Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/gmYKckI_UW05q6CtpjRpCOmmDrA.roa
File:                     gmYKckI_UW05q6CtpjRpCOmmDrA.roa (raw, json)
Hash identifier:          BNKd96b5uy4xKU8zqdqNOK/LKCUlMZCHz4cGHP/blaM=
Subject key identifier:   82:66:0A:72:42:3F:51:6D:39:AB:A0:AD:A6:34:69:08:E9:A6:0E:B0
Certificate issuer:       /CN=2cd41bcc3cd73e0dc7f7e95b5d0dca6d6857bedc
Certificate serial:       018D8E49759E8E8F53E3A9C2C444CD94F243
Authority key identifier: 2C:D4:1B:CC:3C:D7:3E:0D:C7:F7:E9:5B:5D:0D:CA:6D:68:57:BE:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LNQbzDzXPg3H9-lbXQ3KbWhXvtw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/gmYKckI_UW05q6CtpjRpCOmmDrA.roa
Signing time:             Fri 09 Feb 2024 14:33:15 +0000
ROA not before:           Fri 09 Feb 2024 14:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197886
IP address blocks:        91.228.212.0/23 maxlen: 23
                          185.97.208.0/22 maxlen: 22
                          185.166.228.0/22 maxlen: 22
                          185.244.68.0/24 maxlen: 24
                          185.244.69.0/24 maxlen: 24
                          185.244.70.0/24 maxlen: 24
                          185.244.71.0/24 maxlen: 24
                          2a0b:1e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/LNQbzDzXPg3H9-lbXQ3KbWhXvtw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/LNQbzDzXPg3H9-lbXQ3KbWhXvtw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LNQbzDzXPg3H9-lbXQ3KbWhXvtw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:49:75:9e:8e:8f:53:e3:a9:c2:c4:44:cd:94:f2:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cd41bcc3cd73e0dc7f7e95b5d0dca6d6857bedc
        Validity
            Not Before: Feb  9 14:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82660a72423f516d39aba0ada6346908e9a60eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:45:be:c6:1a:2b:73:8b:54:ec:fa:48:98:8e:
                    d0:5b:51:87:5c:b3:f8:6a:97:d7:d7:4e:b8:09:04:
                    57:7e:23:e9:62:ef:d1:9d:a2:55:d1:79:31:ce:24:
                    c8:2b:61:c3:93:56:98:8b:e3:13:46:23:2b:83:34:
                    fd:f0:16:1b:13:7c:e6:a2:ac:5b:4f:20:60:70:18:
                    65:ea:e9:d7:e0:88:e5:23:e1:8c:bd:68:35:b0:50:
                    0c:a4:16:fe:f2:bc:e8:80:41:6c:35:9c:d9:c8:24:
                    ff:73:36:51:72:d4:58:b3:3f:96:86:be:81:6f:89:
                    fb:e6:2f:0a:dc:a2:3c:95:ef:aa:d1:98:d1:3d:6e:
                    f6:71:ee:f8:b7:87:5a:bd:a4:fa:ad:df:33:e8:0a:
                    2e:97:f1:5e:d8:ab:b7:69:57:54:7d:00:82:36:82:
                    d3:8b:60:97:4d:1b:0d:0b:df:aa:ef:af:2d:28:f6:
                    9d:cb:fb:18:aa:5a:8b:21:05:dd:98:50:7f:91:45:
                    d6:ac:e7:83:9c:88:2a:e0:f6:54:ac:80:65:94:95:
                    cf:74:d9:59:79:51:94:7f:5c:be:80:3f:9f:69:9c:
                    f6:ac:0f:34:68:20:96:d6:17:b2:7d:3f:d0:b0:ef:
                    5b:47:ef:c1:dc:21:69:3b:0d:95:05:87:2a:e1:7f:
                    64:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:66:0A:72:42:3F:51:6D:39:AB:A0:AD:A6:34:69:08:E9:A6:0E:B0
            X509v3 Authority Key Identifier:
                keyid:2C:D4:1B:CC:3C:D7:3E:0D:C7:F7:E9:5B:5D:0D:CA:6D:68:57:BE:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LNQbzDzXPg3H9-lbXQ3KbWhXvtw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/gmYKckI_UW05q6CtpjRpCOmmDrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/LNQbzDzXPg3H9-lbXQ3KbWhXvtw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.212.0/23
                  185.97.208.0/22
                  185.166.228.0/22
                  185.244.68.0/22
                IPv6:
                  2a0b:1e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:61:cd:ab:f7:2e:3e:a4:2a:5a:ab:a7:a8:58:e9:d9:0b:28:
         6b:a8:a8:ad:50:d8:a6:d6:24:ee:42:3f:29:42:93:ad:4a:f2:
         76:61:a6:bd:3f:3a:fa:d3:16:d4:68:2b:ce:2e:fe:20:68:6a:
         44:cb:c1:93:66:77:bd:ca:bd:b5:f5:78:67:fb:e4:f5:74:c0:
         13:b8:f9:87:0f:03:53:33:2e:eb:cd:5d:92:73:f4:ce:3f:34:
         b0:3c:3e:ce:e9:d7:63:ea:42:bc:8e:f1:f1:d6:e4:ad:a8:94:
         b3:f4:31:61:2a:62:b0:f0:b0:fc:60:b9:75:27:97:57:24:88:
         d1:c9:d9:3b:4f:8c:fe:b6:33:3e:05:cf:0b:5b:61:49:96:d7:
         9c:35:54:26:96:e4:c8:64:cb:88:d7:a5:d8:5e:21:96:f9:3b:
         9e:41:16:73:97:44:ec:a1:04:54:d9:ec:20:bc:6b:0c:f2:e2:
         29:03:c5:20:fb:76:e5:69:56:bb:50:3d:54:11:63:73:50:4f:
         ca:1a:c7:01:60:14:35:b6:69:b4:45:71:04:12:74:0f:0e:95:
         e4:23:d2:10:1e:be:1a:d3:21:90:ff:c2:5b:22:a4:36:4a:71:
         63:a5:4e:f9:88:eb:bc:52:26:62:38:93:a6:3a:55:d3:b6:bc:
         f4:2f:c8:3a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY2OSXWejo9T46nCxETNlPJDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjZDQxYmNjM2NkNzNlMGRjN2Y3ZTk1YjVkMGRjYTZkNjg1
N2JlZGMwHhcNMjQwMjA5MTQzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjY2MGE3MjQyM2Y1MTZkMzlhYmEwYWRhNjM0NjkwOGU5YTYwZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEW+xhorc4tU7PpImI7QW1GHXLP4
apfX1064CQRXfiPpYu/RnaJV0XkxziTIK2HDk1aYi+MTRiMrgzT98BYbE3zmoqxb
TyBgcBhl6unX4IjlI+GMvWg1sFAMpBb+8rzogEFsNZzZyCT/czZRctRYsz+Whr6B
b4n75i8K3KI8le+q0ZjRPW72ce74t4davaT6rd8z6Aoul/Fe2Ku3aVdUfQCCNoLT
i2CXTRsNC9+q768tKPady/sYqlqLIQXdmFB/kUXWrOeDnIgq4PZUrIBllJXPdNlZ
eVGUf1y+gD+faZz2rA80aCCW1heyfT/QsO9bR+/B3CFpOw2VBYcq4X9k6QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFIJmCnJCP1FtOaugraY0aQjppg6wMB8GA1UdIwQY
MBaAFCzUG8w81z4Nx/fpW10Nym1oV77cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE5RYnpEelhQZzNIOS1sYlhRM0tiV2hYdnR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8xYWQ5YmYtMDMyMi00NTM0LWIwMDkt
ZTZlOTFiZjA1MmZlLzEvZ21ZS2NrSV9VVzA1cTZDdHBqUnBDT21tRHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8xYWQ5YmYtMDMyMi00NTM0LWIwMDktZTZlOTFiZjA1MmZl
LzEvTE5RYnpEelhQZzNIOS1sYlhRM0tiV2hYdnR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBW+TUAwQC
uWHQAwQCuabkAwQCufREMA0EAgACMAcDBQMqCx4AMA0GCSqGSIb3DQEBCwUAA4IB
AQBnYc2r9y4+pCpaq6eoWOnZCyhrqKitUNim1iTuQj8pQpOtSvJ2Yaa9Pzr60xbU
aCvOLv4gaGpEy8GTZne9yr219Xhn++T1dMATuPmHDwNTMy7rzV2Sc/TOPzSwPD7O
6ddj6kK8jvHx1uStqJSz9DFhKmKw8LD8YLl1J5dXJIjRydk7T4z+tjM+Bc8LW2FJ
ltecNVQmluTIZMuI16XYXiGW+TueQRZzl0TsoQRU2ewgvGsM8uIpA8Ug+3blaVa7
UD1UEWNzUE/KGscBYBQ1tmm0RXEEEnQPDpXkI9IQHr4a0yGQ/8JbIqQ2SnFjpU75
iOu8UiZiOJOmOlXTtrz0L8g6
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:24:38 2024 by rpki-client on console-ams.rpki-client.org