Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/a7c811-de55-4417-bb31-10fced5fd4ee/1/4TLNiOrIHMl0ANqtD_GqBc06xVk.roa
File:                     4TLNiOrIHMl0ANqtD_GqBc06xVk.roa (raw, json)
Hash identifier:          J64QFUJx9U6GczEyXNu+akR2Jn8sHp4bh26NO7KoF4E=
Subject key identifier:   E1:32:CD:88:EA:C8:1C:C9:74:00:DA:AD:0F:F1:AA:05:CD:3A:C5:59
Certificate issuer:       /CN=edc3988a84f9fbb4185ea4ac5b721845ca28037e
Certificate serial:       018CC80183D669E1A62F40079C0EA1491531
Authority key identifier: ED:C3:98:8A:84:F9:FB:B4:18:5E:A4:AC:5B:72:18:45:CA:28:03:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7cOYioT5-7QYXqSsW3IYRcooA34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/a7c811-de55-4417-bb31-10fced5fd4ee/1/4TLNiOrIHMl0ANqtD_GqBc06xVk.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198398
IP address blocks:        95.156.216.0/22 maxlen: 22
                          194.110.155.0/24 maxlen: 24
                          185.184.22.0/23 maxlen: 23
                          185.184.20.0/23 maxlen: 23
                          185.184.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/a7c811-de55-4417-bb31-10fced5fd4ee/1/7cOYioT5-7QYXqSsW3IYRcooA34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/a7c811-de55-4417-bb31-10fced5fd4ee/1/7cOYioT5-7QYXqSsW3IYRcooA34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7cOYioT5-7QYXqSsW3IYRcooA34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:83:d6:69:e1:a6:2f:40:07:9c:0e:a1:49:15:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edc3988a84f9fbb4185ea4ac5b721845ca28037e
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e132cd88eac81cc97400daad0ff1aa05cd3ac559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3e:bf:84:49:d3:77:b4:05:c7:8e:3d:40:7c:
                    83:6c:66:b2:53:c5:dc:c1:20:6f:cf:f4:65:87:d6:
                    a2:4f:3c:44:cc:b0:f0:9e:67:5b:68:78:7a:f4:90:
                    8f:a5:74:a5:1b:0a:a8:f9:3c:ed:66:8d:df:b7:11:
                    28:43:ef:ad:f9:6f:b5:c3:a7:e9:d0:05:a7:ec:f1:
                    5a:ef:06:34:e9:d7:e5:7f:4f:b7:04:60:9d:b4:d5:
                    e2:98:f7:e8:03:83:cf:59:95:f0:36:fb:c7:ff:0c:
                    8e:96:b6:25:b1:36:be:f4:47:58:7e:6c:d1:82:39:
                    47:c8:14:dd:af:de:ed:db:ec:53:7a:8d:3c:5b:4f:
                    aa:00:6a:c5:6d:4c:19:63:03:35:ff:44:c2:a1:3e:
                    cc:01:31:03:c7:5e:86:84:cf:65:a7:d0:91:9d:8f:
                    be:79:16:92:ed:44:29:53:87:0c:36:11:37:d1:cd:
                    57:07:d2:58:0a:e4:43:36:d8:68:92:09:a9:70:d8:
                    57:07:42:97:4f:27:30:86:ae:3d:14:93:a2:4e:66:
                    f0:b8:87:22:11:f2:81:82:c4:39:f7:e9:a9:f7:25:
                    e9:82:c1:69:f6:d5:d7:6e:15:32:2e:80:ce:76:39:
                    d0:cc:6d:92:b5:be:f0:43:17:9f:4d:b9:b4:df:fc:
                    30:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:32:CD:88:EA:C8:1C:C9:74:00:DA:AD:0F:F1:AA:05:CD:3A:C5:59
            X509v3 Authority Key Identifier:
                keyid:ED:C3:98:8A:84:F9:FB:B4:18:5E:A4:AC:5B:72:18:45:CA:28:03:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7cOYioT5-7QYXqSsW3IYRcooA34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/a7c811-de55-4417-bb31-10fced5fd4ee/1/4TLNiOrIHMl0ANqtD_GqBc06xVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/a7c811-de55-4417-bb31-10fced5fd4ee/1/7cOYioT5-7QYXqSsW3IYRcooA34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.156.216.0/22
                  185.184.20.0/22
                  194.110.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:7f:19:16:18:80:5b:02:3f:12:14:77:b6:33:fa:c2:17:ba:
         b3:c1:3f:df:7a:87:e6:2e:50:b8:17:57:b2:90:5c:46:7c:13:
         87:99:bd:7f:4f:a6:b5:3c:a5:a3:79:1e:ce:57:fc:68:47:74:
         a9:d0:78:16:9c:df:0c:0a:ec:d6:23:3a:d8:5f:73:fb:35:dc:
         38:f3:8f:a3:91:d8:ec:d5:ea:65:fd:b8:28:81:59:b7:55:d4:
         8d:e4:97:e2:c2:2e:50:5d:bd:89:e1:a3:f1:b3:1f:50:9f:de:
         5c:28:3f:72:75:de:95:02:0e:5f:29:84:b9:ea:9b:9c:4e:37:
         71:03:e2:3f:bf:47:78:53:e2:fc:20:79:e1:92:85:2a:bd:36:
         2c:fa:f4:80:af:d0:f0:40:57:00:66:9e:ff:aa:fd:d6:4d:c6:
         da:3a:3a:37:0d:e4:85:77:0d:8c:2f:7b:d5:69:c4:8b:b3:76:
         26:b3:21:b5:b7:7e:43:b4:00:47:ad:2a:b5:d9:0a:42:08:6e:
         05:16:f0:81:b7:4d:3f:ae:7d:47:b7:4c:48:de:fe:c7:39:2a:
         f6:ee:de:e2:0d:11:5f:a3:7f:5c:8d:0c:e0:bc:c6:2e:ff:5b:
         0d:7e:43:07:82:8b:91:23:28:b9:01:d6:81:06:df:56:17:ad:
         33:dd:4b:59
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAYPWaeGmL0AHnA6hSRUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYzM5ODhhODRmOWZiYjQxODVlYTRhYzViNzIxODQ1Y2Ey
ODAzN2UwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTMyY2Q4OGVhYzgxY2M5NzQwMGRhYWQwZmYxYWEwNWNkM2FjNTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT6/hEnTd7QFx449QHyDbGayU8Xc
wSBvz/Rlh9aiTzxEzLDwnmdbaHh69JCPpXSlGwqo+TztZo3ftxEoQ++t+W+1w6fp
0AWn7PFa7wY06dflf0+3BGCdtNXimPfoA4PPWZXwNvvH/wyOlrYlsTa+9EdYfmzR
gjlHyBTdr97t2+xTeo08W0+qAGrFbUwZYwM1/0TCoT7MATEDx16GhM9lp9CRnY++
eRaS7UQpU4cMNhE30c1XB9JYCuRDNthokgmpcNhXB0KXTycwhq49FJOiTmbwuIci
EfKBgsQ59+mp9yXpgsFp9tXXbhUyLoDOdjnQzG2Stb7wQxefTbm03/wwowIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOEyzYjqyBzJdADarQ/xqgXNOsVZMB8GA1UdIwQY
MBaAFO3DmIqE+fu0GF6krFtyGEXKKAN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2NPWWlvVDUtN1FZWHFTc1czSVlSY29vQTM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9hN2M4MTEtZGU1NS00NDE3LWJiMzEt
MTBmY2VkNWZkNGVlLzEvNFRMTmlPcklITWwwQU5xdERfR3FCYzA2eFZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9hN2M4MTEtZGU1NS00NDE3LWJiMzEtMTBmY2VkNWZkNGVl
LzEvN2NPWWlvVDUtN1FZWHFTc1czSVlSY29vQTM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCX5zYAwQC
ubgUAwQAwm6bMA0GCSqGSIb3DQEBCwUAA4IBAQCcfxkWGIBbAj8SFHe2M/rCF7qz
wT/feofmLlC4F1eykFxGfBOHmb1/T6a1PKWjeR7OV/xoR3Sp0HgWnN8MCuzWIzrY
X3P7Ndw484+jkdjs1epl/bgogVm3VdSN5Jfiwi5QXb2J4aPxsx9Qn95cKD9ydd6V
Ag5fKYS56pucTjdxA+I/v0d4U+L8IHnhkoUqvTYs+vSAr9DwQFcAZp7/qv3WTcba
Ojo3DeSFdw2ML3vVacSLs3YmsyG1t35DtABHrSq12QpCCG4FFvCBt00/rn1Ht0xI
3v7HOSr27t7iDRFfo39cjQzgvMYu/1sNfkMHgouRIyi5AdaBBt9WF60z3UtZ
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:36:00 2024 by rpki-client on console-ams.rpki-client.org