Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/962f2d-7282-421e-a631-0c76a316b52e/1/i9svHW1A9Q1Y5xGz3fjWlWNfq-4.roa
File:                     i9svHW1A9Q1Y5xGz3fjWlWNfq-4.roa (raw, json)
Hash identifier:          r1c+Wk6e9zZXlCHgAFGZrju4v+fs/scIziR8eauPLSI=
Subject key identifier:   8B:DB:2F:1D:6D:40:F5:0D:58:E7:11:B3:DD:F8:D6:95:63:5F:AB:EE
Certificate issuer:       /CN=68799b772b551db784eeba8b0e115a0c433cd3ba
Certificate serial:       018CC793D5CF498328448BA5F510AABCA706
Authority key identifier: 68:79:9B:77:2B:55:1D:B7:84:EE:BA:8B:0E:11:5A:0C:43:3C:D3:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aHmbdytVHbeE7rqLDhFaDEM807o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/962f2d-7282-421e-a631-0c76a316b52e/1/i9svHW1A9Q1Y5xGz3fjWlWNfq-4.roa
Signing time:             Tue 02 Jan 2024 00:30:03 +0000
ROA not before:           Tue 02 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39691
IP address blocks:        185.234.224.0/22 maxlen: 22
                          185.234.224.0/23 maxlen: 23
                          185.234.224.0/24 maxlen: 24
                          185.234.225.0/24 maxlen: 24
                          185.234.226.0/24 maxlen: 24
                          185.234.227.0/24 maxlen: 24
                          2a0d:2f00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/962f2d-7282-421e-a631-0c76a316b52e/1/aHmbdytVHbeE7rqLDhFaDEM807o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/962f2d-7282-421e-a631-0c76a316b52e/1/aHmbdytVHbeE7rqLDhFaDEM807o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aHmbdytVHbeE7rqLDhFaDEM807o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:d5:cf:49:83:28:44:8b:a5:f5:10:aa:bc:a7:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68799b772b551db784eeba8b0e115a0c433cd3ba
        Validity
            Not Before: Jan  2 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bdb2f1d6d40f50d58e711b3ddf8d695635fabee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:23:16:fe:e9:60:e3:3b:96:ce:a1:86:49:97:
                    21:9b:a0:c8:43:92:df:e1:2c:16:4b:72:fb:e2:a1:
                    a6:1b:60:40:1e:af:49:85:69:45:7a:5d:38:c5:35:
                    d7:14:18:f2:7a:a8:f7:a3:b3:e8:b9:bd:35:de:51:
                    8f:09:07:02:86:33:df:49:f0:03:c2:77:4d:f0:37:
                    77:81:98:db:c5:bf:9b:4a:e9:4a:cb:0d:f6:17:c4:
                    d4:28:16:dc:08:f5:c2:ef:e5:bb:66:81:9d:bf:3e:
                    63:79:d5:1b:77:19:90:b2:b3:f1:4f:bc:bd:18:42:
                    e9:d5:5e:16:6a:d8:06:11:00:52:0e:7a:3e:84:03:
                    d1:33:a2:ff:5e:e6:64:45:d4:63:eb:72:68:69:96:
                    0d:df:46:55:b8:24:78:6b:79:19:55:3a:3c:5e:bb:
                    11:d9:98:78:34:7e:91:b5:23:06:93:74:c0:5a:14:
                    bf:61:44:72:99:59:1d:69:f0:21:36:55:76:37:bc:
                    27:1a:79:59:7d:d7:5b:b7:13:2e:72:25:ad:d9:43:
                    0a:3c:b0:c6:47:d1:db:4c:07:fa:c6:d0:16:fa:fa:
                    c9:bf:18:78:5c:fd:d4:91:44:e8:05:11:c2:1a:a1:
                    67:dd:e4:01:cc:8f:f7:b7:ef:0e:90:1d:33:e6:8a:
                    7b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:DB:2F:1D:6D:40:F5:0D:58:E7:11:B3:DD:F8:D6:95:63:5F:AB:EE
            X509v3 Authority Key Identifier:
                keyid:68:79:9B:77:2B:55:1D:B7:84:EE:BA:8B:0E:11:5A:0C:43:3C:D3:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aHmbdytVHbeE7rqLDhFaDEM807o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/962f2d-7282-421e-a631-0c76a316b52e/1/i9svHW1A9Q1Y5xGz3fjWlWNfq-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/962f2d-7282-421e-a631-0c76a316b52e/1/aHmbdytVHbeE7rqLDhFaDEM807o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.224.0/22
                IPv6:
                  2a0d:2f00::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:6c:e7:6f:32:6c:24:f6:09:c2:e3:d7:b8:f2:43:0e:e2:e7:
         96:9f:7c:23:09:15:11:f5:1c:f5:bc:ba:45:66:9d:c5:c9:66:
         58:70:bf:80:76:32:73:65:b9:68:44:d2:d1:7b:2f:5a:20:bb:
         b0:a8:aa:30:66:01:81:99:04:6c:b0:f0:23:16:67:69:b9:ab:
         1a:bf:17:23:6f:8b:c8:31:8a:5b:4e:f9:76:fd:8b:0f:e0:60:
         21:c5:f8:47:3e:e4:50:84:03:ec:96:af:14:63:e5:e3:bb:0e:
         93:e0:f7:c4:fc:03:89:38:95:ce:7b:1b:66:ce:52:fd:d4:4f:
         b6:ed:5f:59:be:df:fc:9f:79:ff:87:01:67:48:28:0a:21:fe:
         6c:2b:14:37:b6:0b:b5:97:58:45:f6:49:73:c2:22:cf:ee:de:
         d7:df:0c:bc:ef:79:9f:30:18:7a:13:7d:b5:93:35:70:ca:43:
         f4:a0:5d:f4:ef:70:a0:c9:67:85:26:be:87:39:c0:d1:ec:5f:
         ba:d6:6f:0e:c2:6b:0c:3f:bb:8e:70:b3:6d:1e:83:1e:51:7b:
         44:78:75:94:3b:ac:c5:07:9a:05:87:b8:a5:be:8e:be:2b:2c:
         7e:89:ac:79:20:15:93:f8:91:1d:03:8c:e0:a3:dd:f2:f6:4a:
         86:74:25:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHk9XPSYMoRIul9RCqvKcGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Nzk5Yjc3MmI1NTFkYjc4NGVlYmE4YjBlMTE1YTBjNDMz
Y2QzYmEwHhcNMjQwMTAyMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmRiMmYxZDZkNDBmNTBkNThlNzExYjNkZGY4ZDY5NTYzNWZhYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSMW/ulg4zuWzqGGSZchm6DIQ5Lf
4SwWS3L74qGmG2BAHq9JhWlFel04xTXXFBjyeqj3o7Poub013lGPCQcChjPfSfAD
wndN8Dd3gZjbxb+bSulKyw32F8TUKBbcCPXC7+W7ZoGdvz5jedUbdxmQsrPxT7y9
GELp1V4WatgGEQBSDno+hAPRM6L/XuZkRdRj63JoaZYN30ZVuCR4a3kZVTo8XrsR
2Zh4NH6RtSMGk3TAWhS/YURymVkdafAhNlV2N7wnGnlZfddbtxMuciWt2UMKPLDG
R9HbTAf6xtAW+vrJvxh4XP3UkUToBRHCGqFn3eQBzI/3t+8OkB0z5op7yQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIvbLx1tQPUNWOcRs9341pVjX6vuMB8GA1UdIwQY
MBaAFGh5m3crVR23hO66iw4RWgxDPNO6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUhtYmR5dFZIYmVFN3JxTERoRmFERU04MDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi85NjJmMmQtNzI4Mi00MjFlLWE2MzEt
MGM3NmEzMTZiNTJlLzEvaTlzdkhXMUE5UTFZNXhHejNmaldsV05mcS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi85NjJmMmQtNzI4Mi00MjFlLWE2MzEtMGM3NmEzMTZiNTJl
LzEvYUhtYmR5dFZIYmVFN3JxTERoRmFERU04MDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuergMA8E
AgACMAkDBwAqDS8AAAAwDQYJKoZIhvcNAQELBQADggEBADJs528ybCT2CcLj17jy
Qw7i55affCMJFRH1HPW8ukVmncXJZlhwv4B2MnNluWhE0tF7L1ogu7CoqjBmAYGZ
BGyw8CMWZ2m5qxq/FyNvi8gxiltO+Xb9iw/gYCHF+Ec+5FCEA+yWrxRj5eO7DpPg
98T8A4k4lc57G2bOUv3UT7btX1m+3/yfef+HAWdIKAoh/mwrFDe2C7WXWEX2SXPC
Is/u3tffDLzveZ8wGHoTfbWTNXDKQ/SgXfTvcKDJZ4Umvoc5wNHsX7rWbw7Caww/
u45ws20egx5Re0R4dZQ7rMUHmgWHuKW+jr4rLH6JrHkgFZP4kR0DjOCj3fL2SoZ0
JV0=
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:23:46 2024 by rpki-client on console-fra.rpki-client.org