Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/oes4Ltjcpie6AI_fbZYZFJBj74s.roa
File:                     oes4Ltjcpie6AI_fbZYZFJBj74s.roa (raw, json)
Hash identifier:          D3uU4hK/6xQOLlRUqBdfa/92ATrI6sMx+qh6u3Be4PI=
Subject key identifier:   A1:EB:38:2E:D8:DC:A6:27:BA:00:8F:DF:6D:96:19:14:90:63:EF:8B
Certificate issuer:       /CN=b754992ba488a872c89cbdf42ca4df895e609c53
Certificate serial:       018CC424777C00314636AAFB47F19B600CFE
Authority key identifier: B7:54:99:2B:A4:88:A8:72:C8:9C:BD:F4:2C:A4:DF:89:5E:60:9C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t1SZK6SIqHLInL30LKTfiV5gnFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/oes4Ltjcpie6AI_fbZYZFJBj74s.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203537
IP address blocks:        185.130.28.0/22 maxlen: 24
                          193.163.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/t1SZK6SIqHLInL30LKTfiV5gnFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/t1SZK6SIqHLInL30LKTfiV5gnFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t1SZK6SIqHLInL30LKTfiV5gnFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:77:7c:00:31:46:36:aa:fb:47:f1:9b:60:0c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b754992ba488a872c89cbdf42ca4df895e609c53
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1eb382ed8dca627ba008fdf6d9619149063ef8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:1d:bc:53:a0:af:47:89:1a:f2:82:24:50:81:
                    66:b8:25:8f:aa:3b:1d:9e:31:ca:4a:71:2c:8b:24:
                    aa:98:3b:7f:46:64:7d:db:69:7d:66:cc:33:15:c8:
                    b9:d2:e5:e4:1c:9d:9a:87:c9:04:c6:ea:ea:bb:9e:
                    b9:00:c7:c8:df:c9:c7:87:ed:f5:d5:17:1d:fd:d5:
                    f1:fc:54:b2:c2:a2:93:1c:71:23:83:7c:f2:6a:9d:
                    53:c0:81:b9:a9:ab:42:be:30:fe:13:a0:39:3b:2f:
                    df:1b:35:8c:e0:a1:b4:98:bb:b2:52:a2:5d:e6:9c:
                    75:39:1b:6e:18:67:da:7d:39:3b:84:09:57:14:0a:
                    37:10:f5:b6:2d:97:f4:76:a6:89:27:7c:9f:0e:ff:
                    b3:3b:8d:58:dc:09:1e:d9:8b:1e:73:00:2b:04:b3:
                    0f:9b:6d:e3:2d:5e:44:2c:9d:5d:b7:31:61:0b:cd:
                    d2:a5:48:76:d5:76:c8:2c:0a:0d:5c:91:5c:e9:df:
                    8b:cd:b6:d0:6d:6d:d9:f7:86:e4:ce:92:dd:86:55:
                    49:80:6d:2d:87:7a:fb:c8:5b:85:5d:23:a8:3d:f5:
                    2c:4c:f0:f0:2c:b7:24:d6:fb:ba:83:7f:2c:f7:91:
                    28:11:2c:23:2b:2f:74:e3:d3:24:fc:d2:b9:b1:cb:
                    a9:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:EB:38:2E:D8:DC:A6:27:BA:00:8F:DF:6D:96:19:14:90:63:EF:8B
            X509v3 Authority Key Identifier:
                keyid:B7:54:99:2B:A4:88:A8:72:C8:9C:BD:F4:2C:A4:DF:89:5E:60:9C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1SZK6SIqHLInL30LKTfiV5gnFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/oes4Ltjcpie6AI_fbZYZFJBj74s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/4a839e-c86a-49ee-989e-7c42c494ef8d/1/t1SZK6SIqHLInL30LKTfiV5gnFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.28.0/22
