Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/f6969c-3a6e-4bec-9742-ece87c6a0318/1/XuE6YZYmqLIiYLMvLDqkAxBdl3Y.roa
File:                     XuE6YZYmqLIiYLMvLDqkAxBdl3Y.roa (raw, json)
Hash identifier:          XUpd1IG5yn8i2pdDNWs6OmFV0qnbE6flR+aTwRHSYlk=
Subject key identifier:   5E:E1:3A:61:96:26:A8:B2:22:60:B3:2F:2C:3A:A4:03:10:5D:97:76
Certificate issuer:       /CN=ca900f1e11e2d25d0b2316ad6e012684839ac81e
Certificate serial:       018CC34939EA545F281E11065B9501E663C8
Authority key identifier: CA:90:0F:1E:11:E2:D2:5D:0B:23:16:AD:6E:01:26:84:83:9A:C8:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypAPHhHi0l0LIxatbgEmhIOayB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/f6969c-3a6e-4bec-9742-ece87c6a0318/1/XuE6YZYmqLIiYLMvLDqkAxBdl3Y.roa
Signing time:             Mon 01 Jan 2024 04:30:05 +0000
ROA not before:           Mon 01 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203177
IP address blocks:        185.135.210.0/24 maxlen: 24
                          185.135.208.0/22 maxlen: 22
                          185.135.211.0/24 maxlen: 24
                          91.244.117.0/24 maxlen: 24
                          185.135.208.0/24 maxlen: 24
                          185.135.209.0/24 maxlen: 24
                          2a0a:6600::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/f6969c-3a6e-4bec-9742-ece87c6a0318/1/ypAPHhHi0l0LIxatbgEmhIOayB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/f6969c-3a6e-4bec-9742-ece87c6a0318/1/ypAPHhHi0l0LIxatbgEmhIOayB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypAPHhHi0l0LIxatbgEmhIOayB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:39:ea:54:5f:28:1e:11:06:5b:95:01:e6:63:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca900f1e11e2d25d0b2316ad6e012684839ac81e
        Validity
            Not Before: Jan  1 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ee13a619626a8b22260b32f2c3aa403105d9776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6c:22:22:6d:e7:67:28:32:9c:50:91:b6:8e:
                    3a:1f:20:83:ec:d7:be:64:06:64:9a:6a:cb:66:7b:
                    64:88:69:f9:72:17:6a:fa:7c:39:b2:90:76:74:0d:
                    f1:af:f4:ac:43:aa:af:47:11:3d:1f:69:e7:15:5c:
                    55:cf:86:fa:9b:0d:e6:1e:6b:b0:b0:a0:e6:7c:94:
                    12:6b:e6:98:4e:26:1a:bf:bd:94:ea:cf:80:cb:ab:
                    30:b1:a8:3b:c6:b1:d6:e4:6d:2b:dd:05:61:ba:3f:
                    a9:c8:cf:c5:0b:55:03:d2:64:87:19:b9:e8:f2:9c:
                    94:d3:41:77:e4:3f:23:e7:ab:47:12:42:59:1d:76:
                    3a:01:1b:a5:d5:0e:b3:44:a1:68:a1:b0:57:c8:dd:
                    91:34:1d:98:16:2a:28:5b:90:d0:33:a4:ba:fb:6e:
                    82:be:31:19:fb:62:87:7e:db:45:41:a6:d3:fe:c6:
                    18:c1:98:a7:db:48:a5:02:71:c0:2a:6a:72:bc:2c:
                    25:bc:e2:ee:35:a9:03:0c:08:f3:11:ee:9e:3b:c2:
                    b1:e7:73:18:3d:67:74:6a:d9:83:d2:b7:e2:0a:25:
                    2d:ab:77:73:6f:70:cc:90:43:43:d3:dd:96:ba:c0:
                    ed:c8:15:60:ab:a3:f5:ca:4b:9f:08:11:11:c6:0b:
                    9d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E1:3A:61:96:26:A8:B2:22:60:B3:2F:2C:3A:A4:03:10:5D:97:76
            X509v3 Authority Key Identifier:
