Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/McFWJNiVWMPNzW1GXCqc84Qk5YQ.roa
File:                     McFWJNiVWMPNzW1GXCqc84Qk5YQ.roa (raw, json)
Hash identifier:          H3rDFU7SLyW2/UJ8CLmBSp7sR6m+AaAAl5Dc+lanoVM=
Subject key identifier:   31:C1:56:24:D8:95:58:C3:CD:CD:6D:46:5C:2A:9C:F3:84:24:E5:84
Certificate issuer:       /CN=836528e152b6dcba1571241ac55be5bce01118b7
Certificate serial:       018E65993DA147F0AE78513207C48CBF9EA3
Authority key identifier: 83:65:28:E1:52:B6:DC:BA:15:71:24:1A:C5:5B:E5:BC:E0:11:18:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g2Uo4VK23LoVcSQaxVvlvOARGLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/McFWJNiVWMPNzW1GXCqc84Qk5YQ.roa
Signing time:             Fri 22 Mar 2024 09:58:45 +0000
ROA not before:           Fri 22 Mar 2024 09:58:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197991
IP address blocks:        5.144.144.0/21 maxlen: 24
                          149.126.32.0/20 maxlen: 24
                          178.132.59.0/24 maxlen: 24
                          178.132.60.0/22 maxlen: 24
                          2a0d:a5c0::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/g2Uo4VK23LoVcSQaxVvlvOARGLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/g2Uo4VK23LoVcSQaxVvlvOARGLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g2Uo4VK23LoVcSQaxVvlvOARGLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:99:3d:a1:47:f0:ae:78:51:32:07:c4:8c:bf:9e:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=836528e152b6dcba1571241ac55be5bce01118b7
        Validity
            Not Before: Mar 22 09:58:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31c15624d89558c3cdcd6d465c2a9cf38424e584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:88:58:e5:66:bc:d9:c1:a4:bb:6f:0c:bf:e9:
                    40:e9:a5:bb:45:ae:18:04:93:cf:34:a7:8f:cb:29:
                    83:7e:e5:04:3f:a3:e7:be:2b:ed:8a:1d:e9:46:a3:
                    f3:b2:10:6d:59:ed:e0:af:9f:48:5a:94:83:4c:2e:
                    42:88:ca:8b:86:c3:c8:32:c1:1b:7f:15:be:38:d7:
                    6a:f2:43:25:a4:7f:bc:3c:fb:4d:98:f0:8e:52:60:
                    98:10:ed:d7:4c:bc:9f:e0:f7:fe:e7:60:f9:99:70:
                    51:84:c2:74:90:6c:5d:2c:9d:25:0a:eb:ab:db:d2:
                    0a:91:c5:f2:38:57:5b:14:47:e4:75:cb:7f:63:ea:
                    19:b7:d7:7f:12:bf:05:71:f3:ab:ee:0d:ef:66:9b:
                    c0:6c:5a:3f:ad:9c:a8:3e:cb:28:95:3a:e4:61:ec:
                    3a:90:af:d0:1c:59:ec:06:df:2f:07:23:bb:51:af:
                    29:1c:b3:8a:2b:1b:2a:83:b6:08:a8:bb:e8:53:8d:
                    e5:54:fd:b3:fd:ef:62:a0:74:99:34:9a:2c:4f:45:
                    7e:1d:d6:8a:f8:bf:e7:6a:56:ba:0d:2e:de:56:9a:
                    b1:72:7f:08:a3:2d:12:c9:e4:07:2c:9c:ac:22:c8:
                    85:b4:6e:24:24:4f:33:ab:bc:04:46:da:de:41:1f:
                    ec:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C1:56:24:D8:95:58:C3:CD:CD:6D:46:5C:2A:9C:F3:84:24:E5:84
            X509v3 Authority Key Identifier:
                keyid:83:65:28:E1:52:B6:DC:BA:15:71:24:1A:C5:5B:E5:BC:E0:11:18:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g2Uo4VK23LoVcSQaxVvlvOARGLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/McFWJNiVWMPNzW1GXCqc84Qk5YQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7c70f4-5f3a-4fd3-883c-eb9415ec548a/1/g2Uo4VK23LoVcSQaxVvlvOARGLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.144.0/21
                  149.126.32.0/20
                  178.132.59.0-178.132.63.255
                IPv6:
                  2a0d:a5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:29:66:9a:7f:ff:09:bd:27:7e:8c:08:cf:f4:c7:b2:f0:4b:
         d5:0e:3e:c8:a8:88:12:d1:56:3b:8f:90:4e:21:84:be:d2:75:
         e5:d0:a6:56:08:ff:5a:00:27:ae:20:c3:4c:95:dc:88:5f:77:
         28:eb:1a:61:12:2e:7c:4f:d2:29:44:d9:d8:bb:8f:02:59:90:
         b1:d9:7c:07:68:57:6d:82:b6:67:84:b3:0a:02:ab:ad:1d:44:
         54:74:33:cb:ee:5d:24:10:d2:b5:da:52:c1:39:0a:19:53:84:
         4b:49:24:72:56:f3:20:52:10:5a:e4:46:14:93:b2:5b:ed:ac:
         6e:08:32:6c:cb:1c:c9:5a:3c:6c:ad:41:a8:57:97:81:18:fd:
         66:80:14:7c:bf:53:60:13:58:28:da:e7:8c:8d:01:11:34:dd:
         7a:1b:6d:4e:f9:dc:4e:cc:25:78:25:af:eb:32:85:4f:97:6e:
         f8:57:ef:dc:45:66:02:cf:c6:29:55:73:41:e9:6d:51:61:7c:
         78:18:ef:cd:c7:19:52:82:7c:a0:5a:da:e9:8f:36:7b:ca:9f:
         0a:d4:42:85:72:f0:5b:ff:2d:34:69:df:76:16:7a:64:82:19:
         78:47:bb:78:23:1e:d6:53:4a:8d:79:81:11:6c:1f:8c:36:55:
         de:81:19:a6
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAY5lmT2hR/CueFEyB8SMv56jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNjUyOGUxNTJiNmRjYmExNTcxMjQxYWM1NWJlNWJjZTAx
MTE4YjcwHhcNMjQwMzIyMDk1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWMxNTYyNGQ4OTU1OGMzY2RjZDZkNDY1YzJhOWNmMzg0MjRlNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIhY5Wa82cGku28Mv+lA6aW7Ra4Y
BJPPNKePyymDfuUEP6Pnvivtih3pRqPzshBtWe3gr59IWpSDTC5CiMqLhsPIMsEb
fxW+ONdq8kMlpH+8PPtNmPCOUmCYEO3XTLyf4Pf+52D5mXBRhMJ0kGxdLJ0lCuur
29IKkcXyOFdbFEfkdct/Y+oZt9d/Er8FcfOr7g3vZpvAbFo/rZyoPssolTrkYew6
kK/QHFnsBt8vByO7Ua8pHLOKKxsqg7YIqLvoU43lVP2z/e9ioHSZNJosT0V+HdaK
+L/nala6DS7eVpqxcn8Ioy0SyeQHLJysIsiFtG4kJE8zq7wERtreQR/s4wIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFDHBViTYlVjDzc1tRlwqnPOEJOWEMB8GA1UdIwQY
MBaAFINlKOFStty6FXEkGsVb5bzgERi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzJVbzRWSzIzTG9WY1NRYXhWdmx2T0FSR0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC83YzcwZjQtNWYzYS00ZmQzLTg4M2Mt
ZWI5NDE1ZWM1NDhhLzEvTWNGV0pOaVZXTVBOelcxR1hDcWM4NFFrNVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC83YzcwZjQtNWYzYS00ZmQzLTg4M2MtZWI5NDE1ZWM1NDhh
LzEvZzJVbzRWSzIzTG9WY1NRYXhWdmx2T0FSR0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQDBZCQAwQE
lX4gMAwDBACyhDsDBAayhAAwDQQCAAIwBwMFAyoNpcAwDQYJKoZIhvcNAQELBQAD
ggEBAAEpZpp//wm9J36MCM/0x7LwS9UOPsioiBLRVjuPkE4hhL7SdeXQplYI/1oA
J64gw0yV3IhfdyjrGmESLnxP0ilE2di7jwJZkLHZfAdoV22CtmeEswoCq60dRFR0
M8vuXSQQ0rXaUsE5ChlThEtJJHJW8yBSEFrkRhSTslvtrG4IMmzLHMlaPGytQahX
l4EY/WaAFHy/U2ATWCja54yNARE03XobbU753E7MJXglr+syhU+XbvhX79xFZgLP
xilVc0HpbVFhfHgY783HGVKCfKBa2umPNnvKnwrUQoVy8Fv/LTRp33YWemSCGXhH
u3gjHtZTSo15gRFsH4w2Vd6BGaY=
-----END CERTIFICATE-----
Generated at Sun Nov 24 22:16:54 2024 by rpki-client on console-fra.rpki-client.org