Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/F52PUt6kEu824tmY4Qr9zQUbrEw.roa
File:                     F52PUt6kEu824tmY4Qr9zQUbrEw.roa (raw, json)
Hash identifier:          j5x+MfKDhWIXEFUlbQ2CpQ3f9q0FV/Med6RTUTKS0Ec=
Subject key identifier:   17:9D:8F:52:DE:A4:12:EF:36:E2:D9:98:E1:0A:FD:CD:05:1B:AC:4C
Certificate issuer:       /CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
Certificate serial:       018CC80126E29456741EA997745F658D9482
Authority key identifier: 0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/F52PUt6kEu824tmY4Qr9zQUbrEw.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.233.132.0/24 maxlen: 24
                          185.233.135.0/24 maxlen: 24
                          185.233.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:26:e2:94:56:74:1e:a9:97:74:5f:65:8d:94:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=179d8f52dea412ef36e2d998e10afdcd051bac4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0f:bb:c1:3e:02:82:e9:40:a9:5e:09:62:bc:
                    15:14:14:a6:48:d9:90:ca:25:f8:58:f4:97:a3:4a:
                    eb:97:5a:d2:2e:45:87:05:4b:69:ab:ac:da:a9:63:
                    96:d3:d4:cb:5f:b6:ac:4d:89:c5:8c:05:50:a7:9a:
                    e1:97:d5:c5:2e:47:c0:cb:a2:24:f4:24:69:d2:87:
                    10:c8:81:70:59:19:61:1e:1f:6e:39:2e:9b:3a:a4:
                    79:56:40:65:e3:27:a6:84:93:9a:c0:29:ff:11:97:
                    bd:50:90:76:1e:9f:d0:df:77:61:bd:7e:0c:c3:5c:
                    82:5f:6d:08:a5:2b:15:c5:0c:d7:7e:02:fa:76:bb:
                    62:87:6a:d4:14:d7:74:45:d8:c1:8d:23:20:87:42:
                    9a:48:51:0d:85:97:98:30:86:52:0c:83:4b:3e:b8:
                    0d:10:31:c5:e4:72:12:7d:c2:e0:71:93:fd:e8:82:
                    89:9b:6c:c0:08:50:c6:ac:38:8b:de:15:16:91:fe:
                    f6:92:d1:96:7f:ca:69:3d:ef:25:cb:d2:3e:9c:93:
                    bd:3e:75:0e:e6:b4:ab:ad:78:3c:1d:2a:44:8c:ef:
                    52:ad:06:2a:c9:d7:f4:e3:c5:8e:b9:2d:df:3c:1b:
                    e8:ae:62:d3:37:4f:1d:ac:01:8c:d3:7d:6f:41:e3:
                    bb:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:9D:8F:52:DE:A4:12:EF:36:E2:D9:98:E1:0A:FD:CD:05:1B:AC:4C
            X509v3 Authority Key Identifier:
                keyid:0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/F52PUt6kEu824tmY4Qr9zQUbrEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.132.0/24
                  185.233.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:6f:76:22:c1:17:5d:c1:04:6f:2b:79:69:56:c8:ed:cd:52:
         61:f2:ce:7c:a5:24:90:0e:03:46:bb:b5:54:38:b1:ac:cb:63:
         3c:e2:7c:c5:27:81:cb:66:24:2b:2e:41:cf:78:08:79:24:53:
         4f:53:e6:d1:c9:e5:b4:75:cc:d4:ca:a6:9b:9c:23:4e:d4:0c:
         76:c8:9f:de:7d:4e:20:b2:12:6f:47:c0:31:61:a1:c4:72:41:
         c4:65:02:c8:4c:f7:7d:14:37:0f:ed:70:bd:85:97:40:8d:6a:
         71:f0:34:e4:c2:b3:5e:50:7f:3c:05:71:8f:75:87:10:8e:fe:
         18:97:d7:74:90:40:b1:3d:88:fa:a3:b4:d4:37:19:75:a8:a2:
         35:27:69:37:22:e7:f9:77:45:5c:33:81:7e:a6:64:a9:86:32:
         b5:03:b7:6f:07:ef:17:6f:6a:b8:5a:fc:e4:f9:6f:33:cd:73:
         99:cd:47:2b:38:cc:0d:73:3b:83:f4:30:a6:23:33:d0:c3:62:
         be:a8:34:39:72:ac:ed:71:2c:6c:99:ff:bb:ba:5f:b0:27:f8:
         f7:4d:20:21:b4:6b:de:19:5d:4b:4e:ae:37:b9:73:74:c9:62:
         17:78:5a:50:8d:44:4f:7d:df:ed:98:20:0a:c2:cc:37:7b:03:
         9e:7b:e3:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIASbilFZ0HqmXdF9ljZSCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTFkZTE3NDM3YTAwMjVmZDFlZGUxMGY3MTBmMTdhMzA4
MGIzYWIwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzlkOGY1MmRlYTQxMmVmMzZlMmQ5OThlMTBhZmRjZDA1MWJhYzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQ+7wT4CgulAqV4JYrwVFBSmSNmQ
yiX4WPSXo0rrl1rSLkWHBUtpq6zaqWOW09TLX7asTYnFjAVQp5rhl9XFLkfAy6Ik
9CRp0ocQyIFwWRlhHh9uOS6bOqR5VkBl4yemhJOawCn/EZe9UJB2Hp/Q33dhvX4M
w1yCX20IpSsVxQzXfgL6drtih2rUFNd0RdjBjSMgh0KaSFENhZeYMIZSDINLPrgN
EDHF5HISfcLgcZP96IKJm2zACFDGrDiL3hUWkf72ktGWf8ppPe8ly9I+nJO9PnUO
5rSrrXg8HSpEjO9SrQYqydf048WOuS3fPBvormLTN08drAGM031vQeO7YwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBedj1LepBLvNuLZmOEK/c0FG6xMMB8GA1UdIwQY
MBaAFA6R3hdDegAl/R7eEPcQ8XowgLOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUt
ODhlYmJmOTk3ODBiLzEvRjUyUFV0NmtFdTgyNHRtWTRRcjl6UVVickV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUtODhlYmJmOTk3ODBi
LzEvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuemEAwQB
uemGMA0GCSqGSIb3DQEBCwUAA4IBAQBxb3YiwRddwQRvK3lpVsjtzVJh8s58pSSQ
DgNGu7VUOLGsy2M84nzFJ4HLZiQrLkHPeAh5JFNPU+bRyeW0dczUyqabnCNO1Ax2
yJ/efU4gshJvR8AxYaHEckHEZQLITPd9FDcP7XC9hZdAjWpx8DTkwrNeUH88BXGP
dYcQjv4Yl9d0kECxPYj6o7TUNxl1qKI1J2k3Iuf5d0VcM4F+pmSphjK1A7dvB+8X
b2q4Wvzk+W8zzXOZzUcrOMwNczuD9DCmIzPQw2K+qDQ5cqztcSxsmf+7ul+wJ/j3
TSAhtGveGV1LTq43uXN0yWIXeFpQjURPfd/tmCAKwsw3ewOee+Mo
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:06:41 2024 by rpki-client on console-ams.rpki-client.org