Q1ODUyYThkYzYyYTg5ZmUwMmY1ZjMyYTNhZDU4ZjY2MTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKb+Em1VNI9V8ITdxXwPs3zZLozb
xAOkQbRqaaRY2VmzuRLBVK4BHEHOXbkGcCyLCLr9vmOL9RphgdRImODSUHmlyTlr
RRj53ldg2GVUwvmnbEGTjR2H2vE5onjH9eI+C9VTVIFAIov0r6S8/p4s0FDJ4lGX
LlMfDX5cYsOlGhYtCrIhbUtLaq+9wz3ozYecsz3Zgau+pUOyg3Zxz1A278F4BkMQ
9UypF04P8mJcDVoByYd3XONtN6O5+Z9+5///Ij7rkmh0QvSKKBYrlnudS0Vr9X4X
iXDcObnmYnraot2mpdyvdEmzmR1/btzPeIGH+VtDG+9rsqfBVXOUD2xB8QIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJAoPVhSqNxiqJ/gL18yo61Y9mFVMB8GA1UdIwQY
MBaAFJnnIJqMmxdvv2I+3z7guCAH/CxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWVjZ21veWJGMi1fWWo3ZlB1QzRJQWY4TEVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9lZjU4NTYtYmJjMC00NWE0LTg5MWUt
YjJkY2MxODYzZThiLzEva0NnOVdGS28zR0tvbi1Bdlh6S2pyVmoyWVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9lZjU4NTYtYmJjMC00NWE0LTg5MWUtYjJkY2MxODYzZThi
LzEvbWVjZ21veWJGMi1fWWo3ZlB1QzRJQWY4TEVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgMAwDBAFOKAID
BANOKAADBAK5VuwDBAK5WfQDBADUnrAwDQQCAAIwBwMFACoAqcAwDQYJKoZIhvcN
AQELBQADggEBAK3ZUZNbl+kt5qclzdsgILko+PGy++QLkLzjoVqnGMSMUKFBR20r
XeDfl2pMmmAEHGp6em18WtCuLW1Z1exkODOt1lzHv0RUIJZ35DMujh+rLhB0uHlO
n9F47CJVHthNvS9pxObG0YC2YO99MRknMAflextZW1NCSeSOUtBE0C9b6gJ1Uuyg
vfHyGnXiVU4EicCTxaz30Ng8TRZFnvo0+fiKSdDxcPQRLa8TyAnn/9/oL71dRBOv
GH722KSgPXBLUygqSUNf/OSNTBgD9T8R9VXM2tcZEMCzK3xnDd9guv5GkjB+BxuC
ScNZLYnCLSPTV7cECi3AbXcWOkMlS78m4Ms=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:56:52 2024 by rpki-client on console-ams.rpki-client.org