Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/zI4FpdIghtPCZyOnqG0wx03B6uE.roa
File:                     zI4FpdIghtPCZyOnqG0wx03B6uE.roa (raw, json)
Hash identifier:          tuKRfX4LXd/ZcZQ09EzOh/eWKFCz3S2F6Cx8w9PCC+c=
Subject key identifier:   CC:8E:05:A5:D2:20:86:D3:C2:67:23:A7:A8:6D:30:C7:4D:C1:EA:E1
Certificate issuer:       /CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
Certificate serial:       018CC94DC883EE68D675F4532D5D22553EFB
Authority key identifier: 80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/zI4FpdIghtPCZyOnqG0wx03B6uE.roa
Signing time:             Tue 02 Jan 2024 08:32:47 +0000
ROA not before:           Tue 02 Jan 2024 08:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50297
IP address blocks:        193.200.209.0/24 maxlen: 24
                          185.110.132.0/24 maxlen: 24
                          2a06:5600:28f8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:c8:83:ee:68:d6:75:f4:53:2d:5d:22:55:3e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80bd00829536d47745f47da9d1a8a72f6dd462d4
        Validity
            Not Before: Jan  2 08:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc8e05a5d22086d3c26723a7a86d30c74dc1eae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:44:36:3d:64:53:c5:86:d5:00:3a:5c:d6:68:
                    41:58:2a:56:f0:8f:8a:64:13:6c:b6:2b:54:8e:8c:
                    5e:04:44:aa:d3:6a:01:99:22:95:89:3f:34:49:ff:
                    5b:5d:ef:c4:9e:9b:de:ca:69:06:a4:ed:9e:98:43:
                    82:de:2f:9d:35:23:71:db:27:9f:32:cd:87:f3:58:
                    ef:75:1c:2e:b9:d0:bb:05:f1:c3:6d:be:47:50:31:
                    ff:41:05:89:d2:39:ba:52:96:b5:c7:c7:c4:4c:ec:
                    6b:9b:56:54:a5:fb:e2:59:d3:83:30:5f:4f:2b:b3:
                    44:bc:40:96:b8:2c:6c:5b:b4:bd:51:a9:d5:9b:5d:
                    b1:2f:50:17:87:6e:e1:5f:80:31:3b:5b:7a:72:ae:
                    42:a9:fc:d0:29:6a:de:be:cb:51:b9:33:90:fb:83:
                    35:0f:d0:17:ae:b4:93:26:9c:ee:3e:83:01:87:62:
                    18:5e:78:25:62:ea:51:74:37:67:89:1d:71:6b:2d:
                    55:69:d0:0b:f7:4a:c5:52:fe:5c:bc:a8:66:d4:a7:
                    a5:c8:ef:f8:bd:9c:bf:6b:24:3b:9e:c9:83:fe:f0:
                    d6:f5:97:ca:e2:90:84:09:cc:02:6f:4b:2c:0e:f5:
                    fc:8d:19:b8:b8:d4:50:06:49:0f:45:62:5e:f9:73:
                    2b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:8E:05:A5:D2:20:86:D3:C2:67:23:A7:A8:6D:30:C7:4D:C1:EA:E1
            X509v3 Authority Key Identifier:
                keyid:80:BD:00:82:95:36:D4:77:45:F4:7D:A9:D1:A8:A7:2F:6D:D4:62:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gL0AgpU21HdF9H2p0ainL23UYtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/zI4FpdIghtPCZyOnqG0wx03B6uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/64e19f-fe54-42cd-8923-09b9920fe00f/1/gL0AgpU21HdF9H2p0ainL23UYtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.132.0/24
