Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/UIsaIlZSTz4fxX_IN1UmaYBYTpQ.roa
File:                     UIsaIlZSTz4fxX_IN1UmaYBYTpQ.roa (raw, json)
Hash identifier:          FrNzM0jyqMbkM/2WxV0tzZPvh3BKXAWmbtjG4vwkAfg=
Subject key identifier:   50:8B:1A:22:56:52:4F:3E:1F:C5:7F:C8:37:55:26:69:80:58:4E:94
Certificate issuer:       /CN=90f273a63c51eaf3f9e5ae7b9faafdb2931340df
Certificate serial:       018CC94E27EE86F83A2F8AC1B596FDA6C7D7
Authority key identifier: 90:F2:73:A6:3C:51:EA:F3:F9:E5:AE:7B:9F:AA:FD:B2:93:13:40:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPJzpjxR6vP55a57n6r9spMTQN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/UIsaIlZSTz4fxX_IN1UmaYBYTpQ.roa
Signing time:             Tue 02 Jan 2024 08:33:11 +0000
ROA not before:           Tue 02 Jan 2024 08:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203339
IP address blocks:        185.220.118.0/24 maxlen: 24
                          185.220.116.0/24 maxlen: 24
                          185.220.117.0/24 maxlen: 24
                          84.38.128.0/24 maxlen: 24
                          2a0b:f6c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/kPJzpjxR6vP55a57n6r9spMTQN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/kPJzpjxR6vP55a57n6r9spMTQN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPJzpjxR6vP55a57n6r9spMTQN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:27:ee:86:f8:3a:2f:8a:c1:b5:96:fd:a6:c7:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f273a63c51eaf3f9e5ae7b9faafdb2931340df
        Validity
            Not Before: Jan  2 08:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=508b1a2256524f3e1fc57fc83755266980584e94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a0:b2:11:4a:7d:15:3c:ae:62:43:79:93:9d:
                    14:57:58:1d:21:15:c8:04:3e:2c:31:7c:87:3c:ff:
                    70:ed:f5:d9:c3:e5:f0:88:49:0a:ac:73:4d:2a:5d:
                    d0:be:73:c6:f1:48:8b:ae:01:25:57:1a:b5:94:bd:
                    47:72:82:3b:25:d5:74:56:11:e0:2d:fb:20:e1:5c:
                    42:d0:8f:ba:22:28:45:c7:8a:b1:45:c8:97:3d:94:
                    b5:cf:8b:8f:3b:d2:f9:94:30:d3:9d:74:f6:c3:3d:
                    03:a6:98:58:37:76:eb:f8:ab:34:02:36:dc:00:4c:
                    d0:49:aa:c3:69:43:a6:41:7f:78:38:d1:3c:98:9d:
                    79:74:88:d2:c6:4d:9a:5f:92:a7:db:9f:3a:c3:1d:
                    24:2c:07:36:52:fe:0e:2b:7c:93:df:e5:9a:c9:b1:
                    bf:e6:5f:1a:b7:5b:0c:b4:57:d4:a6:9a:fe:9e:07:
                    61:1d:c2:a5:08:47:6c:d9:a4:0e:ae:de:a9:0a:66:
                    93:3d:09:75:1b:3d:b8:b6:1a:16:0c:fb:82:4d:63:
                    cb:82:6a:0e:81:df:a3:dd:db:60:ca:37:2e:2f:c4:
                    9f:e2:bf:e1:b6:d0:c0:f1:81:1e:9b:86:14:e5:b2:
                    1e:2c:a3:36:a1:82:b6:14:90:b6:17:0c:00:f1:1d:
                    b6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:8B:1A:22:56:52:4F:3E:1F:C5:7F:C8:37:55:26:69:80:58:4E:94
            X509v3 Authority Key Identifier:
