Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/KOgnCQq2e_EiOqSOCIumPoYtzNE.roa
File:                     KOgnCQq2e_EiOqSOCIumPoYtzNE.roa (raw, json)
Hash identifier:          alVXywodtTLvU07tkVFVGj6Rb2PrhdJcOLjb0+ZAIkU=
Subject key identifier:   28:E8:27:09:0A:B6:7B:F1:22:3A:A4:8E:08:8B:A6:3E:86:2D:CC:D1
Certificate issuer:       /CN=5a141c5090824d0a17c29ec4050e21007113fbda
Certificate serial:       018CC2DAEA7E8F7BAB3CCC11444427FB4C31
Authority key identifier: 5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/KOgnCQq2e_EiOqSOCIumPoYtzNE.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        185.85.76.0/22 maxlen: 22
                          91.190.168.0/21 maxlen: 21
                          5.63.24.0/21 maxlen: 21
                          2a02:798::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ea:7e:8f:7b:ab:3c:cc:11:44:44:27:fb:4c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a141c5090824d0a17c29ec4050e21007113fbda
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28e827090ab67bf1223aa48e088ba63e862dccd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e8:2f:d8:83:58:f9:b3:7d:ae:c3:5c:c2:a5:
                    a0:f3:8d:1e:ce:3b:2e:d8:04:84:68:10:f0:77:91:
                    5d:52:b0:87:c5:f5:24:ca:e2:87:78:89:bf:44:d2:
                    93:62:65:a6:c2:e7:c9:44:3d:e1:5b:49:88:17:86:
                    32:57:08:c3:a6:69:b6:65:1a:50:b1:fa:27:99:1f:
                    b4:c9:83:66:14:71:a2:af:7b:03:88:61:79:ba:25:
                    2e:d1:e6:78:eb:8d:b6:4c:f8:9c:74:2c:76:e4:de:
                    fb:b7:0e:2e:db:3f:93:fa:95:57:95:28:73:6b:07:
                    23:d2:fc:c7:43:c4:09:b2:79:5b:6e:be:38:6d:48:
                    6a:6d:ae:ab:b0:0b:b5:0b:a8:7b:72:e6:d0:80:de:
                    9f:af:37:a0:2b:00:8d:8f:f2:e0:74:d2:8c:7d:dc:
                    99:3d:69:12:35:b5:52:4f:33:8f:46:cf:76:1a:f0:
                    eb:10:38:7b:ed:a7:16:60:cd:87:5e:86:b9:1f:f8:
                    eb:61:04:56:2e:2a:68:06:94:a4:0f:87:e1:c5:6e:
                    61:0f:62:ae:54:08:e5:1c:c3:7e:82:52:8c:bf:3d:
                    35:ee:cb:77:74:de:f7:7f:08:d5:a8:ba:17:05:62:
                    0e:30:fa:97:34:a2:97:eb:d8:61:61:97:55:44:79:
                    e2:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:E8:27:09:0A:B6:7B:F1:22:3A:A4:8E:08:8B:A6:3E:86:2D:CC:D1
            X509v3 Authority Key Identifier:
                keyid:5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/KOgnCQq2e_EiOqSOCIumPoYtzNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.24.0/21
                  91.190.168.0/21
                  185.85.76.0/22
                IPv6:
                  2a02:798::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:9e:a2:76:56:b2:d6:62:03:70:0e:36:b4:16:db:20:1a:42:
         ee:b9:cb:fe:98:e4:8e:b0:58:54:9d:30:4e:8e:b2:8b:f2:bb:
         7e:84:52:36:94:a2:44:84:78:5c:30:b7:f0:6c:41:49:cd:15:
         26:c2:2b:6d:16:3d:00:08:04:c6:f4:f9:9e:b9:57:88:b3:65:
         d0:d8:9c:f1:70:08:ef:5c:d7:c0:9e:c7:24:1c:1d:d9:cf:63:
         bc:95:ee:69:a9:76:9e:d7:ae:c6:3a:24:e9:f3:8c:45:f3:f1:
         87:4b:9b:25:e0:93:31:7f:de:0f:97:d8:ea:4a:4d:38:69:c1:
         30:7c:cf:9c:fb:3f:9b:bf:9a:1a:16:c4:f5:a0:13:3c:78:18:
         0b:b2:ca:b3:dd:a0:36:6c:8a:f5:29:82:07:08:b1:03:5b:e7:
         ee:58:cc:b0:ea:75:9f:94:c3:13:23:e4:9d:b9:cb:c6:6d:fc:
         63:7a:3c:7a:77:a1:d2:29:3d:23:a7:6d:11:e8:3b:f7:9a:ae:
         48:d4:0e:f9:2f:44:93:c3:4d:40:4d:d1:2d:5a:d2:0e:a7:93:
         11:ac:ef:20:c9:36:57:0a:b8:c5:8c:ad:46:f0:d6:28:ee:11:
         fb:1e:c5:15:75:76:9d:26:8a:9c:af:0b:fd:df:f7:16:dd:45:
         9d:72:1d:11
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzC2up+j3urPMwRREQn+0wxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTQxYzUwOTA4MjRkMGExN2MyOWVjNDA1MGUyMTAwNzEx
M2ZiZGEwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGU4MjcwOTBhYjY3YmYxMjIzYWE0OGUwODhiYTYzZTg2MmRjY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxegv2INY+bN9rsNcwqWg840ezjsu
2ASEaBDwd5FdUrCHxfUkyuKHeIm/RNKTYmWmwufJRD3hW0mIF4YyVwjDpmm2ZRpQ
sfonmR+0yYNmFHGir3sDiGF5uiUu0eZ46422TPicdCx25N77tw4u2z+T+pVXlShz
awcj0vzHQ8QJsnlbbr44bUhqba6rsAu1C6h7cubQgN6frzegKwCNj/LgdNKMfdyZ
PWkSNbVSTzOPRs92GvDrEDh77acWYM2HXoa5H/jrYQRWLipoBpSkD4fhxW5hD2Ku
VAjlHMN+glKMvz017st3dN73fwjVqLoXBWIOMPqXNKKX69hhYZdVRHniUwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCjoJwkKtnvxIjqkjgiLpj6GLczRMB8GA1UdIwQY
MBaAFFoUHFCQgk0KF8KexAUOIQBxE/vaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUt
ZWNlZWZmOGU4NGUwLzEvS09nbkNRcTJlX0VpT3FTT0NJdW1Qb1l0ek5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUtZWNlZWZmOGU4NGUw
LzEvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBT8YAwQD
W76oAwQCuVVMMA0EAgACMAcDBQAqAgeYMA0GCSqGSIb3DQEBCwUAA4IBAQBqnqJ2
VrLWYgNwDja0FtsgGkLuucv+mOSOsFhUnTBOjrKL8rt+hFI2lKJEhHhcMLfwbEFJ
zRUmwittFj0ACATG9PmeuVeIs2XQ2JzxcAjvXNfAnsckHB3Zz2O8le5pqXae167G
OiTp84xF8/GHS5sl4JMxf94Pl9jqSk04acEwfM+c+z+bv5oaFsT1oBM8eBgLssqz
3aA2bIr1KYIHCLEDW+fuWMyw6nWflMMTI+SducvGbfxjejx6d6HSKT0jp20R6Dv3
mq5I1A75L0STw01ATdEtWtIOp5MRrO8gyTZXCrjFjK1G8NYo7hH7HsUVdXadJoqc
rwv93/cW3UWdch0R
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:07:03 2024 by rpki-client on console-ams.rpki-client.org