Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/8025f6-5f38-4ddf-917d-114c2400c3e3/1/uMp_k9xme0qw6ytCac0aA-7uiU8.roa
File:                     uMp_k9xme0qw6ytCac0aA-7uiU8.roa (raw, json)
Hash identifier:          qimA/hfK4U6sXbETL1VCDaUdYg8NuKJSd+g4tb0f3gg=
Subject key identifier:   B8:CA:7F:93:DC:66:7B:4A:B0:EB:2B:42:69:CD:1A:03:EE:EE:89:4F
Certificate issuer:       /CN=11d47912efd409a46f7cd42741804c7d4f5e1ad5
Certificate serial:       018CCA99849336102A042A9AA3D8BF37473B
Authority key identifier: 11:D4:79:12:EF:D4:09:A4:6F:7C:D4:27:41:80:4C:7D:4F:5E:1A:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EdR5Eu_UCaRvfNQnQYBMfU9eGtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/8025f6-5f38-4ddf-917d-114c2400c3e3/1/uMp_k9xme0qw6ytCac0aA-7uiU8.roa
Signing time:             Tue 02 Jan 2024 14:35:07 +0000
ROA not before:           Tue 02 Jan 2024 14:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.109.134.0/24 maxlen: 24
                          129.70.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/8025f6-5f38-4ddf-917d-114c2400c3e3/1/EdR5Eu_UCaRvfNQnQYBMfU9eGtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/8025f6-5f38-4ddf-917d-114c2400c3e3/1/EdR5Eu_UCaRvfNQnQYBMfU9eGtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EdR5Eu_UCaRvfNQnQYBMfU9eGtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:84:93:36:10:2a:04:2a:9a:a3:d8:bf:37:47:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11d47912efd409a46f7cd42741804c7d4f5e1ad5
        Validity
            Not Before: Jan  2 14:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8ca7f93dc667b4ab0eb2b4269cd1a03eeee894f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:55:bc:8a:ae:a1:95:91:10:26:14:2e:0b:54:
                    3e:51:f8:22:d9:38:48:f8:15:83:6c:e8:4f:a2:06:
                    65:a5:09:1d:ed:8f:9e:10:09:6a:eb:80:9f:9e:a9:
                    26:f4:33:5b:5a:0a:6a:23:74:ab:83:43:0e:f4:a6:
                    6b:8e:58:94:f5:5e:2a:97:c8:4d:19:e6:55:a1:c2:
                    af:92:49:ff:ee:4d:c8:72:c6:14:e8:c4:6f:bd:e1:
                    96:94:d6:68:1d:d7:f3:63:3d:3b:e6:40:c8:cd:b8:
                    b2:c9:b4:25:92:7a:dc:98:7b:ae:bb:bf:5c:92:57:
                    cd:aa:f0:74:cb:25:1a:f4:06:cc:eb:77:8d:a4:b5:
                    2c:67:70:20:a9:98:d1:91:cf:c1:27:a0:ea:71:f0:
                    75:31:00:b8:d5:a4:bd:5c:01:e1:57:a9:64:8f:eb:
                    c8:eb:da:a1:02:94:9e:ed:b9:8e:a4:d1:87:14:f5:
                    55:fd:7d:7b:c7:d9:61:4c:84:65:f1:8e:7a:bd:8f:
                    12:7a:64:a8:30:c6:4a:0a:08:40:6f:67:f7:15:d6:
                    b0:c7:d8:2a:50:9d:90:c6:16:7c:5d:f3:9f:ef:9f:
                    27:0f:84:4c:d9:04:43:51:12:9c:21:10:35:c2:86:
                    95:85:41:d7:80:3d:1c:f2:13:83:97:fb:b6:ea:ae:
                    a3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:CA:7F:93:DC:66:7B:4A:B0:EB:2B:42:69:CD:1A:03:EE:EE:89:4F
            X509v3 Authority Key Identifier:
                keyid:11:D4:79:12:EF:D4:09:A4:6F:7C:D4:27:41:80:4C:7D:4F:5E:1A:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EdR5Eu_UCaRvfNQnQYBMfU9eGtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/8025f6-5f38-4ddf-917d-114c2400c3e3/1/uMp_k9xme0qw6ytCac0aA-7uiU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/8025f6-5f38-4ddf-917d-114c2400c3e3/1/EdR5Eu_UCaRvfNQnQYBMfU9eGtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.70.0.0/16
                  192.109.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:d7:59:ab:32:6e:a1:99:2b:60:52:6a:d9:80:db:7f:f6:1a:
         2a:f0:59:41:c2:d4:37:3a:5a:8d:6e:99:ed:86:63:72:37:f4:
         1d:1b:78:a9:cd:a2:67:d8:35:74:54:16:d1:05:3a:47:83:87:
         ca:38:9e:6f:bf:82:7f:3c:26:d8:70:f4:44:50:11:8f:ad:31:
         aa:5d:6d:b6:37:a4:67:33:8c:2b:97:a2:d8:ea:05:4c:0a:b5:
         91:3b:bd:91:40:f7:36:45:12:70:6a:de:33:3a:cc:f3:12:b5:
         48:df:e6:3a:08:4c:7b:af:ba:23:57:93:72:ce:24:5b:a9:f8:
         5f:93:76:6b:58:8e:4f:9f:1d:07:9d:fe:e9:47:f9:02:a4:1a:
         ad:31:dc:4d:2b:3a:eb:6b:cb:27:12:6f:a9:1d:48:7c:66:d3:
         e2:33:23:1e:1a:b0:9a:1a:ab:8e:da:47:a9:96:aa:6f:34:9f:
         e4:9f:80:93:46:31:ca:49:00:1d:92:53:48:fa:c6:92:0a:94:
         9d:ab:99:1c:69:aa:a6:c3:6e:32:9d:c2:77:bb:59:e1:68:ae:
         be:29:81:2e:13:5e:3f:ae:95:78:0f:62:d6:b6:b4:d1:b7:23:
         a3:bd:d8:96:af:2b:1a:25:d1:eb:85:99:8e:52:e8:ea:86:7f:
         78:80:18:fa
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzKmYSTNhAqBCqao9i/N0c7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZDQ3OTEyZWZkNDA5YTQ2ZjdjZDQyNzQxODA0YzdkNGY1
ZTFhZDUwHhcNMjQwMTAyMTQzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGNhN2Y5M2RjNjY3YjRhYjBlYjJiNDI2OWNkMWEwM2VlZWU4OTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVW8iq6hlZEQJhQuC1Q+Ufgi2ThI
+BWDbOhPogZlpQkd7Y+eEAlq64Cfnqkm9DNbWgpqI3Srg0MO9KZrjliU9V4ql8hN
GeZVocKvkkn/7k3IcsYU6MRvveGWlNZoHdfzYz075kDIzbiyybQlknrcmHuuu79c
klfNqvB0yyUa9AbM63eNpLUsZ3AgqZjRkc/BJ6DqcfB1MQC41aS9XAHhV6lkj+vI
69qhApSe7bmOpNGHFPVV/X17x9lhTIRl8Y56vY8SemSoMMZKCghAb2f3Fdawx9gq
UJ2QxhZ8XfOf758nD4RM2QRDURKcIRA1woaVhUHXgD0c8hODl/u26q6jqwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFLjKf5PcZntKsOsrQmnNGgPu7olPMB8GA1UdIwQY
MBaAFBHUeRLv1Amkb3zUJ0GATH1PXhrVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWRSNUV1X1VDYVJ2Zk5RblFZQk1mVTllR3RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi84MDI1ZjYtNWYzOC00ZGRmLTkxN2Qt
MTE0YzI0MDBjM2UzLzEvdU1wX2s5eG1lMHF3Nnl0Q2FjMGFBLTd1aVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi84MDI1ZjYtNWYzOC00ZGRmLTkxN2QtMTE0YzI0MDBjM2Uz
LzEvRWRSNUV1X1VDYVJ2Zk5RblFZQk1mVTllR3RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAgUYDBADA
bYYwDQYJKoZIhvcNAQELBQADggEBAEzXWasybqGZK2BSatmA23/2GirwWUHC1Dc6
Wo1ume2GY3I39B0beKnNomfYNXRUFtEFOkeDh8o4nm+/gn88Jthw9ERQEY+tMapd
bbY3pGczjCuXotjqBUwKtZE7vZFA9zZFEnBq3jM6zPMStUjf5joITHuvuiNXk3LO
JFup+F+TdmtYjk+fHQed/ulH+QKkGq0x3E0rOutryycSb6kdSHxm0+IzIx4asJoa
q47aR6mWqm80n+SfgJNGMcpJAB2SU0j6xpIKlJ2rmRxpqqbDbjKdwne7WeForr4p
gS4TXj+ulXgPYta2tNG3I6O92JavKxol0euFmY5S6OqGf3iAGPo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:27:12 2024 by rpki-client on console-ams.rpki-client.org