Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/525952-7afb-443d-af0a-77c3e1c8f6de/1/N-pyI5F-x0GGXUe8Wk5BxR4LMhA.roa
File:                     N-pyI5F-x0GGXUe8Wk5BxR4LMhA.roa (raw, json)
Hash identifier:          qAePT6DnTxf5Yf4WpxFRpRjO5qXqMTxxSELYuVVQh6g=
Subject key identifier:   37:EA:72:23:91:7E:C7:41:86:5D:47:BC:5A:4E:41:C5:1E:0B:32:10
Certificate issuer:       /CN=c66261c339c5edf8d8c483f08e46b8480a805ef1
Certificate serial:       018CC8DE7C6C769663FCD4B6EC120BAE4DD7
Authority key identifier: C6:62:61:C3:39:C5:ED:F8:D8:C4:83:F0:8E:46:B8:48:0A:80:5E:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJhwznF7fjYxIPwjka4SAqAXvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/525952-7afb-443d-af0a-77c3e1c8f6de/1/N-pyI5F-x0GGXUe8Wk5BxR4LMhA.roa
Signing time:             Tue 02 Jan 2024 06:31:13 +0000
ROA not before:           Tue 02 Jan 2024 06:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202844
IP address blocks:        185.151.208.0/22 maxlen: 22
                          185.151.208.0/23 maxlen: 23
                          185.151.210.0/23 maxlen: 23
                          2a0e:e640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/525952-7afb-443d-af0a-77c3e1c8f6de/1/xmJhwznF7fjYxIPwjka4SAqAXvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/525952-7afb-443d-af0a-77c3e1c8f6de/1/xmJhwznF7fjYxIPwjka4SAqAXvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJhwznF7fjYxIPwjka4SAqAXvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:7c:6c:76:96:63:fc:d4:b6:ec:12:0b:ae:4d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66261c339c5edf8d8c483f08e46b8480a805ef1
        Validity
            Not Before: Jan  2 06:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37ea7223917ec741865d47bc5a4e41c51e0b3210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:29:68:8c:b1:2c:6f:e0:0e:09:2e:e3:eb:a6:
                    bc:27:9e:33:05:17:cd:dd:90:0e:1c:6d:af:d6:14:
                    94:90:94:a4:a7:3e:05:5b:f4:e2:0d:00:e7:50:2f:
                    e5:eb:77:18:f4:3e:2f:e8:6c:43:2f:19:e0:1b:59:
                    29:a9:e2:96:f1:9d:b7:64:9f:d6:48:67:df:35:ba:
                    94:cc:5f:14:d0:51:86:06:8a:3b:87:fc:b3:d7:90:
                    67:c6:8f:63:59:a1:e8:4c:17:dd:ae:03:af:e7:3c:
                    d0:f4:c4:3c:d5:78:83:c6:b7:5f:ee:9f:82:7e:92:
                    2e:58:43:d4:7a:a9:c9:d4:fb:ab:f4:fe:fd:a7:60:
                    cf:ed:9a:2e:1f:65:2b:0c:eb:2f:96:91:8a:3c:34:
                    f3:e5:75:c8:39:67:6c:41:ff:f0:af:60:b9:f6:6f:
                    e6:9e:f5:56:f3:c2:6f:cf:aa:ff:2f:66:3b:b7:8b:
                    98:50:47:08:14:70:f7:ee:fd:fd:a0:07:a7:9d:55:
                    94:93:56:24:e9:4c:69:e6:91:ae:1e:43:fd:c2:a9:
                    93:71:5e:b2:53:b4:eb:f3:a4:47:d6:5b:1b:6d:6c:
                    1c:eb:b7:bc:94:d6:3b:10:ce:f6:ae:51:f5:cb:7a:
                    d8:f3:23:ff:8b:2e:0c:1b:c2:71:0e:ab:43:cf:ed:
                    e7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:EA:72:23:91:7E:C7:41:86:5D:47:BC:5A:4E:41:C5:1E:0B:32:10
            X509v3 Authority Key Identifier:
                keyid:C6:62:61:C3:39:C5:ED:F8:D8:C4:83:F0:8E:46:B8:48:0A:80:5E:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJhwznF7fjYxIPwjka4SAqAXvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/525952-7afb-443d-af0a-77c3e1c8f6de/1/N-pyI5F-x0GGXUe8Wk5BxR4LMhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/525952-7afb-443d-af0a-77c3e1c8f6de/1/xmJhwznF7fjYxIPwjka4SAqAXvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.208.0/22
                IPv6:
                  2a0e:e640::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:de:72:35:e4:22:57:25:ca:d2:e3:39:32:26:d8:f5:6f:57:
         9d:16:8d:a6:88:2a:25:09:fe:ae:b3:73:18:28:67:37:f1:6b:
         c3:02:5e:b5:07:97:7f:f1:c5:88:0e:42:79:a0:b0:fe:9b:6c:
         01:3b:cb:98:ba:55:52:8e:79:91:c6:90:cf:5a:05:32:db:c3:
         ae:0a:fa:4a:31:60:5a:2d:9d:50:0e:82:c1:b0:24:31:d3:41:
         0c:89:4d:fc:c6:6b:36:02:50:79:df:e3:09:21:d5:10:73:2b:
         18:67:4a:47:1d:86:5c:32:4e:15:16:4b:a5:af:53:25:26:af:
         87:97:00:24:06:6d:c7:83:35:dc:5d:07:4e:d6:fa:a1:06:7a:
         b6:a8:05:69:69:51:ce:b5:83:6d:cb:3e:3f:98:fa:7e:b2:57:
         2a:8f:4e:85:9c:60:8b:a8:92:38:dc:b2:2e:f3:b8:1c:70:96:
         f6:1b:55:75:3e:a6:86:79:63:b8:99:69:77:ce:be:26:39:a9:
         08:09:e6:fa:5f:16:69:9b:fd:37:14:d6:5f:7f:fc:1f:6d:50:
         65:dd:06:c8:f8:53:fc:50:9d:b4:05:69:54:c6:2e:58:46:55:
         a0:dd:7a:48:10:00:76:50:96:d5:36:74:8c:71:ff:99:42:21:
         8d:2b:0a:bf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3nxsdpZj/NS27BILrk3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2MWMzMzljNWVkZjhkOGM0ODNmMDhlNDZiODQ4MGE4
MDVlZjEwHhcNMjQwMTAyMDYzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2VhNzIyMzkxN2VjNzQxODY1ZDQ3YmM1YTRlNDFjNTFlMGIzMjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhClojLEsb+AOCS7j66a8J54zBRfN
3ZAOHG2v1hSUkJSkpz4FW/TiDQDnUC/l63cY9D4v6GxDLxngG1kpqeKW8Z23ZJ/W
SGffNbqUzF8U0FGGBoo7h/yz15Bnxo9jWaHoTBfdrgOv5zzQ9MQ81XiDxrdf7p+C
fpIuWEPUeqnJ1Pur9P79p2DP7ZouH2UrDOsvlpGKPDTz5XXIOWdsQf/wr2C59m/m
nvVW88Jvz6r/L2Y7t4uYUEcIFHD37v39oAennVWUk1Yk6Uxp5pGuHkP9wqmTcV6y
U7Tr86RH1lsbbWwc67e8lNY7EM72rlH1y3rY8yP/iy4MG8JxDqtDz+3neQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDfqciORfsdBhl1HvFpOQcUeCzIQMB8GA1UdIwQY
MBaAFMZiYcM5xe342MSD8I5GuEgKgF7xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KaHd6bkY3ZmpZeElQd2prYTRTQXFBWHZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS81MjU5NTItN2FmYi00NDNkLWFmMGEt
NzdjM2UxYzhmNmRlLzEvTi1weUk1Ri14MEdHWFVlOFdrNUJ4UjRMTWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS81MjU5NTItN2FmYi00NDNkLWFmMGEtNzdjM2UxYzhmNmRl
LzEveG1KaHd6bkY3ZmpZeElQd2prYTRTQXFBWHZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZfQMA0E
AgACMAcDBQMqDuZAMA0GCSqGSIb3DQEBCwUAA4IBAQBN3nI15CJXJcrS4zkyJtj1
b1edFo2miColCf6us3MYKGc38WvDAl61B5d/8cWIDkJ5oLD+m2wBO8uYulVSjnmR
xpDPWgUy28OuCvpKMWBaLZ1QDoLBsCQx00EMiU38xms2AlB53+MJIdUQcysYZ0pH
HYZcMk4VFkulr1MlJq+HlwAkBm3HgzXcXQdO1vqhBnq2qAVpaVHOtYNtyz4/mPp+
slcqj06FnGCLqJI43LIu87gccJb2G1V1PqaGeWO4mWl3zr4mOakICeb6XxZpm/03
FNZff/wfbVBl3QbI+FP8UJ20BWlUxi5YRlWg3XpIEAB2UJbVNnSMcf+ZQiGNKwq/
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:38:41 2024 by rpki-client on console-ams.rpki-client.org