Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/6877ba-4e6c-4f5a-9cc2-af7da2b6edc5/1/BYZsNWIkgKY5Louvq-KOADvWKWI.roa
File:                     BYZsNWIkgKY5Louvq-KOADvWKWI.roa (raw, json)
Hash identifier:          y0YgQhTOl4efaQVlb0q4HTreznlP38S6C3rQLXI80D8=
Subject key identifier:   05:86:6C:35:62:24:80:A6:39:2E:8B:AF:AB:E2:8E:00:3B:D6:29:62
Certificate issuer:       /CN=f4c9baa4429da786591b72525852e6d97b32c1e8
Certificate serial:       018CC26CFAA0E222FBCB6748011069DA2B56
Authority key identifier: F4:C9:BA:A4:42:9D:A7:86:59:1B:72:52:58:52:E6:D9:7B:32:C1:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Mm6pEKdp4ZZG3JSWFLm2Xsyweg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/6877ba-4e6c-4f5a-9cc2-af7da2b6edc5/1/BYZsNWIkgKY5Louvq-KOADvWKWI.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202672
IP address blocks:        185.157.182.0/24 maxlen: 24
                          185.157.181.0/24 maxlen: 24
                          185.157.180.0/24 maxlen: 24
                          185.157.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/6877ba-4e6c-4f5a-9cc2-af7da2b6edc5/1/9Mm6pEKdp4ZZG3JSWFLm2Xsyweg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/6877ba-4e6c-4f5a-9cc2-af7da2b6edc5/1/9Mm6pEKdp4ZZG3JSWFLm2Xsyweg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Mm6pEKdp4ZZG3JSWFLm2Xsyweg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fa:a0:e2:22:fb:cb:67:48:01:10:69:da:2b:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4c9baa4429da786591b72525852e6d97b32c1e8
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05866c35622480a6392e8bafabe28e003bd62962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:29:02:6a:c4:e5:00:4b:d3:b0:d3:ab:c5:36:
                    f3:06:cc:47:23:06:e4:c2:e3:5b:f8:9c:ad:cd:49:
                    1b:2c:9b:41:fb:35:f8:b6:aa:c0:78:5d:92:45:dc:
                    0c:8b:c4:e9:0e:06:44:44:37:e6:0d:86:b2:3b:62:
                    98:85:33:6e:76:5d:b2:9a:f8:85:9d:03:d0:54:be:
                    d9:28:a6:9c:ca:02:04:cc:a4:b0:e0:25:8c:0c:d7:
                    b3:aa:71:f9:89:b5:c1:79:50:4b:c5:e4:fc:fd:b7:
                    72:0f:4c:d7:2d:ed:90:0b:24:80:88:b4:dd:83:90:
                    90:fb:4b:44:8b:ff:46:2d:37:08:eb:e5:f0:14:51:
                    32:5a:be:35:65:44:85:d3:fc:19:6c:90:26:e8:2e:
                    d9:52:f4:89:7c:6c:4b:4c:1b:87:78:47:53:10:c0:
                    b7:fd:f7:6a:6f:c7:91:c8:3a:bb:20:87:a4:4f:e9:
                    f0:d4:3d:e2:b5:a5:eb:9f:49:01:3f:9d:ae:78:fc:
                    0b:72:4b:9c:36:92:65:4a:96:d1:ae:c6:9f:3d:bb:
                    54:69:bc:28:8a:c2:6a:f3:68:05:b2:21:e7:82:52:
                    4b:99:4a:41:5d:5f:66:77:66:ae:38:8e:4f:16:d3:
                    03:ac:33:c9:d2:75:fb:34:2b:5a:3d:d9:35:0b:70:
                    32:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:86:6C:35:62:24:80:A6:39:2E:8B:AF:AB:E2:8E:00:3B:D6:29:62
            X509v3 Authority Key Identifier:
