Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/7pWnyk23Vjj4NNEiCc-cqztR34E.roa
File:                     7pWnyk23Vjj4NNEiCc-cqztR34E.roa (raw, json)
Hash identifier:          P3qdoryeXznjt6QZyLx/b5He5ZQmSpjbDDpCF4trDtc=
Subject key identifier:   EE:95:A7:CA:4D:B7:56:38:F8:34:D1:22:09:CF:9C:AB:3B:51:DF:81
Certificate issuer:       /CN=75386a6fae1e55f576a405bd74b7f08e7a6c4653
Certificate serial:       018CC3B67F88426977D31B5E30E9BE74D2D8
Authority key identifier: 75:38:6A:6F:AE:1E:55:F5:76:A4:05:BD:74:B7:F0:8E:7A:6C:46:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dThqb64eVfV2pAW9dLfwjnpsRlM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/7pWnyk23Vjj4NNEiCc-cqztR34E.roa
Signing time:             Mon 01 Jan 2024 06:29:26 +0000
ROA not before:           Mon 01 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51269
IP address blocks:        194.147.47.0/24 maxlen: 24
                          185.32.70.0/24 maxlen: 24
                          194.147.67.0/24 maxlen: 24
                          194.146.126.0/24 maxlen: 24
                          185.163.124.0/22 maxlen: 22
                          2a0b:b800::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/dThqb64eVfV2pAW9dLfwjnpsRlM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/dThqb64eVfV2pAW9dLfwjnpsRlM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dThqb64eVfV2pAW9dLfwjnpsRlM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7f:88:42:69:77:d3:1b:5e:30:e9:be:74:d2:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75386a6fae1e55f576a405bd74b7f08e7a6c4653
        Validity
            Not Before: Jan  1 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee95a7ca4db75638f834d12209cf9cab3b51df81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d2:ba:bf:b1:e3:f8:84:f7:66:cf:7d:46:85:
                    63:92:d8:f9:51:06:13:8e:20:b9:9f:f8:24:e9:98:
                    e6:bb:7b:4c:68:38:03:4b:ab:9c:c1:06:c6:e8:63:
                    24:d9:d2:08:0e:63:f7:49:8a:17:17:12:f5:0c:d9:
                    b6:00:f1:84:56:e4:86:1f:4a:25:1f:99:4d:ef:81:
                    2a:27:3d:1d:2c:79:d6:6a:50:34:13:08:13:32:fa:
                    00:8b:ed:1c:e9:79:8e:1f:64:e1:79:5d:c6:64:05:
                    a6:25:2d:86:9c:4e:14:46:72:31:61:b6:d7:b4:e2:
                    d8:ae:59:f0:31:f5:dd:b5:ff:db:43:4a:02:5a:2e:
                    7c:02:cc:90:41:fb:e8:43:7e:3c:e7:59:62:87:6c:
                    56:05:01:b1:13:83:c8:97:cf:9c:4c:fe:16:88:55:
                    bd:2d:b9:20:06:92:99:3c:3b:eb:92:17:16:43:70:
                    82:81:54:16:00:40:7e:46:45:4c:12:5b:42:97:1d:
                    df:68:d6:7f:0d:17:53:a6:d1:5b:b9:85:74:a0:ca:
                    c7:6a:92:a6:4d:8d:e5:73:be:f3:de:6b:77:06:57:
                    c0:9d:6e:6c:b9:6e:f2:16:a5:e5:b0:51:82:86:21:
                    18:b8:bc:92:5e:12:e2:51:12:b0:6c:c5:50:b9:f1:
                    ad:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:95:A7:CA:4D:B7:56:38:F8:34:D1:22:09:CF:9C:AB:3B:51:DF:81
            X509v3 Authority Key Identifier:
                keyid:75:38:6A:6F:AE:1E:55:F5:76:A4:05:BD:74:B7:F0:8E:7A:6C:46:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dThqb64eVfV2pAW9dLfwjnpsRlM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/7pWnyk23Vjj4NNEiCc-cqztR34E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/dThqb64eVfV2pAW9dLfwjnpsRlM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.70.0/24
                  185.163.124.0/22
                  194.146.126.0/24
                  194.147.47.0/24
                  194.147.67.0/24
                IPv6:
                  2a0b:b800::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:52:4f:0a:b9:96:be:36:47:95:5e:53:88:74:9f:ad:f9:93:
         e0:14:fc:6c:8b:20:b1:e8:c6:a4:92:29:00:af:61:a7:5d:34:
         85:f7:c9:77:73:78:a2:91:4a:e7:33:49:c8:07:c8:92:77:9b:
         e4:4b:18:38:08:63:44:d4:b4:7c:72:24:f6:ef:64:bc:d4:bd:
         e5:88:29:8f:78:2a:f5:6b:5b:a3:53:03:9d:93:d3:ec:38:1c:
         4e:82:84:c5:be:39:bf:b4:82:eb:f2:5b:48:1a:47:f6:85:1d:
         55:64:0a:52:e1:8c:59:8f:ee:5d:2f:02:11:51:b1:17:ec:93:
         6e:82:49:2a:14:e7:af:50:ac:43:39:4d:99:07:b4:cc:66:52:
         18:c1:9a:95:8f:28:09:9c:16:dc:69:c1:e8:d6:05:55:0a:39:
         26:8d:44:8c:32:81:44:22:1f:45:e4:09:d0:25:01:12:4b:de:
         2e:0a:fb:2c:5d:61:4e:2a:0f:15:51:b1:cd:92:08:48:10:6d:
         5f:1c:71:1a:4c:30:69:46:5c:3f:ad:4d:e4:b6:27:40:7f:03:
         bd:ff:e6:ad:52:e7:98:f5:c8:12:51:08:6e:f1:04:4b:d3:60:
         3f:56:fd:46:c9:4e:18:59:af:b5:56:a6:75:09:f0:cd:83:2a:
         b5:be:10:f4
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzDtn+IQml30xteMOm+dNLYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1Mzg2YTZmYWUxZTU1ZjU3NmE0MDViZDc0YjdmMDhlN2E2
YzQ2NTMwHhcNMjQwMTAxMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTk1YTdjYTRkYjc1NjM4ZjgzNGQxMjIwOWNmOWNhYjNiNTFkZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltK6v7Hj+IT3Zs99RoVjktj5UQYT
jiC5n/gk6Zjmu3tMaDgDS6ucwQbG6GMk2dIIDmP3SYoXFxL1DNm2APGEVuSGH0ol
H5lN74EqJz0dLHnWalA0EwgTMvoAi+0c6XmOH2TheV3GZAWmJS2GnE4URnIxYbbX
tOLYrlnwMfXdtf/bQ0oCWi58AsyQQfvoQ34851lih2xWBQGxE4PIl8+cTP4WiFW9
LbkgBpKZPDvrkhcWQ3CCgVQWAEB+RkVMEltClx3faNZ/DRdTptFbuYV0oMrHapKm
TY3lc77z3mt3BlfAnW5suW7yFqXlsFGChiEYuLySXhLiURKwbMVQufGtbQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFO6Vp8pNt1Y4+DTRIgnPnKs7Ud+BMB8GA1UdIwQY
MBaAFHU4am+uHlX1dqQFvXS38I56bEZTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRocWI2NGVWZlYycEFXOWRMZndqbnBzUmxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9kOWEwMWMtNWM5MS00ZDAwLWEwOWEt
Zjg3OTJmNTc3YjlhLzEvN3BXbnlrMjNWamo0Tk5FaUNjLWNxenRSMzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9kOWEwMWMtNWM5MS00ZDAwLWEwOWEtZjg3OTJmNTc3Yjlh
LzEvZFRocWI2NGVWZlYycEFXOWRMZndqbnBzUmxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAuSBGAwQC
uaN8AwQAwpJ+AwQAwpMvAwQAwpNDMA0EAgACMAcDBQMqC7gAMA0GCSqGSIb3DQEB
CwUAA4IBAQBuUk8KuZa+NkeVXlOIdJ+t+ZPgFPxsiyCx6MakkikAr2GnXTSF98l3
c3iikUrnM0nIB8iSd5vkSxg4CGNE1LR8ciT272S81L3liCmPeCr1a1ujUwOdk9Ps
OBxOgoTFvjm/tILr8ltIGkf2hR1VZApS4YxZj+5dLwIRUbEX7JNugkkqFOevUKxD
OU2ZB7TMZlIYwZqVjygJnBbcacHo1gVVCjkmjUSMMoFEIh9F5AnQJQESS94uCvss
XWFOKg8VUbHNkghIEG1fHHEaTDBpRlw/rU3ktidAfwO9/+atUueY9cgSUQhu8QRL
02A/Vv1GyU4YWa+1VqZ1CfDNgyq1vhD0
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:16:31 2024 by rpki-client on console-ams.rpki-client.org