Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/rKbW1lWdjk3xYG-VI4YlY75ihpU.roa
File:                     rKbW1lWdjk3xYG-VI4YlY75ihpU.roa (raw, json)
Hash identifier:          28a5C9OJvV457TiaNDS6BFI9/yshwZW9egAR14veQH8=
Subject key identifier:   AC:A6:D6:D6:55:9D:8E:4D:F1:60:6F:95:23:86:25:63:BE:62:86:95
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01928A3FD4DEF08B088A22B51555CC4826E6
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/rKbW1lWdjk3xYG-VI4YlY75ihpU.roa
Signing time:             Mon 14 Oct 2024 08:58:11 +0000
ROA not before:           Mon 14 Oct 2024 08:58:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134176
IP address blocks:        217.177.34.0/24 maxlen: 24
                          217.177.72.0/24 maxlen: 24
                          217.180.21.0/24 maxlen: 24
                          217.180.44.0/24 maxlen: 24
                          217.180.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8a:3f:d4:de:f0:8b:08:8a:22:b5:15:55:cc:48:26:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Oct 14 08:58:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aca6d6d6559d8e4df1606f9523862563be628695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:58:1c:b8:16:72:3b:f8:6e:3e:6c:aa:2c:80:
                    aa:33:93:90:5d:a3:25:a8:c8:cb:34:a7:8f:32:64:
                    1a:2f:2b:9f:83:d7:66:59:79:6e:a0:f7:9f:d2:3e:
                    e3:cd:7f:11:62:2d:21:5f:07:53:aa:80:00:01:93:
                    20:80:c9:50:4b:db:82:c1:39:99:c6:37:9d:f0:44:
                    37:64:45:c4:54:1d:9f:5d:95:42:85:1a:ae:8c:2f:
                    da:22:ea:07:2b:0b:9b:05:2a:90:1c:96:90:cb:73:
                    cc:9e:4f:b4:a7:c5:5e:a5:92:ff:ad:0c:11:f1:92:
                    25:9f:0f:7e:3f:88:77:dc:77:9a:2a:b5:c9:c3:72:
                    f5:6b:cf:39:f7:2d:6b:ae:37:c7:52:fb:7c:7f:51:
                    41:30:8d:e7:b5:58:7b:bf:06:55:88:75:c1:f0:6b:
                    e1:a5:67:db:70:34:91:a8:01:49:6b:40:dc:fb:74:
                    91:18:97:fd:ab:bd:d2:8a:95:f8:56:d0:a1:a8:3c:
                    4b:ea:34:af:d1:de:00:7b:ae:ce:6f:9b:9b:19:8d:
                    cc:92:04:24:ad:e9:9d:15:df:e3:da:8c:85:e7:60:
                    bb:06:e9:71:9f:d5:e0:14:1b:99:38:bb:85:29:f0:
                    d7:d8:1d:b7:97:a9:0b:13:df:c0:2a:51:00:b5:76:
                    fe:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:A6:D6:D6:55:9D:8E:4D:F1:60:6F:95:23:86:25:63:BE:62:86:95
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/rKbW1lWdjk3xYG-VI4YlY75ihpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.177.34.0/24
                  217.177.72.0/24
                  217.180.21.0/24
                  217.180.44.0/24
                  217.180.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:4a:04:1b:76:c0:e3:fa:34:a7:67:9e:5f:f8:cc:c5:0a:cd:
         68:37:09:83:fb:d3:1a:19:55:c8:f2:dc:72:7e:43:9a:95:f2:
         b7:9d:6c:fe:b6:77:01:92:63:c2:2b:1b:21:67:bc:25:1c:ad:
         24:92:9e:99:50:76:71:d7:be:e4:6f:b4:c9:2c:65:a4:68:30:
         80:7e:b2:54:e1:5b:fb:ee:56:c4:10:e7:77:38:c7:9f:6b:d7:
         e0:0f:7c:6f:cc:c4:8a:d2:1a:9a:f3:80:b2:b2:00:ed:28:e4:
         68:95:b7:9f:d0:bf:c3:10:bd:1e:4b:b1:1b:e1:eb:3a:b4:fd:
         95:df:60:d5:0e:97:b9:76:8e:cc:f2:43:b4:e1:18:c2:7d:7c:
         8c:63:54:e9:26:ff:df:0a:a3:b5:02:af:d7:89:a9:a4:75:33:
         ee:fa:22:15:5a:31:3b:4d:55:ac:52:9b:db:02:0b:de:ce:55:
         18:6c:bd:5f:e8:4a:79:06:33:89:47:69:11:6d:31:fb:53:cd:
         3a:11:4e:8a:b0:af:89:05:68:fa:9b:08:89:42:56:3e:eb:f4:
         62:68:f0:96:4a:6f:20:33:e0:89:11:b2:9f:79:58:51:27:e2:
         32:90:8c:ca:99:32:6e:e0:e3:0a:87:86:3c:e7:77:ff:f8:40:
         67:d9:89:0b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZKKP9Te8IsIiiK1FVXMSCbmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQxMDE0MDg1ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2E2ZDZkNjU1OWQ4ZTRkZjE2MDZmOTUyMzg2MjU2M2JlNjI4Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVgcuBZyO/huPmyqLICqM5OQXaMl
qMjLNKePMmQaLyufg9dmWXluoPef0j7jzX8RYi0hXwdTqoAAAZMggMlQS9uCwTmZ
xjed8EQ3ZEXEVB2fXZVChRqujC/aIuoHKwubBSqQHJaQy3PMnk+0p8VepZL/rQwR
8ZIlnw9+P4h33HeaKrXJw3L1a8859y1rrjfHUvt8f1FBMI3ntVh7vwZViHXB8Gvh
pWfbcDSRqAFJa0Dc+3SRGJf9q73SipX4VtChqDxL6jSv0d4Ae67Ob5ubGY3MkgQk
remdFd/j2oyF52C7Bulxn9XgFBuZOLuFKfDX2B23l6kLE9/AKlEAtXb+WQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKym1tZVnY5N8WBvlSOGJWO+YoaVMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvcktiVzFsV2RqazN4WUctVkk0WWxZNzVpaHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQA2bEiAwQA
2bFIAwQA2bQVAwQA2bQsAwQA2bQvMA0GCSqGSIb3DQEBCwUAA4IBAQCsSgQbdsDj
+jSnZ55f+MzFCs1oNwmD+9MaGVXI8txyfkOalfK3nWz+tncBkmPCKxshZ7wlHK0k
kp6ZUHZx177kb7TJLGWkaDCAfrJU4Vv77lbEEOd3OMefa9fgD3xvzMSK0hqa84Cy
sgDtKORolbef0L/DEL0eS7Eb4es6tP2V32DVDpe5do7M8kO04RjCfXyMY1TpJv/f
CqO1Aq/XiamkdTPu+iIVWjE7TVWsUpvbAgvezlUYbL1f6Ep5BjOJR2kRbTH7U806
EU6KsK+JBWj6mwiJQlY+6/RiaPCWSm8gM+CJEbKfeVhRJ+IykIzKmTJu4OMKh4Y8
53f/+EBn2YkL
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:56:00 2024 by rpki-client on console-fra.rpki-client.org