Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/b756b4-ce41-41b5-a1d9-bb4d242ed2cd/1/ubrpNyOqfpStT4lX95km-4Fa0bM.roa
File:                     ubrpNyOqfpStT4lX95km-4Fa0bM.roa (raw, json)
Hash identifier:          dNH8pPKS+KuTvkeaglhgCryCrTgexBRRLzoLJOVL+Jc=
Subject key identifier:   B9:BA:E9:37:23:AA:7E:94:AD:4F:89:57:F7:99:26:FB:81:5A:D1:B3
Certificate issuer:       /CN=c9b051e8e68149b66044e7de4ae59d736e537aaa
Certificate serial:       018CE2F5B99D928DE5BDDC6183780EDCA89C
Authority key identifier: C9:B0:51:E8:E6:81:49:B6:60:44:E7:DE:4A:E5:9D:73:6E:53:7A:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ybBR6OaBSbZgROfeSuWdc25Teqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/b756b4-ce41-41b5-a1d9-bb4d242ed2cd/1/ubrpNyOqfpStT4lX95km-4Fa0bM.roa
Signing time:             Sun 07 Jan 2024 08:06:43 +0000
ROA not before:           Sun 07 Jan 2024 08:06:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201145
IP address blocks:        185.75.97.0/24 maxlen: 24
                          185.75.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/b756b4-ce41-41b5-a1d9-bb4d242ed2cd/1/ybBR6OaBSbZgROfeSuWdc25Teqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/b756b4-ce41-41b5-a1d9-bb4d242ed2cd/1/ybBR6OaBSbZgROfeSuWdc25Teqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ybBR6OaBSbZgROfeSuWdc25Teqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e2:f5:b9:9d:92:8d:e5:bd:dc:61:83:78:0e:dc:a8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9b051e8e68149b66044e7de4ae59d736e537aaa
        Validity
            Not Before: Jan  7 08:06:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9bae93723aa7e94ad4f8957f79926fb815ad1b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:87:0c:e2:41:d7:7d:1e:43:e4:a7:e8:d5:1a:
                    e1:50:59:4a:84:36:3f:77:7b:c9:ce:af:cd:a9:b7:
                    99:81:d5:b7:ed:89:b3:dd:b2:f1:6c:b5:6a:b6:07:
                    55:a8:3d:aa:ef:58:1d:1c:c7:94:46:45:1a:a9:e8:
                    81:81:6f:58:af:73:1c:9b:36:cc:3f:fd:0b:95:2f:
                    3a:b0:5f:6c:99:bd:b8:fb:35:92:05:ad:f2:32:18:
                    12:c0:22:11:75:51:a0:7a:0a:13:4a:a1:4a:2c:2e:
                    67:fb:32:79:63:b8:89:00:e5:bd:f6:40:d7:3c:f7:
                    bf:7a:65:3a:b1:2e:fe:e6:fb:8b:1e:ad:1e:fc:29:
                    80:89:35:de:5f:30:3f:90:95:f2:fe:e8:0f:35:fa:
                    79:ab:c3:be:f0:6e:ed:08:5b:c2:ab:45:80:4b:87:
                    9b:4b:0f:69:e3:1e:b7:1e:9d:11:b1:37:cd:2a:71:
                    70:7f:18:05:8c:46:1a:08:17:f3:12:96:09:a1:c6:
                    26:a9:88:04:29:02:ff:10:0d:da:2e:7f:9c:62:39:
                    b1:0b:c7:ff:df:95:d7:ea:64:18:2e:da:31:bc:d7:
                    b2:68:a0:9e:ad:5b:10:0f:ae:f5:ea:6b:de:c1:9f:
                    bf:04:22:45:62:75:95:f9:79:ae:b1:53:e2:80:3a:
                    45:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:BA:E9:37:23:AA:7E:94:AD:4F:89:57:F7:99:26:FB:81:5A:D1:B3
            X509v3 Authority Key Identifier:
                keyid:C9:B0:51:E8:E6:81:49:B6:60:44:E7:DE:4A:E5:9D:73:6E:53:7A:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ybBR6OaBSbZgROfeSuWdc25Teqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/b756b4-ce41-41b5-a1d9-bb4d242ed2cd/1/ubrpNyOqfpStT4lX95km-4Fa0bM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/b756b4-ce41-41b5-a1d9-bb4d242ed2cd/1/ybBR6OaBSbZgROfeSuWdc25Teqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.97.0-185.75.98.255

    Signature Algorithm: sha256WithRSAEncryption
         b2:b2:ba:1a:bc:b0:27:50:b1:2d:1d:60:3f:8a:9f:50:04:16:
         d5:6f:3a:75:00:7f:00:f4:54:88:87:70:14:43:24:71:39:74:
         8b:fe:9e:0d:53:4f:34:fc:28:9a:88:4c:1e:bf:93:4d:bd:ce:
         62:ac:fe:bd:eb:31:39:24:46:b7:d1:5a:10:1a:6b:35:14:38:
         b5:09:02:0e:01:53:f8:50:aa:37:6a:ef:72:4d:3c:68:20:e5:
         a7:20:ab:e8:e3:83:53:ee:7d:ae:77:d7:f5:c8:7d:23:ed:59:
         1b:a7:62:9c:00:69:da:7a:73:87:27:d1:ed:5f:24:e4:d6:22:
         e8:12:b4:9e:ab:6e:73:54:fa:db:5c:8c:38:bc:c1:75:96:1c:
         41:d9:ea:b4:96:58:3a:e1:60:da:8f:d0:2d:ef:bc:9d:36:ce:
         a6:f0:31:ae:e2:65:2b:8b:9c:18:bc:44:6b:43:5e:16:09:cf:
         d2:11:03:dd:89:a5:7d:40:d4:f9:37:5b:87:fb:64:f2:d9:32:
         53:eb:68:78:5a:06:cb:59:0e:6e:6d:af:d2:6c:61:a0:cd:b9:
         ec:7d:fa:24:8a:06:25:9b:e5:11:34:8a:30:ce:9b:6d:c0:59:
         75:a2:8a:e7:05:dd:08:94:88:c5:93:82:d1:b1:74:10:e9:ce:
         4d:98:0f:c5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzi9bmdko3lvdxhg3gO3KicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YjA1MWU4ZTY4MTQ5YjY2MDQ0ZTdkZTRhZTU5ZDczNmU1
MzdhYWEwHhcNMjQwMTA3MDgwNjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWJhZTkzNzIzYWE3ZTk0YWQ0Zjg5NTdmNzk5MjZmYjgxNWFkMWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgocM4kHXfR5D5Kfo1RrhUFlKhDY/
d3vJzq/NqbeZgdW37Ymz3bLxbLVqtgdVqD2q71gdHMeURkUaqeiBgW9Yr3McmzbM
P/0LlS86sF9smb24+zWSBa3yMhgSwCIRdVGgegoTSqFKLC5n+zJ5Y7iJAOW99kDX
PPe/emU6sS7+5vuLHq0e/CmAiTXeXzA/kJXy/ugPNfp5q8O+8G7tCFvCq0WAS4eb
Sw9p4x63Hp0RsTfNKnFwfxgFjEYaCBfzEpYJocYmqYgEKQL/EA3aLn+cYjmxC8f/
35XX6mQYLtoxvNeyaKCerVsQD6716mvewZ+/BCJFYnWV+XmusVPigDpF/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLm66Tcjqn6UrU+JV/eZJvuBWtGzMB8GA1UdIwQY
MBaAFMmwUejmgUm2YETn3krlnXNuU3qqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWJCUjZPYUJTYlpnUk9mZVN1V2RjMjVUZXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9iNzU2YjQtY2U0MS00MWI1LWExZDkt
YmI0ZDI0MmVkMmNkLzEvdWJycE55T3FmcFN0VDRsWDk1a20tNEZhMGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9iNzU2YjQtY2U0MS00MWI1LWExZDktYmI0ZDI0MmVkMmNk
LzEveWJCUjZPYUJTYlpnUk9mZVN1V2RjMjVUZXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5S2ED
BAC5S2IwDQYJKoZIhvcNAQELBQADggEBALKyuhq8sCdQsS0dYD+Kn1AEFtVvOnUA
fwD0VIiHcBRDJHE5dIv+ng1TTzT8KJqITB6/k029zmKs/r3rMTkkRrfRWhAaazUU
OLUJAg4BU/hQqjdq73JNPGgg5acgq+jjg1Pufa531/XIfSPtWRunYpwAadp6c4cn
0e1fJOTWIugStJ6rbnNU+ttcjDi8wXWWHEHZ6rSWWDrhYNqP0C3vvJ02zqbwMa7i
ZSuLnBi8RGtDXhYJz9IRA92JpX1A1Pk3W4f7ZPLZMlPraHhaBstZDm5tr9JsYaDN
uex9+iSKBiWb5RE0ijDOm23AWXWiiucF3QiUiMWTgtGxdBDpzk2YD8U=
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:53:25 2024 by rpki-client on console-ams.rpki-client.org