Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/652ef0-ae30-45ba-9970-6c1cf725d8f7/1/YGkbFJJryrwJq-APx1Zoeoh7UFI.roa
File:                     YGkbFJJryrwJq-APx1Zoeoh7UFI.roa (raw, json)
Hash identifier:          Y7MC/Xmp1bL97Tkac/WCvRzkp1jH2/7WVy8Ajh46fk8=
Subject key identifier:   60:69:1B:14:92:6B:CA:BC:09:AB:E0:0F:C7:56:68:7A:88:7B:50:52
Certificate issuer:       /CN=7d59659636089e32324697629c218da38a2b673d
Certificate serial:       018CCA2A5DEBD7A053F95C68625673F6CFD7
Authority key identifier: 7D:59:65:96:36:08:9E:32:32:46:97:62:9C:21:8D:A3:8A:2B:67:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVllljYInjIyRpdinCGNo4orZz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/652ef0-ae30-45ba-9970-6c1cf725d8f7/1/YGkbFJJryrwJq-APx1Zoeoh7UFI.roa
Signing time:             Tue 02 Jan 2024 12:33:43 +0000
ROA not before:           Tue 02 Jan 2024 12:33:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        185.94.28.0/24 maxlen: 24
                          202.61.208.0/24 maxlen: 24
                          202.61.212.0/23 maxlen: 24
                          202.61.209.0/24 maxlen: 24
                          202.61.210.0/24 maxlen: 24
                          202.61.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/652ef0-ae30-45ba-9970-6c1cf725d8f7/1/fVllljYInjIyRpdinCGNo4orZz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/652ef0-ae30-45ba-9970-6c1cf725d8f7/1/fVllljYInjIyRpdinCGNo4orZz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVllljYInjIyRpdinCGNo4orZz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5d:eb:d7:a0:53:f9:5c:68:62:56:73:f6:cf:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d59659636089e32324697629c218da38a2b673d
        Validity
            Not Before: Jan  2 12:33:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60691b14926bcabc09abe00fc756687a887b5052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:83:a5:9f:37:ba:0e:92:e5:39:02:60:7f:e6:
                    08:de:e1:e1:39:be:79:3a:2b:e0:3f:17:41:50:de:
                    e4:23:e5:b2:f8:5d:56:d9:c9:ac:0d:91:7c:a5:bd:
                    55:fc:79:db:e7:5d:4c:b7:9a:5d:55:5a:e4:7d:ba:
                    b5:10:7f:f9:61:ef:02:59:7b:1c:12:b3:e5:96:fc:
                    49:48:e4:ae:45:8a:63:3a:70:51:92:0e:94:08:75:
                    85:01:17:29:43:69:c8:06:96:01:45:ba:df:c5:95:
                    79:98:96:9f:6d:98:de:41:26:11:79:f4:eb:49:05:
                    0c:83:11:94:cf:e7:92:24:d7:e9:17:eb:7e:43:24:
                    e1:4c:1b:86:00:4b:9d:cd:d0:f4:a7:f5:45:3b:f4:
                    db:51:fe:ec:cf:b3:75:8b:00:d3:66:59:c6:60:2f:
                    98:d2:29:60:2d:0d:9f:7f:71:cc:5e:3b:54:52:23:
                    8f:08:35:b7:c5:70:c6:2d:2a:98:b1:76:aa:c9:72:
                    a3:4e:f8:51:a6:bf:32:ff:a0:64:5c:85:06:ce:74:
                    37:a3:02:2d:42:1e:be:b3:2c:e2:bd:9d:e2:06:a5:
                    8a:94:71:f7:55:9b:b6:6f:a2:78:76:b7:5d:95:72:
                    d1:1e:ff:46:2d:ed:b2:70:dc:e7:31:3f:78:9c:76:
                    7f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:69:1B:14:92:6B:CA:BC:09:AB:E0:0F:C7:56:68:7A:88:7B:50:52
            X509v3 Authority Key Identifier:
                keyid:7D:59:65:96:36:08:9E:32:32:46:97:62:9C:21:8D:A3:8A:2B:67:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVllljYInjIyRpdinCGNo4orZz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/652ef0-ae30-45ba-9970-6c1cf725d8f7/1/YGkbFJJryrwJq-APx1Zoeoh7UFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/652ef0-ae30-45ba-9970-6c1cf725d8f7/1/fVllljYInjIyRpdinCGNo4orZz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.28.0/24
                  202.61.208.0-202.61.213.255

    Signature Algorithm: sha256WithRSAEncryption
         a4:11:ac:26:c9:14:8d:0c:3e:1e:af:44:0c:65:cd:16:81:da:
         63:a0:0e:07:f6:3f:36:5a:16:20:26:aa:21:23:f9:67:2f:fb:
         db:7a:1f:3e:ae:6e:7b:90:44:c7:77:98:d7:f6:c0:5f:65:d4:
         b5:5f:bd:a4:bf:e9:a7:71:09:0c:d6:26:0f:aa:e7:10:c7:eb:
         91:31:f9:98:bd:fb:72:2b:fa:0e:83:0a:78:81:3c:02:4f:c7:
         0a:1c:ff:f1:65:b3:68:e3:20:59:81:15:ee:88:5b:ff:ce:ff:
         18:5f:2b:88:73:cf:9e:d2:34:7d:2b:cc:32:44:ab:9a:61:16:
         72:fb:48:7f:7f:03:dc:bf:f1:9d:69:4e:65:1f:dd:ed:4e:db:
         72:0c:c8:3d:86:db:98:d8:7f:01:15:68:a6:b3:c6:11:59:a3:
         87:ce:a4:5c:92:7c:a9:56:a1:0a:31:0b:b2:ce:03:a1:a8:37:
         89:36:40:c0:6a:4e:b8:0c:de:85:69:e8:7c:66:8d:87:c5:d1:
         6b:96:00:67:a9:d2:db:f5:5d:fa:78:dd:b7:de:af:3d:b1:d9:
         f1:92:24:e5:8f:4d:ae:80:46:8d:b8:26:2d:c7:b4:d8:21:9b:
         ec:e9:59:15:5d:8c:7e:38:1a:d2:9c:c2:43:03:f2:b7:18:6f:
         90:3b:24:0b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzKKl3r16BT+VxoYlZz9s/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTk2NTk2MzYwODllMzIzMjQ2OTc2MjljMjE4ZGEzOGEy
YjY3M2QwHhcNMjQwMTAyMTIzMzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDY5MWIxNDkyNmJjYWJjMDlhYmUwMGZjNzU2Njg3YTg4N2I1MDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4Olnze6DpLlOQJgf+YI3uHhOb55
OivgPxdBUN7kI+Wy+F1W2cmsDZF8pb1V/Hnb511Mt5pdVVrkfbq1EH/5Ye8CWXsc
ErPllvxJSOSuRYpjOnBRkg6UCHWFARcpQ2nIBpYBRbrfxZV5mJafbZjeQSYRefTr
SQUMgxGUz+eSJNfpF+t+QyThTBuGAEudzdD0p/VFO/TbUf7sz7N1iwDTZlnGYC+Y
0ilgLQ2ff3HMXjtUUiOPCDW3xXDGLSqYsXaqyXKjTvhRpr8y/6BkXIUGznQ3owIt
Qh6+syzivZ3iBqWKlHH3VZu2b6J4drddlXLRHv9GLe2ycNznMT94nHZ/2QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGBpGxSSa8q8CavgD8dWaHqIe1BSMB8GA1UdIwQY
MBaAFH1ZZZY2CJ4yMkaXYpwhjaOKK2c9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZsbGxqWUluakl5UnBkaW5DR05vNG9yWnowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy82NTJlZjAtYWUzMC00NWJhLTk5NzAt
NmMxY2Y3MjVkOGY3LzEvWUdrYkZKSnJ5cndKcS1BUHgxWm9lb2g3VUZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy82NTJlZjAtYWUzMC00NWJhLTk5NzAtNmMxY2Y3MjVkOGY3
LzEvZlZsbGxqWUluakl5UnBkaW5DR05vNG9yWnowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuV4cMAwD
BATKPdADBAHKPdQwDQYJKoZIhvcNAQELBQADggEBAKQRrCbJFI0MPh6vRAxlzRaB
2mOgDgf2PzZaFiAmqiEj+Wcv+9t6Hz6ubnuQRMd3mNf2wF9l1LVfvaS/6adxCQzW
Jg+q5xDH65Ex+Zi9+3Ir+g6DCniBPAJPxwoc//Fls2jjIFmBFe6IW//O/xhfK4hz
z57SNH0rzDJEq5phFnL7SH9/A9y/8Z1pTmUf3e1O23IMyD2G25jYfwEVaKazxhFZ
o4fOpFySfKlWoQoxC7LOA6GoN4k2QMBqTrgM3oVp6HxmjYfF0WuWAGep0tv1Xfp4
3bferz2x2fGSJOWPTa6ARo24Ji3HtNghm+zpWRVdjH44GtKcwkMD8rcYb5A7JAs=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:09:51 2024 by rpki-client on console-ams.rpki-client.org