Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/O3Gh_6okeRiSw7glpG1_M_6crRQ.roa
File:                     O3Gh_6okeRiSw7glpG1_M_6crRQ.roa (raw, json)
Hash identifier:          pRxDeJ3BdGOBf79VVdApMx0n3RsWf69z4LMDl/byqs4=
Subject key identifier:   3B:71:A1:FF:AA:24:79:18:92:C3:B8:25:A4:6D:7F:33:FE:9C:AD:14
Certificate issuer:       /CN=bb22cf4c71a95911bd6046d05c0a8ba1646c9ead
Certificate serial:       018CC3B7253414EEF368A1415FDC3217BC3F
Authority key identifier: BB:22:CF:4C:71:A9:59:11:BD:60:46:D0:5C:0A:8B:A1:64:6C:9E:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uyLPTHGpWRG9YEbQXAqLoWRsnq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/O3Gh_6okeRiSw7glpG1_M_6crRQ.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198721
IP address blocks:        185.199.112.0/22 maxlen: 24
                          94.140.28.0/22 maxlen: 24
                          185.29.204.0/22 maxlen: 24
                          188.214.0.0/22 maxlen: 24
                          91.238.116.0/22 maxlen: 24
                          85.209.112.0/22 maxlen: 24
                          2a00:a9a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/uyLPTHGpWRG9YEbQXAqLoWRsnq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/uyLPTHGpWRG9YEbQXAqLoWRsnq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uyLPTHGpWRG9YEbQXAqLoWRsnq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:25:34:14:ee:f3:68:a1:41:5f:dc:32:17:bc:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb22cf4c71a95911bd6046d05c0a8ba1646c9ead
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b71a1ffaa24791892c3b825a46d7f33fe9cad14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:3f:ea:b9:bf:37:9d:79:57:2c:ec:0a:48:73:
                    3a:13:c9:4b:82:ba:b1:fa:17:36:c3:1f:03:2d:fd:
                    f7:7d:64:af:4c:41:48:75:9c:a8:c6:f1:47:1a:b6:
                    da:1a:8e:b0:c9:d5:32:8b:ed:91:3f:06:12:bd:62:
                    6a:ea:9f:67:c1:59:79:6e:da:cc:33:d9:c5:1f:f5:
                    6d:51:64:db:7a:2e:c7:c7:a3:93:3e:a3:f8:92:e9:
                    f4:ad:58:6d:07:f1:ff:83:c9:40:03:b0:28:65:e2:
                    de:4a:3a:92:7f:ab:3b:05:d1:60:19:68:69:7a:1f:
                    8f:c5:99:5b:79:40:bc:40:fc:b4:be:bc:c0:09:ef:
                    ab:c1:a9:3f:18:5c:1b:89:d1:43:49:44:8a:3c:a8:
                    ee:7d:b7:b0:a2:7c:96:b0:c6:80:80:e3:4c:d9:39:
                    a0:97:ac:aa:21:a5:60:ba:35:60:41:d3:d7:22:bd:
                    2e:3e:58:30:05:19:0b:75:15:01:c6:8c:14:d5:df:
                    42:b3:8e:3e:92:0a:be:ba:06:71:dd:45:7b:56:12:
                    3a:c4:eb:c7:ab:9c:29:7b:25:a4:e5:ba:ca:25:c0:
                    39:c5:a3:92:9b:18:21:1c:a1:ac:8a:6e:ae:de:37:
                    24:5c:8f:ee:75:7c:93:bf:ea:a2:13:1c:3e:e2:47:
                    00:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:71:A1:FF:AA:24:79:18:92:C3:B8:25:A4:6D:7F:33:FE:9C:AD:14
            X509v3 Authority Key Identifier:
