Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/ad46a5-f900-4ad1-b229-e18435e432dc/1/eDzZrZHcPOEx6jtaBjkixP4J7bY.roa
File:                     eDzZrZHcPOEx6jtaBjkixP4J7bY.roa (raw, json)
Hash identifier:          /KTKMe0f18OY0pU5x5hYbZsxcdretNxZdSN6x+8VrRI=
Subject key identifier:   78:3C:D9:AD:91:DC:3C:E1:31:EA:3B:5A:06:39:22:C4:FE:09:ED:B6
Certificate issuer:       /CN=eb091499adc769b0fba9fed3284543a7425c2351
Certificate serial:       018CC34905CCE48A230AE59BDD8C1D5E143A
Authority key identifier: EB:09:14:99:AD:C7:69:B0:FB:A9:FE:D3:28:45:43:A7:42:5C:23:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6wkUma3HabD7qf7TKEVDp0JcI1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/ad46a5-f900-4ad1-b229-e18435e432dc/1/eDzZrZHcPOEx6jtaBjkixP4J7bY.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207727
IP address blocks:        194.165.35.0/24 maxlen: 24
                          194.165.38.0/24 maxlen: 24
                          194.165.58.0/24 maxlen: 24
                          194.165.56.0/24 maxlen: 24
                          2a10:2a80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/ad46a5-f900-4ad1-b229-e18435e432dc/1/6wkUma3HabD7qf7TKEVDp0JcI1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/ad46a5-f900-4ad1-b229-e18435e432dc/1/6wkUma3HabD7qf7TKEVDp0JcI1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6wkUma3HabD7qf7TKEVDp0JcI1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:05:cc:e4:8a:23:0a:e5:9b:dd:8c:1d:5e:14:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb091499adc769b0fba9fed3284543a7425c2351
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=783cd9ad91dc3ce131ea3b5a063922c4fe09edb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fe:74:5a:63:69:71:30:5e:16:08:1b:a8:91:
                    32:4d:6e:4d:68:70:6c:a5:6a:19:e0:0e:c7:37:2c:
                    c4:db:14:74:89:03:35:b4:2b:09:e0:2f:24:14:1e:
                    b9:e3:0d:60:98:bd:07:d8:0d:72:02:51:c3:61:d1:
                    c6:32:6b:d9:3e:d3:60:9c:5c:73:4c:18:00:a5:2b:
                    dd:91:04:e5:04:19:19:a5:fc:e4:58:87:53:6d:54:
                    df:9c:c6:45:6e:49:1b:c7:df:58:fa:29:a1:90:5f:
                    bf:95:10:67:d8:dd:23:05:39:96:f8:66:c0:f2:bd:
                    d5:00:58:7c:ba:e2:02:51:5f:7a:6c:4e:1f:de:e7:
                    7a:66:b1:f6:6d:53:2a:e6:04:16:84:43:7e:27:30:
                    ea:7b:f6:db:9e:b5:37:19:af:eb:83:2a:5d:ac:4f:
                    bd:7b:f3:80:06:0b:0c:5a:bf:82:ab:26:12:29:b5:
                    2c:20:15:4e:fd:ec:6f:9a:e7:6f:99:0b:f8:4f:9d:
                    25:63:67:4c:82:58:62:29:3a:56:ac:5a:ed:ca:36:
                    b2:78:36:ec:a2:fe:7c:cc:ca:0a:db:ab:52:f4:5b:
                    97:5f:d3:26:cb:a4:34:57:66:d6:77:fc:4b:2a:e7:
                    cf:d6:d0:4f:34:96:80:1d:e3:63:49:0f:8d:46:13:
                    f1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:3C:D9:AD:91:DC:3C:E1:31:EA:3B:5A:06:39:22:C4:FE:09:ED:B6
            X509v3 Authority Key Identifier:
                keyid:EB:09:14:99:AD:C7:69:B0:FB:A9:FE:D3:28:45:43:A7:42:5C:23:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6wkUma3HabD7qf7TKEVDp0JcI1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ad46a5-f900-4ad1-b229-e18435e432dc/1/eDzZrZHcPOEx6jtaBjkixP4J7bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ad46a5-f900-4ad1-b229-e18435e432dc/1/6wkUma3HabD7qf7TKEVDp0JcI1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.35.0/24
                  194.165.38.0/24
                  194.165.56.0/24
                  194.165.58.0/24
                IPv6:
                  2a10:2a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:4d:38:c4:05:e0:ea:a5:57:74:52:38:e1:cd:18:92:bb:63:
         0c:ed:c3:0c:c2:45:e4:a2:d7:12:7b:4e:80:2b:88:35:f6:b4:
         de:f6:ad:19:bf:a4:8f:24:42:f6:fb:34:ef:f6:bb:9b:38:6b:
         b4:f4:e8:d1:85:81:f4:80:12:bf:4f:ff:68:cd:fc:23:88:5a:
         0e:27:7a:73:c5:91:b0:84:31:42:f1:62:dd:07:9c:ac:c3:00:
         e6:77:fd:21:c5:ec:dd:6e:a6:e8:77:ca:af:36:5b:c8:1e:a7:
         07:1a:71:55:20:b1:93:a8:66:7f:99:00:c9:53:c6:64:54:06:
         ed:93:4a:b2:02:00:23:7f:f7:0f:86:b0:ff:c9:7b:54:78:72:
         9d:78:a3:b6:c7:de:1e:c9:21:28:b4:b4:aa:cd:dc:05:04:c3:
         6d:6b:3e:25:d6:04:26:20:05:b9:5d:95:22:2a:d4:2a:1c:6e:
         40:1a:b0:4e:84:14:a3:9d:3e:8b:26:d8:0b:4d:b2:c3:a0:50:
         f1:9e:b6:4d:98:df:38:a9:49:a3:7a:e9:2a:2c:5e:7f:0b:33:
         40:8d:3c:62:29:86:31:09:d2:24:04:4b:99:ce:64:91:66:7a:
         a1:66:ab:c8:7a:8c:30:75:fd:3a:b4:cb:48:77:33:37:90:72:
         ab:aa:af:8a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzDSQXM5IojCuWb3YwdXhQ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMDkxNDk5YWRjNzY5YjBmYmE5ZmVkMzI4NDU0M2E3NDI1
YzIzNTEwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODNjZDlhZDkxZGMzY2UxMzFlYTNiNWEwNjM5MjJjNGZlMDllZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP50WmNpcTBeFggbqJEyTW5NaHBs
pWoZ4A7HNyzE2xR0iQM1tCsJ4C8kFB654w1gmL0H2A1yAlHDYdHGMmvZPtNgnFxz
TBgApSvdkQTlBBkZpfzkWIdTbVTfnMZFbkkbx99Y+imhkF+/lRBn2N0jBTmW+GbA
8r3VAFh8uuICUV96bE4f3ud6ZrH2bVMq5gQWhEN+JzDqe/bbnrU3Ga/rgypdrE+9
e/OABgsMWr+CqyYSKbUsIBVO/exvmudvmQv4T50lY2dMglhiKTpWrFrtyjayeDbs
ov58zMoK26tS9FuXX9Mmy6Q0V2bWd/xLKufP1tBPNJaAHeNjSQ+NRhPxxwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFHg82a2R3DzhMeo7WgY5IsT+Ce22MB8GA1UdIwQY
MBaAFOsJFJmtx2mw+6n+0yhFQ6dCXCNRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNndrVW1hM0hhYkQ3cWY3VEtFVkRwMEpjSTFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9hZDQ2YTUtZjkwMC00YWQxLWIyMjkt
ZTE4NDM1ZTQzMmRjLzEvZUR6WnJaSGNQT0V4Nmp0YUJqa2l4UDRKN2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9hZDQ2YTUtZjkwMC00YWQxLWIyMjktZTE4NDM1ZTQzMmRj
LzEvNndrVW1hM0hhYkQ3cWY3VEtFVkRwMEpjSTFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAwqUjAwQA
wqUmAwQAwqU4AwQAwqU6MA0EAgACMAcDBQMqECqAMA0GCSqGSIb3DQEBCwUAA4IB
AQAyTTjEBeDqpVd0UjjhzRiSu2MM7cMMwkXkotcSe06AK4g19rTe9q0Zv6SPJEL2
+zTv9rubOGu09OjRhYH0gBK/T/9ozfwjiFoOJ3pzxZGwhDFC8WLdB5yswwDmd/0h
xezdbqbod8qvNlvIHqcHGnFVILGTqGZ/mQDJU8ZkVAbtk0qyAgAjf/cPhrD/yXtU
eHKdeKO2x94eySEotLSqzdwFBMNtaz4l1gQmIAW5XZUiKtQqHG5AGrBOhBSjnT6L
JtgLTbLDoFDxnrZNmN84qUmjeukqLF5/CzNAjTxiKYYxCdIkBEuZzmSRZnqhZqvI
eowwdf06tMtIdzM3kHKrqq+K
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:53:23 2024 by rpki-client on console-fra.rpki-client.org