Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/2G-mcwympmeV9R0HtLZKjSo-98Y.roa
File:                     2G-mcwympmeV9R0HtLZKjSo-98Y.roa (raw, json)
Hash identifier:          2H2CCbnQn8E29HNCBc4H8oHMnfluZP5SBXZklruMcdk=
Subject key identifier:   D8:6F:A6:73:0C:A6:A6:67:95:F5:1D:07:B4:B6:4A:8D:2A:3E:F7:C6
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018EB2AAFD42B9536954E08CEA0308CA36DF
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/2G-mcwympmeV9R0HtLZKjSo-98Y.roa
Signing time:             Sat 06 Apr 2024 09:08:54 +0000
ROA not before:           Sat 06 Apr 2024 09:08:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52423
IP address blocks:        185.184.141.0/24 maxlen: 32
                          185.185.248.0/24 maxlen: 24
                          185.185.249.0/24 maxlen: 24
                          185.190.80.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b2:aa:fd:42:b9:53:69:54:e0:8c:ea:03:08:ca:36:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Apr  6 09:08:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d86fa6730ca6a66795f51d07b4b64a8d2a3ef7c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c8:bc:da:a8:00:e4:22:42:a4:df:69:58:1c:
                    36:b9:2b:1e:07:e2:b3:ea:8a:cb:aa:55:18:bb:2e:
                    99:ad:3e:a1:c6:6b:fa:97:b1:13:b8:97:d2:6d:41:
                    70:a8:55:54:93:88:42:b6:e6:ce:1a:69:4e:b5:dc:
                    95:d9:1d:b8:00:25:b9:a9:dc:ff:b8:5c:c7:5d:c4:
                    c9:f0:76:3d:d0:34:74:a3:ca:98:8a:0d:94:04:c6:
                    b1:1d:34:a7:6c:99:79:38:13:1f:7f:cb:0b:e1:aa:
                    c5:f1:93:1e:b0:f9:0c:0d:e7:32:86:87:3c:09:ac:
                    0c:bf:ec:7d:62:3c:7f:53:6e:49:61:b9:22:4d:32:
                    3b:86:98:ca:96:33:32:07:5e:a9:29:9b:3d:6c:e6:
                    dd:33:43:0e:08:95:97:d4:21:98:75:ca:b5:c9:de:
                    0c:f9:ec:fa:59:81:ff:ce:72:04:26:b5:15:6b:fa:
                    a9:13:f9:a5:fb:64:a1:11:9f:b4:db:33:01:c1:b7:
                    f9:7c:2f:66:5a:04:22:c7:41:81:0c:29:d6:ac:ea:
                    a5:bd:3d:1c:6d:0d:19:3f:cd:2c:82:80:01:50:69:
                    de:45:1b:b7:8a:74:56:e1:fe:1d:d6:39:d7:e5:d1:
                    f6:b4:5c:2a:fa:bf:54:5b:ed:af:c1:fa:b8:81:25:
                    d9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:6F:A6:73:0C:A6:A6:67:95:F5:1D:07:B4:B6:4A:8D:2A:3E:F7:C6
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/2G-mcwympmeV9R0HtLZKjSo-98Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.141.0/24
                  185.185.248.0/23
                  185.190.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:3b:12:e4:b0:f9:50:7e:57:55:19:16:b4:93:60:0c:60:02:
         cb:19:2e:55:24:43:09:23:3d:3a:08:a2:42:11:21:0d:92:6e:
         47:87:87:41:9d:46:76:6b:43:7d:ad:5f:85:66:e0:38:d8:9f:
         9e:89:c8:1f:a2:9a:42:1f:99:74:3e:f0:30:c1:72:7d:c5:37:
         93:39:31:ee:10:08:54:86:7c:f0:b1:64:23:b6:44:59:b0:e5:
         84:bb:86:68:62:e4:4c:a4:89:19:ca:d0:80:6e:fc:8f:cd:0b:
         a0:a8:2a:47:51:8c:2a:34:d0:02:63:44:7d:18:f0:16:cf:38:
         f4:8d:7f:84:8c:65:e6:4c:44:8c:6a:7e:44:1f:ec:c0:b2:88:
         0d:d7:f0:18:1e:44:64:8d:17:ea:24:4b:df:6a:8b:ae:5f:9a:
         06:97:7e:66:d3:8a:f3:ae:08:d7:ac:04:ea:31:2c:8f:4c:9a:
         b8:64:23:9b:91:4e:d2:47:f2:bf:df:be:2d:d7:c2:04:ec:a2:
         84:76:34:2e:ae:c8:fb:73:d3:c6:59:54:b5:8a:40:e4:57:6b:
         96:55:c6:96:d3:73:45:59:86:81:31:5e:db:73:d1:ea:8b:60:
         4a:a1:ff:d2:d2:0d:49:f4:b2:0a:35:44:52:d7:fb:17:1c:b6:
         ec:92:45:23
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6yqv1CuVNpVOCM6gMIyjbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwNDA2MDkwODU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODZmYTY3MzBjYTZhNjY3OTVmNTFkMDdiNGI2NGE4ZDJhM2VmN2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsi82qgA5CJCpN9pWBw2uSseB+Kz
6orLqlUYuy6ZrT6hxmv6l7ETuJfSbUFwqFVUk4hCtubOGmlOtdyV2R24ACW5qdz/
uFzHXcTJ8HY90DR0o8qYig2UBMaxHTSnbJl5OBMff8sL4arF8ZMesPkMDecyhoc8
CawMv+x9Yjx/U25JYbkiTTI7hpjKljMyB16pKZs9bObdM0MOCJWX1CGYdcq1yd4M
+ez6WYH/znIEJrUVa/qpE/ml+2ShEZ+02zMBwbf5fC9mWgQix0GBDCnWrOqlvT0c
bQ0ZP80sgoABUGneRRu3inRW4f4d1jnX5dH2tFwq+r9UW+2vwfq4gSXZ/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNhvpnMMpqZnlfUdB7S2So0qPvfGMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvMkctbWN3eW1wbWVWOVIwSHRMWktqU28tOThZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAubiNAwQB
ubn4AwQAub5QMA0GCSqGSIb3DQEBCwUAA4IBAQA2OxLksPlQfldVGRa0k2AMYALL
GS5VJEMJIz06CKJCESENkm5Hh4dBnUZ2a0N9rV+FZuA42J+eicgfoppCH5l0PvAw
wXJ9xTeTOTHuEAhUhnzwsWQjtkRZsOWEu4ZoYuRMpIkZytCAbvyPzQugqCpHUYwq
NNACY0R9GPAWzzj0jX+EjGXmTESMan5EH+zAsogN1/AYHkRkjRfqJEvfaouuX5oG
l35m04rzrgjXrATqMSyPTJq4ZCObkU7SR/K/374t18IE7KKEdjQursj7c9PGWVS1
ikDkV2uWVcaW03NFWYaBMV7bc9Hqi2BKof/S0g1J9LIKNURS1/sXHLbskkUj
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:50:13 2024 by rpki-client on console-fra.rpki-client.org