Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/8Umg6eVtRsPMV0mzwlBJQoSsbCQ.roa
File:                     8Umg6eVtRsPMV0mzwlBJQoSsbCQ.roa (raw, json)
Hash identifier:          iLAWHhxdSrtPwSRNnB5zc79IbXFMHTbmnboH3BYb3fs=
Subject key identifier:   F1:49:A0:E9:E5:6D:46:C3:CC:57:49:B3:C2:50:49:42:84:AC:6C:24
Certificate issuer:       /CN=a369fb191bee51cdc7414a6963197f86bbf313ab
Certificate serial:       018CC4244D377D3475844AA55887F87B8BFB
Authority key identifier: A3:69:FB:19:1B:EE:51:CD:C7:41:4A:69:63:19:7F:86:BB:F3:13:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2n7GRvuUc3HQUppYxl_hrvzE6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/8Umg6eVtRsPMV0mzwlBJQoSsbCQ.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203836
IP address blocks:        185.164.228.0/24 maxlen: 24
                          185.164.229.0/24 maxlen: 24
                          185.164.230.0/24 maxlen: 24
                          185.164.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/o2n7GRvuUc3HQUppYxl_hrvzE6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/o2n7GRvuUc3HQUppYxl_hrvzE6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2n7GRvuUc3HQUppYxl_hrvzE6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4d:37:7d:34:75:84:4a:a5:58:87:f8:7b:8b:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a369fb191bee51cdc7414a6963197f86bbf313ab
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f149a0e9e56d46c3cc5749b3c250494284ac6c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ef:bd:de:a2:0f:f3:b1:ec:0f:8b:f8:75:f4:
                    39:79:d1:e4:cf:4b:e9:bb:c1:ec:a6:0b:74:52:d3:
                    80:15:44:fc:c3:83:43:c6:c5:4f:92:35:4e:05:c9:
                    e5:bb:f3:94:e7:e2:38:53:b5:d4:86:4b:33:04:f6:
                    82:11:b3:a8:94:51:df:b1:1a:17:ed:23:ea:94:27:
                    2d:f7:5e:64:26:44:d2:1d:a3:0a:7e:bd:33:f9:2c:
                    85:7f:43:8f:f3:96:1f:36:80:36:b3:80:67:32:63:
                    cf:cd:ec:d2:ed:81:a8:24:2d:f5:0c:7d:d3:ff:7d:
                    ec:50:2a:c2:ee:1d:79:c5:b9:ec:51:6e:31:0e:93:
                    c1:53:a4:98:4a:32:54:ac:36:8a:3b:0c:d6:d9:20:
                    83:d0:1d:9d:d0:c9:cb:5a:c4:01:71:4c:b1:90:27:
                    6d:e5:7f:a0:fa:56:e7:94:41:63:2a:30:02:3a:58:
                    74:16:96:bb:09:18:96:5e:c5:4f:4c:d7:ac:e5:1e:
                    13:b8:8c:f2:63:c5:1c:2d:9d:9b:34:be:1e:dd:e0:
                    f9:ba:63:bf:c4:bb:15:db:9e:0d:25:56:f5:65:e9:
                    ea:33:15:46:74:04:ce:ea:cf:27:2d:8e:bc:07:9b:
                    68:e7:ff:4a:d1:1f:fb:ed:4e:6b:e4:c4:66:2b:18:
                    20:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:49:A0:E9:E5:6D:46:C3:CC:57:49:B3:C2:50:49:42:84:AC:6C:24
            X509v3 Authority Key Identifier:
                keyid:A3:69:FB:19:1B:EE:51:CD:C7:41:4A:69:63:19:7F:86:BB:F3:13:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2n7GRvuUc3HQUppYxl_hrvzE6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/8Umg6eVtRsPMV0mzwlBJQoSsbCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/o2n7GRvuUc3HQUppYxl_hrvzE6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:66:de:3d:39:6f:cd:04:e2:c6:99:af:64:b6:5e:11:5c:cf:
         14:f4:1d:ad:ac:2e:7f:65:9b:46:ba:5f:ea:c1:0d:61:15:4c:
         60:b3:65:52:a9:6f:e9:ce:76:79:b6:0c:34:15:46:7a:f8:25:
         a2:2d:e9:2e:57:29:ae:54:5d:96:71:ca:be:bc:16:02:fd:5d:
         32:09:80:77:7f:e9:3f:b9:9a:73:95:ef:48:4f:c9:cf:86:05:
         ba:c7:c1:f3:53:22:02:a1:31:bd:b7:43:0b:35:49:45:c6:3b:
         af:bc:84:6a:c7:7c:77:fc:2a:af:56:06:ad:d4:78:04:5a:3a:
         81:9f:43:0c:22:fb:2e:62:f9:99:1e:e4:98:88:e4:d6:83:2a:
         43:1d:e9:72:57:f3:ac:fd:29:c9:ec:81:f5:13:8d:80:9a:7d:
         e5:7b:6a:dd:a7:23:2b:b4:42:61:98:1c:32:20:8d:54:74:a4:
         49:c2:c5:fb:aa:95:2e:5b:a2:19:ef:17:77:b1:f4:4c:c3:2b:
         03:f9:5a:1d:b7:fe:d1:2e:3d:a3:5b:1d:8e:5b:fd:d1:3c:95:
         ff:4b:2b:7d:a2:5f:ce:99:de:c6:37:4c:9c:8e:0c:1c:7f:5a:
         30:c9:a8:2a:65:ad:9d:09:7a:ac:1d:9d:73:14:4d:09:ee:f7:
         07:23:7f:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJE03fTR1hEqlWIf4e4v7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjlmYjE5MWJlZTUxY2RjNzQxNGE2OTYzMTk3Zjg2YmJm
MzEzYWIwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTQ5YTBlOWU1NmQ0NmMzY2M1NzQ5YjNjMjUwNDk0Mjg0YWM2YzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqO+93qIP87HsD4v4dfQ5edHkz0vp
u8Hspgt0UtOAFUT8w4NDxsVPkjVOBcnlu/OU5+I4U7XUhkszBPaCEbOolFHfsRoX
7SPqlCct915kJkTSHaMKfr0z+SyFf0OP85YfNoA2s4BnMmPPzezS7YGoJC31DH3T
/33sUCrC7h15xbnsUW4xDpPBU6SYSjJUrDaKOwzW2SCD0B2d0MnLWsQBcUyxkCdt
5X+g+lbnlEFjKjACOlh0Fpa7CRiWXsVPTNes5R4TuIzyY8UcLZ2bNL4e3eD5umO/
xLsV254NJVb1ZenqMxVGdATO6s8nLY68B5to5/9K0R/77U5r5MRmKxggwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFJoOnlbUbDzFdJs8JQSUKErGwkMB8GA1UdIwQY
MBaAFKNp+xkb7lHNx0FKaWMZf4a78xOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJuN0dSdnVVYzNIUVVwcFl4bF9ocnZ6RTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8yMGRhNjAtYzcxOS00YmUxLThlNGYt
ZTE4MDUyZjM4MWJiLzEvOFVtZzZlVnRSc1BNVjBtendsQkpRb1NzYkNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8yMGRhNjAtYzcxOS00YmUxLThlNGYtZTE4MDUyZjM4MWJi
LzEvbzJuN0dSdnVVYzNIUVVwcFl4bF9ocnZ6RTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaTkMA0G
CSqGSIb3DQEBCwUAA4IBAQB9Zt49OW/NBOLGma9ktl4RXM8U9B2trC5/ZZtGul/q
wQ1hFUxgs2VSqW/pznZ5tgw0FUZ6+CWiLekuVymuVF2Wccq+vBYC/V0yCYB3f+k/
uZpzle9IT8nPhgW6x8HzUyICoTG9t0MLNUlFxjuvvIRqx3x3/CqvVgat1HgEWjqB
n0MMIvsuYvmZHuSYiOTWgypDHelyV/Os/SnJ7IH1E42Amn3le2rdpyMrtEJhmBwy
II1UdKRJwsX7qpUuW6IZ7xd3sfRMwysD+Vodt/7RLj2jWx2OW/3RPJX/Syt9ol/O
md7GN0ycjgwcf1owyagqZa2dCXqsHZ1zFE0J7vcHI3//
-----END CERTIFICATE-----
Generated at Sat Jun 15 14:39:54 2024 by rpki-client on console-fra.rpki-client.org