Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/fd6070-9e0b-433a-8a75-7f73a4671a1e/1/sokPXsQjqakTtocG5TR2TfBlkkc.roa
File:                     sokPXsQjqakTtocG5TR2TfBlkkc.roa (raw, json)
Hash identifier:          Bwd3W6JTpDkJhn7hNs5BBypXqW4HUDq5FUSwer4+uFc=
Subject key identifier:   B2:89:0F:5E:C4:23:A9:A9:13:B6:87:06:E5:34:76:4D:F0:65:92:47
Certificate issuer:       /CN=613d5e1379fea9d1d0f7256ed0fc9183be74fefb
Certificate serial:       018CC793EFF6BE3F93DD56FE48F0D7194C8D
Authority key identifier: 61:3D:5E:13:79:FE:A9:D1:D0:F7:25:6E:D0:FC:91:83:BE:74:FE:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YT1eE3n-qdHQ9yVu0PyRg750_vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/fd6070-9e0b-433a-8a75-7f73a4671a1e/1/sokPXsQjqakTtocG5TR2TfBlkkc.roa
Signing time:             Tue 02 Jan 2024 00:30:10 +0000
ROA not before:           Tue 02 Jan 2024 00:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207335
IP address blocks:        185.106.133.0/24 maxlen: 24
                          2a10:1380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/fd6070-9e0b-433a-8a75-7f73a4671a1e/1/YT1eE3n-qdHQ9yVu0PyRg750_vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/fd6070-9e0b-433a-8a75-7f73a4671a1e/1/YT1eE3n-qdHQ9yVu0PyRg750_vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YT1eE3n-qdHQ9yVu0PyRg750_vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:ef:f6:be:3f:93:dd:56:fe:48:f0:d7:19:4c:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=613d5e1379fea9d1d0f7256ed0fc9183be74fefb
        Validity
            Not Before: Jan  2 00:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2890f5ec423a9a913b68706e534764df0659247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c4:27:9d:01:5c:7f:18:ef:7b:56:0b:7e:9e:
                    8d:4f:50:c1:5a:d2:60:b3:98:45:81:c1:31:a4:7e:
                    14:40:98:0b:97:37:1b:a0:a0:cf:33:52:00:a3:85:
                    a2:07:47:88:e3:3f:82:58:03:1d:39:c4:6b:1f:2c:
                    29:e2:1f:12:8f:f4:17:8d:c4:a7:b5:fe:a4:a0:ea:
                    1f:e1:75:b6:ab:8d:79:37:be:32:3c:0c:d8:dd:2b:
                    1d:ca:4d:d5:8f:f3:fc:4c:a2:59:2c:e9:bb:4b:e1:
                    e3:4b:31:e3:9f:53:9f:21:3f:fc:c5:e6:d6:8b:a9:
                    94:23:fb:d9:1a:3a:e4:f5:c1:3a:5e:b0:04:30:f8:
                    9d:c5:44:11:95:86:4a:7d:24:b9:76:b0:7a:72:9d:
                    bd:9b:3d:12:ba:0f:2b:01:0d:05:1e:1d:9c:1d:1d:
                    1d:56:4a:2e:71:6c:33:33:05:17:ca:c6:77:52:98:
                    5e:e9:69:1f:37:1e:37:73:46:0b:d7:e3:79:44:d1:
                    ea:9e:63:aa:6f:67:e8:81:73:11:45:c7:4e:5c:10:
                    a0:ea:ab:18:df:e9:cb:82:a1:9f:bc:72:23:c0:0f:
                    f9:de:94:e1:d5:56:dd:3a:89:55:7e:f7:7f:5e:08:
                    3b:cb:f0:9f:ef:ef:09:68:b1:e3:46:6d:46:f8:ea:
                    84:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:89:0F:5E:C4:23:A9:A9:13:B6:87:06:E5:34:76:4D:F0:65:92:47
            X509v3 Authority Key Identifier:
                keyid:61:3D:5E:13:79:FE:A9:D1:D0:F7:25:6E:D0:FC:91:83:BE:74:FE:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YT1eE3n-qdHQ9yVu0PyRg750_vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/fd6070-9e0b-433a-8a75-7f73a4671a1e/1/sokPXsQjqakTtocG5TR2TfBlkkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/fd6070-9e0b-433a-8a75-7f73a4671a1e/1/YT1eE3n-qdHQ9yVu0PyRg750_vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.133.0/24
                IPv6:
                  2a10:1380::/29

    Signature Algorithm: sha256WithRSAEncryption
         ea:67:ae:fa:e3:a3:cc:0f:3a:54:53:1d:b6:70:d2:9f:cb:64:
         3e:fd:78:08:1f:f2:0c:48:f4:71:b9:af:36:f5:c1:b8:cd:35:
         5f:d4:d8:32:59:9a:14:7a:74:4d:df:d7:2f:cb:f9:f6:20:81:
         55:08:b9:e3:85:d2:31:41:d3:82:04:88:41:c9:7c:7b:f7:73:
         d3:d6:36:35:4e:66:35:f2:8a:65:b7:d1:9a:a4:bf:2a:65:b2:
         a4:dc:9a:bf:73:38:6c:28:9f:e6:51:95:9f:22:26:6b:be:24:
         fc:c8:7f:f1:66:e5:2a:e2:e0:5c:6e:32:70:af:86:8d:70:91:
         69:57:0d:89:c5:b4:f4:66:b7:bc:92:d3:6b:ec:74:97:9f:1a:
         cc:47:cf:5f:83:af:71:db:6d:87:a9:ef:18:76:f3:69:c3:c3:
         77:c7:39:a9:6c:45:b7:46:1b:98:95:3b:c6:67:e0:f6:a4:ba:
         0c:06:a4:24:56:8c:8b:88:7b:0e:68:6c:30:aa:f3:3f:cb:5c:
         76:65:f8:01:2a:80:97:51:bf:e4:6d:75:54:64:0a:0c:1c:5e:
         20:23:7d:d3:fa:d8:54:b9:4e:03:be:32:69:1e:d0:69:aa:c5:
         33:cd:16:04:18:3a:dd:5f:ad:19:37:2d:13:8d:c0:48:0a:f1:
         d3:f6:b2:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk+/2vj+T3Vb+SPDXGUyNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxM2Q1ZTEzNzlmZWE5ZDFkMGY3MjU2ZWQwZmM5MTgzYmU3
NGZlZmIwHhcNMjQwMTAyMDAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjg5MGY1ZWM0MjNhOWE5MTNiNjg3MDZlNTM0NzY0ZGYwNjU5MjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcQnnQFcfxjve1YLfp6NT1DBWtJg
s5hFgcExpH4UQJgLlzcboKDPM1IAo4WiB0eI4z+CWAMdOcRrHywp4h8Sj/QXjcSn
tf6koOof4XW2q415N74yPAzY3Ssdyk3Vj/P8TKJZLOm7S+HjSzHjn1OfIT/8xebW
i6mUI/vZGjrk9cE6XrAEMPidxUQRlYZKfSS5drB6cp29mz0Sug8rAQ0FHh2cHR0d
VkoucWwzMwUXysZ3Uphe6WkfNx43c0YL1+N5RNHqnmOqb2fogXMRRcdOXBCg6qsY
3+nLgqGfvHIjwA/53pTh1VbdOolVfvd/Xgg7y/Cf7+8JaLHjRm1G+OqECwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLKJD17EI6mpE7aHBuU0dk3wZZJHMB8GA1UdIwQY
MBaAFGE9XhN5/qnR0PclbtD8kYO+dP77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVQxZUUzbi1xZEhROXlWdTBQeVJnNzUwX3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9mZDYwNzAtOWUwYi00MzNhLThhNzUt
N2Y3M2E0NjcxYTFlLzEvc29rUFhzUWpxYWtUdG9jRzVUUjJUZkJsa2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9mZDYwNzAtOWUwYi00MzNhLThhNzUtN2Y3M2E0NjcxYTFl
LzEvWVQxZUUzbi1xZEhROXlWdTBQeVJnNzUwX3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuWqFMA0E
AgACMAcDBQMqEBOAMA0GCSqGSIb3DQEBCwUAA4IBAQDqZ67646PMDzpUUx22cNKf
y2Q+/XgIH/IMSPRxua829cG4zTVf1NgyWZoUenRN39cvy/n2IIFVCLnjhdIxQdOC
BIhByXx793PT1jY1TmY18oplt9GapL8qZbKk3Jq/czhsKJ/mUZWfIiZrviT8yH/x
ZuUq4uBcbjJwr4aNcJFpVw2JxbT0Zre8ktNr7HSXnxrMR89fg69x222Hqe8YdvNp
w8N3xzmpbEW3RhuYlTvGZ+D2pLoMBqQkVoyLiHsOaGwwqvM/y1x2ZfgBKoCXUb/k
bXVUZAoMHF4gI33T+thUuU4DvjJpHtBpqsUzzRYEGDrdX60ZNy0TjcBICvHT9rIV
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:27:03 2024 by rpki-client on console-ams.rpki-client.org