Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/iLlRhlU0s8Ccsr4zMRU5mip_ErQ.roa
File:                     iLlRhlU0s8Ccsr4zMRU5mip_ErQ.roa (raw, json)
Hash identifier:          DoCgeNJh5usFzJ0Zq1EoefuPEPDv2VcLgNm2e16m9Vg=
Subject key identifier:   88:B9:51:86:55:34:B3:C0:9C:B2:BE:33:31:15:39:9A:2A:7F:12:B4
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018F5A3C10362F171A495ABEC9B4AAF83EF6
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/iLlRhlU0s8Ccsr4zMRU5mip_ErQ.roa
Signing time:             Wed 08 May 2024 22:03:56 +0000
ROA not before:           Wed 08 May 2024 22:03:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48851
IP address blocks:        62.73.169.40/29 maxlen: 29
                          82.112.107.136/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:04:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5a:3c:10:36:2f:17:1a:49:5a:be:c9:b4:aa:f8:3e:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: May  8 22:03:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88b951865534b3c09cb2be333115399a2a7f12b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:67:15:a3:c6:1d:d8:05:de:01:fa:d9:68:95:
                    4d:78:92:e6:48:a8:29:1a:7d:fb:9b:11:7c:5e:fb:
                    2f:a1:6e:63:87:3e:ae:d1:48:c0:44:18:9e:2a:60:
                    6a:5f:d2:6c:21:7f:df:3d:5a:0d:4c:6b:4c:60:ca:
                    58:9b:35:09:06:a7:8e:44:93:15:ad:fd:be:02:ba:
                    f6:26:b2:88:64:81:95:91:0d:e2:47:f6:5b:b0:e7:
                    91:e2:c2:f8:5a:72:5c:f6:f7:ba:7e:5e:79:94:c3:
                    b7:5d:5d:17:1b:58:d4:c9:90:71:3e:62:54:bf:16:
                    cc:ad:12:75:35:2a:15:f6:c8:ad:2b:74:14:86:42:
                    19:e3:e7:5d:91:39:b9:28:92:e4:b1:24:8a:4b:c3:
                    0b:34:b7:f3:ea:a8:bd:f3:ec:6f:0b:62:42:e9:0b:
                    8b:3b:72:fa:0f:49:d4:d5:29:6d:87:f9:2e:ea:ff:
                    64:68:cc:9c:4c:66:fd:98:af:b8:8f:33:c8:2d:7b:
                    16:b6:c5:88:4e:15:aa:91:8a:c8:a9:80:40:9c:0e:
                    f7:a7:3c:12:10:de:14:3f:96:0d:cd:12:c2:4c:06:
                    76:b1:ed:65:1e:e0:21:28:92:32:e0:9f:3f:e1:82:
                    fa:71:25:19:5f:c0:8e:9b:50:b8:20:8c:fc:12:16:
                    3b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B9:51:86:55:34:B3:C0:9C:B2:BE:33:31:15:39:9A:2A:7F:12:B4
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/iLlRhlU0s8Ccsr4zMRU5mip_ErQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.73.169.40/29
                  82.112.107.136/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:8c:44:05:d4:c8:52:38:14:02:d2:36:04:97:d4:3c:76:1c:
         15:41:e3:90:f4:db:2a:09:f5:80:3c:fe:99:ef:42:48:8d:7d:
         56:8a:49:95:54:b0:9a:3e:fb:75:ec:d3:f0:79:6a:83:0c:d4:
         4c:ac:01:2c:9e:df:81:fd:98:02:83:21:18:7f:25:19:c6:de:
         54:6d:f1:f4:ad:a4:ef:02:11:27:b8:0d:c8:4e:77:b0:a7:e3:
         88:1c:b2:7f:ef:4b:48:22:be:4f:89:96:55:d3:43:a3:2c:bf:
         7b:67:a6:48:dc:4f:91:81:98:5f:55:f3:72:c5:ba:3c:b5:94:
         bf:c9:b7:76:2a:73:3e:eb:bc:12:46:fe:fc:49:99:20:51:0c:
         e8:f9:6b:02:bc:21:6b:d9:b9:a6:2f:31:a5:15:67:07:29:53:
         85:ac:cd:ae:95:1b:5a:1a:67:94:fe:84:4c:c7:be:8c:43:f5:
         5b:27:e3:1b:41:9d:af:c6:fe:07:fd:1b:a9:d4:1e:0e:ed:4c:
         4a:23:7f:12:33:80:99:36:6c:10:84:ba:c9:b6:5b:cd:1b:a3:
         33:a7:cd:4d:03:b4:25:15:05:bc:02:1c:36:f5:97:fc:4a:c8:
         cf:e5:ac:34:f1:bd:99:9d:76:fe:2b:2a:ac:4e:92:c9:0a:07:
         f3:7e:75:80
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY9aPBA2LxcaSVq+ybSq+D72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwNTA4MjIwMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGI5NTE4NjU1MzRiM2MwOWNiMmJlMzMzMTE1Mzk5YTJhN2YxMmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGcVo8Yd2AXeAfrZaJVNeJLmSKgp
Gn37mxF8XvsvoW5jhz6u0UjARBieKmBqX9JsIX/fPVoNTGtMYMpYmzUJBqeORJMV
rf2+Arr2JrKIZIGVkQ3iR/ZbsOeR4sL4WnJc9ve6fl55lMO3XV0XG1jUyZBxPmJU
vxbMrRJ1NSoV9sitK3QUhkIZ4+ddkTm5KJLksSSKS8MLNLfz6qi98+xvC2JC6QuL
O3L6D0nU1Slth/ku6v9kaMycTGb9mK+4jzPILXsWtsWIThWqkYrIqYBAnA73pzwS
EN4UP5YNzRLCTAZ2se1lHuAhKJIy4J8/4YL6cSUZX8COm1C4IIz8EhY7zwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIi5UYZVNLPAnLK+MzEVOZoqfxK0MB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvaUxsUmhsVTBzOENjc3I0ek1SVTVtaXBfRXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUDPkmpKAMF
A1Jwa4gwDQYJKoZIhvcNAQELBQADggEBAFyMRAXUyFI4FALSNgSX1Dx2HBVB45D0
2yoJ9YA8/pnvQkiNfVaKSZVUsJo++3Xs0/B5aoMM1EysASye34H9mAKDIRh/JRnG
3lRt8fStpO8CESe4DchOd7Cn44gcsn/vS0givk+JllXTQ6Msv3tnpkjcT5GBmF9V
83LFujy1lL/Jt3Yqcz7rvBJG/vxJmSBRDOj5awK8IWvZuaYvMaUVZwcpU4Wsza6V
G1oaZ5T+hEzHvoxD9Vsn4xtBna/G/gf9G6nUHg7tTEojfxIzgJk2bBCEusm2W80b
ozOnzU0DtCUVBbwCHDb1l/xKyM/lrDTxvZmddv4rKqxOkskKB/N+dYA=
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:05:47 2024 by rpki-client on console-fra.rpki-client.org