Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/795620-2003-4785-999f-51c77cc49146/1/Ke3fPbyPoP0iliEO-Uxm5ka7GR4.roa
File:                     Ke3fPbyPoP0iliEO-Uxm5ka7GR4.roa (raw, json)
Hash identifier:          71+dNE7DDYN9SsbzDneRhpVvS2KJwnBuE4cfmD8jMKg=
Subject key identifier:   29:ED:DF:3D:BC:8F:A0:FD:22:96:21:0E:F9:4C:66:E6:46:BB:19:1E
Certificate issuer:       /CN=694e515cc5be4e27e9d3d13e5e1c11dc7529274b
Certificate serial:       018CC801BC31E46F9E77A737189A48FC5C23
Authority key identifier: 69:4E:51:5C:C5:BE:4E:27:E9:D3:D1:3E:5E:1C:11:DC:75:29:27:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aU5RXMW-Tifp09E-XhwR3HUpJ0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/795620-2003-4785-999f-51c77cc49146/1/Ke3fPbyPoP0iliEO-Uxm5ka7GR4.roa
Signing time:             Tue 02 Jan 2024 02:30:06 +0000
ROA not before:           Tue 02 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51101
IP address blocks:        195.43.66.0/23 maxlen: 23
                          185.230.224.0/22 maxlen: 22
                          88.135.186.0/24 maxlen: 24
                          178.217.112.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/795620-2003-4785-999f-51c77cc49146/1/aU5RXMW-Tifp09E-XhwR3HUpJ0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/795620-2003-4785-999f-51c77cc49146/1/aU5RXMW-Tifp09E-XhwR3HUpJ0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aU5RXMW-Tifp09E-XhwR3HUpJ0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:bc:31:e4:6f:9e:77:a7:37:18:9a:48:fc:5c:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=694e515cc5be4e27e9d3d13e5e1c11dc7529274b
        Validity
            Not Before: Jan  2 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29eddf3dbc8fa0fd2296210ef94c66e646bb191e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:be:3a:df:bb:77:3f:ec:8f:c0:0d:81:49:58:
                    0c:2a:ff:91:64:f4:e7:14:19:1c:06:1c:77:77:da:
                    f0:71:72:99:2a:b1:64:d7:16:fb:eb:10:ac:0e:57:
                    6b:95:8e:03:78:37:4d:5c:f8:ad:45:da:5c:8d:b8:
                    b4:7b:e3:a7:10:07:0c:9f:f2:79:b8:73:7a:6e:63:
                    f8:0d:44:81:1c:30:c5:9d:4c:a3:a2:7e:31:08:a5:
                    7c:27:d9:70:cc:e6:ce:71:03:55:5b:c6:6d:de:20:
                    86:4f:25:ad:5f:3d:0a:34:88:23:52:0b:ce:71:2b:
                    97:ff:08:9b:e7:51:ba:26:31:4d:16:7b:26:5b:c9:
                    4b:5d:e4:b0:bf:07:e7:da:c7:ee:b5:5b:fd:88:04:
                    95:01:82:23:c7:4e:a0:11:50:b4:c2:9d:23:6d:0e:
                    50:53:02:01:01:5f:f4:25:6c:4a:18:77:db:1c:18:
                    21:d7:b5:5a:45:a8:0c:f2:c2:01:2d:b1:35:c8:10:
                    60:bd:14:42:6e:3a:08:fc:dd:9d:a6:fa:31:7a:cf:
                    bc:37:b5:d7:9a:ff:6f:d1:c6:fa:51:c3:44:c8:0e:
                    c5:c3:46:ac:90:b6:4b:3f:28:9d:04:af:3f:bb:d6:
                    60:e8:4d:f1:e8:2c:f2:e9:cd:43:dc:6b:78:cc:76:
                    a3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:ED:DF:3D:BC:8F:A0:FD:22:96:21:0E:F9:4C:66:E6:46:BB:19:1E
            X509v3 Authority Key Identifier:
                keyid:69:4E:51:5C:C5:BE:4E:27:E9:D3:D1:3E:5E:1C:11:DC:75:29:27:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aU5RXMW-Tifp09E-XhwR3HUpJ0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/795620-2003-4785-999f-51c77cc49146/1/Ke3fPbyPoP0iliEO-Uxm5ka7GR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/795620-2003-4785-999f-51c77cc49146/1/aU5RXMW-Tifp09E-XhwR3HUpJ0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.186.0/24
                  178.217.112.0/21
                  185.230.224.0/22
                  195.43.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:60:93:37:f4:5b:62:20:18:af:33:61:aa:0a:2d:90:9d:41:
         f4:b2:95:c0:9e:9a:ff:8f:cd:b1:d9:73:9a:e1:21:23:8d:25:
         75:40:e5:e3:d3:27:4e:d1:9e:9a:6f:ec:a8:16:6c:6c:80:cd:
         77:af:ec:e8:b6:ac:ca:15:fa:2f:0b:3f:f8:b0:21:eb:f3:d9:
         a8:ed:56:40:ac:66:e6:b0:56:ff:89:0b:b7:b0:2f:64:36:c4:
         e9:d1:59:1c:89:70:43:a0:ea:52:4f:f9:32:2a:fd:0e:5b:99:
         4d:36:7d:52:fc:12:ab:fd:ee:ea:ae:e8:73:6b:db:76:b6:32:
         5d:e1:44:8c:71:d3:b4:53:71:db:dd:b0:fd:27:c1:c5:8d:4b:
         05:4d:63:dc:a6:1d:f2:e7:8a:bc:62:99:a0:79:f2:3c:67:6e:
         aa:0b:d4:b9:c8:aa:7a:71:91:0b:df:22:61:f1:3a:8e:fa:06:
         10:29:53:52:f2:fa:38:6c:53:d6:8f:73:51:4e:69:d6:32:eb:
         85:b8:7a:d8:4f:8c:6a:98:e4:55:98:dc:b2:e7:fb:99:a9:36:
         9c:78:b5:7c:30:b1:6c:fe:72:b2:20:f3:1b:88:80:5d:d4:6b:
         7f:51:46:09:53:e2:6d:00:e3:9e:eb:3a:6c:55:e0:40:af:68:
         9c:bd:b5:37
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzIAbwx5G+ed6c3GJpI/FwjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NGU1MTVjYzViZTRlMjdlOWQzZDEzZTVlMWMxMWRjNzUy
OTI3NGIwHhcNMjQwMTAyMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWVkZGYzZGJjOGZhMGZkMjI5NjIxMGVmOTRjNjZlNjQ2YmIxOTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAub4637t3P+yPwA2BSVgMKv+RZPTn
FBkcBhx3d9rwcXKZKrFk1xb76xCsDldrlY4DeDdNXPitRdpcjbi0e+OnEAcMn/J5
uHN6bmP4DUSBHDDFnUyjon4xCKV8J9lwzObOcQNVW8Zt3iCGTyWtXz0KNIgjUgvO
cSuX/wib51G6JjFNFnsmW8lLXeSwvwfn2sfutVv9iASVAYIjx06gEVC0wp0jbQ5Q
UwIBAV/0JWxKGHfbHBgh17VaRagM8sIBLbE1yBBgvRRCbjoI/N2dpvoxes+8N7XX
mv9v0cb6UcNEyA7Fw0askLZLPyidBK8/u9Zg6E3x6Czy6c1D3Gt4zHajaQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCnt3z28j6D9IpYhDvlMZuZGuxkeMB8GA1UdIwQY
MBaAFGlOUVzFvk4n6dPRPl4cEdx1KSdLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVU1UlhNVy1UaWZwMDlFLVhod1IzSFVwSjBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS83OTU2MjAtMjAwMy00Nzg1LTk5OWYt
NTFjNzdjYzQ5MTQ2LzEvS2UzZlBieVBvUDBpbGlFTy1VeG01a2E3R1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS83OTU2MjAtMjAwMy00Nzg1LTk5OWYtNTFjNzdjYzQ5MTQ2
LzEvYVU1UlhNVy1UaWZwMDlFLVhod1IzSFVwSjBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWIe6AwQD
stlwAwQCuebgAwQBwytCMA0GCSqGSIb3DQEBCwUAA4IBAQAYYJM39FtiIBivM2Gq
Ci2QnUH0spXAnpr/j82x2XOa4SEjjSV1QOXj0ydO0Z6ab+yoFmxsgM13r+zotqzK
FfovCz/4sCHr89mo7VZArGbmsFb/iQu3sC9kNsTp0VkciXBDoOpST/kyKv0OW5lN
Nn1S/BKr/e7qruhza9t2tjJd4USMcdO0U3Hb3bD9J8HFjUsFTWPcph3y54q8Ypmg
efI8Z26qC9S5yKp6cZEL3yJh8TqO+gYQKVNS8vo4bFPWj3NRTmnWMuuFuHrYT4xq
mORVmNyy5/uZqTaceLV8MLFs/nKyIPMbiIBd1Gt/UUYJU+JtAOOe6zpsVeBAr2ic
vbU3
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:37:55 2024 by rpki-client on console-fra.rpki-client.org