Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/hvfevQextqnhtcXlfvezgrI9TM8.roa
File:                     hvfevQextqnhtcXlfvezgrI9TM8.roa (raw, json)
Hash identifier:          1/zJYsn2r6w56sX8pYNz69jHYCUxlet3pIvRBhZdqNA=
Subject key identifier:   86:F7:DE:BD:07:B1:B6:A9:E1:B5:C5:E5:7E:F7:B3:82:B2:3D:4C:CF
Certificate issuer:       /CN=aa35f907ec7dbf9c65b815aa3d7202b6dfae3148
Certificate serial:       018CC9BC50E70CD6D5D8A466E0D2C547B0A3
Authority key identifier: AA:35:F9:07:EC:7D:BF:9C:65:B8:15:AA:3D:72:02:B6:DF:AE:31:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qjX5B-x9v5xluBWqPXICtt-uMUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/hvfevQextqnhtcXlfvezgrI9TM8.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20647
IP address blocks:        185.27.156.0/22 maxlen: 22
                          194.29.224.0/19 maxlen: 19
                          91.102.8.0/21 maxlen: 21
                          2a02:f28::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/qjX5B-x9v5xluBWqPXICtt-uMUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/qjX5B-x9v5xluBWqPXICtt-uMUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qjX5B-x9v5xluBWqPXICtt-uMUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:50:e7:0c:d6:d5:d8:a4:66:e0:d2:c5:47:b0:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa35f907ec7dbf9c65b815aa3d7202b6dfae3148
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86f7debd07b1b6a9e1b5c5e57ef7b382b23d4ccf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e5:49:74:dc:92:ed:d8:79:6a:2b:83:eb:c6:
                    da:7a:bd:b7:9c:23:6a:c8:e6:8f:27:b4:58:74:6b:
                    4b:23:93:36:ab:ed:5c:9d:b6:59:f1:24:c8:66:16:
                    ee:02:54:03:65:17:69:07:00:39:07:51:2e:2e:c8:
                    cf:72:82:f3:2f:0a:27:b5:8e:48:6a:61:e7:17:01:
                    eb:ce:fc:ec:00:6c:01:21:2c:c3:f6:f2:ef:09:27:
                    d0:4a:4f:6e:b8:b6:e2:cd:3a:12:80:c5:f2:69:6f:
                    30:2c:db:d0:9e:79:cd:21:37:55:c1:11:74:7a:32:
                    ba:7e:d2:1f:18:1a:df:82:3c:00:20:da:39:dc:fa:
                    ee:3f:87:e4:fb:6a:c2:2e:90:4e:60:ff:14:ed:9d:
                    7d:7c:1b:a3:f9:42:63:d5:02:95:d7:06:01:a5:13:
                    36:0e:8f:76:30:28:00:c8:96:a7:aa:23:76:4c:13:
                    dd:2d:36:b7:de:35:73:e1:a1:9b:12:68:3f:30:b6:
                    d6:19:56:7c:b4:07:7b:4c:0b:79:b1:1f:51:71:c2:
                    b5:f3:0a:f5:29:ed:19:0f:fb:e9:55:cb:ca:23:6c:
                    9f:a6:7d:a7:d0:59:23:d0:a4:63:ed:da:7e:c1:39:
                    42:5a:d3:38:5f:24:d0:ad:2a:0d:1b:70:2b:d3:58:
                    e4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F7:DE:BD:07:B1:B6:A9:E1:B5:C5:E5:7E:F7:B3:82:B2:3D:4C:CF
            X509v3 Authority Key Identifier:
                keyid:AA:35:F9:07:EC:7D:BF:9C:65:B8:15:AA:3D:72:02:B6:DF:AE:31:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qjX5B-x9v5xluBWqPXICtt-uMUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/hvfevQextqnhtcXlfvezgrI9TM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b1c50e-af27-4a62-ae23-b6f1cfaa6985/1/qjX5B-x9v5xluBWqPXICtt-uMUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.8.0/21
