Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/SEpkDJml4k88Q5MpYoM-sDRp29o.roa
File:                     SEpkDJml4k88Q5MpYoM-sDRp29o.roa (raw, json)
Hash identifier:          IPytsP3MgZg5qusevC6QyPtYuPVYWiCsiCMHjwI5HRc=
Subject key identifier:   48:4A:64:0C:99:A5:E2:4F:3C:43:93:29:62:83:3E:B0:34:69:DB:DA
Certificate issuer:       /CN=b754992ba488a872c89cbdf42ca4df895e609c53
Certificate serial:       018CC424775598D0DF014C9F40EA5D0E44BF
Authority key identifier: B7:54:99:2B:A4:88:A8:72:C8:9C:BD:F4:2C:A4:DF:89:5E:60:9C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t1SZK6SIqHLInL30LKTfiV5gnFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/SEpkDJml4k88Q5MpYoM-sDRp29o.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        185.130.30.0/24 maxlen: 24
                          185.130.29.0/24 maxlen: 24
                          185.130.28.0/22 maxlen: 24
                          193.163.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/t1SZK6SIqHLInL30LKTfiV5gnFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/t1SZK6SIqHLInL30LKTfiV5gnFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t1SZK6SIqHLInL30LKTfiV5gnFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:77:55:98:d0:df:01:4c:9f:40:ea:5d:0e:44:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b754992ba488a872c89cbdf42ca4df895e609c53
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=484a640c99a5e24f3c43932962833eb03469dbda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:cc:12:36:5a:a7:fa:21:9e:a0:3f:10:62:a0:
                    80:4f:e5:82:28:7c:de:f1:67:49:1d:f5:01:b7:5c:
                    9b:ba:8e:25:8d:69:c0:a5:c6:ad:9d:17:6f:4b:57:
                    6b:73:3f:cb:df:f4:bd:cf:4b:19:82:8f:72:35:98:
                    2c:8f:66:ae:0e:8f:39:eb:b7:72:16:98:09:d7:59:
                    3c:ea:a7:08:15:56:55:6a:f5:cc:41:e8:1e:a0:60:
                    6f:7d:12:bb:e5:2e:6e:ab:de:73:21:a3:ac:bd:c8:
                    a1:9e:2c:0d:0c:33:d5:de:c6:ba:32:8c:cf:68:f0:
                    cd:be:76:86:89:05:05:9f:07:79:1f:37:d0:d8:d0:
                    3a:c6:5c:5f:44:d6:9e:72:8c:96:8c:76:41:a3:92:
                    00:3a:05:8d:dd:32:15:45:01:95:a5:8a:df:f3:9a:
                    64:bd:b8:d7:46:b5:d4:9b:ad:1f:9c:26:92:50:66:
                    0b:ba:75:98:ce:33:a6:3d:07:c6:26:78:4a:a0:20:
                    fa:a0:91:56:ed:7d:5d:30:bc:6b:9d:f0:8b:a5:0d:
                    d1:fc:df:af:ef:c8:a2:eb:46:ff:20:f2:fa:a4:6c:
                    99:a2:88:98:3a:c9:52:d4:ad:e5:62:e9:1f:a9:a6:
                    4d:58:94:56:f8:66:05:27:3d:5c:cf:58:0b:2b:ea:
                    09:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:4A:64:0C:99:A5:E2:4F:3C:43:93:29:62:83:3E:B0:34:69:DB:DA
            X509v3 Authority Key Identifier:
                keyid:B7:54:99:2B:A4:88:A8:72:C8:9C:BD:F4:2C:A4:DF:89:5E:60:9C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1SZK6SIqHLInL30LKTfiV5gnFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/SEpkDJml4k88Q5MpYoM-sDRp29o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/t1SZK6SIqHLInL30LKTfiV5gnFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.28.0/22
                  193.163.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:ff:e1:cd:3e:23:8e:fd:be:27:19:a5:ed:c6:11:3e:55:21:
         68:a8:2f:54:0d:0f:b6:f3:64:17:da:50:15:da:44:6d:57:28:
         21:6f:cc:d4:e9:0c:c5:e9:11:35:75:17:50:aa:85:4a:79:cf:
         67:1c:9e:e8:ae:9f:a8:80:90:fc:5c:ae:31:3d:ba:74:4c:85:
         b6:d8:50:61:05:05:13:6d:2a:04:4c:ff:c3:d0:37:b2:19:6b:
         60:cb:4c:34:1d:b5:32:e2:eb:fe:0c:c1:65:60:88:f6:f4:ea:
         71:04:87:4c:1b:0e:84:f8:27:b0:f6:0b:f2:6e:e8:73:76:c5:
         d2:2e:a7:ec:4f:b1:9a:35:09:a3:9b:77:ac:26:ca:4f:03:27:
         8c:e6:39:c9:4b:31:33:a9:e0:bc:e7:ce:51:e4:70:7c:9e:1c:
         a4:cd:93:2c:bb:cc:70:64:f6:df:f6:ae:e5:b2:71:1a:92:8e:
         10:bd:a1:f3:9f:19:b0:32:3a:d0:0b:95:28:e2:84:d5:32:80:
         b5:da:a1:22:e7:68:3c:58:19:7e:a8:57:70:b9:92:ef:9e:a3:
         91:33:17:2e:a4:5d:6f:fa:ff:d9:a7:12:dd:81:58:27:32:d8:
         fd:90:2e:22:82:45:da:4a:99:78:40:3b:b2:74:2b:39:05:47:
         1d:ce:54:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJHdVmNDfAUyfQOpdDkS/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NTQ5OTJiYTQ4OGE4NzJjODljYmRmNDJjYTRkZjg5NWU2
MDljNTMwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODRhNjQwYzk5YTVlMjRmM2M0MzkzMjk2MjgzM2ViMDM0NjlkYmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMwSNlqn+iGeoD8QYqCAT+WCKHze
8WdJHfUBt1ybuo4ljWnApcatnRdvS1drcz/L3/S9z0sZgo9yNZgsj2auDo8567dy
FpgJ11k86qcIFVZVavXMQegeoGBvfRK75S5uq95zIaOsvcihniwNDDPV3sa6MozP
aPDNvnaGiQUFnwd5HzfQ2NA6xlxfRNaecoyWjHZBo5IAOgWN3TIVRQGVpYrf85pk
vbjXRrXUm60fnCaSUGYLunWYzjOmPQfGJnhKoCD6oJFW7X1dMLxrnfCLpQ3R/N+v
78ii60b/IPL6pGyZooiYOslS1K3lYukfqaZNWJRW+GYFJz1cz1gLK+oJvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEhKZAyZpeJPPEOTKWKDPrA0advaMB8GA1UdIwQY
MBaAFLdUmSukiKhyyJy99Cyk34leYJxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFTWks2U0lxSExJbkwzMExLVGZpVjVnbkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi80YTgzOWUtYzg2YS00OWVlLTk4OWUt
N2M0MmM0OTRlZjhkLzEvU0Vwa0RKbWw0azg4UTVNcFlvTS1zRFJwMjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi80YTgzOWUtYzg2YS00OWVlLTk4OWUtN2M0MmM0OTRlZjhk
LzEvdDFTWks2U0lxSExJbkwzMExLVGZpVjVnbkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYIcAwQA
waN+MA0GCSqGSIb3DQEBCwUAA4IBAQBV/+HNPiOO/b4nGaXtxhE+VSFoqC9UDQ+2
82QX2lAV2kRtVyghb8zU6QzF6RE1dRdQqoVKec9nHJ7orp+ogJD8XK4xPbp0TIW2
2FBhBQUTbSoETP/D0DeyGWtgy0w0HbUy4uv+DMFlYIj29OpxBIdMGw6E+Cew9gvy
buhzdsXSLqfsT7GaNQmjm3esJspPAyeM5jnJSzEzqeC8585R5HB8nhykzZMsu8xw
ZPbf9q7lsnEako4QvaHznxmwMjrQC5Uo4oTVMoC12qEi52g8WBl+qFdwuZLvnqOR
MxcupF1v+v/ZpxLdgVgnMtj9kC4igkXaSpl4QDuydCs5BUcdzlR0
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:59:54 2024 by rpki-client on console-ams.rpki-client.org