                keyid:BB:22:CF:4C:71:A9:59:11:BD:60:46:D0:5C:0A:8B:A1:64:6C:9E:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uyLPTHGpWRG9YEbQXAqLoWRsnq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/O3Gh_6okeRiSw7glpG1_M_6crRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/ae825f-6f54-43ea-9b83-bbaec7505d97/1/uyLPTHGpWRG9YEbQXAqLoWRsnq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.112.0/22
                  91.238.116.0/22
                  94.140.28.0/22
                  185.29.204.0/22
                  185.199.112.0/22
                  188.214.0.0/22
                IPv6:
                  2a00:a9a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:2c:f6:60:97:83:63:b1:5d:93:d3:23:9f:e0:77:33:49:19:
         f3:71:17:0b:c4:60:e9:de:5e:14:6f:14:a7:5f:39:80:a9:e4:
         07:52:e0:3a:96:8f:68:03:da:1a:c1:a4:98:30:5d:37:c4:ee:
         68:78:b7:bb:fa:ed:30:bf:54:03:27:53:91:51:15:5e:64:b7:
         72:a2:a3:cc:b1:9d:f8:c5:83:a1:b4:a8:5d:b1:08:69:c8:0a:
         91:64:13:38:fa:54:d1:9a:a9:86:f3:c7:48:2d:15:d3:6c:e7:
         30:fe:db:76:90:97:4f:a2:11:c6:12:b0:e9:10:50:b1:6b:76:
         fd:6a:91:8a:ad:5a:dc:8a:f1:c2:41:07:fe:79:72:ce:6c:e7:
         aa:93:6c:98:2a:9c:a8:de:82:5c:58:cc:0e:f4:18:5c:11:6d:
         13:c8:85:1a:6b:61:e6:5d:57:47:c9:2c:83:01:13:c4:a6:fe:
         97:df:fc:82:f3:09:ea:37:3a:dd:d5:9b:11:ac:c8:f2:5e:19:
         fd:1a:9d:8d:64:cd:f8:f0:bc:87:5f:ee:5b:8f:b0:7a:20:4c:
         4f:ea:a3:11:0a:4e:fb:b0:4c:61:b9:9d:48:54:94:f4:da:24:
         98:36:64:d1:3c:3c:66:6b:b8:0e:f4:a8:d7:6b:ad:c0:77:ba:
         eb:0e:06:5e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzDtyU0FO7zaKFBX9wyF7w/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMjJjZjRjNzFhOTU5MTFiZDYwNDZkMDVjMGE4YmExNjQ2
YzllYWQwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjcxYTFmZmFhMjQ3OTE4OTJjM2I4MjVhNDZkN2YzM2ZlOWNhZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiz/qub83nXlXLOwKSHM6E8lLgrqx
+hc2wx8DLf33fWSvTEFIdZyoxvFHGrbaGo6wydUyi+2RPwYSvWJq6p9nwVl5btrM
M9nFH/VtUWTbei7Hx6OTPqP4kun0rVhtB/H/g8lAA7AoZeLeSjqSf6s7BdFgGWhp
eh+PxZlbeUC8QPy0vrzACe+rwak/GFwbidFDSUSKPKjufbewonyWsMaAgONM2Tmg
l6yqIaVgujVgQdPXIr0uPlgwBRkLdRUBxowU1d9Cs44+kgq+ugZx3UV7VhI6xOvH
q5wpeyWk5brKJcA5xaOSmxghHKGsim6u3jckXI/udXyTv+qiExw+4kcA7QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDtxof+qJHkYksO4JaRtfzP+nK0UMB8GA1UdIwQY
MBaAFLsiz0xxqVkRvWBG0FwKi6FkbJ6tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXlMUFRIR3BXUkc5WUViUVhBcUxvV1JzbnEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hZTgyNWYtNmY1NC00M2VhLTliODMt
YmJhZWM3NTA1ZDk3LzEvTzNHaF82b2tlUmlTdzdnbHBHMV9NXzZjclJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hZTgyNWYtNmY1NC00M2VhLTliODMtYmJhZWM3NTA1ZDk3
LzEvdXlMUFRIR3BXUkc5WUViUVhBcUxvV1JzbnEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCVdFwAwQC
W+50AwQCXowcAwQCuR3MAwQCucdwAwQCvNYAMA0EAgACMAcDBQAqAKmgMA0GCSqG
SIb3DQEBCwUAA4IBAQAfLPZgl4NjsV2T0yOf4HczSRnzcRcLxGDp3l4UbxSnXzmA
qeQHUuA6lo9oA9oawaSYMF03xO5oeLe7+u0wv1QDJ1ORURVeZLdyoqPMsZ34xYOh
tKhdsQhpyAqRZBM4+lTRmqmG88dILRXTbOcw/tt2kJdPohHGErDpEFCxa3b9apGK
rVrcivHCQQf+eXLObOeqk2yYKpyo3oJcWMwO9BhcEW0TyIUaa2HmXVdHySyDARPE
pv6X3/yC8wnqNzrd1ZsRrMjyXhn9Gp2NZM348LyHX+5bj7B6IExP6qMRCk77sExh
uZ1IVJT02iSYNmTRPDxma7gO9KjXa63Ad7rrDgZe
-----END CERTIFICATE-----
Generated at Sat Jun 15 20:33:18 2024 by rpki-client on console-fra.rpki-client.org