Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/kEKEUvdU-ZG69qsSiMb8vq-5av4.roa
File:                     kEKEUvdU-ZG69qsSiMb8vq-5av4.roa (raw, json)
Hash identifier:          bri6Y4b0BezF2wKHisZjlAWqkk13BYb8wU37wiJ4usk=
Subject key identifier:   90:42:84:52:F7:54:F9:91:BA:F6:AB:12:88:C6:FC:BE:AF:B9:6A:FE
Certificate issuer:       /CN=5a141c5090824d0a17c29ec4050e21007113fbda
Certificate serial:       018CC2DAE92DBE1165E8168C537BBED20814
Authority key identifier: 5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/kEKEUvdU-ZG69qsSiMb8vq-5av4.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        185.85.76.0/22 maxlen: 22
                          91.190.168.0/21 maxlen: 21
                          5.63.24.0/21 maxlen: 21
                          2a02:798::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e9:2d:be:11:65:e8:16:8c:53:7b:be:d2:08:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a141c5090824d0a17c29ec4050e21007113fbda
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90428452f754f991baf6ab1288c6fcbeafb96afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:91:f3:da:06:85:10:9b:42:5a:f7:d3:46:4a:
                    30:c4:16:4a:e6:eb:42:15:9a:19:c6:15:6f:c8:80:
                    b3:13:01:af:15:73:ab:96:6f:3e:22:c6:18:50:2f:
                    2a:42:cb:db:e0:f1:c8:6a:67:26:45:8f:1f:d9:b2:
                    63:42:58:75:2b:af:91:47:f3:d6:e9:cf:bc:2d:0b:
                    32:ba:95:8c:63:21:c9:ca:37:0b:db:a5:c2:4b:ed:
                    e6:82:c1:57:cb:da:ad:78:c9:75:38:7c:67:be:3c:
                    14:e9:5b:81:a0:b0:93:b3:d7:ed:08:8c:8e:e0:02:
                    51:0f:ce:7b:3a:46:c1:1f:df:d5:fb:6e:21:cf:16:
                    61:c0:fd:37:1e:9d:c4:95:ce:50:2b:4d:3e:6a:9c:
                    66:2c:9b:17:08:23:e1:8b:db:2b:2b:ec:59:9e:ce:
                    db:0f:57:aa:be:29:49:5f:39:22:9e:1b:d9:d3:43:
                    18:35:8e:16:c1:8f:d1:38:9b:3a:7c:f1:e5:94:36:
                    59:a8:ff:ca:8d:0e:ae:f4:8a:c0:48:6a:01:16:b6:
                    66:8c:94:2c:36:79:a6:4a:96:86:73:75:8e:fa:7d:
                    52:3a:07:04:a8:b9:ab:96:98:a6:6c:d6:62:d2:b2:
                    c4:dd:c0:8c:a8:86:b3:1e:9b:9d:7d:e8:8e:68:ad:
                    6f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:42:84:52:F7:54:F9:91:BA:F6:AB:12:88:C6:FC:BE:AF:B9:6A:FE
            X509v3 Authority Key Identifier:
                keyid:5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/kEKEUvdU-ZG69qsSiMb8vq-5av4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.24.0/21
                  91.190.168.0/21
                  185.85.76.0/22
                IPv6:
                  2a02:798::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:c3:5d:80:ab:ad:2f:ec:3a:20:a3:aa:85:67:91:49:39:03:
         27:81:2d:21:4e:86:84:30:50:b9:1c:b3:b3:4b:09:c6:6b:1a:
         32:4d:57:19:c6:6d:25:eb:25:e3:bd:d2:ea:00:f1:82:71:6b:
         c5:a4:24:c9:40:d1:54:32:7e:36:e8:57:78:4f:d6:a7:e9:23:
         80:14:32:04:e2:91:bf:66:78:ce:22:b6:21:eb:dd:78:c3:7a:
         9d:19:53:16:33:d5:68:c4:c8:63:7a:b2:ad:fe:70:2a:e3:57:
         91:9d:0a:65:87:b4:05:49:cf:c6:9f:91:35:0d:45:75:b3:79:
         61:58:21:03:36:84:b2:2d:7e:14:c4:37:b2:54:9a:09:17:46:
         73:aa:27:52:e5:cd:64:f8:5c:4f:ca:ce:05:36:e6:30:0b:f9:
         d2:c2:6c:98:08:d4:49:2a:be:b4:a1:e0:5f:df:2a:90:e9:b7:
         e7:2f:e0:4f:7e:57:01:6e:46:85:8a:ab:71:03:26:f5:8f:39:
         9a:31:f9:87:af:a0:6e:63:f7:6a:64:2e:6d:14:f1:aa:dc:ce:
         d1:e3:8e:6f:5d:f1:b4:48:9b:a7:54:89:ac:f1:43:d5:3f:da:
         bb:dd:8e:d0:3d:da:b0:8d:28:e5:1e:9a:5f:f6:9a:a2:b6:33:
         2a:53:77:63
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzC2uktvhFl6BaMU3u+0ggUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTQxYzUwOTA4MjRkMGExN2MyOWVjNDA1MGUyMTAwNzEx
M2ZiZGEwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDQyODQ1MmY3NTRmOTkxYmFmNmFiMTI4OGM2ZmNiZWFmYjk2YWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpHz2gaFEJtCWvfTRkowxBZK5utC
FZoZxhVvyICzEwGvFXOrlm8+IsYYUC8qQsvb4PHIamcmRY8f2bJjQlh1K6+RR/PW
6c+8LQsyupWMYyHJyjcL26XCS+3mgsFXy9qteMl1OHxnvjwU6VuBoLCTs9ftCIyO
4AJRD857OkbBH9/V+24hzxZhwP03Hp3Elc5QK00+apxmLJsXCCPhi9srK+xZns7b
D1eqvilJXzkinhvZ00MYNY4WwY/ROJs6fPHllDZZqP/KjQ6u9IrASGoBFrZmjJQs
NnmmSpaGc3WO+n1SOgcEqLmrlpimbNZi0rLE3cCMqIazHpudfeiOaK1vXwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJBChFL3VPmRuvarEojG/L6vuWr+MB8GA1UdIwQY
MBaAFFoUHFCQgk0KF8KexAUOIQBxE/vaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUt
ZWNlZWZmOGU4NGUwLzEva0VLRVV2ZFUtWkc2OXFzU2lNYjh2cS01YXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUtZWNlZWZmOGU4NGUw
LzEvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBT8YAwQD
W76oAwQCuVVMMA0EAgACMAcDBQAqAgeYMA0GCSqGSIb3DQEBCwUAA4IBAQBiw12A
q60v7Dogo6qFZ5FJOQMngS0hToaEMFC5HLOzSwnGaxoyTVcZxm0l6yXjvdLqAPGC
cWvFpCTJQNFUMn426Fd4T9an6SOAFDIE4pG/ZnjOIrYh6914w3qdGVMWM9VoxMhj
erKt/nAq41eRnQplh7QFSc/Gn5E1DUV1s3lhWCEDNoSyLX4UxDeyVJoJF0ZzqidS
5c1k+FxPys4FNuYwC/nSwmyYCNRJKr60oeBf3yqQ6bfnL+BPflcBbkaFiqtxAyb1
jzmaMfmHr6BuY/dqZC5tFPGq3M7R445vXfG0SJunVIms8UPVP9q73Y7QPdqwjSjl
Hppf9pqitjMqU3dj
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:52:48 2024 by rpki-client on console-fra.rpki-client.org