Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c2fd33-fd44-4e08-b424-aa1045220b5b/1/yvRwsOSFZZKsFbEMPLgWT7pnqqM.roa
File:                     yvRwsOSFZZKsFbEMPLgWT7pnqqM.roa (raw, json)
Hash identifier:          WvObjivsL6W97ymu7x6shoJ2Uv7iZ8DHg9Nx+NUcY5w=
Subject key identifier:   CA:F4:70:B0:E4:85:65:92:AC:15:B1:0C:3C:B8:16:4F:BA:67:AA:A3
Certificate issuer:       /CN=232af36b9c079da091827da3d07c9c8a5236cb54
Certificate serial:       018CC424C174E8243839A6BFACE7313E10F3
Authority key identifier: 23:2A:F3:6B:9C:07:9D:A0:91:82:7D:A3:D0:7C:9C:8A:52:36:CB:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iyrza5wHnaCRgn2j0HycilI2y1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c2fd33-fd44-4e08-b424-aa1045220b5b/1/yvRwsOSFZZKsFbEMPLgWT7pnqqM.roa
Signing time:             Mon 01 Jan 2024 08:29:52 +0000
ROA not before:           Mon 01 Jan 2024 08:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200984
IP address blocks:        185.89.180.0/22 maxlen: 24
                          2a05:da00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c2fd33-fd44-4e08-b424-aa1045220b5b/1/Iyrza5wHnaCRgn2j0HycilI2y1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c2fd33-fd44-4e08-b424-aa1045220b5b/1/Iyrza5wHnaCRgn2j0HycilI2y1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iyrza5wHnaCRgn2j0HycilI2y1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c1:74:e8:24:38:39:a6:bf:ac:e7:31:3e:10:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=232af36b9c079da091827da3d07c9c8a5236cb54
        Validity
            Not Before: Jan  1 08:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caf470b0e4856592ac15b10c3cb8164fba67aaa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a6:a6:3b:5b:91:21:af:2f:66:ad:20:45:bd:
                    ba:5c:d7:8d:5c:4f:6e:0a:7b:79:ad:58:70:82:a3:
                    ec:d7:3c:f8:12:83:2c:81:6b:8b:9a:85:af:0b:b0:
                    87:1e:25:0d:1b:c4:ec:3c:fd:24:ea:eb:aa:07:cb:
                    50:51:3c:9b:0d:ea:c6:a3:cb:b4:44:ee:59:97:99:
                    41:fa:a6:58:d6:19:a6:66:0e:e9:74:8d:c8:a5:14:
                    4e:1b:bd:07:cb:30:97:25:91:2c:15:eb:3c:93:2b:
                    bc:e4:8c:b2:0e:a1:87:17:03:41:71:f8:ca:a2:3a:
                    3d:b5:e6:e3:60:c2:98:99:2d:35:85:eb:ed:04:cc:
                    59:a4:9e:76:c6:90:08:99:14:8e:f1:1f:c7:c3:6a:
                    6f:c0:18:07:97:ae:c9:03:f0:b9:83:c1:e0:33:63:
                    8c:2e:49:8c:2e:e0:66:03:fe:7a:f9:a0:b2:4c:aa:
                    33:f1:56:64:09:8d:a7:27:95:0b:10:f1:33:5f:ac:
                    8c:e8:ad:77:ef:06:c2:a5:a2:e1:13:72:cd:0d:dc:
                    39:15:d1:e3:4b:e9:3d:64:51:c9:af:ba:3c:be:7b:
                    e5:35:13:f6:5e:c9:ec:13:6f:21:63:f3:d3:0d:15:
                    6e:48:53:b9:cd:14:3d:6d:42:58:64:24:13:50:0e:
                    44:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:F4:70:B0:E4:85:65:92:AC:15:B1:0C:3C:B8:16:4F:BA:67:AA:A3
            X509v3 Authority Key Identifier:
                keyid:23:2A:F3:6B:9C:07:9D:A0:91:82:7D:A3:D0:7C:9C:8A:52:36:CB:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iyrza5wHnaCRgn2j0HycilI2y1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c2fd33-fd44-4e08-b424-aa1045220b5b/1/yvRwsOSFZZKsFbEMPLgWT7pnqqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c2fd33-fd44-4e08-b424-aa1045220b5b/1/Iyrza5wHnaCRgn2j0HycilI2y1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.180.0/22
                IPv6:
                  2a05:da00::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:72:81:99:98:ba:dc:0f:b5:39:c1:cb:f7:85:bd:5c:c9:99:
         cb:dd:ab:52:c5:33:02:e9:1c:e1:4a:bf:5c:32:5e:a1:3a:99:
         2b:bb:9a:04:ed:91:a2:e9:fa:8f:a6:a8:08:ce:ff:cd:99:b5:
         26:33:98:65:45:a8:f1:12:b3:d1:52:03:56:a9:d3:76:6d:94:
         74:08:51:bd:5f:a4:02:a7:40:15:45:27:1a:98:1e:49:3e:dd:
         f4:db:88:ae:f2:eb:7e:50:09:6e:9a:26:53:99:b0:b8:07:ce:
         73:4b:b1:36:fb:8d:71:1b:23:93:a6:d4:f2:6d:17:cd:d3:65:
         a7:83:80:1c:ea:15:1e:cb:41:eb:bc:ef:ae:f6:55:e6:b2:f0:
         bf:39:ba:5b:21:c6:ef:1d:15:d4:ea:01:c6:6e:a9:93:86:ab:
         44:4e:d7:37:8a:5a:d5:a7:4f:46:93:2e:07:82:15:e2:8b:98:
         af:12:ca:6d:4f:40:14:95:d5:c5:2f:b6:ba:de:37:87:4f:2c:
         dd:06:fa:73:2b:1a:a8:74:7b:22:eb:43:8e:48:df:b7:72:88:
         ee:8c:f9:53:19:ba:14:87:d3:51:47:97:4a:60:d7:2d:8d:98:
         d9:a5:06:6f:4c:6b:a0:92:21:3d:2a:82:9f:95:8f:80:c4:ba:
         db:3c:9d:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJMF06CQ4Oaa/rOcxPhDzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMmFmMzZiOWMwNzlkYTA5MTgyN2RhM2QwN2M5YzhhNTIz
NmNiNTQwHhcNMjQwMTAxMDgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWY0NzBiMGU0ODU2NTkyYWMxNWIxMGMzY2I4MTY0ZmJhNjdhYWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqamO1uRIa8vZq0gRb26XNeNXE9u
Cnt5rVhwgqPs1zz4EoMsgWuLmoWvC7CHHiUNG8TsPP0k6uuqB8tQUTybDerGo8u0
RO5Zl5lB+qZY1hmmZg7pdI3IpRROG70HyzCXJZEsFes8kyu85IyyDqGHFwNBcfjK
ojo9tebjYMKYmS01hevtBMxZpJ52xpAImRSO8R/Hw2pvwBgHl67JA/C5g8HgM2OM
LkmMLuBmA/56+aCyTKoz8VZkCY2nJ5ULEPEzX6yM6K137wbCpaLhE3LNDdw5FdHj
S+k9ZFHJr7o8vnvlNRP2XsnsE28hY/PTDRVuSFO5zRQ9bUJYZCQTUA5EiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMr0cLDkhWWSrBWxDDy4Fk+6Z6qjMB8GA1UdIwQY
MBaAFCMq82ucB52gkYJ9o9B8nIpSNstUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlyemE1d0huYUNSZ24yajBIeWNpbEkyeTFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jMmZkMzMtZmQ0NC00ZTA4LWI0MjQt
YWExMDQ1MjIwYjViLzEveXZSd3NPU0ZaWktzRmJFTVBMZ1dUN3BucXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jMmZkMzMtZmQ0NC00ZTA4LWI0MjQtYWExMDQ1MjIwYjVi
LzEvSXlyemE1d0huYUNSZ24yajBIeWNpbEkyeTFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVm0MA0E
AgACMAcDBQMqBdoAMA0GCSqGSIb3DQEBCwUAA4IBAQCacoGZmLrcD7U5wcv3hb1c
yZnL3atSxTMC6RzhSr9cMl6hOpkru5oE7ZGi6fqPpqgIzv/NmbUmM5hlRajxErPR
UgNWqdN2bZR0CFG9X6QCp0AVRScamB5JPt3024iu8ut+UAlumiZTmbC4B85zS7E2
+41xGyOTptTybRfN02Wng4Ac6hUey0HrvO+u9lXmsvC/ObpbIcbvHRXU6gHGbqmT
hqtETtc3ilrVp09Gky4HghXii5ivEsptT0AUldXFL7a63jeHTyzdBvpzKxqodHsi
60OOSN+3cojujPlTGboUh9NRR5dKYNctjZjZpQZvTGugkiE9KoKflY+AxLrbPJ1B
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:13:59 2024 by rpki-client on console-ams.rpki-client.org