Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/1-d_gyvHmnPUyUBO_YSUvaAfEitM.roa
File:                     1-d_gyvHmnPUyUBO_YSUvaAfEitM.roa (raw, json)
Hash identifier:          aWu8/HzBzy3a11vXQIflYSe8F+su3kZZHAJgkwJNEsg=
Subject key identifier:   F9:DF:E0:CA:F1:E6:9C:F5:32:50:13:BF:61:25:2F:68:07:C4:8A:D3
Certificate issuer:       /CN=b8d23b1e6c07e62af2d2e7eb6de0893b09119abb
Certificate serial:       018CC2DB51DC1D0FB15A210BC3213CE378BA
Authority key identifier: B8:D2:3B:1E:6C:07:E6:2A:F2:D2:E7:EB:6D:E0:89:3B:09:11:9A:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNI7HmwH5iry0ufrbeCJOwkRmrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/1-d_gyvHmnPUyUBO_YSUvaAfEitM.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204141
IP address blocks:        185.140.0.0/22 maxlen: 22
                          82.211.192.0/19 maxlen: 19
                          2a03:19c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/uNI7HmwH5iry0ufrbeCJOwkRmrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/uNI7HmwH5iry0ufrbeCJOwkRmrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNI7HmwH5iry0ufrbeCJOwkRmrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:51:dc:1d:0f:b1:5a:21:0b:c3:21:3c:e3:78:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d23b1e6c07e62af2d2e7eb6de0893b09119abb
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9dfe0caf1e69cf5325013bf61252f6807c48ad3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:42:df:f8:29:ea:72:a4:4a:b3:48:1c:5c:4a:
                    59:59:d6:35:59:45:f3:7c:22:5d:0c:ff:05:eb:72:
                    02:8f:f7:92:38:83:61:3e:34:e9:5d:f7:f5:b9:e1:
                    eb:80:0b:47:3e:76:87:24:a9:d1:ad:54:7f:f4:21:
                    8a:73:4b:1f:c1:6c:1f:be:28:84:bb:8e:fd:b0:ea:
                    ee:0e:7b:31:8f:77:44:b0:97:13:83:9b:1c:4a:10:
                    45:3f:cb:ca:6e:dd:10:be:d8:58:9b:7d:58:23:09:
                    1d:8e:59:8b:25:5e:49:1f:a9:8e:b7:5e:98:48:6b:
                    0e:0c:6f:58:49:ea:f5:cb:7d:a2:8a:84:ae:1c:7f:
                    61:fc:7a:82:3f:ec:fd:ac:19:1d:ae:b7:bd:01:96:
                    d3:3d:61:0a:ab:ef:72:ad:4e:da:42:f9:48:62:2b:
                    43:33:ec:b1:3a:1b:e2:ad:9e:db:66:04:7e:b0:c8:
                    21:89:1d:27:41:68:96:74:34:1e:54:6f:60:3f:fa:
                    86:d0:df:6b:b1:fe:5e:ed:21:80:7f:f1:f8:7c:cc:
                    6a:3a:4e:fd:f2:d7:fb:3a:bd:60:82:29:24:92:87:
                    30:fd:9b:77:4f:25:c4:c5:02:db:28:0b:95:e4:7f:
                    6f:5f:83:69:b8:9e:92:c4:bb:41:4a:3f:b5:8b:0b:
                    c3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:DF:E0:CA:F1:E6:9C:F5:32:50:13:BF:61:25:2F:68:07:C4:8A:D3
            X509v3 Authority Key Identifier:
                keyid:B8:D2:3B:1E:6C:07:E6:2A:F2:D2:E7:EB:6D:E0:89:3B:09:11:9A:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNI7HmwH5iry0ufrbeCJOwkRmrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/1-d_gyvHmnPUyUBO_YSUvaAfEitM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/uNI7HmwH5iry0ufrbeCJOwkRmrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.211.192.0/19