                keyid:CA:90:0F:1E:11:E2:D2:5D:0B:23:16:AD:6E:01:26:84:83:9A:C8:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypAPHhHi0l0LIxatbgEmhIOayB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/f6969c-3a6e-4bec-9742-ece87c6a0318/1/XuE6YZYmqLIiYLMvLDqkAxBdl3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/f6969c-3a6e-4bec-9742-ece87c6a0318/1/ypAPHhHi0l0LIxatbgEmhIOayB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.117.0/24
                  185.135.208.0/22
                IPv6:
                  2a0a:6600::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:3f:bf:6f:22:9b:5b:cd:07:c4:4e:8b:50:52:bd:16:17:79:
         f1:8a:88:c8:97:17:91:78:c3:b9:c3:b5:44:8c:e5:1e:90:88:
         82:35:5a:9d:9c:08:e4:e7:c1:93:7e:f6:2e:8b:59:77:de:90:
         cf:3d:65:e1:7d:5c:e6:86:82:0e:47:69:28:66:98:b2:12:82:
         20:e9:8a:f6:b6:cc:d6:7a:78:dd:a8:70:2b:9a:f4:cd:6f:71:
         23:be:87:ca:e3:58:05:f9:db:78:f0:4f:b1:2d:12:43:63:97:
         9f:1e:79:2f:ed:32:01:f8:36:80:81:b8:a8:90:a2:ac:b3:91:
         11:b9:3a:45:eb:72:4b:d0:c2:3e:8b:ba:3c:61:44:36:08:3f:
         1e:81:4f:10:43:7b:a8:dc:c4:a2:e2:ed:bf:8e:6a:7f:d6:82:
         81:66:57:c4:b2:73:cb:e8:da:94:68:02:76:ed:a3:3c:ed:cd:
         e6:9d:24:93:88:f3:5f:9d:81:14:87:94:bd:40:ee:b4:e7:b8:
         b9:cc:07:38:2a:4c:9e:46:c7:ed:45:c8:30:56:f3:12:ea:06:
         56:8a:0b:60:d4:2e:26:1e:8e:0f:5b:fc:06:29:11:eb:27:c1:
         79:48:b9:f9:24:82:cc:4a:34:43:aa:f9:1f:99:58:51:f8:f6:
         8a:26:91:71
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSTnqVF8oHhEGW5UB5mPIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTAwZjFlMTFlMmQyNWQwYjIzMTZhZDZlMDEyNjg0ODM5
YWM4MWUwHhcNMjQwMTAxMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWUxM2E2MTk2MjZhOGIyMjI2MGIzMmYyYzNhYTQwMzEwNWQ5Nzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGwiIm3nZygynFCRto46HyCD7Ne+
ZAZkmmrLZntkiGn5chdq+nw5spB2dA3xr/SsQ6qvRxE9H2nnFVxVz4b6mw3mHmuw
sKDmfJQSa+aYTiYav72U6s+Ay6swsag7xrHW5G0r3QVhuj+pyM/FC1UD0mSHGbno
8pyU00F35D8j56tHEkJZHXY6ARul1Q6zRKFoobBXyN2RNB2YFiooW5DQM6S6+26C
vjEZ+2KHfttFQabT/sYYwZin20ilAnHAKmpyvCwlvOLuNakDDAjzEe6eO8Kx53MY
PWd0atmD0rfiCiUtq3dzb3DMkEND092WusDtyBVgq6P1ykufCBERxgudOwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFF7hOmGWJqiyImCzLyw6pAMQXZd2MB8GA1UdIwQY
MBaAFMqQDx4R4tJdCyMWrW4BJoSDmsgeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBBUEhoSGkwbDBMSXhhdGJnRW1oSU9heUI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9mNjk2OWMtM2E2ZS00YmVjLTk3NDIt
ZWNlODdjNmEwMzE4LzEvWHVFNllaWW1xTElpWUxNdkxEcWtBeEJkbDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9mNjk2OWMtM2E2ZS00YmVjLTk3NDItZWNlODdjNmEwMzE4
LzEveXBBUEhoSGkwbDBMSXhhdGJnRW1oSU9heUI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW/R1AwQC
uYfQMA0EAgACMAcDBQMqCmYAMA0GCSqGSIb3DQEBCwUAA4IBAQA8P79vIptbzQfE
TotQUr0WF3nxiojIlxeReMO5w7VEjOUekIiCNVqdnAjk58GTfvYui1l33pDPPWXh
fVzmhoIOR2koZpiyEoIg6Yr2tszWenjdqHArmvTNb3EjvofK41gF+dt48E+xLRJD
Y5efHnkv7TIB+DaAgbiokKKss5ERuTpF63JL0MI+i7o8YUQ2CD8egU8QQ3uo3MSi
4u2/jmp/1oKBZlfEsnPL6NqUaAJ27aM87c3mnSSTiPNfnYEUh5S9QO6057i5zAc4
KkyeRsftRcgwVvMS6gZWigtg1C4mHo4PW/wGKRHrJ8F5SLn5JILMSjRDqvkfmVhR
+PaKJpFx
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:05:38 2024 by rpki-client on console-ams.rpki-client.org