Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/U_5B0rVJsnsRIes1EQIZbEGBxZc.roa
File:                     U_5B0rVJsnsRIes1EQIZbEGBxZc.roa (raw, json)
Hash identifier:          jb0yqfWg2SPjUl+flcECBXDY+nMA868FA8FxXTuN8FQ=
Subject key identifier:   53:FE:41:D2:B5:49:B2:7B:11:21:EB:35:11:02:19:6C:41:81:C5:97
Certificate issuer:       /CN=92f4b1c0bfbad46b811eee568a18fbaa14a9d687
Certificate serial:       018CC5DC7E969C1B48EB3A4157EE62BB4C5B
Authority key identifier: 92:F4:B1:C0:BF:BA:D4:6B:81:1E:EE:56:8A:18:FB:AA:14:A9:D6:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvSxwL-61GuBHu5Wihj7qhSp1oc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/U_5B0rVJsnsRIes1EQIZbEGBxZc.roa
Signing time:             Mon 01 Jan 2024 16:30:10 +0000
ROA not before:           Mon 01 Jan 2024 16:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201250
IP address blocks:        213.59.158.0/24 maxlen: 24
                          213.59.155.0/24 maxlen: 24
                          217.107.197.0/24 maxlen: 24
                          217.107.198.0/24 maxlen: 24
                          217.107.196.0/22 maxlen: 22
                          213.59.132.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/kvSxwL-61GuBHu5Wihj7qhSp1oc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/kvSxwL-61GuBHu5Wihj7qhSp1oc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvSxwL-61GuBHu5Wihj7qhSp1oc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:7e:96:9c:1b:48:eb:3a:41:57:ee:62:bb:4c:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f4b1c0bfbad46b811eee568a18fbaa14a9d687
        Validity
            Not Before: Jan  1 16:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53fe41d2b549b27b1121eb351102196c4181c597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9e:4d:27:0d:c3:08:a2:fe:64:9d:36:26:fb:
                    bf:05:ac:be:bc:97:f3:3b:61:42:7f:f2:1f:b7:d6:
                    b4:08:4d:23:c6:91:ae:c6:02:07:3f:05:d9:9d:9b:
                    4b:36:26:34:48:db:78:0a:f1:ba:ef:4a:a5:27:22:
                    a7:5f:cc:82:46:4d:31:96:91:09:1b:35:29:00:8c:
                    23:ff:20:b2:90:6d:22:78:4c:6d:3d:ac:68:a8:ff:
                    6e:da:11:ca:67:8b:0d:52:5c:88:f4:41:b8:bc:a6:
                    97:3f:43:ee:67:83:b2:21:40:38:9c:ba:5b:c1:5a:
                    2e:aa:5a:f0:69:41:78:34:7d:59:f6:21:7a:af:6c:
                    ae:7f:38:52:6f:96:b9:c4:10:ec:56:65:36:fe:e6:
                    78:2f:fe:3a:44:96:05:6b:75:77:37:d5:18:fe:4d:
                    06:8b:50:ca:97:25:af:f3:e6:74:00:6a:55:04:9c:
                    02:e8:71:4e:20:9f:02:d7:6b:b3:d6:65:0a:01:29:
                    68:e8:09:62:e5:b2:c5:6d:f9:5a:10:b3:81:f5:39:
                    29:0f:27:f5:09:09:8d:63:96:cc:40:aa:62:7f:f6:
                    76:48:2f:6e:19:c0:d5:5a:43:51:fc:92:9d:d2:f7:
                    3e:40:37:f2:26:fa:1f:c9:e9:a1:e5:64:c3:67:b6:
                    c2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FE:41:D2:B5:49:B2:7B:11:21:EB:35:11:02:19:6C:41:81:C5:97
            X509v3 Authority Key Identifier:
                keyid:92:F4:B1:C0:BF:BA:D4:6B:81:1E:EE:56:8A:18:FB:AA:14:A9:D6:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvSxwL-61GuBHu5Wihj7qhSp1oc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/U_5B0rVJsnsRIes1EQIZbEGBxZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/4f8514-2e20-4935-995c-a084f76c8e2b/1/kvSxwL-61GuBHu5Wihj7qhSp1oc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.59.132.0/22
                  213.59.155.0/24
                  213.59.158.0/24
                  217.107.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:e9:d7:dc:15:ed:ad:e4:44:65:88:45:9e:28:df:da:22:f2:
         a2:61:2e:4d:78:b2:57:bf:01:b9:65:e2:6c:a1:f4:e2:ef:03:
         1c:2b:cf:08:e5:eb:90:f2:05:af:15:dc:1d:90:0c:34:ba:db:
         0d:c0:70:b0:e1:0a:c2:e5:ac:49:8e:55:2e:41:d9:26:f0:14:
         68:3d:09:68:08:3b:76:cc:2d:d2:bb:90:52:1e:4d:e9:93:0d:
         22:26:c0:75:71:6f:51:f9:16:c5:38:1d:aa:12:76:54:a1:ec:
         98:55:ec:e2:11:8b:8b:ad:71:2b:33:cf:ad:d9:20:d2:9c:27:
         eb:5d:37:86:c8:9e:0c:ce:bc:77:4a:3b:6c:3a:cc:f9:30:33:
         ba:9e:0c:d7:fe:1f:7f:19:9f:2b:08:aa:a3:46:7c:5d:d4:14:
         73:0b:e0:3c:eb:d9:2b:4f:64:b7:27:1b:46:7f:9e:19:fb:b4:
         f9:c6:35:78:4c:ab:b6:8d:f7:25:1b:6a:55:48:08:ef:55:6e:
         bd:17:d6:52:83:56:a0:c0:3f:85:d5:84:be:ee:ca:48:f0:45:
         b3:85:6c:c9:e4:4d:b2:eb:a3:02:47:bf:64:de:e7:ea:1a:6f:
         2a:f4:52:cf:9f:5a:10:77:c1:ae:e0:7e:6b:cc:7a:2d:78:84:
         0d:95:30:d9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzF3H6WnBtI6zpBV+5iu0xbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZjRiMWMwYmZiYWQ0NmI4MTFlZWU1NjhhMThmYmFhMTRh
OWQ2ODcwHhcNMjQwMTAxMTYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ZlNDFkMmI1NDliMjdiMTEyMWViMzUxMTAyMTk2YzQxODFjNTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZ5NJw3DCKL+ZJ02Jvu/Bay+vJfz
O2FCf/Ift9a0CE0jxpGuxgIHPwXZnZtLNiY0SNt4CvG670qlJyKnX8yCRk0xlpEJ
GzUpAIwj/yCykG0ieExtPaxoqP9u2hHKZ4sNUlyI9EG4vKaXP0PuZ4OyIUA4nLpb
wVouqlrwaUF4NH1Z9iF6r2yufzhSb5a5xBDsVmU2/uZ4L/46RJYFa3V3N9UY/k0G
i1DKlyWv8+Z0AGpVBJwC6HFOIJ8C12uz1mUKASlo6Ali5bLFbflaELOB9TkpDyf1
CQmNY5bMQKpif/Z2SC9uGcDVWkNR/JKd0vc+QDfyJvofyemh5WTDZ7bChwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFP+QdK1SbJ7ESHrNRECGWxBgcWXMB8GA1UdIwQY
MBaAFJL0scC/utRrgR7uVooY+6oUqdaHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3ZTeHdMLTYxR3VCSHU1V2loajdxaFNwMW9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi80Zjg1MTQtMmUyMC00OTM1LTk5NWMt
YTA4NGY3NmM4ZTJiLzEvVV81QjByVkpzbnNSSWVzMUVRSVpiRUdCeFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi80Zjg1MTQtMmUyMC00OTM1LTk5NWMtYTA4NGY3NmM4ZTJi
LzEva3ZTeHdMLTYxR3VCSHU1V2loajdxaFNwMW9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQC1TuEAwQA
1TubAwQA1TueAwQC2WvEMA0GCSqGSIb3DQEBCwUAA4IBAQCH6dfcFe2t5ERliEWe
KN/aIvKiYS5NeLJXvwG5ZeJsofTi7wMcK88I5euQ8gWvFdwdkAw0utsNwHCw4QrC
5axJjlUuQdkm8BRoPQloCDt2zC3Su5BSHk3pkw0iJsB1cW9R+RbFOB2qEnZUoeyY
VeziEYuLrXErM8+t2SDSnCfrXTeGyJ4Mzrx3SjtsOsz5MDO6ngzX/h9/GZ8rCKqj
Rnxd1BRzC+A869krT2S3JxtGf54Z+7T5xjV4TKu2jfclG2pVSAjvVW69F9ZSg1ag
wD+F1YS+7spI8EWzhWzJ5E2y66MCR79k3ufqGm8q9FLPn1oQd8Gu4H5rzHoteIQN
lTDZ
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:35:03 2024 by rpki-client on console-ams.rpki-client.org