Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/Pi7UCq0aWYo4Og9vxmr3_A_CH80.roa
File:                     Pi7UCq0aWYo4Og9vxmr3_A_CH80.roa (raw, json)
Hash identifier:          bepee2eG4bw89JBKEqdD9PkokOwkZzQarfcpjZs5xhc=
Subject key identifier:   3E:2E:D4:0A:AD:1A:59:8A:38:3A:0F:6F:C6:6A:F7:FC:0F:C2:1F:CD
Certificate issuer:       /CN=18b889f0ddbb52801e2d2e7a2ebe1167cad34c06
Certificate serial:       018CCA2A0B1C2FAE634735E4E0E423F94E72
Authority key identifier: 18:B8:89:F0:DD:BB:52:80:1E:2D:2E:7A:2E:BE:11:67:CA:D3:4C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/Pi7UCq0aWYo4Og9vxmr3_A_CH80.roa
Signing time:             Tue 02 Jan 2024 12:33:22 +0000
ROA not before:           Tue 02 Jan 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42316
IP address blocks:        185.187.160.0/22 maxlen: 24
                          45.159.128.0/22 maxlen: 24
                          176.113.47.0/24 maxlen: 24
                          2a0b:a880::/29 maxlen: 48
                          2a0c:9280::/29 maxlen: 48
                          2a0f:7680::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0b:1c:2f:ae:63:47:35:e4:e0:e4:23:f9:4e:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18b889f0ddbb52801e2d2e7a2ebe1167cad34c06
        Validity
            Not Before: Jan  2 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e2ed40aad1a598a383a0f6fc66af7fc0fc21fcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8d:44:ae:1b:71:6a:4b:12:8b:1e:65:6e:a3:
                    14:79:6f:bd:7a:a3:b4:91:eb:8b:58:9f:f2:6d:64:
                    08:47:6a:51:80:2b:a3:c3:50:73:01:e2:e9:86:40:
                    33:bb:91:37:3a:70:dc:70:6c:80:b5:17:4a:05:13:
                    2a:8b:40:1f:ed:6c:07:05:ee:d0:96:b7:27:7f:5d:
                    2d:03:08:59:bc:ca:32:6d:c7:5c:69:9f:e5:2d:0c:
                    3a:98:9a:61:fc:3d:6c:54:05:ef:79:a1:d1:0a:1b:
                    74:1d:5d:3a:04:fa:75:12:fd:57:db:1e:f5:25:9f:
                    fb:aa:2d:ef:a7:c5:7a:60:70:49:af:51:b1:5d:d9:
                    c5:86:fa:7d:d6:62:93:71:a3:b5:d1:8b:de:49:3c:
                    5f:8d:c1:8e:f4:50:22:b8:84:79:f0:14:81:4a:6e:
                    d2:86:08:71:53:21:cd:04:e6:d4:fd:ff:4d:be:60:
                    70:96:c2:ec:c2:cd:4d:24:04:87:2e:73:93:24:b0:
                    48:8c:35:b1:cc:41:d9:ba:a1:72:5c:32:34:f7:75:
                    9c:59:7e:f2:9b:8b:52:ab:d7:53:a6:b0:80:dc:e8:
                    e7:fb:90:a3:d2:d9:23:00:8d:b9:de:ee:b1:9e:13:
                    59:1c:be:f5:78:5a:75:dc:1a:f6:e4:6c:c8:f2:68:
                    18:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2E:D4:0A:AD:1A:59:8A:38:3A:0F:6F:C6:6A:F7:FC:0F:C2:1F:CD
            X509v3 Authority Key Identifier:
                keyid:18:B8:89:F0:DD:BB:52:80:1E:2D:2E:7A:2E:BE:11:67:CA:D3:4C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/Pi7UCq0aWYo4Og9vxmr3_A_CH80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.128.0/22
