Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/802b35-673c-4756-9761-f2274965c095/1/sG9QCECmwbS225jEPdJrJGg8JOg.roa
File:                     sG9QCECmwbS225jEPdJrJGg8JOg.roa (raw, json)
Hash identifier:          fD8TdLRAW/bvC9eCvEbAkpeRHJhgic19Gq713W+jkXs=
Subject key identifier:   B0:6F:50:08:40:A6:C1:B4:B6:DB:98:C4:3D:D2:6B:24:68:3C:24:E8
Certificate issuer:       /CN=428df99824ce67b0cb5f87fc46599e13adea5702
Certificate serial:       018CC3B6711A825901EFFFC462AF761E4CD2
Authority key identifier: 42:8D:F9:98:24:CE:67:B0:CB:5F:87:FC:46:59:9E:13:AD:EA:57:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qo35mCTOZ7DLX4f8RlmeE63qVwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/802b35-673c-4756-9761-f2274965c095/1/sG9QCECmwbS225jEPdJrJGg8JOg.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51402
IP address blocks:        185.196.224.0/22 maxlen: 22
                          185.128.120.0/22 maxlen: 22
                          185.221.136.0/22 maxlen: 22
                          91.221.250.0/23 maxlen: 23
                          178.239.64.0/20 maxlen: 20
                          2a02:2760::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/802b35-673c-4756-9761-f2274965c095/1/Qo35mCTOZ7DLX4f8RlmeE63qVwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/802b35-673c-4756-9761-f2274965c095/1/Qo35mCTOZ7DLX4f8RlmeE63qVwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qo35mCTOZ7DLX4f8RlmeE63qVwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:71:1a:82:59:01:ef:ff:c4:62:af:76:1e:4c:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=428df99824ce67b0cb5f87fc46599e13adea5702
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b06f500840a6c1b4b6db98c43dd26b24683c24e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:27:df:1d:59:49:3a:6b:e9:fa:36:ee:0f:a0:
                    d4:3c:85:7e:98:1f:bf:48:d2:2f:db:c0:da:f5:a4:
                    29:14:a7:91:aa:0c:25:78:2f:a5:84:8f:e8:64:dc:
                    c0:5a:ae:c5:e6:2a:88:69:fd:65:14:87:97:eb:13:
                    9b:90:3e:19:c0:89:b8:84:f7:84:8d:8b:75:11:b7:
                    58:73:22:10:07:90:4d:d2:9d:07:3e:d8:1b:c1:6c:
                    43:fd:4d:a4:be:4d:07:13:c6:83:c2:e5:a3:c7:c5:
                    56:7e:e4:58:13:61:2b:79:4e:c8:52:e7:bc:d7:2b:
                    52:a1:7d:77:b9:2a:d7:1e:b8:07:76:7a:52:d4:89:
                    bb:10:41:93:c9:31:71:b6:62:e6:94:ce:85:a7:64:
                    e1:2e:fe:22:fe:c9:ac:4a:69:fb:5a:85:53:0d:3c:
                    6c:cb:4c:f4:ce:ea:f6:76:d8:69:85:ee:e5:e8:ed:
                    97:5d:d4:b2:e9:2c:a2:4c:3f:7c:b5:ca:ef:50:59:
                    fd:96:cf:d5:4f:47:8e:9b:fa:8b:5d:e6:1e:1f:5f:
                    88:a4:8e:4d:00:4d:de:c0:65:d5:7b:32:25:2b:e9:
                    cb:1b:3e:aa:6d:ba:dc:7e:9c:79:97:d3:e2:d9:3e:
                    82:f5:0e:d8:32:05:c4:33:b8:3b:9a:d1:33:a1:81:
                    ab:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:6F:50:08:40:A6:C1:B4:B6:DB:98:C4:3D:D2:6B:24:68:3C:24:E8
            X509v3 Authority Key Identifier:
                keyid:42:8D:F9:98:24:CE:67:B0:CB:5F:87:FC:46:59:9E:13:AD:EA:57:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qo35mCTOZ7DLX4f8RlmeE63qVwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/802b35-673c-4756-9761-f2274965c095/1/sG9QCECmwbS225jEPdJrJGg8JOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/802b35-673c-4756-9761-f2274965c095/1/Qo35mCTOZ7DLX4f8RlmeE63qVwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.250.0/23
                  178.239.64.0/20
                  185.128.120.0/22
                  185.196.224.0/22
                  185.221.136.0/22
                IPv6:
                  2a02:2760::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:12:30:05:d1:5b:58:c8:6c:4a:2a:3d:ed:ef:52:4f:f4:d2:
         a4:7a:07:3d:79:f6:c5:8c:e9:01:6c:e8:43:e1:f5:77:87:06:
         f7:8b:8a:ef:61:28:8e:fc:30:0b:0d:cc:69:b1:8b:ce:b4:e9:
         2e:76:58:92:f1:f7:9a:fd:2f:51:c3:df:7a:91:07:23:14:34:
         c7:0f:d7:83:33:d5:7d:88:1e:f3:ae:66:1e:88:25:e3:95:77:
         7e:7b:7a:af:4d:b4:43:a6:99:21:c4:d7:00:3b:28:36:3b:38:
         43:6c:c7:e0:94:78:c5:ce:da:24:a1:4f:97:2a:48:46:1b:19:
         00:36:7a:d4:a3:94:1b:83:d0:84:62:61:b3:71:ce:19:47:7d:
         1d:4f:51:65:88:78:f7:50:e7:21:09:48:ab:cb:c5:9a:0e:5b:
         11:e2:7c:0e:c6:3d:c5:2f:68:7e:54:b6:87:71:e3:82:6d:95:
         87:e8:db:13:15:fc:8a:de:b1:b0:08:15:ae:bd:ca:34:e1:87:
         1f:e2:61:10:b0:2c:5b:ac:0a:45:a0:fa:01:4b:76:b6:c9:32:
         18:4e:f6:cb:78:16:85:11:57:3f:6b:fc:71:b6:e0:81:9d:df:
         66:32:b4:5a:3b:d7:77:c1:72:ef:05:36:0c:2d:fb:4a:a4:d6:
         55:0f:6f:74
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzDtnEaglkB7//EYq92HkzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOGRmOTk4MjRjZTY3YjBjYjVmODdmYzQ2NTk5ZTEzYWRl
YTU3MDIwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDZmNTAwODQwYTZjMWI0YjZkYjk4YzQzZGQyNmIyNDY4M2MyNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCffHVlJOmvp+jbuD6DUPIV+mB+/
SNIv28Da9aQpFKeRqgwleC+lhI/oZNzAWq7F5iqIaf1lFIeX6xObkD4ZwIm4hPeE
jYt1EbdYcyIQB5BN0p0HPtgbwWxD/U2kvk0HE8aDwuWjx8VWfuRYE2EreU7IUue8
1ytSoX13uSrXHrgHdnpS1Im7EEGTyTFxtmLmlM6Fp2ThLv4i/smsSmn7WoVTDTxs
y0z0zur2dthphe7l6O2XXdSy6SyiTD98tcrvUFn9ls/VT0eOm/qLXeYeH1+IpI5N
AE3ewGXVezIlK+nLGz6qbbrcfpx5l9Pi2T6C9Q7YMgXEM7g7mtEzoYGrcQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFLBvUAhApsG0ttuYxD3SayRoPCToMB8GA1UdIwQY
MBaAFEKN+Zgkzmewy1+H/EZZnhOt6lcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW8zNW1DVE9aN0RMWDRmOFJsbWVFNjNxVndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84MDJiMzUtNjczYy00NzU2LTk3NjEt
ZjIyNzQ5NjVjMDk1LzEvc0c5UUNFQ213YlMyMjVqRVBkSnJKR2c4Sk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84MDJiMzUtNjczYy00NzU2LTk3NjEtZjIyNzQ5NjVjMDk1
LzEvUW8zNW1DVE9aN0RMWDRmOFJsbWVFNjNxVndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQBW936AwQE
su9AAwQCuYB4AwQCucTgAwQCud2IMA0EAgACMAcDBQAqAidgMA0GCSqGSIb3DQEB
CwUAA4IBAQADEjAF0VtYyGxKKj3t71JP9NKkegc9efbFjOkBbOhD4fV3hwb3i4rv
YSiO/DALDcxpsYvOtOkudliS8fea/S9Rw996kQcjFDTHD9eDM9V9iB7zrmYeiCXj
lXd+e3qvTbRDppkhxNcAOyg2OzhDbMfglHjFztokoU+XKkhGGxkANnrUo5Qbg9CE
YmGzcc4ZR30dT1FliHj3UOchCUiry8WaDlsR4nwOxj3FL2h+VLaHceOCbZWH6NsT
FfyK3rGwCBWuvco04Ycf4mEQsCxbrApFoPoBS3a2yTIYTvbLeBaFEVc/a/xxtuCB
nd9mMrRaO9d3wXLvBTYMLftKpNZVD290
-----END CERTIFICATE-----
Generated at Sat Nov 23 07:50:36 2024 by rpki-client on console-ams.rpki-client.org