                  185.140.0.0/22
                IPv6:
                  2a03:19c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:b2:8a:b7:a6:de:eb:4b:b6:89:f2:ee:c1:c1:cb:bf:61:a6:
         41:5b:1a:60:a2:96:98:87:84:e2:f5:f3:cc:c9:ef:b6:26:82:
         50:e9:d4:63:36:df:4f:f8:95:b4:cf:d5:53:17:ff:29:78:71:
         3b:58:21:ff:ca:18:fb:6b:4f:65:bc:60:4a:0c:92:a2:d8:83:
         17:b6:df:27:88:42:6c:e1:44:23:40:18:ff:a7:10:61:af:39:
         1d:b0:1b:74:1a:65:28:85:2b:fa:57:02:66:e1:4c:f4:f8:99:
         51:3e:35:17:20:d4:7f:f0:54:ec:ac:90:40:a6:ca:db:72:5f:
         fa:20:77:50:5a:3d:23:7f:e7:3a:6a:24:48:be:45:c7:2c:d3:
         03:03:c1:cf:e5:a5:cc:ef:9e:f6:93:48:b5:bb:77:8c:b6:60:
         e8:d9:eb:63:0a:2e:f1:a4:6c:6f:1e:e0:a5:07:b0:e0:5d:ac:
         bb:61:af:58:8d:4b:59:68:5a:ab:85:3c:02:be:1f:76:a1:88:
         49:1d:cb:6e:76:02:75:e2:53:44:f8:59:56:40:4b:49:0d:61:
         c8:08:78:ec:a1:03:a8:5f:08:32:0b:7a:4e:56:6f:c0:a9:8a:
         e4:2a:87:ab:06:af:45:cb:46:72:c7:b5:a9:7e:01:dd:5e:63:
         a9:63:2e:82
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzC21HcHQ+xWiELwyE843i6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDIzYjFlNmMwN2U2MmFmMmQyZTdlYjZkZTA4OTNiMDkx
MTlhYmIwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWRmZTBjYWYxZTY5Y2Y1MzI1MDEzYmY2MTI1MmY2ODA3YzQ4YWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0Lf+CnqcqRKs0gcXEpZWdY1WUXz
fCJdDP8F63ICj/eSOINhPjTpXff1ueHrgAtHPnaHJKnRrVR/9CGKc0sfwWwfviiE
u479sOruDnsxj3dEsJcTg5scShBFP8vKbt0QvthYm31YIwkdjlmLJV5JH6mOt16Y
SGsODG9YSer1y32iioSuHH9h/HqCP+z9rBkdrre9AZbTPWEKq+9yrU7aQvlIYitD
M+yxOhvirZ7bZgR+sMghiR0nQWiWdDQeVG9gP/qG0N9rsf5e7SGAf/H4fMxqOk79
8tf7Or1ggikkkocw/Zt3TyXExQLbKAuV5H9vX4NpuJ6SxLtBSj+1iwvDewIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPnf4Mrx5pz1MlATv2ElL2gHxIrTMB8GA1UdIwQY
MBaAFLjSOx5sB+Yq8tLn623giTsJEZq7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5JN0htd0g1aXJ5MHVmcmJlQ0pPd2tSbXJzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9iNzRhYTItMjVlMC00YWQ1LThjYzMt
NjkwNjFlZjJjNDk5LzEvMS1kX2d5dkhtblBVeVVCT19ZU1V2YUFmRWl0TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2YvYjc0YWEyLTI1ZTAtNGFkNS04Y2MzLTY5MDYxZWYyYzQ5
OS8xL3VOSTdIbXdINWlyeTB1ZnJiZUNKT3drUm1ycy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBVLTwAME
ArmMADANBAIAAjAHAwUAKgMZwDANBgkqhkiG9w0BAQsFAAOCAQEAQ7KKt6be60u2
ifLuwcHLv2GmQVsaYKKWmIeE4vXzzMnvtiaCUOnUYzbfT/iVtM/VUxf/KXhxO1gh
/8oY+2tPZbxgSgySotiDF7bfJ4hCbOFEI0AY/6cQYa85HbAbdBplKIUr+lcCZuFM
9PiZUT41FyDUf/BU7KyQQKbK23Jf+iB3UFo9I3/nOmokSL5FxyzTAwPBz+WlzO+e
9pNItbt3jLZg6NnrYwou8aRsbx7gpQew4F2su2GvWI1LWWhaq4U8Ar4fdqGISR3L
bnYCdeJTRPhZVkBLSQ1hyAh47KEDqF8IMgt6TlZvwKmK5CqHqwavRctGcse1qX4B
3V5jqWMugg==
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:17:26 2024 by rpki-client on console-ams.rpki-client.org