Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/64d4d0-6c98-4eec-bba1-37aa35e69dc1/1/ysZfVorUQmswH_FXovyIIoRmcp0.roa
File:                     ysZfVorUQmswH_FXovyIIoRmcp0.roa (raw, json)
Hash identifier:          vEL2T3FDGhbO8ezjb+9xo4o6l2aPDp3nmioCLwZOP1U=
Subject key identifier:   CA:C6:5F:56:8A:D4:42:6B:30:1F:F1:57:A2:FC:88:22:84:66:72:9D
Certificate issuer:       /CN=d3c8b10a38f81c64e201207bfc3544c2972af5f3
Certificate serial:       018CC79333738235CB7BC9558FAEA2D5F19B
Authority key identifier: D3:C8:B1:0A:38:F8:1C:64:E2:01:20:7B:FC:35:44:C2:97:2A:F5:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08ixCjj4HGTiASB7_DVEwpcq9fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/64d4d0-6c98-4eec-bba1-37aa35e69dc1/1/ysZfVorUQmswH_FXovyIIoRmcp0.roa
Signing time:             Tue 02 Jan 2024 00:29:22 +0000
ROA not before:           Tue 02 Jan 2024 00:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50736
IP address blocks:        193.124.116.0/24 maxlen: 24
                          185.25.152.0/22 maxlen: 22
                          193.124.134.0/24 maxlen: 24
                          193.124.48.0/24 maxlen: 24
                          193.124.54.0/24 maxlen: 24
                          194.58.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/64d4d0-6c98-4eec-bba1-37aa35e69dc1/1/08ixCjj4HGTiASB7_DVEwpcq9fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/64d4d0-6c98-4eec-bba1-37aa35e69dc1/1/08ixCjj4HGTiASB7_DVEwpcq9fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08ixCjj4HGTiASB7_DVEwpcq9fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:33:73:82:35:cb:7b:c9:55:8f:ae:a2:d5:f1:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c8b10a38f81c64e201207bfc3544c2972af5f3
        Validity
            Not Before: Jan  2 00:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cac65f568ad4426b301ff157a2fc88228466729d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:52:39:d4:28:e2:0d:fb:8c:63:b3:70:72:34:
                    3a:a2:11:8b:32:b7:66:ae:b5:c9:cf:18:cf:57:24:
                    b2:00:80:a3:f1:b4:3c:8e:24:7b:fa:9d:a2:c6:49:
                    e5:ed:71:59:b5:e7:0e:bf:c8:07:a5:98:d4:b7:c3:
                    a9:5c:98:7b:16:8c:90:ee:c2:02:59:d4:e5:e9:f6:
                    e9:89:51:27:78:97:d5:55:c0:09:bd:4f:9c:fe:d1:
                    49:cb:b8:24:21:c4:13:5e:56:f6:f5:9d:52:25:14:
                    e8:69:3e:fc:80:ce:29:76:ab:af:2d:79:22:31:42:
                    8f:24:60:14:5f:cb:8a:59:bd:a4:b2:7f:cc:38:24:
                    7d:26:ac:21:72:d4:a8:5e:43:16:d0:06:77:af:fa:
                    dd:af:4c:91:8b:ee:eb:43:7d:67:64:92:7c:ec:c6:
                    34:1e:21:0a:cf:0b:ed:d0:f1:c6:72:d0:d1:a7:40:
                    82:a0:df:7e:42:16:8d:42:39:8a:6f:a3:8a:6d:85:
                    64:a3:1d:72:6b:c1:16:aa:4b:5c:80:92:56:2b:8f:
                    c8:77:3e:d5:d9:98:90:d3:44:64:fe:10:67:9b:b6:
                    94:bd:aa:b5:ae:b0:eb:a6:7e:a9:1d:39:ad:0d:cc:
                    d0:bf:24:b7:31:97:15:64:c8:eb:56:63:2d:51:98:
                    fb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:C6:5F:56:8A:D4:42:6B:30:1F:F1:57:A2:FC:88:22:84:66:72:9D
            X509v3 Authority Key Identifier:
                keyid:D3:C8:B1:0A:38:F8:1C:64:E2:01:20:7B:FC:35:44:C2:97:2A:F5:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08ixCjj4HGTiASB7_DVEwpcq9fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/64d4d0-6c98-4eec-bba1-37aa35e69dc1/1/ysZfVorUQmswH_FXovyIIoRmcp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/64d4d0-6c98-4eec-bba1-37aa35e69dc1/1/08ixCjj4HGTiASB7_DVEwpcq9fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.152.0/22
                  193.124.48.0/24
                  193.124.54.0/24
                  193.124.116.0/24
                  193.124.134.0/24
                  194.58.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:40:38:e1:d2:2b:a2:e6:27:06:98:c5:91:3c:e6:78:76:6d:
         03:73:31:e1:b8:e9:c1:c1:a5:74:80:66:42:f5:54:08:fe:c8:
         1a:8f:11:65:9a:c2:68:b7:07:87:50:a6:1c:c4:f2:fc:ba:95:
         1a:7a:3a:a0:45:71:03:9f:b1:25:e4:c3:f7:01:b5:8f:f2:aa:
         09:a5:74:f8:30:83:2e:74:b9:ff:83:69:e9:82:2d:89:e7:3a:
         8d:43:f3:fb:5c:4e:e8:71:16:e9:d4:f0:e3:4c:f2:d0:ac:16:
         f3:68:a3:53:c4:70:c4:d2:85:49:dc:b0:3f:9a:cb:ff:96:4c:
         0c:10:cd:bf:ff:f0:05:0c:7b:71:6c:e0:52:10:d6:36:bd:a8:
         80:59:53:c4:e5:d6:ab:56:25:06:5f:42:4d:54:70:1b:33:4b:
         9d:e1:78:82:67:db:94:b2:9c:2e:14:07:1b:e5:1c:16:46:55:
         fc:20:38:77:1f:be:e3:31:76:a3:dd:70:29:37:24:0b:de:9b:
         8c:9f:3d:3d:a9:d8:94:ee:38:8c:0d:4c:93:8b:da:88:fc:1e:
         e8:27:c9:b4:1b:6e:07:8e:60:59:6f:4f:79:bd:e0:ad:df:a6:
         40:94:8d:0b:04:6c:93:b5:31:42:e7:85:8e:eb:e9:6e:ab:bc:
         03:a7:cc:5e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzHkzNzgjXLe8lVj66i1fGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzhiMTBhMzhmODFjNjRlMjAxMjA3YmZjMzU0NGMyOTcy
YWY1ZjMwHhcNMjQwMTAyMDAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWM2NWY1NjhhZDQ0MjZiMzAxZmYxNTdhMmZjODgyMjg0NjY3MjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFI51CjiDfuMY7NwcjQ6ohGLMrdm
rrXJzxjPVySyAICj8bQ8jiR7+p2ixknl7XFZtecOv8gHpZjUt8OpXJh7FoyQ7sIC
WdTl6fbpiVEneJfVVcAJvU+c/tFJy7gkIcQTXlb29Z1SJRToaT78gM4pdquvLXki
MUKPJGAUX8uKWb2ksn/MOCR9JqwhctSoXkMW0AZ3r/rdr0yRi+7rQ31nZJJ87MY0
HiEKzwvt0PHGctDRp0CCoN9+QhaNQjmKb6OKbYVkox1ya8EWqktcgJJWK4/Idz7V
2ZiQ00Rk/hBnm7aUvaq1rrDrpn6pHTmtDczQvyS3MZcVZMjrVmMtUZj7kQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMrGX1aK1EJrMB/xV6L8iCKEZnKdMB8GA1UdIwQY
MBaAFNPIsQo4+Bxk4gEge/w1RMKXKvXzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhpeENqajRIR1RpQVNCN19EVkV3cGNxOWZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82NGQ0ZDAtNmM5OC00ZWVjLWJiYTEt
MzdhYTM1ZTY5ZGMxLzEveXNaZlZvclVRbXN3SF9GWG92eUlJb1JtY3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82NGQ0ZDAtNmM5OC00ZWVjLWJiYTEtMzdhYTM1ZTY5ZGMx
LzEvMDhpeENqajRIR1RpQVNCN19EVkV3cGNxOWZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCuRmYAwQA
wXwwAwQAwXw2AwQAwXx0AwQAwXyGAwQAwjpOMA0GCSqGSIb3DQEBCwUAA4IBAQDF
QDjh0iui5icGmMWRPOZ4dm0DczHhuOnBwaV0gGZC9VQI/sgajxFlmsJotweHUKYc
xPL8upUaejqgRXEDn7El5MP3AbWP8qoJpXT4MIMudLn/g2npgi2J5zqNQ/P7XE7o
cRbp1PDjTPLQrBbzaKNTxHDE0oVJ3LA/msv/lkwMEM2///AFDHtxbOBSENY2vaiA
WVPE5darViUGX0JNVHAbM0ud4XiCZ9uUspwuFAcb5RwWRlX8IDh3H77jMXaj3XAp
NyQL3puMnz09qdiU7jiMDUyTi9qI/B7oJ8m0G24HjmBZb095veCt36ZAlI0LBGyT
tTFC54WO6+luq7wDp8xe
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:53:22 2024 by rpki-client on console-fra.rpki-client.org