                  185.27.156.0/22
                  194.29.224.0/19
                IPv6:
                  2a02:f28::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:5a:67:03:e1:9f:37:69:ed:23:d2:61:eb:c0:8b:fe:21:ab:
         be:ea:a2:7f:b1:03:88:0c:a1:38:82:1f:41:a0:ec:9c:a7:81:
         be:55:19:a6:68:43:35:93:de:e5:74:bc:d0:67:c7:25:b8:7a:
         b3:7e:6d:1a:62:bd:c0:04:2d:96:4e:8c:04:9f:cf:9b:86:01:
         f1:55:35:57:b0:43:b2:12:ce:55:6a:01:51:98:08:a9:c9:77:
         01:67:b1:12:c7:25:ba:82:95:51:96:92:8d:a8:23:a9:d0:f5:
         cc:25:b6:25:a0:b0:57:18:24:aa:da:05:95:9c:4e:98:f3:d9:
         23:7d:c9:dd:36:37:de:01:91:a6:64:c9:9d:bb:b2:80:d4:85:
         3a:82:24:77:f0:a0:ce:dc:23:d0:28:74:98:15:fb:6f:7c:9b:
         fa:45:69:b5:de:b5:51:af:76:c1:b8:b3:af:92:a9:19:b8:30:
         bf:2b:ec:88:97:f0:f0:23:00:57:c7:7c:42:12:b8:73:92:c6:
         8b:e1:25:ba:58:c5:38:f3:1a:b8:77:30:32:62:f5:a4:e3:4f:
         6d:6b:03:c7:d9:80:ef:64:7b:a2:0b:c6:61:40:9e:4c:5b:e3:
         8b:9c:4c:79:54:f8:d2:26:9d:a1:45:10:11:6c:bc:95:df:37:
         b0:6b:95:b3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzJvFDnDNbV2KRm4NLFR7CjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMzVmOTA3ZWM3ZGJmOWM2NWI4MTVhYTNkNzIwMmI2ZGZh
ZTMxNDgwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmY3ZGViZDA3YjFiNmE5ZTFiNWM1ZTU3ZWY3YjM4MmIyM2Q0Y2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOVJdNyS7dh5aiuD68baer23nCNq
yOaPJ7RYdGtLI5M2q+1cnbZZ8STIZhbuAlQDZRdpBwA5B1EuLsjPcoLzLwontY5I
amHnFwHrzvzsAGwBISzD9vLvCSfQSk9uuLbizToSgMXyaW8wLNvQnnnNITdVwRF0
ejK6ftIfGBrfgjwAINo53PruP4fk+2rCLpBOYP8U7Z19fBuj+UJj1QKV1wYBpRM2
Do92MCgAyJanqiN2TBPdLTa33jVz4aGbEmg/MLbWGVZ8tAd7TAt5sR9RccK18wr1
Ke0ZD/vpVcvKI2yfpn2n0Fkj0KRj7dp+wTlCWtM4XyTQrSoNG3Ar01jkkwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIb33r0Hsbap4bXF5X73s4KyPUzPMB8GA1UdIwQY
MBaAFKo1+Qfsfb+cZbgVqj1yArbfrjFIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWpYNUIteDl2NXhsdUJXcVBYSUN0dC11TVVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9iMWM1MGUtYWYyNy00YTYyLWFlMjMt
YjZmMWNmYWE2OTg1LzEvaHZmZXZRZXh0cW5odGNYbGZ2ZXpnckk5VE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9iMWM1MGUtYWYyNy00YTYyLWFlMjMtYjZmMWNmYWE2OTg1
LzEvcWpYNUIteDl2NXhsdUJXcVBYSUN0dC11TVVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDW2YIAwQC
uRucAwQFwh3gMA0EAgACMAcDBQAqAg8oMA0GCSqGSIb3DQEBCwUAA4IBAQA0WmcD
4Z83ae0j0mHrwIv+Iau+6qJ/sQOIDKE4gh9BoOycp4G+VRmmaEM1k97ldLzQZ8cl
uHqzfm0aYr3ABC2WTowEn8+bhgHxVTVXsEOyEs5VagFRmAipyXcBZ7ESxyW6gpVR
lpKNqCOp0PXMJbYloLBXGCSq2gWVnE6Y89kjfcndNjfeAZGmZMmdu7KA1IU6giR3
8KDO3CPQKHSYFftvfJv6RWm13rVRr3bBuLOvkqkZuDC/K+yIl/DwIwBXx3xCErhz
ksaL4SW6WMU48xq4dzAyYvWk409tawPH2YDvZHuiC8ZhQJ5MW+OLnEx5VPjSJp2h
RRARbLyV3zewa5Wz
-----END CERTIFICATE-----
Generated at Sat Jun 15 15:22:17 2024 by rpki-client on console-ams.rpki-client.org