                keyid:F4:C9:BA:A4:42:9D:A7:86:59:1B:72:52:58:52:E6:D9:7B:32:C1:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Mm6pEKdp4ZZG3JSWFLm2Xsyweg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/6877ba-4e6c-4f5a-9cc2-af7da2b6edc5/1/BYZsNWIkgKY5Louvq-KOADvWKWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/6877ba-4e6c-4f5a-9cc2-af7da2b6edc5/1/9Mm6pEKdp4ZZG3JSWFLm2Xsyweg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:31:5b:e1:89:35:59:54:cf:c7:55:70:74:de:f3:c0:bd:5d:
         2f:3b:20:f0:94:cd:5f:1d:cd:02:4f:29:c7:cb:b1:38:4e:3f:
         17:13:d7:b2:35:ff:ad:80:95:d8:a2:a2:5f:3a:49:34:ae:fa:
         de:c7:53:df:9a:81:2c:32:a2:4f:b4:40:85:15:f9:08:d0:75:
         4e:47:4d:4a:4f:e8:a0:a0:9a:11:82:16:d0:c9:63:16:d0:53:
         46:86:0d:2e:5f:30:eb:eb:a0:b1:d4:dd:28:28:43:6f:89:1c:
         2c:df:5b:ac:f6:97:1d:b6:41:98:ea:c4:cb:46:25:e6:55:40:
         85:ac:19:dc:96:e5:e0:93:7d:cb:66:a0:13:5d:f0:ed:99:59:
         ba:d7:46:a8:ce:8b:9f:db:74:e7:19:c1:4d:bf:33:47:f1:da:
         bd:b3:40:db:78:3b:90:de:9f:7d:ce:db:9e:b3:2c:ac:b8:6f:
         c4:66:b7:e5:76:6c:f7:96:93:c4:91:2f:d2:f0:6a:d0:46:14:
         70:53:d2:42:80:4d:60:d7:6b:d2:9e:d6:8e:03:dd:37:e7:49:
         2c:58:77:80:94:20:f8:df:74:ef:81:23:1e:9c:ff:73:f6:12:
         37:98:e2:e6:39:7b:ce:cd:6a:13:58:9d:7e:09:65:a4:33:37:
         3d:20:65:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPqg4iL7y2dIARBp2itWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YzliYWE0NDI5ZGE3ODY1OTFiNzI1MjU4NTJlNmQ5N2Iz
MmMxZTgwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTg2NmMzNTYyMjQ4MGE2MzkyZThiYWZhYmUyOGUwMDNiZDYyOTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSkCasTlAEvTsNOrxTbzBsxHIwbk
wuNb+JytzUkbLJtB+zX4tqrAeF2SRdwMi8TpDgZERDfmDYayO2KYhTNudl2ymviF
nQPQVL7ZKKacygIEzKSw4CWMDNezqnH5ibXBeVBLxeT8/bdyD0zXLe2QCySAiLTd
g5CQ+0tEi/9GLTcI6+XwFFEyWr41ZUSF0/wZbJAm6C7ZUvSJfGxLTBuHeEdTEMC3
/fdqb8eRyDq7IIekT+nw1D3itaXrn0kBP52uePwLckucNpJlSpbRrsafPbtUabwo
isJq82gFsiHnglJLmUpBXV9md2auOI5PFtMDrDPJ0nX7NCtaPdk1C3Ay7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWGbDViJICmOS6Lr6vijgA71iliMB8GA1UdIwQY
MBaAFPTJuqRCnaeGWRtyUlhS5tl7MsHoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU1tNnBFS2RwNFpaRzNKU1dGTG0yWHN5d2VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy82ODc3YmEtNGU2Yy00ZjVhLTljYzIt
YWY3ZGEyYjZlZGM1LzEvQllac05XSWtnS1k1TG91dnEtS09BRHZXS1dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy82ODc3YmEtNGU2Yy00ZjVhLTljYzItYWY3ZGEyYjZlZGM1
LzEvOU1tNnBFS2RwNFpaRzNKU1dGTG0yWHN5d2VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ20MA0G
CSqGSIb3DQEBCwUAA4IBAQC/MVvhiTVZVM/HVXB03vPAvV0vOyDwlM1fHc0CTynH
y7E4Tj8XE9eyNf+tgJXYoqJfOkk0rvrex1PfmoEsMqJPtECFFfkI0HVOR01KT+ig
oJoRghbQyWMW0FNGhg0uXzDr66Cx1N0oKENviRws31us9pcdtkGY6sTLRiXmVUCF
rBncluXgk33LZqATXfDtmVm610aozouf23TnGcFNvzNH8dq9s0DbeDuQ3p99ztue
syysuG/EZrfldmz3lpPEkS/S8GrQRhRwU9JCgE1g12vSntaOA90350ksWHeAlCD4
33TvgSMenP9z9hI3mOLmOXvOzWoTWJ1+CWWkMzc9IGWS
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:27:48 2024 by rpki-client on console-ams.rpki-client.org