Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/nhDoI7zn4PTIoRcRYe-3R-rsbvM.roa
File:                     nhDoI7zn4PTIoRcRYe-3R-rsbvM.roa (raw, json)
Hash identifier:          sFcCnboN9q0vVfAsT7BS0XpGzo5vppLF1tUfs/IOA7I=
Subject key identifier:   9E:10:E8:23:BC:E7:E0:F4:C8:A1:17:11:61:EF:B7:47:EA:EC:6E:F3
Certificate issuer:       /CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
Certificate serial:       018E130D47185DA0097BF7091E5845734800
Authority key identifier: 92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/nhDoI7zn4PTIoRcRYe-3R-rsbvM.roa
Signing time:             Wed 06 Mar 2024 09:17:01 +0000
ROA not before:           Wed 06 Mar 2024 09:17:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133499
IP address blocks:        185.188.62.0/24 maxlen: 32
                          2a12:adc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:13:0d:47:18:5d:a0:09:7b:f7:09:1e:58:45:73:48:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
        Validity
            Not Before: Mar  6 09:17:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e10e823bce7e0f4c8a1171161efb747eaec6ef3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ae:9f:3c:76:f2:0f:6c:f9:b5:f2:09:10:34:
                    f3:f1:a0:1f:3f:4a:97:bd:92:a8:39:5f:b2:5c:45:
                    9e:e4:a9:0f:43:15:dc:c9:c9:04:a8:ae:57:f2:8d:
                    05:38:b6:57:bd:da:34:fd:1c:8a:5a:52:9e:43:01:
                    33:d6:18:b2:19:6b:1e:ed:19:c9:9d:53:39:ea:34:
                    42:af:23:15:76:a9:42:ba:fb:da:34:c8:ff:44:3d:
                    d8:ca:ff:ea:76:e0:86:a2:71:8a:92:ee:38:af:13:
                    12:de:9e:9a:52:a2:4d:5e:4c:6f:1f:b3:af:2b:52:
                    b8:9e:31:02:0c:98:8e:55:eb:b7:b6:85:f1:e7:5e:
                    0f:7c:01:b1:bc:6b:47:f7:6c:37:ab:d5:12:b5:f1:
                    b6:13:aa:56:81:23:68:38:27:b2:9d:73:82:ff:94:
                    3a:3d:81:3a:4c:8b:42:20:ff:ed:4d:02:4b:9f:a2:
                    80:f3:d9:5b:82:94:b8:55:41:e4:13:27:e1:90:07:
                    bf:a0:fd:a0:bb:dd:3d:ad:2f:89:6e:e7:0a:40:63:
                    94:28:8f:b7:3d:69:2e:be:c5:72:83:25:f8:b4:38:
                    b6:64:3e:06:d0:c4:64:b5:ea:37:10:ea:82:3e:4d:
                    ba:67:11:fe:2d:7d:fc:c3:29:7b:06:9c:fb:3b:e5:
                    37:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:10:E8:23:BC:E7:E0:F4:C8:A1:17:11:61:EF:B7:47:EA:EC:6E:F3
            X509v3 Authority Key Identifier:
                keyid:92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/nhDoI7zn4PTIoRcRYe-3R-rsbvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.62.0/24
                IPv6:
                  2a12:adc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         cb:12:19:22:7f:3a:2a:7c:52:12:f2:40:cf:e0:17:d6:d9:62:
         fe:dd:ec:f9:23:69:20:73:38:68:63:8e:58:43:3b:16:7e:7c:
         35:32:a2:55:89:9c:67:b6:44:34:2e:b6:1a:7a:82:a3:e9:c7:
         de:64:31:be:4a:d2:e3:2f:de:4c:87:27:c6:3a:d6:d0:69:fc:
         16:11:44:5e:63:09:06:34:7b:91:50:96:a4:b7:01:48:bf:00:
         bb:bb:a0:51:35:73:14:0a:3a:94:3c:58:68:dc:3f:45:e4:17:
         62:16:a6:b1:98:d5:7c:a7:e8:55:7e:7e:37:6f:50:8b:4e:e9:
         2d:52:cf:08:81:35:39:05:5e:f8:01:47:96:5c:22:51:ab:0f:
         52:93:aa:fc:46:49:fc:ba:66:37:19:b3:46:c7:6e:72:14:94:
         30:0f:bc:d2:c0:3c:c4:89:8b:a1:45:d1:45:b9:0d:59:bb:56:
         c3:99:dd:1b:30:1d:29:9c:ee:c7:82:30:d3:05:6f:5f:df:66:
         ce:25:da:bd:2a:f5:91:68:29:a8:64:78:a1:19:82:a2:c1:03:
         a5:f3:3f:9a:0b:ee:e2:31:02:e3:37:dc:da:4a:36:56:fb:67:
         cd:de:90:22:b2:1c:d5:1c:52:e3:7a:8c:80:9c:05:0d:41:04:
         0c:48:14:30
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4TDUcYXaAJe/cJHlhFc0gAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjIwOGI0N2I2YTg2NGQ5ZDFmZjMzZTA2YWE4MWQxMzgx
OWE3NGUwHhcNMjQwMzA2MDkxNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTEwZTgyM2JjZTdlMGY0YzhhMTE3MTE2MWVmYjc0N2VhZWM2ZWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqa6fPHbyD2z5tfIJEDTz8aAfP0qX
vZKoOV+yXEWe5KkPQxXcyckEqK5X8o0FOLZXvdo0/RyKWlKeQwEz1hiyGWse7RnJ
nVM56jRCryMVdqlCuvvaNMj/RD3Yyv/qduCGonGKku44rxMS3p6aUqJNXkxvH7Ov
K1K4njECDJiOVeu3toXx514PfAGxvGtH92w3q9UStfG2E6pWgSNoOCeynXOC/5Q6
PYE6TItCIP/tTQJLn6KA89lbgpS4VUHkEyfhkAe/oP2gu909rS+JbucKQGOUKI+3
PWkuvsVygyX4tDi2ZD4G0MRkteo3EOqCPk26ZxH+LX38wyl7Bpz7O+U3PwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ4Q6CO85+D0yKEXEWHvt0fq7G7zMB8GA1UdIwQY
MBaAFJIiCLR7aoZNnR/zPgaqgdE4GadOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lJSXRIdHFoazJkSF9NLUJxcUIwVGdacDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82OTkwZTktYzNjMC00NzhhLTk5OTct
OTViMDhlMzY2MGNmLzEvbmhEb0k3em40UFRJb1JjUlllLTNSLXJzYnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82OTkwZTktYzNjMC00NzhhLTk5OTctOTViMDhlMzY2MGNm
LzEva2lJSXRIdHFoazJkSF9NLUJxcUIwVGdacDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAubw+MA0E
AgACMAcDBQMqEq3AMA0GCSqGSIb3DQEBCwUAA4IBAQDLEhkifzoqfFIS8kDP4BfW
2WL+3ez5I2kgczhoY45YQzsWfnw1MqJViZxntkQ0LrYaeoKj6cfeZDG+StLjL95M
hyfGOtbQafwWEUReYwkGNHuRUJaktwFIvwC7u6BRNXMUCjqUPFho3D9F5BdiFqax
mNV8p+hVfn43b1CLTuktUs8IgTU5BV74AUeWXCJRqw9Sk6r8Rkn8umY3GbNGx25y
FJQwD7zSwDzEiYuhRdFFuQ1Zu1bDmd0bMB0pnO7HgjDTBW9f32bOJdq9KvWRaCmo
ZHihGYKiwQOl8z+aC+7iMQLjN9zaSjZW+2fN3pAishzVHFLjeoyAnAUNQQQMSBQw
-----END CERTIFICATE-----
Generated at Tue Nov 26 07:12:25 2024 by rpki-client on console-ams.rpki-client.org