Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/79e439-fc0b-4e6e-8b06-39fb66a26ef8/1/1-byz3nCcFsgcS5pjOZ3OXVA4nSQ.roa
File:                     1-byz3nCcFsgcS5pjOZ3OXVA4nSQ.roa (raw, json)
Hash identifier:          riTxr2gD7+WfjM7aDmTwCVplBI2CnDZIs/V9gvy/kiE=
Subject key identifier:   F9:BC:B3:DE:70:9C:16:C8:1C:4B:9A:63:39:9D:CE:5D:50:38:9D:24
Certificate issuer:       /CN=5f93da757c17fe38a0e6cd70275c73c8c69c896e
Certificate serial:       018CC2DB069B61BB5EF8F18C7147307D3190
Authority key identifier: 5F:93:DA:75:7C:17:FE:38:A0:E6:CD:70:27:5C:73:C8:C6:9C:89:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5PadXwX_jig5s1wJ1xzyMaciW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/79e439-fc0b-4e6e-8b06-39fb66a26ef8/1/1-byz3nCcFsgcS5pjOZ3OXVA4nSQ.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201073
IP address blocks:        185.86.206.0/24 maxlen: 24
                          2a05:bb80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/79e439-fc0b-4e6e-8b06-39fb66a26ef8/1/X5PadXwX_jig5s1wJ1xzyMaciW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/79e439-fc0b-4e6e-8b06-39fb66a26ef8/1/X5PadXwX_jig5s1wJ1xzyMaciW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5PadXwX_jig5s1wJ1xzyMaciW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:06:9b:61:bb:5e:f8:f1:8c:71:47:30:7d:31:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f93da757c17fe38a0e6cd70275c73c8c69c896e
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9bcb3de709c16c81c4b9a63399dce5d50389d24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e7:74:ce:47:26:f0:7a:0d:b5:37:de:1a:b7:
                    80:05:81:bf:9f:f2:b4:b9:fa:c5:fc:46:0a:54:33:
                    05:31:02:dd:70:ed:fc:ff:c4:2c:f5:26:58:c9:4a:
                    3d:61:8a:fb:c8:c5:47:36:9b:f9:28:6b:6f:bd:47:
                    e8:0c:ee:3d:6a:39:03:fc:24:4d:97:11:05:3c:7d:
                    04:c2:42:8d:ec:10:c9:66:a1:1f:c9:88:e6:31:48:
                    a5:bd:d5:28:44:66:40:65:90:93:1d:e4:29:82:99:
                    36:95:14:ff:0c:be:2c:2f:5f:63:42:09:5b:18:57:
                    e0:b3:2f:c2:19:3f:c5:b2:d6:a9:75:4f:ce:98:01:
                    0b:af:b6:a8:b9:f6:e4:f7:2c:b0:42:8a:a7:ac:b4:
                    d7:f7:d3:6c:05:04:a0:be:e7:dd:dd:3c:de:22:17:
                    12:64:d7:5c:af:a8:80:26:78:2a:d9:a8:0d:32:9c:
                    ff:bf:a4:bd:a1:e9:67:f4:ad:7b:a7:cf:eb:be:5c:
                    fd:46:2b:72:6e:7c:83:69:ac:b6:26:b9:3e:0c:77:
                    c1:c5:a2:dd:7a:b2:28:1e:b2:32:4e:8f:9f:e1:40:
                    ae:a9:a5:0f:f9:47:e0:e6:fc:57:11:6f:3c:43:00:
                    0b:79:af:f6:2b:05:a6:d0:e8:80:da:6b:ce:02:ce:
                    85:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:BC:B3:DE:70:9C:16:C8:1C:4B:9A:63:39:9D:CE:5D:50:38:9D:24
            X509v3 Authority Key Identifier:
                keyid:5F:93:DA:75:7C:17:FE:38:A0:E6:CD:70:27:5C:73:C8:C6:9C:89:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5PadXwX_jig5s1wJ1xzyMaciW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/79e439-fc0b-4e6e-8b06-39fb66a26ef8/1/1-byz3nCcFsgcS5pjOZ3OXVA4nSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/79e439-fc0b-4e6e-8b06-39fb66a26ef8/1/X5PadXwX_jig5s1wJ1xzyMaciW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.206.0/24
                IPv6:
                  2a05:bb80::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:9b:a4:c3:89:bf:70:1e:ac:1d:35:b1:bd:c2:a4:f8:c9:c0:
         b2:36:67:e8:b0:6d:24:19:7f:9e:49:db:a2:39:9a:e7:be:89:
         0e:6d:26:32:ce:2d:a7:60:a4:c0:7c:47:fe:dc:84:95:d3:97:
         21:17:89:68:f6:4b:e4:c4:cd:43:7d:35:7f:36:46:e7:a5:80:
         d9:67:c7:8f:42:75:9d:8a:9b:a4:20:5f:35:d1:05:30:d4:0c:
         9b:45:a6:5b:56:d2:b3:b5:e7:47:8d:48:99:71:43:23:c4:53:
         c9:1c:65:55:ea:19:a7:96:d3:27:59:33:a9:8c:9c:d1:0e:e3:
         1d:15:87:fa:3c:11:b4:2c:cb:52:8c:ab:c9:5d:8e:81:2b:4a:
         2d:0b:72:33:cf:59:63:6a:dd:d6:cc:8f:9b:eb:87:9b:85:12:
         89:66:ca:2e:75:78:8f:22:58:ad:ae:72:08:9a:be:91:20:2a:
         ee:98:2a:4a:72:99:1d:4d:36:ea:49:88:7b:fe:0f:f1:34:f4:
         9e:a8:ec:b5:e4:3d:e5:a4:60:7b:0f:b0:3e:86:52:ea:41:62:
         b8:3b:ee:de:2d:e9:8b:e1:23:af:56:bb:b6:21:e5:73:03:48:
         7e:98:a8:46:9e:7a:66:77:e5:18:15:44:e3:b4:6e:b8:10:19:
         d1:a1:0b:10
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzC2wabYbte+PGMcUcwfTGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTNkYTc1N2MxN2ZlMzhhMGU2Y2Q3MDI3NWM3M2M4YzY5
Yzg5NmUwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWJjYjNkZTcwOWMxNmM4MWM0YjlhNjMzOTlkY2U1ZDUwMzg5ZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOd0zkcm8HoNtTfeGreABYG/n/K0
ufrF/EYKVDMFMQLdcO38/8Qs9SZYyUo9YYr7yMVHNpv5KGtvvUfoDO49ajkD/CRN
lxEFPH0EwkKN7BDJZqEfyYjmMUilvdUoRGZAZZCTHeQpgpk2lRT/DL4sL19jQglb
GFfgsy/CGT/FstapdU/OmAELr7aoufbk9yywQoqnrLTX99NsBQSgvufd3TzeIhcS
ZNdcr6iAJngq2agNMpz/v6S9oeln9K17p8/rvlz9RitybnyDaay2Jrk+DHfBxaLd
erIoHrIyTo+f4UCuqaUP+Ufg5vxXEW88QwALea/2KwWm0OiA2mvOAs6FYwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPm8s95wnBbIHEuaYzmdzl1QOJ0kMB8GA1UdIwQY
MBaAFF+T2nV8F/44oObNcCdcc8jGnIluMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVQYWRYd1hfamlnNXMxd0oxeHp5TWFjaVc0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS83OWU0MzktZmMwYi00ZTZlLThiMDYt
MzlmYjY2YTI2ZWY4LzEvMS1ieXozbkNjRnNnY1M1cGpPWjNPWFZBNG5TUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDkvNzllNDM5LWZjMGItNGU2ZS04YjA2LTM5ZmI2NmEyNmVm
OC8xL1g1UGFkWHdYX2ppZzVzMXdKMXh6eU1hY2lXNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALlWzjAN
BAIAAjAHAwUDKgW7gDANBgkqhkiG9w0BAQsFAAOCAQEAn5ukw4m/cB6sHTWxvcKk
+MnAsjZn6LBtJBl/nknbojma576JDm0mMs4tp2CkwHxH/tyEldOXIReJaPZL5MTN
Q301fzZG56WA2WfHj0J1nYqbpCBfNdEFMNQMm0WmW1bSs7XnR41ImXFDI8RTyRxl
VeoZp5bTJ1kzqYyc0Q7jHRWH+jwRtCzLUoyryV2OgStKLQtyM89ZY2rd1syPm+uH
m4USiWbKLnV4jyJYra5yCJq+kSAq7pgqSnKZHU026kmIe/4P8TT0nqjsteQ95aRg
ew+wPoZS6kFiuDvu3i3pi+Ejr1a7tiHlcwNIfpioRp56ZnflGBVE47RuuBAZ0aEL
EA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:24:12 2024 by rpki-client on console-ams.rpki-client.org