Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/ryEUpr2AUL7cC0-iIpMVqB_lhvA.roa
File:                     ryEUpr2AUL7cC0-iIpMVqB_lhvA.roa (raw, json)
Hash identifier:          Ltj8zvUwWbKMNITY64Emz7biuEYA8qkJPXM2Q6TacMQ=
Subject key identifier:   AF:21:14:A6:BD:80:50:BE:DC:0B:4F:A2:22:93:15:A8:1F:E5:86:F0
Certificate issuer:       /CN=f779f5f0288985abde09827e03d787a52149e7ec
Certificate serial:       018DA38420A3EE900A73CCF43AE64B855069
Authority key identifier: F7:79:F5:F0:28:89:85:AB:DE:09:82:7E:03:D7:87:A5:21:49:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93n18CiJhaveCYJ-A9eHpSFJ5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/ryEUpr2AUL7cC0-iIpMVqB_lhvA.roa
Signing time:             Tue 13 Feb 2024 17:29:21 +0000
ROA not before:           Tue 13 Feb 2024 17:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29467
IP address blocks:        5.149.112.0/21 maxlen: 24
                          153.92.48.0/20 maxlen: 24
                          178.251.160.0/21 maxlen: 24
                          185.4.124.0/22 maxlen: 24
                          185.97.244.0/22 maxlen: 24
                          185.123.216.0/22 maxlen: 24
                          2a02:70c0::/32 maxlen: 32
                          2a03:2f00::/32 maxlen: 32
                          2a03:92e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/93n18CiJhaveCYJ-A9eHpSFJ5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/93n18CiJhaveCYJ-A9eHpSFJ5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93n18CiJhaveCYJ-A9eHpSFJ5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a3:84:20:a3:ee:90:0a:73:cc:f4:3a:e6:4b:85:50:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f779f5f0288985abde09827e03d787a52149e7ec
        Validity
            Not Before: Feb 13 17:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af2114a6bd8050bedc0b4fa2229315a81fe586f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:83:b5:38:0b:51:94:d9:d5:fc:38:12:ab:5a:
                    12:75:24:89:60:23:7f:f2:d8:3a:71:de:49:a5:3f:
                    8c:cb:ba:5c:3f:8d:ba:ef:92:b9:ae:e1:e9:6f:d8:
                    6e:ab:36:33:56:0f:21:10:37:a2:b5:26:9e:fa:85:
                    7b:74:d2:50:36:8f:2d:be:88:31:e9:ce:d6:6e:8e:
                    f9:5f:24:03:a8:77:f5:e1:47:7e:95:a0:6b:e7:85:
                    45:59:bf:01:94:76:2f:ba:96:3e:aa:44:10:a2:bc:
                    0b:90:c6:67:b8:0d:a2:8f:b9:ff:0e:c9:ef:9c:b8:
                    d0:5a:ed:65:a2:10:7b:2c:85:90:4e:25:f6:d9:c5:
                    1c:59:36:b5:b3:cc:63:d5:53:60:59:a6:6f:82:27:
                    47:74:ee:0c:37:28:b8:b4:22:eb:d9:42:15:97:aa:
                    bb:7e:9f:f4:8e:18:6f:9f:b3:bf:88:37:19:c0:39:
                    2a:ff:ef:d2:18:b2:d2:e0:a8:36:81:6f:a4:9d:fc:
                    7d:6f:8c:3e:77:b1:d1:35:de:15:ea:ed:5b:c0:bb:
                    2a:48:3a:d8:60:05:41:f6:f2:f8:9a:5a:65:ed:16:
                    3a:27:a8:e1:6e:c6:2e:08:9b:7e:b8:21:a6:89:b5:
                    92:65:94:44:1e:90:0e:04:a5:3e:b3:3b:a4:3c:df:
                    67:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:21:14:A6:BD:80:50:BE:DC:0B:4F:A2:22:93:15:A8:1F:E5:86:F0
            X509v3 Authority Key Identifier:
                keyid:F7:79:F5:F0:28:89:85:AB:DE:09:82:7E:03:D7:87:A5:21:49:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93n18CiJhaveCYJ-A9eHpSFJ5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/ryEUpr2AUL7cC0-iIpMVqB_lhvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/aed381-45cc-44bc-a5c3-fe7963bec7d3/1/93n18CiJhaveCYJ-A9eHpSFJ5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.112.0/21
                  153.92.48.0/20
                  178.251.160.0/21
                  185.4.124.0/22
                  185.97.244.0/22
                  185.123.216.0/22
                IPv6:
                  2a02:70c0::/32
                  2a03:2f00::/32
                  2a03:92e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:36:72:e1:68:fc:04:52:d2:c3:40:be:8a:9a:29:32:04:dd:
         ba:bc:8f:32:de:a9:0e:ce:e8:dc:bb:8e:e7:f4:a4:85:e6:26:
         01:b3:91:8a:6a:a7:f1:c7:82:1f:ce:80:2a:d0:d0:b4:ab:a4:
         e4:95:e5:db:42:b3:d0:84:26:75:f2:cb:c9:21:ab:c1:1f:da:
         14:77:d6:fb:dc:3f:93:51:ee:2b:51:12:5d:6a:2d:25:c8:2b:
         0c:6e:b6:53:f1:02:3e:0c:9a:8f:2f:dd:e0:ef:0e:73:74:ef:
         dc:14:a7:27:7d:ca:79:fc:c6:8b:f4:2e:fd:6b:09:4c:0c:89:
         c6:8f:56:7d:02:c4:8a:33:ee:4d:53:b7:a9:ab:92:15:9f:72:
         7a:a7:38:98:4d:f1:82:05:b0:66:a3:56:bc:be:29:55:5a:f6:
         7a:5a:cb:ab:8c:49:c1:d7:5c:82:d4:86:55:01:f7:5c:fb:1e:
         3b:cc:54:ed:a4:30:c1:9c:2d:85:73:32:55:84:49:e9:c8:7e:
         26:ed:39:c6:89:80:25:ac:cd:f1:59:fc:14:2f:c5:de:14:57:
         cd:27:98:79:96:95:c9:8f:dc:50:48:2c:76:28:c2:13:e2:2f:
         ee:46:d2:26:43:77:06:79:c5:11:e8:52:3f:79:eb:24:b5:74:
         ce:03:62:20
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAY2jhCCj7pAKc8z0OuZLhVBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzlmNWYwMjg4OTg1YWJkZTA5ODI3ZTAzZDc4N2E1MjE0
OWU3ZWMwHhcNMjQwMjEzMTcyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjIxMTRhNmJkODA1MGJlZGMwYjRmYTIyMjkzMTVhODFmZTU4NmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoO1OAtRlNnV/DgSq1oSdSSJYCN/
8tg6cd5JpT+My7pcP42675K5ruHpb9huqzYzVg8hEDeitSae+oV7dNJQNo8tvogx
6c7Wbo75XyQDqHf14Ud+laBr54VFWb8BlHYvupY+qkQQorwLkMZnuA2ij7n/Dsnv
nLjQWu1lohB7LIWQTiX22cUcWTa1s8xj1VNgWaZvgidHdO4MNyi4tCLr2UIVl6q7
fp/0jhhvn7O/iDcZwDkq/+/SGLLS4Kg2gW+knfx9b4w+d7HRNd4V6u1bwLsqSDrY
YAVB9vL4mlpl7RY6J6jhbsYuCJt+uCGmibWSZZREHpAOBKU+szukPN9nQwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFK8hFKa9gFC+3AtPoiKTFagf5YbwMB8GA1UdIwQY
MBaAFPd59fAoiYWr3gmCfgPXh6UhSefsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNuMThDaUpoYXZlQ1lKLUE5ZUhwU0ZKNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9hZWQzODEtNDVjYy00NGJjLWE1YzMt
ZmU3OTYzYmVjN2QzLzEvcnlFVXByMkFVTDdjQzAtaUlwTVZxQl9saHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9hZWQzODEtNDVjYy00NGJjLWE1YzMtZmU3OTYzYmVjN2Qz
LzEvOTNuMThDaUpoYXZlQ1lKLUE5ZUhwU0ZKNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAqBAIAATAkAwQDBZVwAwQE
mVwwAwQDsvugAwQCuQR8AwQCuWH0AwQCuXvYMBsEAgACMBUDBQAqAnDAAwUAKgMv
AAMFACoDkuAwDQYJKoZIhvcNAQELBQADggEBACE2cuFo/ARS0sNAvoqaKTIE3bq8
jzLeqQ7O6Ny7juf0pIXmJgGzkYpqp/HHgh/OgCrQ0LSrpOSV5dtCs9CEJnXyy8kh
q8Ef2hR31vvcP5NR7itREl1qLSXIKwxutlPxAj4Mmo8v3eDvDnN079wUpyd9ynn8
xov0Lv1rCUwMicaPVn0CxIoz7k1Tt6mrkhWfcnqnOJhN8YIFsGajVry+KVVa9npa
y6uMScHXXILUhlUB91z7HjvMVO2kMMGcLYVzMlWESenIfibtOcaJgCWszfFZ/BQv
xd4UV80nmHmWlcmP3FBILHYowhPiL+5G0iZDdwZ5xRHoUj956yS1dM4DYiA=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:51:09 2024 by rpki-client on console-fra.rpki-client.org