Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/y6zfrEDUrPLtL5-hDzN9cdO0UwM.roa
File:                     y6zfrEDUrPLtL5-hDzN9cdO0UwM.roa (raw, json)
Hash identifier:          mfP+77Te90BjbP7rmnyzdoS4rAjXtxVW5bkk6JAWHvs=
Subject key identifier:   CB:AC:DF:AC:40:D4:AC:F2:ED:2F:9F:A1:0F:33:7D:71:D3:B4:53:03
Certificate issuer:       /CN=e6f1dedaf4dbda60da990d685650e68c888c6100
Certificate serial:       018CCA2A52FC0D066FF5F663B201EB1EC87A
Authority key identifier: E6:F1:DE:DA:F4:DB:DA:60:DA:99:0D:68:56:50:E6:8C:88:8C:61:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5vHe2vTb2mDamQ1oVlDmjIiMYQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/y6zfrEDUrPLtL5-hDzN9cdO0UwM.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.204.94.0/24 maxlen: 24
                          185.230.228.0/24 maxlen: 24
                          185.204.93.0/24 maxlen: 24
                          185.204.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/5vHe2vTb2mDamQ1oVlDmjIiMYQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/5vHe2vTb2mDamQ1oVlDmjIiMYQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5vHe2vTb2mDamQ1oVlDmjIiMYQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:52:fc:0d:06:6f:f5:f6:63:b2:01:eb:1e:c8:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6f1dedaf4dbda60da990d685650e68c888c6100
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbacdfac40d4acf2ed2f9fa10f337d71d3b45303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5f:d8:ec:91:63:2f:7a:21:97:0a:6a:e4:09:
                    6e:7a:d7:c2:fb:6c:e8:5e:c8:2e:a9:81:1e:18:7e:
                    de:2b:f4:d2:ea:86:ad:d0:37:52:f1:64:09:07:93:
                    4e:5a:14:ec:0b:49:c7:8c:e5:59:08:87:b4:71:21:
                    aa:72:80:a0:4d:d9:67:d2:98:af:5f:8c:64:50:65:
                    a2:0c:80:59:83:77:a4:8d:8d:de:d3:99:b8:29:0f:
                    54:0b:15:a1:8b:fb:41:9d:16:c0:f7:bc:7c:2c:ce:
                    72:a5:25:ad:b3:6b:c1:d5:3a:ce:15:9a:dc:cf:d9:
                    19:6b:c4:2e:44:a6:22:3d:91:57:d9:98:da:41:39:
                    1e:24:05:a5:4c:65:ab:b3:20:b6:68:f2:66:94:ba:
                    b0:da:37:5d:c3:a1:5b:a2:26:41:86:07:b4:54:25:
                    83:9b:b5:18:21:10:e2:aa:70:15:90:03:fa:e5:d8:
                    c2:83:c5:73:5c:62:c1:f9:34:e0:d1:1a:94:0b:c3:
                    85:d6:fc:09:2e:d3:67:bf:c9:08:61:fc:6b:c0:3e:
                    41:43:ff:2f:93:b4:db:80:f3:50:45:b0:de:91:c2:
                    45:03:af:6c:29:6d:4a:b8:29:59:ba:3a:12:de:2b:
                    09:ac:df:2c:a4:3f:9b:d9:7b:bd:89:13:a0:5e:ee:
                    b3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:AC:DF:AC:40:D4:AC:F2:ED:2F:9F:A1:0F:33:7D:71:D3:B4:53:03
            X509v3 Authority Key Identifier:
                keyid:E6:F1:DE:DA:F4:DB:DA:60:DA:99:0D:68:56:50:E6:8C:88:8C:61:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5vHe2vTb2mDamQ1oVlDmjIiMYQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/y6zfrEDUrPLtL5-hDzN9cdO0UwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/23ba46-fc7a-4b97-8b4f-231657829ef5/1/5vHe2vTb2mDamQ1oVlDmjIiMYQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.93.0-185.204.95.255
                  185.230.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:71:56:4c:a9:9d:75:0a:f3:ae:be:d0:29:5e:2f:c7:b0:52:
         d8:3d:fe:48:4a:5b:c0:45:ad:41:c7:b4:80:c3:9a:cd:ca:b5:
         02:45:3c:c4:6c:66:4d:df:cb:94:a4:e3:f1:c7:2b:27:84:ca:
         1c:78:d1:cd:61:12:38:18:fe:b5:69:40:a6:3a:60:cb:ab:ec:
         e6:e7:f2:24:da:7c:dc:b3:97:e3:92:96:63:cf:2f:99:1e:24:
         4e:a7:8a:5f:22:57:77:e7:d3:6f:cb:ac:63:ae:43:10:87:84:
         b7:27:ea:bf:d0:64:9e:70:ff:73:fa:53:79:47:06:53:c0:d5:
         56:f1:a5:74:ca:d0:32:1d:d3:c6:37:af:ca:1c:e1:52:6a:65:
         4f:61:95:e7:4e:90:d4:2c:5f:14:27:cd:f2:ea:32:e1:66:fe:
         bd:14:85:43:3f:a1:5e:e7:ea:f8:a4:60:8f:6d:e4:56:a4:18:
         24:17:f4:95:b3:e5:4b:e4:d0:73:d8:87:5f:59:f7:36:8d:ec:
         42:21:08:7e:59:bb:42:e2:5a:ce:10:f0:5b:63:69:1e:f4:83:
         8f:0f:ac:9b:d2:e3:3d:73:93:8f:c8:84:6f:92:ba:7d:8e:df:
         7f:0b:b4:82:1a:47:90:e3:73:ad:18:00:82:a1:76:97:54:42:
         e9:88:d8:f5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzKKlL8DQZv9fZjsgHrHsh6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZjFkZWRhZjRkYmRhNjBkYTk5MGQ2ODU2NTBlNjhjODg4
YzYxMDAwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmFjZGZhYzQwZDRhY2YyZWQyZjlmYTEwZjMzN2Q3MWQzYjQ1MzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgF/Y7JFjL3ohlwpq5AluetfC+2zo
XsguqYEeGH7eK/TS6oat0DdS8WQJB5NOWhTsC0nHjOVZCIe0cSGqcoCgTdln0piv
X4xkUGWiDIBZg3ekjY3e05m4KQ9UCxWhi/tBnRbA97x8LM5ypSWts2vB1TrOFZrc
z9kZa8QuRKYiPZFX2ZjaQTkeJAWlTGWrsyC2aPJmlLqw2jddw6FboiZBhge0VCWD
m7UYIRDiqnAVkAP65djCg8VzXGLB+TTg0RqUC8OF1vwJLtNnv8kIYfxrwD5BQ/8v
k7TbgPNQRbDekcJFA69sKW1KuClZujoS3isJrN8spD+b2Xu9iROgXu6zQQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMus36xA1Kzy7S+foQ8zfXHTtFMDMB8GA1UdIwQY
MBaAFObx3tr029pg2pkNaFZQ5oyIjGEAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXZIZTJ2VGIybURhbVExb1ZsRG1qSWlNWVFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8yM2JhNDYtZmM3YS00Yjk3LThiNGYt
MjMxNjU3ODI5ZWY1LzEveTZ6ZnJFRFVyUEx0TDUtaER6TjljZE8wVXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8yM2JhNDYtZmM3YS00Yjk3LThiNGYtMjMxNjU3ODI5ZWY1
LzEvNXZIZTJ2VGIybURhbVExb1ZsRG1qSWlNWVFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAC5zF0D
BAW5zEADBAC55uQwDQYJKoZIhvcNAQELBQADggEBAHRxVkypnXUK866+0CleL8ew
Utg9/khKW8BFrUHHtIDDms3KtQJFPMRsZk3fy5Sk4/HHKyeEyhx40c1hEjgY/rVp
QKY6YMur7Obn8iTafNyzl+OSlmPPL5keJE6nil8iV3fn02/LrGOuQxCHhLcn6r/Q
ZJ5w/3P6U3lHBlPA1VbxpXTK0DId08Y3r8oc4VJqZU9hledOkNQsXxQnzfLqMuFm
/r0UhUM/oV7n6vikYI9t5FakGCQX9JWz5Uvk0HPYh19Z9zaN7EIhCH5Zu0LiWs4Q
8FtjaR70g48PrJvS4z1zk4/IhG+Sun2O338LtIIaR5Djc60YAIKhdpdUQumI2PU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:31:39 2024 by rpki-client on console-ams.rpki-client.org