Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cc1ab9-febe-4422-8b32-92d94cd7b024/1/1OYBomsjCdV2FP2O5QRkkqfHx4E.roa
File:                     1OYBomsjCdV2FP2O5QRkkqfHx4E.roa (raw, json)
Hash identifier:          IhWRwZCTjwvyFqzHa8+IPQYMZJ2KaULxkc2eQ4xPrcQ=
Subject key identifier:   D4:E6:01:A2:6B:23:09:D5:76:14:FD:8E:E5:04:64:92:A7:C7:C7:81
Certificate issuer:       /CN=8cee8804ff70376e2afe21abf93e228d5afdd509
Certificate serial:       018CC870BC90A2B6787D11DE74DA1C8BCAD4
Authority key identifier: 8C:EE:88:04:FF:70:37:6E:2A:FE:21:AB:F9:3E:22:8D:5A:FD:D5:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jO6IBP9wN24q_iGr-T4ijVr91Qk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cc1ab9-febe-4422-8b32-92d94cd7b024/1/1OYBomsjCdV2FP2O5QRkkqfHx4E.roa
Signing time:             Tue 02 Jan 2024 04:31:20 +0000
ROA not before:           Tue 02 Jan 2024 04:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22351
IP address blocks:        185.244.14.0/23 maxlen: 23
                          185.244.12.0/23 maxlen: 23
                          80.73.212.0/22 maxlen: 22
                          80.73.208.0/22 maxlen: 22
                          80.73.216.0/24 maxlen: 24
                          80.73.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/cc1ab9-febe-4422-8b32-92d94cd7b024/1/jO6IBP9wN24q_iGr-T4ijVr91Qk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/cc1ab9-febe-4422-8b32-92d94cd7b024/1/jO6IBP9wN24q_iGr-T4ijVr91Qk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jO6IBP9wN24q_iGr-T4ijVr91Qk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:bc:90:a2:b6:78:7d:11:de:74:da:1c:8b:ca:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cee8804ff70376e2afe21abf93e228d5afdd509
        Validity
            Not Before: Jan  2 04:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4e601a26b2309d57614fd8ee5046492a7c7c781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:88:cc:d4:81:35:24:6a:5c:17:a3:e0:43:08:
                    ce:7a:f3:17:32:f1:65:8e:54:2f:57:4f:95:f7:ad:
                    7d:05:00:b0:39:3c:42:26:a8:e0:13:2b:c2:26:d6:
                    ee:8b:fc:7a:b7:4c:b9:3d:5b:bd:0f:8f:04:3b:c7:
                    00:8c:60:34:ab:7a:4f:34:b4:a8:3c:c8:9b:b9:ab:
                    54:6d:86:11:35:69:56:6e:de:fa:64:2e:2a:34:b7:
                    5a:64:98:62:fd:ef:97:19:d1:ad:a2:09:48:24:ad:
                    37:6f:0c:da:3e:60:f7:4b:8d:73:2e:66:63:19:c4:
                    6a:5f:3f:eb:c2:e2:e5:b0:b9:c5:86:80:64:db:28:
                    7e:ce:8a:a5:c8:19:42:5a:a8:5f:ec:0e:99:29:8f:
                    e6:a6:e8:e6:df:3b:fd:a6:d3:3d:60:32:02:c8:96:
                    0e:86:55:de:65:3b:35:4f:73:58:4d:8f:f8:c3:3d:
                    7f:33:e8:3a:b3:b1:9d:ce:3d:13:a5:c3:1a:80:24:
                    71:3e:0a:7e:2a:b0:00:81:a0:a8:b4:d7:36:75:a7:
                    5e:a8:a2:1a:bf:53:71:e7:04:2a:7d:30:ff:55:c3:
                    c8:b8:2a:d7:22:8a:1c:05:5f:16:fd:94:ba:09:ef:
                    3f:02:27:62:19:6d:e3:1e:8a:56:c6:59:85:c4:b4:
                    1f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:E6:01:A2:6B:23:09:D5:76:14:FD:8E:E5:04:64:92:A7:C7:C7:81
            X509v3 Authority Key Identifier:
                keyid:8C:EE:88:04:FF:70:37:6E:2A:FE:21:AB:F9:3E:22:8D:5A:FD:D5:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jO6IBP9wN24q_iGr-T4ijVr91Qk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc1ab9-febe-4422-8b32-92d94cd7b024/1/1OYBomsjCdV2FP2O5QRkkqfHx4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc1ab9-febe-4422-8b32-92d94cd7b024/1/jO6IBP9wN24q_iGr-T4ijVr91Qk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.73.208.0-80.73.217.255
                  185.244.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:67:81:21:e8:c3:4a:c0:c0:0a:84:0d:37:2d:fe:d1:f0:ae:
         71:ac:80:a8:5b:58:d1:53:03:a1:f4:dd:01:0e:44:2c:5b:60:
         3c:af:dc:e8:ac:96:76:a2:33:cc:e1:e3:d2:1d:21:5c:bb:de:
         22:50:b6:df:4c:af:98:3e:72:70:f5:e0:ee:48:08:29:43:5f:
         26:9b:17:7e:52:53:ac:d4:9b:fd:b8:78:44:46:ae:76:a5:b9:
         eb:3f:2c:9d:c9:db:ad:83:84:54:bc:ce:6d:48:1e:c0:7c:43:
         53:9c:18:e4:27:d7:86:d9:a4:76:84:a6:53:c0:f7:35:51:59:
         c5:8e:a5:ea:12:a4:20:31:e9:e4:a3:af:48:63:9e:7c:c6:a9:
         f6:bf:7a:73:7f:61:67:b6:34:8d:e1:d0:e3:96:fc:48:76:5f:
         7c:bf:65:08:25:54:69:02:40:c0:9a:ce:00:8b:30:5e:28:45:
         53:80:2d:0d:f1:3e:a5:91:77:1f:9d:e2:76:2e:6d:f9:f1:8d:
         d0:0d:35:1b:42:73:a8:bc:96:54:f4:13:fe:6b:c4:4c:a9:09:
         d7:47:b6:10:43:90:e6:f2:c1:c3:b8:22:ec:b8:bd:7a:8f:ad:
         dd:a8:9a:58:9f:49:57:01:0b:0d:14:02:72:2a:1c:e8:a0:6a:
         5a:08:9c:1c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzIcLyQorZ4fRHedNoci8rUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZWU4ODA0ZmY3MDM3NmUyYWZlMjFhYmY5M2UyMjhkNWFm
ZGQ1MDkwHhcNMjQwMTAyMDQzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGU2MDFhMjZiMjMwOWQ1NzYxNGZkOGVlNTA0NjQ5MmE3YzdjNzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxojM1IE1JGpcF6PgQwjOevMXMvFl
jlQvV0+V9619BQCwOTxCJqjgEyvCJtbui/x6t0y5PVu9D48EO8cAjGA0q3pPNLSo
PMibuatUbYYRNWlWbt76ZC4qNLdaZJhi/e+XGdGtoglIJK03bwzaPmD3S41zLmZj
GcRqXz/rwuLlsLnFhoBk2yh+zoqlyBlCWqhf7A6ZKY/mpujm3zv9ptM9YDICyJYO
hlXeZTs1T3NYTY/4wz1/M+g6s7Gdzj0TpcMagCRxPgp+KrAAgaCotNc2dadeqKIa
v1Nx5wQqfTD/VcPIuCrXIoocBV8W/ZS6Ce8/AidiGW3jHopWxlmFxLQfEQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNTmAaJrIwnVdhT9juUEZJKnx8eBMB8GA1UdIwQY
MBaAFIzuiAT/cDduKv4hq/k+Io1a/dUJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak82SUJQOXdOMjRxX2lHci1UNGlqVnI5MVFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jYzFhYjktZmViZS00NDIyLThiMzIt
OTJkOTRjZDdiMDI0LzEvMU9ZQm9tc2pDZFYyRlAyTzVRUmtrcWZIeDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jYzFhYjktZmViZS00NDIyLThiMzItOTJkOTRjZDdiMDI0
LzEvak82SUJQOXdOMjRxX2lHci1UNGlqVnI5MVFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBARQSdAD
BAFQSdgDBAK59AwwDQYJKoZIhvcNAQELBQADggEBAL9ngSHow0rAwAqEDTct/tHw
rnGsgKhbWNFTA6H03QEORCxbYDyv3OislnaiM8zh49IdIVy73iJQtt9Mr5g+cnD1
4O5ICClDXyabF35SU6zUm/24eERGrnalues/LJ3J262DhFS8zm1IHsB8Q1OcGOQn
14bZpHaEplPA9zVRWcWOpeoSpCAx6eSjr0hjnnzGqfa/enN/YWe2NI3h0OOW/Eh2
X3y/ZQglVGkCQMCazgCLMF4oRVOALQ3xPqWRdx+d4nYubfnxjdANNRtCc6i8llT0
E/5rxEypCddHthBDkObywcO4Iuy4vXqPrd2omlifSVcBCw0UAnIqHOigaloInBw=
-----END CERTIFICATE-----
Generated at Sat Jun 15 15:10:34 2024 by rpki-client on console-ams.rpki-client.org