Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/425149-9c68-41fb-8035-d76c8c739861/1/NcO6vwcGcnUOC_AQrU4yrvcsXuM.roa
File:                     NcO6vwcGcnUOC_AQrU4yrvcsXuM.roa (raw, json)
Hash identifier:          G12dtw8ij8oZW1o733If35WiBNNjwMZGrHhFhkxJ4SY=
Subject key identifier:   35:C3:BA:BF:07:06:72:75:0E:0B:F0:10:AD:4E:32:AE:F7:2C:5E:E3
Certificate issuer:       /CN=8ad240603ec6ebcd62f72d46f1dc00cb7e1f0b2e
Certificate serial:       018CC94CAA9ABF4D5663E47DA8AB14DCFED4
Authority key identifier: 8A:D2:40:60:3E:C6:EB:CD:62:F7:2D:46:F1:DC:00:CB:7E:1F:0B:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itJAYD7G681i9y1G8dwAy34fCy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/425149-9c68-41fb-8035-d76c8c739861/1/NcO6vwcGcnUOC_AQrU4yrvcsXuM.roa
Signing time:             Tue 02 Jan 2024 08:31:33 +0000
ROA not before:           Tue 02 Jan 2024 08:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3330
IP address blocks:        194.112.192.0/18 maxlen: 18
                          62.249.64.0/18 maxlen: 18
                          194.112.128.0/18 maxlen: 18
                          193.186.161.0/24 maxlen: 24
                          185.92.100.0/22 maxlen: 22
                          2a02:5e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/425149-9c68-41fb-8035-d76c8c739861/1/itJAYD7G681i9y1G8dwAy34fCy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/425149-9c68-41fb-8035-d76c8c739861/1/itJAYD7G681i9y1G8dwAy34fCy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itJAYD7G681i9y1G8dwAy34fCy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:aa:9a:bf:4d:56:63:e4:7d:a8:ab:14:dc:fe:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad240603ec6ebcd62f72d46f1dc00cb7e1f0b2e
        Validity
            Not Before: Jan  2 08:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35c3babf070672750e0bf010ad4e32aef72c5ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4e:8e:59:b6:be:7f:fc:d1:de:2c:7f:4d:79:
                    be:aa:47:1b:08:20:13:49:eb:85:94:21:e9:84:0e:
                    a7:ea:73:de:11:9a:0f:96:dc:a1:81:24:e9:51:3d:
                    31:1a:22:6b:c2:1b:c5:5f:d8:19:d7:84:4d:6c:99:
                    e8:58:05:85:87:fe:89:bb:57:3c:47:f4:b2:d5:a0:
                    b8:71:71:a4:30:0f:82:9e:62:a6:dd:99:b5:35:28:
                    ef:37:4b:2f:83:0c:98:b3:f5:bd:4d:a7:14:bf:c8:
                    3b:74:57:07:ac:78:51:fe:d2:3b:c3:82:7e:df:fa:
                    ba:32:b0:94:5d:d8:93:d5:39:f2:16:c4:25:13:9c:
                    ad:1d:83:66:1d:f8:3e:38:0d:64:79:da:2c:3b:5a:
                    5d:d8:ea:90:25:51:8d:57:a9:b5:ea:a9:a3:ed:e2:
                    80:3d:fd:c7:de:3e:dd:63:0c:c4:05:83:ee:a2:2e:
                    67:fa:54:e0:87:8d:ce:ab:f1:f1:d5:9f:07:2a:d5:
                    54:0c:88:a5:b9:6b:39:d2:41:a8:19:f4:ca:2b:c2:
                    71:32:c8:02:bb:28:79:eb:2e:ed:2a:6d:23:c3:73:
                    87:7a:9f:09:80:f9:b4:7c:4c:13:ab:4a:da:ca:df:
                    58:e0:ba:39:ed:5a:4e:dd:9f:69:b5:b0:53:49:9a:
                    71:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:C3:BA:BF:07:06:72:75:0E:0B:F0:10:AD:4E:32:AE:F7:2C:5E:E3
            X509v3 Authority Key Identifier:
                keyid:8A:D2:40:60:3E:C6:EB:CD:62:F7:2D:46:F1:DC:00:CB:7E:1F:0B:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itJAYD7G681i9y1G8dwAy34fCy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/425149-9c68-41fb-8035-d76c8c739861/1/NcO6vwcGcnUOC_AQrU4yrvcsXuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/425149-9c68-41fb-8035-d76c8c739861/1/itJAYD7G681i9y1G8dwAy34fCy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.249.64.0/18
                  185.92.100.0/22
                  193.186.161.0/24
                  194.112.128.0/17
                IPv6:
                  2a02:5e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:ce:29:ec:4e:57:ac:05:a0:7c:6f:ae:49:ca:29:c1:73:ba:
         7f:0c:c3:65:62:a8:0f:4a:9f:44:01:af:5c:2d:6b:a3:67:91:
         f4:21:48:64:ce:5d:0d:e5:a9:27:49:0b:12:6c:e4:27:e0:1a:
         09:49:87:98:cf:0d:80:91:13:c1:bf:3b:90:b9:9c:a2:c2:89:
         9f:58:e7:f2:a9:7f:43:86:d2:6d:53:28:3d:ec:3f:c8:44:4e:
         5c:d7:85:08:37:bd:85:79:da:f2:2b:b7:e6:00:79:c6:4e:35:
         cd:38:d4:9e:54:14:bf:a2:b8:9d:dd:05:3a:c5:fb:56:9b:b7:
         32:a8:84:8e:2a:bf:4a:a0:df:5a:8e:55:eb:59:49:0d:33:8b:
         eb:51:e0:04:21:6f:2f:89:e3:ad:bb:1f:34:8d:a0:b8:68:f5:
         f2:6b:70:cc:39:b6:40:8d:58:9a:4f:b4:3f:a2:3b:8c:0c:e2:
         94:b1:1e:39:34:84:01:5a:67:36:f8:f1:d3:b8:49:84:4e:bc:
         d6:82:cb:48:99:d0:a8:4a:99:26:da:3b:f4:36:12:aa:95:a1:
         b0:1d:84:92:88:34:06:1d:35:fa:5f:e1:24:e0:67:66:31:5a:
         d2:82:48:1d:de:33:45:1f:a8:b7:8c:2d:26:83:52:aa:2a:38:
         b1:2b:d5:e6
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzJTKqav01WY+R9qKsU3P7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDI0MDYwM2VjNmViY2Q2MmY3MmQ0NmYxZGMwMGNiN2Ux
ZjBiMmUwHhcNMjQwMTAyMDgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWMzYmFiZjA3MDY3Mjc1MGUwYmYwMTBhZDRlMzJhZWY3MmM1ZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk06OWba+f/zR3ix/TXm+qkcbCCAT
SeuFlCHphA6n6nPeEZoPltyhgSTpUT0xGiJrwhvFX9gZ14RNbJnoWAWFh/6Ju1c8
R/Sy1aC4cXGkMA+CnmKm3Zm1NSjvN0svgwyYs/W9TacUv8g7dFcHrHhR/tI7w4J+
3/q6MrCUXdiT1TnyFsQlE5ytHYNmHfg+OA1kedosO1pd2OqQJVGNV6m16qmj7eKA
Pf3H3j7dYwzEBYPuoi5n+lTgh43Oq/Hx1Z8HKtVUDIiluWs50kGoGfTKK8JxMsgC
uyh56y7tKm0jw3OHep8JgPm0fEwTq0rayt9Y4Lo57VpO3Z9ptbBTSZpx+wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFDXDur8HBnJ1DgvwEK1OMq73LF7jMB8GA1UdIwQY
MBaAFIrSQGA+xuvNYvctRvHcAMt+HwsuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRKQVlEN0c2ODFpOXkxRzhkd0F5MzRmQ3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy80MjUxNDktOWM2OC00MWZiLTgwMzUt
ZDc2YzhjNzM5ODYxLzEvTmNPNnZ3Y0djblVPQ19BUXJVNHlydmNzWHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy80MjUxNDktOWM2OC00MWZiLTgwMzUtZDc2YzhjNzM5ODYx
LzEvaXRKQVlEN0c2ODFpOXkxRzhkd0F5MzRmQ3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQGPvlAAwQC
uVxkAwQAwbqhAwQHwnCAMA0EAgACMAcDBQAqAgXgMA0GCSqGSIb3DQEBCwUAA4IB
AQBhzinsTlesBaB8b65JyinBc7p/DMNlYqgPSp9EAa9cLWujZ5H0IUhkzl0N5akn
SQsSbOQn4BoJSYeYzw2AkRPBvzuQuZyiwomfWOfyqX9DhtJtUyg97D/IRE5c14UI
N72FedryK7fmAHnGTjXNONSeVBS/orid3QU6xftWm7cyqISOKr9KoN9ajlXrWUkN
M4vrUeAEIW8vieOtux80jaC4aPXya3DMObZAjViaT7Q/ojuMDOKUsR45NIQBWmc2
+PHTuEmETrzWgstImdCoSpkm2jv0NhKqlaGwHYSSiDQGHTX6X+Ek4GdmMVrSgkgd
3jNFH6i3jC0mg1KqKjixK9Xm
-----END CERTIFICATE-----
Generated at Sat Jun 15 15:20:09 2024 by rpki-client on console-ams.rpki-client.org