Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7a0423-9a95-42c1-81e5-14da79d6c3aa/1/FPc5ghBUZ3MAetifa_mRejJu-sA.roa
File:                     FPc5ghBUZ3MAetifa_mRejJu-sA.roa (raw, json)
Hash identifier:          ZHk1XUPkTJT4Gj2lbt9yzFFk3yEk8uLdYs3hvu/WFmM=
Subject key identifier:   14:F7:39:82:10:54:67:73:00:7A:D8:9F:6B:F9:91:7A:32:6E:FA:C0
Certificate issuer:       /CN=ed95533ef47fd94b8c554df3d228eedcd4ca0384
Certificate serial:       018CC7934F95A9615668DD53328D5960B939
Authority key identifier: ED:95:53:3E:F4:7F:D9:4B:8C:55:4D:F3:D2:28:EE:DC:D4:CA:03:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7ZVTPvR_2UuMVU3z0iju3NTKA4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7a0423-9a95-42c1-81e5-14da79d6c3aa/1/FPc5ghBUZ3MAetifa_mRejJu-sA.roa
Signing time:             Tue 02 Jan 2024 00:29:29 +0000
ROA not before:           Tue 02 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     286
IP address blocks:        193.17.185.0/24 maxlen: 24
                          193.17.186.0/24 maxlen: 24
                          195.234.152.0/24 maxlen: 24
                          2001:67c:1514::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7a0423-9a95-42c1-81e5-14da79d6c3aa/1/7ZVTPvR_2UuMVU3z0iju3NTKA4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7a0423-9a95-42c1-81e5-14da79d6c3aa/1/7ZVTPvR_2UuMVU3z0iju3NTKA4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7ZVTPvR_2UuMVU3z0iju3NTKA4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:4f:95:a9:61:56:68:dd:53:32:8d:59:60:b9:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed95533ef47fd94b8c554df3d228eedcd4ca0384
        Validity
            Not Before: Jan  2 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14f7398210546773007ad89f6bf9917a326efac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:36:cd:da:dc:e8:c5:c1:c1:6b:79:08:44:70:
                    71:d0:13:60:c6:77:a4:02:f0:30:6f:e2:be:7c:9b:
                    cf:8a:c2:9f:28:57:71:e3:c1:ad:cb:6e:13:26:ac:
                    01:08:85:21:a7:87:9b:7b:d5:ab:a5:e2:29:be:55:
                    86:7a:ec:4e:8a:20:02:3e:17:c2:9d:85:fe:82:0d:
                    06:57:12:14:a6:b2:71:d5:4c:8f:be:28:e6:c3:7d:
                    29:29:5a:6e:b9:36:b4:39:40:3d:4f:73:77:ef:47:
                    05:df:ba:b4:47:c1:22:4c:43:bc:dc:c7:01:1b:b5:
                    f4:64:55:d3:13:54:61:be:2a:8e:a7:c7:9c:b2:8e:
                    e3:f1:b0:f5:51:99:d3:c7:01:07:c2:d9:0a:47:56:
                    9b:bd:b2:28:e4:48:ba:5c:23:3c:89:dc:f8:9e:bf:
                    ed:d7:dd:e0:04:bd:4b:c1:fa:ad:95:e6:43:31:70:
                    1c:97:48:ba:e1:df:4c:f0:88:b1:0e:e0:98:ec:84:
                    79:f6:51:5c:61:78:cd:96:9a:3a:85:ab:05:7d:28:
                    be:8b:c4:5e:fa:54:d9:d7:f8:14:82:62:47:72:49:
                    7a:96:e5:07:1d:f4:22:3e:37:4e:10:0a:54:f0:65:
                    e2:09:22:1e:79:35:da:82:1d:52:4a:71:ea:da:c4:
                    79:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:F7:39:82:10:54:67:73:00:7A:D8:9F:6B:F9:91:7A:32:6E:FA:C0
            X509v3 Authority Key Identifier:
                keyid:ED:95:53:3E:F4:7F:D9:4B:8C:55:4D:F3:D2:28:EE:DC:D4:CA:03:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7ZVTPvR_2UuMVU3z0iju3NTKA4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7a0423-9a95-42c1-81e5-14da79d6c3aa/1/FPc5ghBUZ3MAetifa_mRejJu-sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7a0423-9a95-42c1-81e5-14da79d6c3aa/1/7ZVTPvR_2UuMVU3z0iju3NTKA4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.185.0-193.17.186.255
                  195.234.152.0/24
                IPv6:
                  2001:67c:1514::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:6b:d4:0d:ca:4b:77:ab:07:75:b7:4f:91:31:9d:f4:e1:c3:
         67:5a:9d:ac:98:95:b6:45:e5:d7:14:30:05:11:53:80:c9:c1:
         52:9d:d3:06:88:f9:e9:26:71:4d:5a:12:d6:f0:91:1e:a6:5c:
         e3:69:0f:e5:05:b0:8b:fd:0d:18:5f:bb:5a:16:a7:7d:89:2d:
         a9:f3:bc:9a:8f:3f:1c:fd:e3:5e:6a:87:f7:31:31:4f:94:92:
         ac:2c:e4:32:5f:b5:04:f7:89:12:29:29:29:63:fd:aa:2a:56:
         6d:1e:c2:c9:f4:1d:27:fc:b4:46:06:c7:f4:47:80:e6:75:31:
         bf:d8:2a:d4:57:65:4f:ec:f9:d8:5a:db:a6:5d:7b:67:50:87:
         a8:c0:f9:c6:b7:18:f0:95:bf:0d:8d:e3:5e:24:ec:c7:06:7e:
         cb:68:1e:9f:af:72:18:39:2b:e2:36:55:73:c3:01:46:12:9f:
         5c:94:c7:a8:e1:75:42:e2:10:cc:20:76:c5:28:a7:3d:29:2c:
         3e:f7:ff:e1:ea:18:9d:84:af:ca:04:9e:38:2b:d1:be:02:1a:
         dd:d9:68:93:c8:65:2d:12:bd:cd:af:bc:54:a2:6b:5c:07:6d:
         0b:2e:e8:ce:63:ea:63:f5:38:00:af:96:f8:86:32:84:9d:55:
         8a:b6:56:14
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYzHk0+VqWFWaN1TMo1ZYLk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkOTU1MzNlZjQ3ZmQ5NGI4YzU1NGRmM2QyMjhlZWRjZDRj
YTAzODQwHhcNMjQwMTAyMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGY3Mzk4MjEwNTQ2NzczMDA3YWQ4OWY2YmY5OTE3YTMyNmVmYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jbN2tzoxcHBa3kIRHBx0BNgxnek
AvAwb+K+fJvPisKfKFdx48Gty24TJqwBCIUhp4ebe9WrpeIpvlWGeuxOiiACPhfC
nYX+gg0GVxIUprJx1UyPvijmw30pKVpuuTa0OUA9T3N370cF37q0R8EiTEO83McB
G7X0ZFXTE1RhviqOp8ecso7j8bD1UZnTxwEHwtkKR1abvbIo5Ei6XCM8idz4nr/t
193gBL1LwfqtleZDMXAcl0i64d9M8IixDuCY7IR59lFcYXjNlpo6hasFfSi+i8Re
+lTZ1/gUgmJHckl6luUHHfQiPjdOEApU8GXiCSIeeTXagh1SSnHq2sR5wQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFBT3OYIQVGdzAHrYn2v5kXoybvrAMB8GA1UdIwQY
MBaAFO2VUz70f9lLjFVN89Io7tzUygOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1pWVFB2Ul8yVXVNVlUzejBpanUzTlRLQTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83YTA0MjMtOWE5NS00MmMxLTgxZTUt
MTRkYTc5ZDZjM2FhLzEvRlBjNWdoQlVaM01BZXRpZmFfbVJlakp1LXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83YTA0MjMtOWE5NS00MmMxLTgxZTUtMTRkYTc5ZDZjM2Fh
LzEvN1pWVFB2Ul8yVXVNVlUzejBpanUzTlRLQTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUMAwDBADBEbkD
BADBEboDBADD6pgwDwQCAAIwCQMHACABBnwVFDANBgkqhkiG9w0BAQsFAAOCAQEA
KmvUDcpLd6sHdbdPkTGd9OHDZ1qdrJiVtkXl1xQwBRFTgMnBUp3TBoj56SZxTVoS
1vCRHqZc42kP5QWwi/0NGF+7WhanfYktqfO8mo8/HP3jXmqH9zExT5SSrCzkMl+1
BPeJEikpKWP9qipWbR7CyfQdJ/y0RgbH9EeA5nUxv9gq1FdlT+z52Frbpl17Z1CH
qMD5xrcY8JW/DY3jXiTsxwZ+y2gen69yGDkr4jZVc8MBRhKfXJTHqOF1QuIQzCB2
xSinPSksPvf/4eoYnYSvygSeOCvRvgIa3dlok8hlLRK9za+8VKJrXAdtCy7ozmPq
Y/U4AK+W+IYyhJ1VirZWFA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:30:04 2024 by rpki-client on console-fra.rpki-client.org