Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/QOvI-aPjyBYHDsXiNNA1Huh3oo4.roa
File:                     QOvI-aPjyBYHDsXiNNA1Huh3oo4.roa (raw, json)
Hash identifier:          ckgU1+HuLWudEmEFVpgG2rQHbph4ywnNyAzoIk/yUY8=
Subject key identifier:   40:EB:C8:F9:A3:E3:C8:16:07:0E:C5:E2:34:D0:35:1E:E8:77:A2:8E
Certificate issuer:       /CN=9280aa6150904e20f884a463c9b66ae6d4161b9b
Certificate serial:       018CC3B6838399D83494B9881D8C0CD6DCBF
Authority key identifier: 92:80:AA:61:50:90:4E:20:F8:84:A4:63:C9:B6:6A:E6:D4:16:1B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/koCqYVCQTiD4hKRjybZq5tQWG5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/QOvI-aPjyBYHDsXiNNA1Huh3oo4.roa
Signing time:             Mon 01 Jan 2024 06:29:27 +0000
ROA not before:           Mon 01 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201520
IP address blocks:        185.95.0.0/24 maxlen: 24
                          185.95.3.0/24 maxlen: 24
                          185.95.2.0/24 maxlen: 24
                          185.15.198.0/24 maxlen: 24
                          185.15.197.0/24 maxlen: 24
                          185.15.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/koCqYVCQTiD4hKRjybZq5tQWG5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/koCqYVCQTiD4hKRjybZq5tQWG5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/koCqYVCQTiD4hKRjybZq5tQWG5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:83:83:99:d8:34:94:b9:88:1d:8c:0c:d6:dc:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9280aa6150904e20f884a463c9b66ae6d4161b9b
        Validity
            Not Before: Jan  1 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40ebc8f9a3e3c816070ec5e234d0351ee877a28e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:89:43:23:bd:3a:33:bd:35:49:70:a7:6d:23:
                    cb:de:7f:8e:25:22:2a:de:15:c6:83:2d:1f:50:f7:
                    0a:b8:73:db:d9:91:32:14:4d:39:b3:a2:66:aa:09:
                    44:39:b1:15:6c:ec:55:38:1b:68:e6:88:b2:ce:d0:
                    29:ab:98:fa:36:75:bf:41:89:d9:06:74:4d:89:9d:
                    17:62:80:f9:a1:50:5a:1f:d4:ff:58:02:0a:67:cb:
                    15:9a:85:f4:58:3f:b6:6e:e1:c7:04:65:d5:0e:e4:
                    73:37:ae:6e:9d:22:e2:b1:d4:c0:fe:6c:42:95:ac:
                    72:bf:07:6f:cf:74:da:6a:26:06:89:3c:40:74:e5:
                    08:37:dc:c8:98:00:36:28:48:2e:34:1c:3e:c1:af:
                    38:0d:fe:b7:93:08:1a:b8:32:00:b3:9e:85:70:0f:
                    09:fc:29:b3:5d:8d:12:ad:b0:fd:0d:05:50:b1:44:
                    b5:3d:9d:33:d5:72:b2:7c:ae:60:b7:53:ae:a9:41:
                    bc:6f:d7:26:b8:00:b3:01:55:70:ee:a1:68:49:e0:
                    cb:15:a8:9a:5e:ad:bd:0a:23:69:5d:be:74:50:86:
                    ed:86:0c:0b:b1:d1:0b:70:6b:4a:ce:6b:b5:18:5f:
                    81:6e:fb:c2:fb:ba:12:3e:04:b4:d3:72:31:6d:b8:
                    3d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:EB:C8:F9:A3:E3:C8:16:07:0E:C5:E2:34:D0:35:1E:E8:77:A2:8E
            X509v3 Authority Key Identifier:
                keyid:92:80:AA:61:50:90:4E:20:F8:84:A4:63:C9:B6:6A:E6:D4:16:1B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/koCqYVCQTiD4hKRjybZq5tQWG5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/QOvI-aPjyBYHDsXiNNA1Huh3oo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/koCqYVCQTiD4hKRjybZq5tQWG5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.196.0-185.15.198.255
                  185.95.0.0/24
                  185.95.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:89:85:85:34:15:e2:99:02:1e:f0:13:43:d0:5a:73:bf:fe:
         e0:45:55:cc:c8:49:bd:1e:67:68:bb:92:a1:08:97:3f:e2:05:
         62:51:f5:f7:72:0e:8d:18:5d:82:12:d7:a4:b5:ef:b2:96:d9:
         7e:0e:12:3a:3b:d2:e4:ab:75:fe:a8:fd:15:cb:ee:18:67:70:
         c9:c1:5c:03:a9:f0:89:4d:72:84:6a:ab:25:80:c0:38:e4:bf:
         cc:d6:65:86:71:f0:7c:71:22:44:b3:11:a0:06:53:42:f5:2c:
         4f:b8:55:ab:dc:45:2f:bb:f1:71:21:14:14:df:2e:44:61:73:
         af:57:b9:d3:6a:a1:f1:e0:6f:79:58:3b:8c:9f:8f:aa:43:45:
         12:06:76:1e:47:d7:69:2a:89:cb:40:fc:60:4f:6c:60:49:2d:
         a6:a3:3a:0e:5d:a9:f0:39:e5:d7:39:d9:19:29:ef:9a:73:2d:
         98:de:27:77:2b:b9:26:13:98:6d:2c:b1:22:b6:af:cc:00:17:
         4f:18:fb:0b:0f:a0:7e:68:b6:e5:3a:a9:ea:27:27:dc:32:71:
         44:e9:8e:79:a1:43:84:c6:c8:65:3f:0b:16:1d:3d:f0:dd:9b:
         36:7c:76:da:e6:7d:99:de:40:1f:1b:26:69:a4:46:cc:99:68:
         f8:32:e5:9c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzDtoODmdg0lLmIHYwM1ty/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyODBhYTYxNTA5MDRlMjBmODg0YTQ2M2M5YjY2YWU2ZDQx
NjFiOWIwHhcNMjQwMTAxMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGViYzhmOWEzZTNjODE2MDcwZWM1ZTIzNGQwMzUxZWU4NzdhMjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIlDI706M701SXCnbSPL3n+OJSIq
3hXGgy0fUPcKuHPb2ZEyFE05s6JmqglEObEVbOxVOBto5oiyztApq5j6NnW/QYnZ
BnRNiZ0XYoD5oVBaH9T/WAIKZ8sVmoX0WD+2buHHBGXVDuRzN65unSLisdTA/mxC
laxyvwdvz3TaaiYGiTxAdOUIN9zImAA2KEguNBw+wa84Df63kwgauDIAs56FcA8J
/CmzXY0SrbD9DQVQsUS1PZ0z1XKyfK5gt1OuqUG8b9cmuACzAVVw7qFoSeDLFaia
Xq29CiNpXb50UIbthgwLsdELcGtKzmu1GF+BbvvC+7oSPgS003Ixbbg9ZwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFEDryPmj48gWBw7F4jTQNR7od6KOMB8GA1UdIwQY
MBaAFJKAqmFQkE4g+ISkY8m2aubUFhubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva29DcVlWQ1FUaUQ0aEtSanliWnE1dFFXRzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9kMDhiYmQtMDhiMC00YTIyLThiNTct
N2UwMTcxMTUwY2ZiLzEvUU92SS1hUGp5QllIRHNYaU5OQTFIdWgzb280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9kMDhiYmQtMDhiMC00YTIyLThiNTctN2UwMTcxMTUwY2Zi
LzEva29DcVlWQ1FUaUQ0aEtSanliWnE1dFFXRzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAK5D8QD
BAC5D8YDBAC5XwADBAG5XwIwDQYJKoZIhvcNAQELBQADggEBAEyJhYU0FeKZAh7w
E0PQWnO//uBFVczISb0eZ2i7kqEIlz/iBWJR9fdyDo0YXYIS16S177KW2X4OEjo7
0uSrdf6o/RXL7hhncMnBXAOp8IlNcoRqqyWAwDjkv8zWZYZx8HxxIkSzEaAGU0L1
LE+4VavcRS+78XEhFBTfLkRhc69XudNqofHgb3lYO4yfj6pDRRIGdh5H12kqictA
/GBPbGBJLaajOg5dqfA55dc52Rkp75pzLZjeJ3cruSYTmG0ssSK2r8wAF08Y+wsP
oH5otuU6qeonJ9wycUTpjnmhQ4TGyGU/CxYdPfDdmzZ8dtrmfZneQB8bJmmkRsyZ
aPgy5Zw=
-----END CERTIFICATE-----
Generated at Sat Nov 23 17:13:56 2024 by rpki-client on console-ams.rpki-client.org