                  193.200.209.0/24
                IPv6:
                  2a06:5600:28f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:dc:0b:9e:49:93:fa:96:c2:d7:e6:27:8c:ad:25:9d:3d:94:
         33:93:18:cc:8c:10:f4:44:dc:a4:3e:17:8d:69:0f:01:8c:77:
         54:b2:77:bf:d3:4c:0a:97:65:8e:8b:44:a0:a2:44:ae:87:08:
         6a:0c:a0:c8:04:31:da:86:5d:b6:a5:ad:c6:36:03:fc:0d:71:
         ec:e1:e3:7c:29:b3:c3:af:55:6d:0e:ca:86:87:98:f0:f2:5f:
         af:f5:5b:5d:86:da:16:89:f9:6c:7f:e5:b9:b2:8d:bd:d0:5e:
         f4:39:54:89:9f:51:c9:7c:72:28:64:01:bc:d8:ea:27:56:a2:
         19:6a:9d:8e:e9:9c:98:4c:a4:9c:8b:de:60:10:41:1c:e4:db:
         55:24:6e:fb:84:ac:4d:5c:bd:35:18:a6:af:51:60:08:09:cc:
         3a:a4:5d:de:9d:b1:4b:1c:76:59:fd:e5:5c:d0:ab:f6:30:ff:
         2a:97:7e:c3:b2:df:de:18:e3:22:ad:f0:d0:07:a6:44:28:de:
         cc:a0:71:c9:c7:ba:2c:95:6f:c8:f0:eb:10:bc:d9:95:f1:7f:
         d3:53:08:46:32:ef:34:9c:5e:8f:fe:7e:45:ca:96:cb:77:93:
         1c:6b:9d:d4:d4:3b:37:38:e9:16:e5:de:9b:1d:96:e0:1f:ca:
         fd:b6:6f:8c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJTciD7mjWdfRTLV0iVT77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYmQwMDgyOTUzNmQ0Nzc0NWY0N2RhOWQxYThhNzJmNmRk
NDYyZDQwHhcNMjQwMTAyMDgzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzhlMDVhNWQyMjA4NmQzYzI2NzIzYTdhODZkMzBjNzRkYzFlYWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0Q2PWRTxYbVADpc1mhBWCpW8I+K
ZBNstitUjoxeBESq02oBmSKViT80Sf9bXe/EnpveymkGpO2emEOC3i+dNSNx2yef
Ms2H81jvdRwuudC7BfHDbb5HUDH/QQWJ0jm6Upa1x8fETOxrm1ZUpfviWdODMF9P
K7NEvECWuCxsW7S9UanVm12xL1AXh27hX4AxO1t6cq5CqfzQKWrevstRuTOQ+4M1
D9AXrrSTJpzuPoMBh2IYXnglYupRdDdniR1xay1VadAL90rFUv5cvKhm1KelyO/4
vZy/ayQ7nsmD/vDW9ZfK4pCECcwCb0ssDvX8jRm4uNRQBkkPRWJe+XMrJwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMyOBaXSIIbTwmcjp6htMMdNwerhMB8GA1UdIwQY
MBaAFIC9AIKVNtR3RfR9qdGopy9t1GLUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMt
MDliOTkyMGZlMDBmLzEvekk0RnBkSWdodFBDWnlPbnFHMHd4MDNCNnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi82NGUxOWYtZmU1NC00MmNkLTg5MjMtMDliOTkyMGZlMDBm
LzEvZ0wwQWdwVTIxSGRGOUgycDBhaW5MMjNVWXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAuW6EAwQA
wcjRMA8EAgACMAkDBwAqBlYAKPgwDQYJKoZIhvcNAQELBQADggEBAIDcC55Jk/qW
wtfmJ4ytJZ09lDOTGMyMEPRE3KQ+F41pDwGMd1Syd7/TTAqXZY6LRKCiRK6HCGoM
oMgEMdqGXbalrcY2A/wNcezh43wps8OvVW0OyoaHmPDyX6/1W12G2haJ+Wx/5bmy
jb3QXvQ5VImfUcl8cihkAbzY6idWohlqnY7pnJhMpJyL3mAQQRzk21UkbvuErE1c
vTUYpq9RYAgJzDqkXd6dsUscdln95VzQq/Yw/yqXfsOy394Y4yKt8NAHpkQo3syg
ccnHuiyVb8jw6xC82ZXxf9NTCEYy7zScXo/+fkXKlst3kxxrndTUOzc46Rbl3psd
luAfyv22b4w=
-----END CERTIFICATE-----
Generated at Sat Jun 15 22:08:36 2024 by rpki-client on console-ams.rpki-client.org