Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/b5f80d-2a7d-4bab-aaaa-bf264a215b32/1/5CwLabnIv2lbGt4vidqeRX88C9c.roa
File:                     5CwLabnIv2lbGt4vidqeRX88C9c.roa (raw, json)
Hash identifier:          qY738z2jA1epGOO/NAlYiTl0jbVXfb9rF5vU8hAGHPE=
Subject key identifier:   E4:2C:0B:69:B9:C8:BF:69:5B:1A:DE:2F:89:DA:9E:45:7F:3C:0B:D7
Certificate issuer:       /CN=9ed76829ba6314a035fda799fc0370336657083e
Certificate serial:       018CC3488E2AE9CB3B5B875728E8D9725365
Authority key identifier: 9E:D7:68:29:BA:63:14:A0:35:FD:A7:99:FC:03:70:33:66:57:08:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ntdoKbpjFKA1_aeZ_ANwM2ZXCD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/b5f80d-2a7d-4bab-aaaa-bf264a215b32/1/5CwLabnIv2lbGt4vidqeRX88C9c.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203120
IP address blocks:        185.144.180.0/23 maxlen: 23
                          185.144.182.0/23 maxlen: 23
                          2a07:4180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/b5f80d-2a7d-4bab-aaaa-bf264a215b32/1/ntdoKbpjFKA1_aeZ_ANwM2ZXCD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/b5f80d-2a7d-4bab-aaaa-bf264a215b32/1/ntdoKbpjFKA1_aeZ_ANwM2ZXCD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ntdoKbpjFKA1_aeZ_ANwM2ZXCD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8e:2a:e9:cb:3b:5b:87:57:28:e8:d9:72:53:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ed76829ba6314a035fda799fc0370336657083e
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e42c0b69b9c8bf695b1ade2f89da9e457f3c0bd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:28:c3:f4:5f:c2:a3:61:99:03:ec:a5:73:8c:
                    ea:94:2a:2c:d4:26:8b:b3:5c:33:c6:3f:5f:1b:29:
                    22:19:ee:67:ec:65:da:fc:66:fd:31:17:2c:37:a5:
                    05:ba:f1:e4:04:2d:cf:bd:2f:d2:24:ce:0f:98:bb:
                    b0:bd:d9:6b:20:18:7d:1a:96:56:03:da:e7:bb:16:
                    91:62:fe:41:f0:60:cd:db:0f:bf:f3:14:e8:28:66:
                    5e:0a:4c:b5:6b:b8:ed:d8:2e:5d:d8:33:88:d4:9f:
                    45:e8:95:7e:f7:37:0c:b9:99:0c:b3:f6:5d:fd:c1:
                    2c:90:52:96:7d:a0:99:5f:e0:94:36:83:4c:0e:54:
                    42:a5:c2:f4:df:07:65:d3:d4:da:62:8b:b5:05:c3:
                    c6:da:2c:5c:e6:f1:d2:19:1e:8c:15:28:69:74:1a:
                    58:89:08:ee:ec:0e:d5:66:24:98:90:1a:97:b5:f8:
                    1d:92:d1:d1:71:d0:53:3c:27:a9:68:13:84:c9:9f:
                    22:4b:aa:09:f0:4b:36:d9:0e:72:d6:0e:da:6b:b2:
                    ac:6f:58:5d:41:1d:d1:60:d6:9f:d7:34:68:91:6f:
                    9c:09:f4:00:21:47:fc:13:41:44:f4:c9:a8:e3:45:
                    7d:57:19:69:9f:34:23:39:6e:7b:dc:c6:6d:c3:c5:
                    d4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:2C:0B:69:B9:C8:BF:69:5B:1A:DE:2F:89:DA:9E:45:7F:3C:0B:D7
            X509v3 Authority Key Identifier:
                keyid:9E:D7:68:29:BA:63:14:A0:35:FD:A7:99:FC:03:70:33:66:57:08:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ntdoKbpjFKA1_aeZ_ANwM2ZXCD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/b5f80d-2a7d-4bab-aaaa-bf264a215b32/1/5CwLabnIv2lbGt4vidqeRX88C9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/b5f80d-2a7d-4bab-aaaa-bf264a215b32/1/ntdoKbpjFKA1_aeZ_ANwM2ZXCD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.180.0/22
                IPv6:
                  2a07:4180::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:16:c0:f1:11:6e:ff:ff:c9:3a:c5:ad:70:d8:1d:bc:96:e7:
         d5:47:c8:27:f0:73:47:cb:8b:e2:e2:1f:d5:fc:84:bf:c5:94:
         16:18:69:ac:8f:0f:db:bf:b7:05:45:2d:4b:d9:4b:20:e4:00:
         35:8e:3a:49:c5:de:e7:bd:4a:cd:f8:05:47:10:b7:c1:bf:30:
         6e:f7:80:59:04:e5:b7:64:69:30:e7:75:fe:40:5a:7b:1c:0d:
         20:4d:c0:18:dd:9f:8e:e3:b4:47:35:b6:fd:6a:14:e6:a6:89:
         d0:57:f7:12:e5:53:37:3d:ab:3a:21:cf:d4:a6:10:7b:24:f7:
         41:02:84:0a:b5:49:30:6d:38:fe:91:0a:55:89:a0:dc:67:21:
         07:21:ef:c2:e8:4b:42:bd:af:af:b6:32:c1:a6:56:94:48:e4:
         bf:04:95:88:cd:df:15:2b:42:27:df:78:82:2e:f9:8b:71:7a:
         3b:ae:bd:63:a6:e0:b0:bd:24:89:1f:e0:16:6c:54:10:02:0a:
         c4:a7:f5:20:3f:da:03:9d:0c:5c:db:1c:12:59:91:ab:64:9b:
         4d:95:fd:9f:35:89:09:cb:dc:94:03:50:df:76:19:1b:68:ce:
         b6:fa:d7:67:cf:64:de:74:71:91:19:62:25:db:4a:48:87:7a:
         6e:97:c3:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSI4q6cs7W4dXKOjZclNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZDc2ODI5YmE2MzE0YTAzNWZkYTc5OWZjMDM3MDMzNjY1
NzA4M2UwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDJjMGI2OWI5YzhiZjY5NWIxYWRlMmY4OWRhOWU0NTdmM2MwYmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSjD9F/Co2GZA+ylc4zqlCos1CaL
s1wzxj9fGykiGe5n7GXa/Gb9MRcsN6UFuvHkBC3PvS/SJM4PmLuwvdlrIBh9GpZW
A9rnuxaRYv5B8GDN2w+/8xToKGZeCky1a7jt2C5d2DOI1J9F6JV+9zcMuZkMs/Zd
/cEskFKWfaCZX+CUNoNMDlRCpcL03wdl09TaYou1BcPG2ixc5vHSGR6MFShpdBpY
iQju7A7VZiSYkBqXtfgdktHRcdBTPCepaBOEyZ8iS6oJ8Es22Q5y1g7aa7Ksb1hd
QR3RYNaf1zRokW+cCfQAIUf8E0FE9Mmo40V9VxlpnzQjOW573MZtw8XUXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOQsC2m5yL9pWxreL4nankV/PAvXMB8GA1UdIwQY
MBaAFJ7XaCm6YxSgNf2nmfwDcDNmVwg+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnRkb0ticGpGS0ExX2FlWl9BTndNMlpYQ0Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9iNWY4MGQtMmE3ZC00YmFiLWFhYWEt
YmYyNjRhMjE1YjMyLzEvNUN3TGFibkl2MmxiR3Q0dmlkcWVSWDg4QzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9iNWY4MGQtMmE3ZC00YmFiLWFhYWEtYmYyNjRhMjE1YjMy
LzEvbnRkb0ticGpGS0ExX2FlWl9BTndNMlpYQ0Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZC0MA0E
AgACMAcDBQMqB0GAMA0GCSqGSIb3DQEBCwUAA4IBAQB+FsDxEW7//8k6xa1w2B28
lufVR8gn8HNHy4vi4h/V/IS/xZQWGGmsjw/bv7cFRS1L2Usg5AA1jjpJxd7nvUrN
+AVHELfBvzBu94BZBOW3ZGkw53X+QFp7HA0gTcAY3Z+O47RHNbb9ahTmponQV/cS
5VM3Pas6Ic/UphB7JPdBAoQKtUkwbTj+kQpViaDcZyEHIe/C6EtCva+vtjLBplaU
SOS/BJWIzd8VK0In33iCLvmLcXo7rr1jpuCwvSSJH+AWbFQQAgrEp/UgP9oDnQxc
2xwSWZGrZJtNlf2fNYkJy9yUA1DfdhkbaM62+tdnz2TedHGRGWIl20pIh3pul8Mz
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:53:53 2024 by rpki-client on console-fra.rpki-client.org