                  176.113.47.0/24
                  185.187.160.0/22
                IPv6:
                  2a0b:a880::/29
                  2a0c:9280::/29
                  2a0f:7680::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:4b:a5:33:13:d8:83:16:13:56:79:76:6e:cb:04:83:38:39:
         91:7f:45:e9:00:32:1e:da:30:71:3d:96:4e:cd:d8:95:06:eb:
         29:6d:63:05:9b:6b:2e:0e:7f:d1:2e:4c:c0:80:19:7b:0c:4c:
         d0:3f:be:09:ac:d9:5c:cc:e5:c7:72:ad:04:23:a1:a3:35:ca:
         42:ed:e7:3a:79:cc:e6:4e:e5:98:3b:a2:79:27:99:7a:56:d7:
         ec:7c:d7:9e:15:19:2a:eb:ff:2b:d4:71:e5:6a:f2:a6:0e:ff:
         13:f1:0c:98:d1:4d:a9:26:2f:5c:2b:7e:ef:3f:47:dd:96:28:
         73:ef:80:bb:0d:4a:cb:77:fc:7a:23:bd:8e:b8:a0:14:d9:95:
         5b:90:d5:21:3a:28:26:4e:54:1d:0b:5b:d9:70:ca:df:c3:03:
         5a:72:f5:61:ea:2d:23:2c:3f:0d:16:94:da:13:01:56:ef:db:
         96:4b:dd:1e:3d:1b:32:e3:12:cc:81:81:74:8f:3d:1e:f4:75:
         0e:62:58:8f:01:3a:55:3a:0f:f8:3f:4e:8c:54:22:94:53:b0:
         ab:58:c8:e1:6b:52:f0:94:78:d3:84:95:22:ba:fd:31:db:a9:
         c0:b7:01:8e:be:7a:1e:d3:6d:56:56:43:33:e0:67:2f:44:62:
         e4:00:08:4e
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzKKgscL65jRzXk4OQj+U5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4Yjg4OWYwZGRiYjUyODAxZTJkMmU3YTJlYmUxMTY3Y2Fk
MzRjMDYwHhcNMjQwMTAyMTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTJlZDQwYWFkMWE1OThhMzgzYTBmNmZjNjZhZjdmYzBmYzIxZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo1ErhtxaksSix5lbqMUeW+9eqO0
keuLWJ/ybWQIR2pRgCujw1BzAeLphkAzu5E3OnDccGyAtRdKBRMqi0Af7WwHBe7Q
lrcnf10tAwhZvMoybcdcaZ/lLQw6mJph/D1sVAXveaHRCht0HV06BPp1Ev1X2x71
JZ/7qi3vp8V6YHBJr1GxXdnFhvp91mKTcaO10YveSTxfjcGO9FAiuIR58BSBSm7S
hghxUyHNBObU/f9NvmBwlsLsws1NJASHLnOTJLBIjDWxzEHZuqFyXDI093WcWX7y
m4tSq9dTprCA3Ojn+5Cj0tkjAI253u6xnhNZHL71eFp13Br25GzI8mgYUwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFD4u1AqtGlmKODoPb8Zq9/wPwh/NMB8GA1UdIwQY
MBaAFBi4ifDdu1KAHi0uei6+EWfK00wGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0xpSjhOMjdVb0FlTFM1NkxyNFJaOHJUVEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82ZTE5NjEtM2RhNi00N2MxLTliNmQt
ZGJiNjRhNjgzNWFkLzEvUGk3VUNxMGFXWW80T2c5dnhtcjNfQV9DSDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82ZTE5NjEtM2RhNi00N2MxLTliNmQtZGJiNjRhNjgzNWFk
LzEvR0xpSjhOMjdVb0FlTFM1NkxyNFJaOHJUVEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQCLZ+AAwQA
sHEvAwQCubugMBsEAgACMBUDBQMqC6iAAwUDKgySgAMFAyoPdoAwDQYJKoZIhvcN
AQELBQADggEBACtLpTMT2IMWE1Z5dm7LBIM4OZF/RekAMh7aMHE9lk7N2JUG6ylt
YwWbay4Of9EuTMCAGXsMTNA/vgms2VzM5cdyrQQjoaM1ykLt5zp5zOZO5Zg7onkn
mXpW1+x8154VGSrr/yvUceVq8qYO/xPxDJjRTakmL1wrfu8/R92WKHPvgLsNSst3
/HojvY64oBTZlVuQ1SE6KCZOVB0LW9lwyt/DA1py9WHqLSMsPw0WlNoTAVbv25ZL
3R49GzLjEsyBgXSPPR70dQ5iWI8BOlU6D/g/ToxUIpRTsKtYyOFrUvCUeNOElSK6
/THbqcC3AY6+eh7TbVZWQzPgZy9EYuQACE4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:03:42 2024 by rpki-client on console-fra.rpki-client.org