Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/gJWSe5nHoNEmAASovwBKDAfkIsU.roa
File:                     gJWSe5nHoNEmAASovwBKDAfkIsU.roa (raw, json)
Hash identifier:          jQblCMWeR9oTOm8dnyqhnxMh51TGmnviYohwH4IpMe8=
Subject key identifier:   80:95:92:7B:99:C7:A0:D1:26:00:04:A8:BF:00:4A:0C:07:E4:22:C5
Certificate issuer:       /CN=0f92c52f86009879c177092f7cd83418b4df8cab
Certificate serial:       018CC3494DA0C6A7E00877F872EB28DED34E
Authority key identifier: 0F:92:C5:2F:86:00:98:79:C1:77:09:2F:7C:D8:34:18:B4:DF:8C:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D5LFL4YAmHnBdwkvfNg0GLTfjKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/gJWSe5nHoNEmAASovwBKDAfkIsU.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47887
IP address blocks:        81.28.112.0/20 maxlen: 24
                          188.123.160.0/19 maxlen: 24
                          185.175.248.0/22 maxlen: 24
                          82.212.64.0/18 maxlen: 24
                          2a00:18d0::/32 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/D5LFL4YAmHnBdwkvfNg0GLTfjKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/D5LFL4YAmHnBdwkvfNg0GLTfjKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D5LFL4YAmHnBdwkvfNg0GLTfjKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4d:a0:c6:a7:e0:08:77:f8:72:eb:28:de:d3:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f92c52f86009879c177092f7cd83418b4df8cab
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8095927b99c7a0d1260004a8bf004a0c07e422c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c5:26:df:d5:90:ab:7f:a3:6f:9d:8c:99:bf:
                    ab:94:d7:59:fc:18:39:cb:43:3d:9f:c0:db:a4:80:
                    00:15:56:1c:7b:15:00:8d:af:d5:9a:c2:91:08:ec:
                    ba:6a:46:d9:6e:4a:a4:87:50:56:b0:ce:c3:36:b9:
                    f6:22:33:f6:b5:4f:93:a4:26:a0:85:4f:d0:49:82:
                    94:59:3d:bd:96:e5:8c:ee:04:50:b7:8f:8d:ef:43:
                    7b:96:0d:69:a3:6c:31:cc:fa:08:7a:5e:99:8a:41:
                    ce:b9:05:ce:e1:39:46:33:49:f3:55:f4:01:b9:d2:
                    e2:c5:da:42:79:67:0f:bb:11:3f:18:4f:f9:43:33:
                    21:98:92:0a:e3:d1:46:52:48:ff:9a:73:e4:17:f9:
                    7d:e6:3a:ab:1e:a0:9f:a0:1b:bc:9f:ab:23:de:2a:
                    e5:03:af:e9:3c:85:a2:33:23:a1:6e:ff:73:61:d1:
                    57:e2:6c:58:53:23:72:c1:0d:27:06:89:49:66:53:
                    61:9c:32:16:09:f7:f3:04:42:43:5f:71:e4:a2:1e:
                    f3:02:f2:44:ab:c2:7c:d4:08:83:4e:30:bb:7c:47:
                    a6:07:6c:0a:ff:66:cc:32:b0:b6:87:a6:ca:21:c0:
                    d6:c5:3d:85:af:91:c7:ba:89:95:45:71:54:00:c4:
                    44:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:95:92:7B:99:C7:A0:D1:26:00:04:A8:BF:00:4A:0C:07:E4:22:C5
            X509v3 Authority Key Identifier:
                keyid:0F:92:C5:2F:86:00:98:79:C1:77:09:2F:7C:D8:34:18:B4:DF:8C:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D5LFL4YAmHnBdwkvfNg0GLTfjKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/gJWSe5nHoNEmAASovwBKDAfkIsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/D5LFL4YAmHnBdwkvfNg0GLTfjKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.28.112.0/20