                  193.163.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:53:ad:86:1c:2f:8b:96:36:1e:62:39:2e:8c:ae:24:8d:33:
         c7:38:80:6f:15:0c:75:c6:b9:38:fe:e9:16:5d:d4:e1:74:32:
         fe:0b:7c:f0:30:d9:2a:b8:f7:f2:27:d4:ac:4e:76:a0:cf:a7:
         fd:6a:c1:f6:0b:44:53:32:1d:3a:26:f8:4c:c0:17:2b:f9:c8:
         42:b5:73:79:33:7a:3d:4d:8d:eb:f9:09:6a:42:d1:0d:38:b8:
         27:fd:66:93:b8:8c:0e:40:44:9d:7a:60:2e:dd:3c:3d:ff:6e:
         2c:8c:e0:a6:83:dc:31:bc:db:dc:a3:e5:7c:22:6b:5c:af:b0:
         4e:00:fe:53:c0:28:d5:0c:8c:b5:3f:1c:67:6e:27:61:a0:ee:
         36:4a:59:91:f3:e0:5f:79:df:69:47:a6:ab:02:b1:bc:2e:06:
         1d:26:2d:74:b2:c1:6a:98:1c:61:a6:d2:35:3e:92:ab:aa:8f:
         ef:c3:ef:cb:a3:1b:a2:56:20:39:d4:77:56:79:69:96:9c:2e:
         1a:5c:6f:f8:9b:c8:84:be:d4:f6:d8:41:0a:d7:22:de:65:4a:
         05:96:1b:ee:b7:d9:f8:46:ed:8c:fc:4b:9b:fa:1d:cf:fd:a5:
         0c:55:80:16:29:76:61:c8:dc:59:49:ba:e3:22:92:e7:13:94:
         82:27:0f:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJHd8ADFGNqr7R/GbYAz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NTQ5OTJiYTQ4OGE4NzJjODljYmRmNDJjYTRkZjg5NWU2
MDljNTMwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWViMzgyZWQ4ZGNhNjI3YmEwMDhmZGY2ZDk2MTkxNDkwNjNlZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAix28U6CvR4ka8oIkUIFmuCWPqjsd
njHKSnEsiySqmDt/RmR922l9ZswzFci50uXkHJ2ah8kExurqu565AMfI38nHh+31
1Rcd/dXx/FSywqKTHHEjg3zyap1TwIG5qatCvjD+E6A5Oy/fGzWM4KG0mLuyUqJd
5px1ORtuGGfafTk7hAlXFAo3EPW2LZf0dqaJJ3yfDv+zO41Y3Ake2YsecwArBLMP
m23jLV5ELJ1dtzFhC83SpUh21XbILAoNXJFc6d+LzbbQbW3Z94bkzpLdhlVJgG0t
h3r7yFuFXSOoPfUsTPDwLLck1vu6g38s95EoESwjKy9049Mk/NK5scuplQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKHrOC7Y3KYnugCP322WGRSQY++LMB8GA1UdIwQY
MBaAFLdUmSukiKhyyJy99Cyk34leYJxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFTWks2U0lxSExJbkwzMExLVGZpVjVnbkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi80YTgzOWUtYzg2YS00OWVlLTk4OWUt
N2M0MmM0OTRlZjhkLzEvb2VzNEx0amNwaWU2QUlfZmJaWVpGSkJqNzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi80YTgzOWUtYzg2YS00OWVlLTk4OWUtN2M0MmM0OTRlZjhk
LzEvdDFTWks2U0lxSExJbkwzMExLVGZpVjVnbkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYIcAwQA
waN+MA0GCSqGSIb3DQEBCwUAA4IBAQB4U62GHC+LljYeYjkujK4kjTPHOIBvFQx1
xrk4/ukWXdThdDL+C3zwMNkquPfyJ9SsTnagz6f9asH2C0RTMh06JvhMwBcr+chC
tXN5M3o9TY3r+QlqQtENOLgn/WaTuIwOQESdemAu3Tw9/24sjOCmg9wxvNvco+V8
Imtcr7BOAP5TwCjVDIy1PxxnbidhoO42SlmR8+Bfed9pR6arArG8LgYdJi10ssFq
mBxhptI1PpKrqo/vw+/LoxuiViA51HdWeWmWnC4aXG/4m8iEvtT22EEK1yLeZUoF
lhvut9n4Ru2M/Eub+h3P/aUMVYAWKXZhyNxZSbrjIpLnE5SCJw/R
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:13:31 2024 by rpki-client on console-fra.rpki-client.org