Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/vcZyQNxSmk4am9Tz9L3m0xekmio.roa
File:                     vcZyQNxSmk4am9Tz9L3m0xekmio.roa (raw, json)
Hash identifier:          7AGhV9Sa4PzaqATRYb3DH2DHvhCaSm8WM4dJU5hXgCU=
Subject key identifier:   BD:C6:72:40:DC:52:9A:4E:1A:9B:D4:F3:F4:BD:E6:D3:17:A4:9A:2A
Certificate issuer:       /CN=90620638ca1d835650e08ddcf363f10789b53057
Certificate serial:       018CC3B69B5E21F2F6C7EA581F0956250700
Authority key identifier: 90:62:06:38:CA:1D:83:56:50:E0:8D:DC:F3:63:F1:07:89:B5:30:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kGIGOModg1ZQ4I3c82PxB4m1MFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/vcZyQNxSmk4am9Tz9L3m0xekmio.roa
Signing time:             Mon 01 Jan 2024 06:29:33 +0000
ROA not before:           Mon 01 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.55.220.0/22 maxlen: 22
                          87.237.216.0/21 maxlen: 21
                          206.195.32.0/19 maxlen: 19
                          2a04:5780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/kGIGOModg1ZQ4I3c82PxB4m1MFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/kGIGOModg1ZQ4I3c82PxB4m1MFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kGIGOModg1ZQ4I3c82PxB4m1MFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9b:5e:21:f2:f6:c7:ea:58:1f:09:56:25:07:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90620638ca1d835650e08ddcf363f10789b53057
        Validity
            Not Before: Jan  1 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdc67240dc529a4e1a9bd4f3f4bde6d317a49a2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4d:ed:1e:7e:ad:54:92:7e:af:ca:04:98:f4:
                    a3:00:a6:74:17:7e:3a:87:03:cf:5f:11:8a:c4:c4:
                    08:b6:93:89:10:ce:29:91:39:37:d5:93:8c:ff:6a:
                    db:f9:9b:24:c1:e8:59:ac:a2:78:a4:3d:20:02:9e:
                    c8:05:33:d0:02:bd:0f:f3:f8:b7:e7:41:99:35:d1:
                    a8:3f:13:15:7f:6f:03:7e:8e:bf:90:8e:36:cb:73:
                    05:47:e0:84:1c:8a:a7:0e:8a:f8:fe:09:09:fa:ec:
                    7c:b4:a3:46:a6:b4:b9:2e:de:78:74:9f:8e:79:b6:
                    ed:0d:b1:1d:9e:8b:3e:cb:67:bd:a6:bb:30:e5:08:
                    cc:b9:c1:f2:dc:6d:28:e2:c8:95:dc:ce:65:5a:88:
                    a8:ba:3e:bb:cc:90:f0:f3:d0:8a:ac:e8:d7:ac:2a:
                    6e:f5:97:02:62:bb:ad:d8:10:a7:6f:c4:81:21:d8:
                    1e:96:9b:c4:e0:e9:8c:93:78:3a:5c:84:f7:48:48:
                    02:0b:6a:9b:aa:80:bc:04:ce:c8:69:7a:75:3a:84:
                    6c:d0:a0:43:08:35:bc:cb:ba:f9:3a:8d:06:c8:5f:
                    11:fb:6b:af:85:79:44:76:3c:24:ee:55:f7:ee:5f:
                    7b:e2:28:75:b7:39:e2:90:5b:34:20:94:c0:1f:0d:
                    13:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C6:72:40:DC:52:9A:4E:1A:9B:D4:F3:F4:BD:E6:D3:17:A4:9A:2A
            X509v3 Authority Key Identifier:
                keyid:90:62:06:38:CA:1D:83:56:50:E0:8D:DC:F3:63:F1:07:89:B5:30:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kGIGOModg1ZQ4I3c82PxB4m1MFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/vcZyQNxSmk4am9Tz9L3m0xekmio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/41af2d-f3de-45d5-941c-c43ac429e53f/1/kGIGOModg1ZQ4I3c82PxB4m1MFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.216.0/21
                  185.55.220.0/22
                  206.195.32.0/19
                IPv6:
                  2a04:5780::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:e9:4e:24:be:d7:21:fa:42:32:9a:0c:62:2a:82:7f:bc:21:
         0e:8d:0b:a5:fb:8f:04:bd:74:c3:a3:e1:7c:e7:c2:bc:9b:28:
         05:a1:8c:cb:0d:08:16:75:9b:7e:da:8b:83:63:36:66:5e:43:
         65:d2:cc:ba:17:f7:c0:09:3d:df:c7:70:50:19:53:fc:4b:a5:
         df:96:af:ed:24:52:b9:e3:1e:c8:83:cd:0d:8a:dc:26:9b:5e:
         93:40:5c:bf:bc:03:ba:d4:49:59:df:23:88:8c:01:91:ea:46:
         6f:e8:e5:a7:68:dc:68:87:68:7c:48:3d:b5:79:e0:da:a4:45:
         1e:90:fc:47:2f:48:c9:ba:d2:fe:69:07:21:52:7d:b1:98:ae:
         56:a5:8f:6f:41:fc:6e:8d:13:a7:26:b9:05:e7:bb:e9:89:67:
         bc:07:5d:3f:db:e1:c8:51:f9:cd:df:96:c8:f6:00:db:e9:66:
         e3:9c:dc:5e:9d:b9:87:a0:c6:a5:17:0d:87:85:cc:01:3d:a4:
         74:e1:50:3e:b9:d0:5b:de:b3:62:69:fe:4d:fd:3b:5c:cc:f2:
         e8:da:2e:f0:b4:ea:6c:be:17:6b:ef:26:82:08:87:8e:1f:83:
         fc:53:de:60:1e:e0:e3:78:f3:a2:40:10:f1:16:7c:4e:ab:91:
         31:84:93:6f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzDtpteIfL2x+pYHwlWJQcAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNjIwNjM4Y2ExZDgzNTY1MGUwOGRkY2YzNjNmMTA3ODli
NTMwNTcwHhcNMjQwMTAxMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGM2NzI0MGRjNTI5YTRlMWE5YmQ0ZjNmNGJkZTZkMzE3YTQ5YTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsE3tHn6tVJJ+r8oEmPSjAKZ0F346
hwPPXxGKxMQItpOJEM4pkTk31ZOM/2rb+ZskwehZrKJ4pD0gAp7IBTPQAr0P8/i3
50GZNdGoPxMVf28Dfo6/kI42y3MFR+CEHIqnDor4/gkJ+ux8tKNGprS5Lt54dJ+O
ebbtDbEdnos+y2e9prsw5QjMucHy3G0o4siV3M5lWoiouj67zJDw89CKrOjXrCpu
9ZcCYrut2BCnb8SBIdgelpvE4OmMk3g6XIT3SEgCC2qbqoC8BM7IaXp1OoRs0KBD
CDW8y7r5Oo0GyF8R+2uvhXlEdjwk7lX37l974ih1tznikFs0IJTAHw0TqwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFL3GckDcUppOGpvU8/S95tMXpJoqMB8GA1UdIwQY
MBaAFJBiBjjKHYNWUOCN3PNj8QeJtTBXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0dJR09Nb2RnMVpRNEkzYzgyUHhCNG0xTUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80MWFmMmQtZjNkZS00NWQ1LTk0MWMt
YzQzYWM0MjllNTNmLzEvdmNaeVFOeFNtazRhbTlUejlMM20weGVrbWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80MWFmMmQtZjNkZS00NWQ1LTk0MWMtYzQzYWM0MjllNTNm
LzEva0dJR09Nb2RnMVpRNEkzYzgyUHhCNG0xTUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDV+3YAwQC
uTfcAwQFzsMgMA0EAgACMAcDBQMqBFeAMA0GCSqGSIb3DQEBCwUAA4IBAQAD6U4k
vtch+kIymgxiKoJ/vCEOjQul+48EvXTDo+F858K8mygFoYzLDQgWdZt+2ouDYzZm
XkNl0sy6F/fACT3fx3BQGVP8S6Xflq/tJFK54x7Ig80Nitwmm16TQFy/vAO61ElZ
3yOIjAGR6kZv6OWnaNxoh2h8SD21eeDapEUekPxHL0jJutL+aQchUn2xmK5WpY9v
QfxujROnJrkF57vpiWe8B10/2+HIUfnN35bI9gDb6WbjnNxenbmHoMalFw2HhcwB
PaR04VA+udBb3rNiaf5N/TtczPLo2i7wtOpsvhdr7yaCCIeOH4P8U95gHuDjePOi
QBDxFnxOq5ExhJNv
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:53:21 2024 by rpki-client on console-fra.rpki-client.org