                  82.212.64.0/18
                  185.175.248.0/22
                  188.123.160.0/19
                IPv6:
                  2a00:18d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:a5:88:6d:63:72:55:ad:e3:80:09:15:fc:d3:3c:63:a7:5f:
         1f:0f:f4:7a:af:70:f1:72:83:3d:f1:e0:d7:9d:13:3d:6e:9d:
         1b:ab:db:11:3c:ea:f3:36:1e:9d:b8:2d:91:45:b3:6f:da:2c:
         6c:d8:5d:f7:33:e5:2e:fe:e3:f5:b4:83:70:e0:85:77:06:7a:
         d0:6e:82:f3:b1:f9:65:65:08:96:1f:82:59:1e:b9:0f:51:1d:
         cd:11:61:28:62:fd:01:77:e3:17:2d:62:c8:ee:b5:f2:e2:a3:
         55:e6:65:2a:db:8d:93:25:76:e3:e1:69:a7:89:e1:fa:c5:81:
         86:21:12:70:6c:5c:c4:8a:2a:ff:e4:20:0f:a9:c4:d3:81:ab:
         88:10:98:e2:7a:9b:28:6f:ed:6c:1a:4a:6c:a9:2c:6f:99:a1:
         3e:18:ac:55:34:f1:6e:e4:d4:84:d5:b0:35:f2:22:73:71:3b:
         fe:11:cc:b4:80:fa:e5:d0:de:2d:7c:86:5e:2d:da:bb:de:86:
         67:a7:7a:80:40:be:57:95:3f:2a:31:c6:d6:59:09:79:5e:6a:
         67:a7:22:40:47:b1:31:1b:d9:70:16:a1:ff:42:51:df:9e:2d:
         4a:33:29:9f:b7:cf:48:d0:58:75:7d:12:ac:59:c4:a3:d7:0b:
         f4:2a:ea:1f
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzDSU2gxqfgCHf4cuso3tNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmOTJjNTJmODYwMDk4NzljMTc3MDkyZjdjZDgzNDE4YjRk
ZjhjYWIwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDk1OTI3Yjk5YzdhMGQxMjYwMDA0YThiZjAwNGEwYzA3ZTQyMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMUm39WQq3+jb52Mmb+rlNdZ/Bg5
y0M9n8DbpIAAFVYcexUAja/VmsKRCOy6akbZbkqkh1BWsM7DNrn2IjP2tU+TpCag
hU/QSYKUWT29luWM7gRQt4+N70N7lg1po2wxzPoIel6ZikHOuQXO4TlGM0nzVfQB
udLixdpCeWcPuxE/GE/5QzMhmJIK49FGUkj/mnPkF/l95jqrHqCfoBu8n6sj3irl
A6/pPIWiMyOhbv9zYdFX4mxYUyNywQ0nBolJZlNhnDIWCffzBEJDX3Hkoh7zAvJE
q8J81AiDTjC7fEemB2wK/2bMMrC2h6bKIcDWxT2Fr5HHuomVRXFUAMRE5wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFICVknuZx6DRJgAEqL8ASgwH5CLFMB8GA1UdIwQY
MBaAFA+SxS+GAJh5wXcJL3zYNBi034yrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDVMRkw0WUFtSG5CZHdrdmZOZzBHTFRmaktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lOGMyODctZjA0OS00NTk1LTg2ZWIt
MGJlMjA5ZmZiYWVjLzEvZ0pXU2U1bkhvTkVtQUFTb3Z3QktEQWZrSXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lOGMyODctZjA0OS00NTk1LTg2ZWItMGJlMjA5ZmZiYWVj
LzEvRDVMRkw0WUFtSG5CZHdrdmZOZzBHTFRmaktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEURxwAwQG
UtRAAwQCua/4AwQFvHugMA0EAgACMAcDBQAqABjQMA0GCSqGSIb3DQEBCwUAA4IB
AQAopYhtY3JVreOACRX80zxjp18fD/R6r3DxcoM98eDXnRM9bp0bq9sRPOrzNh6d
uC2RRbNv2ixs2F33M+Uu/uP1tINw4IV3BnrQboLzsfllZQiWH4JZHrkPUR3NEWEo
Yv0Bd+MXLWLI7rXy4qNV5mUq242TJXbj4WmnieH6xYGGIRJwbFzEiir/5CAPqcTT
gauIEJjiepsob+1sGkpsqSxvmaE+GKxVNPFu5NSE1bA18iJzcTv+Ecy0gPrl0N4t
fIZeLdq73oZnp3qAQL5XlT8qMcbWWQl5XmpnpyJAR7ExG9lwFqH/QlHfni1KMymf
t89I0Fh1fRKsWcSj1wv0Kuof
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:35:00 2024 by rpki-client on console-ams.rpki-client.org