Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/msH4Qn3RCz2U8zqXFUof6qnQk5w.roa
File:                     msH4Qn3RCz2U8zqXFUof6qnQk5w.roa (raw, json)
Hash identifier:          Xe3to4/Ml/3Ggsf5CGba8bNpbWiYfnVTq6FtL4ULVwk=
Subject key identifier:   9A:C1:F8:42:7D:D1:0B:3D:94:F3:3A:97:15:4A:1F:EA:A9:D0:93:9C
Certificate issuer:       /CN=644c50d1dadf8b84b174fdb0587afb5f42df8a5f
Certificate serial:       018CC8DEF7787B700B1AD03E012847302F3B
Authority key identifier: 64:4C:50:D1:DA:DF:8B:84:B1:74:FD:B0:58:7A:FB:5F:42:DF:8A:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZExQ0drfi4SxdP2wWHr7X0Lfil8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/msH4Qn3RCz2U8zqXFUof6qnQk5w.roa
Signing time:             Tue 02 Jan 2024 06:31:44 +0000
ROA not before:           Tue 02 Jan 2024 06:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48171
IP address blocks:        185.238.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/ZExQ0drfi4SxdP2wWHr7X0Lfil8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/ZExQ0drfi4SxdP2wWHr7X0Lfil8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZExQ0drfi4SxdP2wWHr7X0Lfil8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f7:78:7b:70:0b:1a:d0:3e:01:28:47:30:2f:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644c50d1dadf8b84b174fdb0587afb5f42df8a5f
        Validity
            Not Before: Jan  2 06:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ac1f8427dd10b3d94f33a97154a1feaa9d0939c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a8:45:e8:ae:de:8b:e2:dd:01:85:27:0d:46:
                    b1:45:38:0d:ab:a1:53:00:49:63:58:eb:a5:86:1c:
                    f6:d5:c3:33:2a:e2:1a:4f:81:31:de:50:dd:a6:1b:
                    89:9b:44:12:a5:b3:eb:02:8c:39:fb:3f:60:ad:23:
                    7c:1e:ec:ba:df:c8:ce:8a:e8:ab:7c:8b:b2:ce:38:
                    ca:2f:1d:76:4c:34:c8:8f:ae:6c:af:92:6c:06:81:
                    b6:ff:ee:66:76:de:01:2c:3b:5c:a9:fe:79:3e:c0:
                    5a:b3:e1:aa:99:cc:bc:3a:13:4a:f0:8a:8d:e2:22:
                    3f:92:14:a1:c6:2d:cf:75:af:63:38:67:22:d1:a1:
                    dc:14:cb:43:80:36:d9:04:38:49:b8:20:d7:96:08:
                    91:67:1d:27:08:af:7b:3e:c6:6d:66:70:39:8a:69:
                    ff:61:9c:2d:b7:15:b4:77:e1:b7:7c:26:86:de:c5:
                    c8:bf:b1:93:fc:76:78:71:4f:e4:94:5b:7a:47:5e:
                    a9:f0:72:67:7d:60:b4:e7:fe:71:61:16:b9:3d:b8:
                    2e:2b:f6:73:d9:3d:f3:00:2a:e8:53:d8:4c:f8:e1:
                    0f:cf:d8:2e:8c:21:9c:f1:c8:31:16:a3:25:44:26:
                    08:3e:4a:7d:29:de:78:a5:bf:fb:a3:a3:1d:2e:aa:
                    ba:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C1:F8:42:7D:D1:0B:3D:94:F3:3A:97:15:4A:1F:EA:A9:D0:93:9C
            X509v3 Authority Key Identifier:
                keyid:64:4C:50:D1:DA:DF:8B:84:B1:74:FD:B0:58:7A:FB:5F:42:DF:8A:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZExQ0drfi4SxdP2wWHr7X0Lfil8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/msH4Qn3RCz2U8zqXFUof6qnQk5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/28bde3-a4ca-488d-8061-d38d843bfa1d/1/ZExQ0drfi4SxdP2wWHr7X0Lfil8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:89:58:5e:e9:b5:59:67:85:2a:85:5d:f2:06:4f:58:09:a3:
         78:4f:78:5f:c2:88:ad:16:cb:a4:66:12:7c:81:82:32:c4:7c:
         24:87:63:d8:ac:96:5c:99:aa:59:1a:3f:c5:e9:5b:97:f4:0a:
         c4:50:49:c8:82:9d:78:20:2c:a3:bb:df:f4:e9:30:23:c0:24:
         12:da:b0:ae:4c:07:e6:8d:5f:43:35:40:16:3c:91:f9:cc:fd:
         34:d5:59:6e:6d:6c:a7:c6:fb:0d:d4:14:86:57:f5:49:17:17:
         29:bf:64:b1:83:3e:27:65:5f:dc:b3:de:4c:5f:39:dd:0e:2b:
         6d:09:ae:e6:36:8e:0f:ee:b5:ea:4f:bd:eb:8f:a1:ca:66:cf:
         82:b5:f5:38:9e:bc:22:db:9e:f5:c5:9d:4b:b1:52:5c:56:64:
         44:25:b4:7b:c5:9c:e8:dc:dc:c8:96:c8:0b:40:a6:fd:64:5e:
         bd:c6:5e:f4:1f:be:ea:da:f2:08:13:7a:f9:19:b2:e6:77:b4:
         fd:95:30:25:aa:8c:0a:b8:26:f9:21:30:71:fe:2e:0f:e2:09:
         d2:dc:3b:b0:69:fe:f3:26:ee:7c:9e:ca:57:3e:69:b6:32:ec:
         54:42:c0:dc:6a:cf:c0:c4:6d:86:35:c6:a2:a3:4d:e1:fb:85:
         95:fb:8c:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3vd4e3ALGtA+AShHMC87MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGM1MGQxZGFkZjhiODRiMTc0ZmRiMDU4N2FmYjVmNDJk
ZjhhNWYwHhcNMjQwMTAyMDYzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWMxZjg0MjdkZDEwYjNkOTRmMzNhOTcxNTRhMWZlYWE5ZDA5MzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqhF6K7ei+LdAYUnDUaxRTgNq6FT
AEljWOulhhz21cMzKuIaT4Ex3lDdphuJm0QSpbPrAow5+z9grSN8Huy638jOiuir
fIuyzjjKLx12TDTIj65sr5JsBoG2/+5mdt4BLDtcqf55PsBas+Gqmcy8OhNK8IqN
4iI/khShxi3Pda9jOGci0aHcFMtDgDbZBDhJuCDXlgiRZx0nCK97PsZtZnA5imn/
YZwttxW0d+G3fCaG3sXIv7GT/HZ4cU/klFt6R16p8HJnfWC05/5xYRa5PbguK/Zz
2T3zACroU9hM+OEPz9gujCGc8cgxFqMlRCYIPkp9Kd54pb/7o6MdLqq6wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrB+EJ90Qs9lPM6lxVKH+qp0JOcMB8GA1UdIwQY
MBaAFGRMUNHa34uEsXT9sFh6+19C34pfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkV4UTBkcmZpNFN4ZFAyd1dIcjdYMExmaWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yOGJkZTMtYTRjYS00ODhkLTgwNjEt
ZDM4ZDg0M2JmYTFkLzEvbXNINFFuM1JDejJVOHpxWEZVb2Y2cW5RazV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yOGJkZTMtYTRjYS00ODhkLTgwNjEtZDM4ZDg0M2JmYTFk
LzEvWkV4UTBkcmZpNFN4ZFAyd1dIcjdYMExmaWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue64MA0G
CSqGSIb3DQEBCwUAA4IBAQAPiVhe6bVZZ4UqhV3yBk9YCaN4T3hfwoitFsukZhJ8
gYIyxHwkh2PYrJZcmapZGj/F6VuX9ArEUEnIgp14ICyju9/06TAjwCQS2rCuTAfm
jV9DNUAWPJH5zP001VlubWynxvsN1BSGV/VJFxcpv2Sxgz4nZV/cs95MXzndDitt
Ca7mNo4P7rXqT73rj6HKZs+CtfU4nrwi2571xZ1LsVJcVmREJbR7xZzo3NzIlsgL
QKb9ZF69xl70H77q2vIIE3r5GbLmd7T9lTAlqowKuCb5ITBx/i4P4gnS3Duwaf7z
Ju58nspXPmm2MuxUQsDcas/AxG2GNcaio03h+4WV+4zO
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:37:30 2024 by rpki-client on console-ams.rpki-client.org