Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/db5399-6fbb-4ce2-897b-3bbbca310d71/1/_uBzzwORVuYrYSJ2B-HfxV464S4.roa
File:                     _uBzzwORVuYrYSJ2B-HfxV464S4.roa (raw, json)
Hash identifier:          ZN/Ihj6eHDb6uyEl0aJrynaq5Jn7GtVHly0VjVZGtdc=
Subject key identifier:   FE:E0:73:CF:03:91:56:E6:2B:61:22:76:07:E1:DF:C5:5E:3A:E1:2E
Certificate issuer:       /CN=ec51314e04ec9676f2b60248e1b9bd02ef00e168
Certificate serial:       018CC7273550C5F76593B5FC575F14E1DBE7
Authority key identifier: EC:51:31:4E:04:EC:96:76:F2:B6:02:48:E1:B9:BD:02:EF:00:E1:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7FExTgTslnbytgJI4bm9Au8A4Wg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/db5399-6fbb-4ce2-897b-3bbbca310d71/1/_uBzzwORVuYrYSJ2B-HfxV464S4.roa
Signing time:             Mon 01 Jan 2024 22:31:24 +0000
ROA not before:           Mon 01 Jan 2024 22:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204189
IP address blocks:        185.111.148.0/22 maxlen: 24
                          157.97.184.0/21 maxlen: 24
                          2a0d:ce80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/db5399-6fbb-4ce2-897b-3bbbca310d71/1/7FExTgTslnbytgJI4bm9Au8A4Wg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/db5399-6fbb-4ce2-897b-3bbbca310d71/1/7FExTgTslnbytgJI4bm9Au8A4Wg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7FExTgTslnbytgJI4bm9Au8A4Wg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:35:50:c5:f7:65:93:b5:fc:57:5f:14:e1:db:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec51314e04ec9676f2b60248e1b9bd02ef00e168
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fee073cf039156e62b61227607e1dfc55e3ae12e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ca:9f:9b:0c:91:a3:80:c0:7a:a1:1f:ed:4f:
                    e6:5f:84:af:6f:ea:fd:f0:93:12:16:d9:4b:85:11:
                    f2:e5:19:ec:ae:82:66:3f:4d:85:79:66:48:e3:d5:
                    34:61:ea:89:a5:3d:70:44:e4:96:f4:b3:2c:32:6e:
                    32:7b:61:06:64:5e:61:52:49:88:18:d5:5f:3e:e1:
                    0f:59:a8:3f:d1:0b:f4:82:32:ca:85:1f:39:a9:b5:
                    50:f4:bb:6f:6c:93:4c:b0:22:9d:d7:71:97:d0:9f:
                    7c:cd:35:7a:63:c2:5e:82:d4:e9:7d:7b:ee:f8:b1:
                    67:92:10:73:64:c3:f2:88:9d:aa:9e:af:5f:6f:20:
                    a3:6e:ca:f0:67:f3:67:12:85:20:f7:4d:f7:35:e5:
                    65:3e:c9:65:2c:ff:e8:e9:a3:c2:c2:4b:55:21:09:
                    e5:80:a3:1f:f2:ca:d4:4b:b3:7f:6f:55:cb:07:49:
                    f9:b1:81:f1:f6:af:20:86:b2:0a:dd:18:3d:96:f5:
                    1e:c6:f7:0e:d6:60:ed:68:3d:cf:2f:de:21:9a:a9:
                    6b:28:c4:94:08:a5:ac:1b:78:2b:89:ef:c0:05:b0:
                    48:13:94:c2:35:44:a7:db:94:2f:b6:a0:0e:6f:1d:
                    3b:29:03:cc:01:94:9f:fc:88:8a:e4:f1:ec:f0:48:
                    b8:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:E0:73:CF:03:91:56:E6:2B:61:22:76:07:E1:DF:C5:5E:3A:E1:2E
            X509v3 Authority Key Identifier:
                keyid:EC:51:31:4E:04:EC:96:76:F2:B6:02:48:E1:B9:BD:02:EF:00:E1:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7FExTgTslnbytgJI4bm9Au8A4Wg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/db5399-6fbb-4ce2-897b-3bbbca310d71/1/_uBzzwORVuYrYSJ2B-HfxV464S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/db5399-6fbb-4ce2-897b-3bbbca310d71/1/7FExTgTslnbytgJI4bm9Au8A4Wg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.184.0/21
                  185.111.148.0/22
                IPv6:
                  2a0d:ce80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:e6:93:57:36:b2:ae:09:58:e4:39:a3:fb:b5:a9:6f:9e:7d:
         84:9b:7d:0c:a6:30:ed:3f:0f:69:dc:2e:be:44:fe:8c:1a:9a:
         65:aa:c3:02:96:12:1d:36:86:17:7b:95:13:62:75:71:20:88:
         2d:dc:dd:55:e7:bd:a5:ea:29:f3:f4:b7:c2:10:3c:f4:4b:71:
         04:37:84:6e:b1:8c:15:41:66:43:e2:05:38:0a:79:f8:51:f3:
         60:89:91:29:28:e6:fe:50:1d:a8:fb:4d:21:ff:4e:9d:88:29:
         60:c9:3a:8f:dc:22:bd:87:7a:c4:7a:66:1c:2c:d9:b9:86:13:
         26:75:14:f5:42:44:ea:3a:9a:4a:b8:d7:e6:b9:4e:52:ac:c5:
         a9:ec:cb:4d:23:7c:ec:19:ae:d2:b6:3f:44:e4:49:fc:1e:12:
         64:71:67:9c:03:22:5a:52:59:9c:06:bf:ee:d1:57:af:9e:91:
         7b:ee:3e:f1:da:34:1b:b4:3e:40:e4:8a:cd:f8:e9:30:44:a1:
         a1:7f:c1:bb:72:2e:a1:ac:13:18:4e:b1:c0:4f:fa:f0:c3:1f:
         c9:da:af:94:ae:aa:bd:bf:db:aa:e0:2a:fd:ca:d4:13:b3:15:
         91:c8:e2:50:15:05:0c:ce:76:dd:c6:2c:a6:8d:d6:ee:6c:f3:
         a9:b0:c8:2e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJzVQxfdlk7X8V18U4dvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNTEzMTRlMDRlYzk2NzZmMmI2MDI0OGUxYjliZDAyZWYw
MGUxNjgwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWUwNzNjZjAzOTE1NmU2MmI2MTIyNzYwN2UxZGZjNTVlM2FlMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicqfmwyRo4DAeqEf7U/mX4Svb+r9
8JMSFtlLhRHy5RnsroJmP02FeWZI49U0YeqJpT1wROSW9LMsMm4ye2EGZF5hUkmI
GNVfPuEPWag/0Qv0gjLKhR85qbVQ9LtvbJNMsCKd13GX0J98zTV6Y8JegtTpfXvu
+LFnkhBzZMPyiJ2qnq9fbyCjbsrwZ/NnEoUg9033NeVlPsllLP/o6aPCwktVIQnl
gKMf8srUS7N/b1XLB0n5sYHx9q8ghrIK3Rg9lvUexvcO1mDtaD3PL94hmqlrKMSU
CKWsG3grie/ABbBIE5TCNUSn25QvtqAObx07KQPMAZSf/IiK5PHs8Ei4fQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP7gc88DkVbmK2Eidgfh38VeOuEuMB8GA1UdIwQY
MBaAFOxRMU4E7JZ28rYCSOG5vQLvAOFoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0ZFeFRnVHNsbmJ5dGdKSTRibTlBdThBNFdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kYjUzOTktNmZiYi00Y2UyLTg5N2It
M2JiYmNhMzEwZDcxLzEvX3VCenp3T1JWdVlyWVNKMkItSGZ4VjQ2NFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kYjUzOTktNmZiYi00Y2UyLTg5N2ItM2JiYmNhMzEwZDcx
LzEvN0ZFeFRnVHNsbmJ5dGdKSTRibTlBdThBNFdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDnWG4AwQC
uW+UMA0EAgACMAcDBQMqDc6AMA0GCSqGSIb3DQEBCwUAA4IBAQCw5pNXNrKuCVjk
OaP7talvnn2Em30MpjDtPw9p3C6+RP6MGpplqsMClhIdNoYXe5UTYnVxIIgt3N1V
572l6inz9LfCEDz0S3EEN4RusYwVQWZD4gU4Cnn4UfNgiZEpKOb+UB2o+00h/06d
iClgyTqP3CK9h3rEemYcLNm5hhMmdRT1QkTqOppKuNfmuU5SrMWp7MtNI3zsGa7S
tj9E5En8HhJkcWecAyJaUlmcBr/u0VevnpF77j7x2jQbtD5A5IrN+OkwRKGhf8G7
ci6hrBMYTrHAT/rwwx/J2q+Urqq9v9uq4Cr9ytQTsxWRyOJQFQUMznbdxiymjdbu
bPOpsMgu
-----END CERTIFICATE-----
Generated at Sat Nov 23 14:54:42 2024 by rpki-client on console-ams.rpki-client.org