                keyid:90:F2:73:A6:3C:51:EA:F3:F9:E5:AE:7B:9F:AA:FD:B2:93:13:40:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPJzpjxR6vP55a57n6r9spMTQN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/UIsaIlZSTz4fxX_IN1UmaYBYTpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/kPJzpjxR6vP55a57n6r9spMTQN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.128.0/24
                  185.220.116.0-185.220.118.255
                IPv6:
                  2a0b:f6c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:e6:0d:59:12:87:0e:60:9a:d8:fa:a5:d3:f4:70:6a:bf:d8:
         80:4e:88:83:92:8e:ce:88:13:46:89:6c:e3:95:ee:93:ca:a6:
         8b:be:1f:db:fc:b3:68:5a:09:8f:c5:c7:8f:fa:ef:c1:51:83:
         2a:fc:1b:04:ed:d2:b8:f0:5c:4a:a6:5f:d4:c2:ec:81:c7:c9:
         7f:6d:f0:0c:56:77:59:51:de:84:53:9e:8c:f4:0e:28:0d:d9:
         70:1c:98:a4:27:76:74:e9:73:f0:91:61:20:ac:fe:98:2d:17:
         58:15:5e:0e:f3:da:ef:2b:17:fc:b4:d4:1a:12:81:09:09:9f:
         6a:a3:c2:f6:7e:5f:7d:d0:d3:de:1a:bc:6a:ab:69:b4:08:7b:
         91:8f:de:0a:c3:1f:e1:74:36:f8:2e:bc:8d:ba:17:13:76:40:
         6a:e8:f1:d0:9a:50:85:7d:5f:ec:c8:62:83:f0:64:83:8d:23:
         89:68:6d:d3:20:28:e5:2b:4b:a1:83:94:77:8f:94:3e:f3:ab:
         61:28:52:91:03:8e:39:a7:fb:e5:a6:a9:5a:ec:d2:b6:ad:d1:
         1d:58:37:14:50:69:65:75:ad:31:c7:33:e7:28:a9:fa:8a:e6:
         76:53:c7:e4:27:52:25:64:41:8d:ff:cb:9f:ea:18:f4:5f:0a:
         36:55:50:b2
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYzJTifuhvg6L4rBtZb9psfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjI3M2E2M2M1MWVhZjNmOWU1YWU3YjlmYWFmZGIyOTMx
MzQwZGYwHhcNMjQwMTAyMDgzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDhiMWEyMjU2NTI0ZjNlMWZjNTdmYzgzNzU1MjY2OTgwNTg0ZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqCyEUp9FTyuYkN5k50UV1gdIRXI
BD4sMXyHPP9w7fXZw+XwiEkKrHNNKl3QvnPG8UiLrgElVxq1lL1HcoI7JdV0VhHg
Lfsg4VxC0I+6IihFx4qxRciXPZS1z4uPO9L5lDDTnXT2wz0DpphYN3br+Ks0Ajbc
AEzQSarDaUOmQX94ONE8mJ15dIjSxk2aX5Kn2586wx0kLAc2Uv4OK3yT3+WaybG/
5l8at1sMtFfUppr+ngdhHcKlCEds2aQOrt6pCmaTPQl1Gz24thoWDPuCTWPLgmoO
gd+j3dtgyjcuL8Sf4r/httDA8YEem4YU5bIeLKM2oYK2FJC2FwwA8R22GwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFFCLGiJWUk8+H8V/yDdVJmmAWE6UMB8GA1UdIwQY
MBaAFJDyc6Y8Uerz+eWue5+q/bKTE0DfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BKenBqeFI2dlA1NWE1N242cjlzcE1UUU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9iYzY3NmItYzBiNi00ZmJiLTkzM2Yt
NTA4MmMyOGI3MTVmLzEvVUlzYUlsWlNUejRmeFhfSU4xVW1hWUJZVHBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9iYzY3NmItYzBiNi00ZmJiLTkzM2YtNTA4MmMyOGI3MTVm
LzEva1BKenBqeFI2dlA1NWE1N242cjlzcE1UUU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUAwQAVCaAMAwD
BAK53HQDBAC53HYwDwQCAAIwCQMHACoL9sAAADANBgkqhkiG9w0BAQsFAAOCAQEA
luYNWRKHDmCa2Pql0/Rwar/YgE6Ig5KOzogTRols45Xuk8qmi74f2/yzaFoJj8XH
j/rvwVGDKvwbBO3SuPBcSqZf1MLsgcfJf23wDFZ3WVHehFOejPQOKA3ZcByYpCd2
dOlz8JFhIKz+mC0XWBVeDvPa7ysX/LTUGhKBCQmfaqPC9n5ffdDT3hq8aqtptAh7
kY/eCsMf4XQ2+C68jboXE3ZAaujx0JpQhX1f7Mhig/Bkg40jiWht0yAo5StLoYOU
d4+UPvOrYShSkQOOOaf75aapWuzStq3RHVg3FFBpZXWtMccz5yip+ormdlPH5CdS
JWRBjf/Ln+oY9F8KNlVQsg==
-----END CERTIFICATE-----
Generated at Sun Jun 16 13:04:36 2024 by rpki-client on console-fra.rpki-client.org