Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/guxaUIlRsekGpVJb03Xf8_k0ucE.roa
File:                     guxaUIlRsekGpVJb03Xf8_k0ucE.roa (raw, json)
Hash identifier:          KkprOUwvjusgBp2SnuVsU4KT9C8VYZ0j2sXA4OfMn00=
Subject key identifier:   82:EC:5A:50:89:51:B1:E9:06:A5:52:5B:D3:75:DF:F3:F9:34:B9:C1
Certificate issuer:       /CN=b8e0f79841c0210d95b4ef56ff68441c2aa9fc0f
Certificate serial:       018CC80218922EB5314BB6C50ADDA8DA695F
Authority key identifier: B8:E0:F7:98:41:C0:21:0D:95:B4:EF:56:FF:68:44:1C:2A:A9:FC:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/guxaUIlRsekGpVJb03Xf8_k0ucE.roa
Signing time:             Tue 02 Jan 2024 02:30:29 +0000
ROA not before:           Tue 02 Jan 2024 02:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202552
IP address blocks:        185.156.148.0/23 maxlen: 23
                          185.156.148.0/22 maxlen: 22
                          185.156.150.0/24 maxlen: 24
                          81.200.128.0/23 maxlen: 23
                          81.200.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:18:92:2e:b5:31:4b:b6:c5:0a:dd:a8:da:69:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8e0f79841c0210d95b4ef56ff68441c2aa9fc0f
        Validity
            Not Before: Jan  2 02:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82ec5a508951b1e906a5525bd375dff3f934b9c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:85:69:bd:0e:3d:a8:5b:f4:64:10:d8:4e:17:
                    09:8d:8c:b4:d6:dc:c2:53:0e:28:d0:51:6b:f3:00:
                    8c:e4:67:97:c5:57:5d:86:17:da:25:78:9f:99:b1:
                    8b:30:93:36:d6:24:78:c7:97:a1:20:9b:f6:36:5c:
                    76:ce:bc:c0:23:f6:29:f9:56:98:c6:c2:20:22:f3:
                    54:9f:96:4a:30:11:50:75:08:2a:5c:a3:a9:67:0c:
                    36:30:4f:3d:79:0e:7c:30:8e:1b:b8:d7:09:87:45:
                    cd:31:91:a0:b4:a0:da:e7:0b:c6:9a:05:f0:9b:bd:
                    5c:70:cd:34:03:fe:57:4e:59:47:a3:ef:68:9f:a5:
                    5c:e4:6e:c5:60:3e:c3:0c:c8:ab:6b:29:f5:8e:0b:
                    25:63:22:92:76:ee:ac:41:8b:99:21:a2:bc:d4:34:
                    5f:63:d0:3b:67:fc:16:97:ab:6c:6f:0c:08:ef:65:
                    c8:d2:e2:80:37:bd:4a:33:41:f1:53:76:9a:d8:a5:
                    78:ec:c6:3c:68:f2:65:fd:2b:fc:ba:8f:d1:b9:f1:
                    48:36:2f:73:da:02:a3:38:5b:62:14:53:6e:79:f9:
                    bf:af:ce:c2:20:ba:cb:72:e4:76:9e:cf:f2:08:3d:
                    fe:a1:3a:0e:88:52:5b:81:5b:7f:58:96:4c:42:14:
                    a6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:EC:5A:50:89:51:B1:E9:06:A5:52:5B:D3:75:DF:F3:F9:34:B9:C1
            X509v3 Authority Key Identifier:
                keyid:B8:E0:F7:98:41:C0:21:0D:95:B4:EF:56:FF:68:44:1C:2A:A9:FC:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/guxaUIlRsekGpVJb03Xf8_k0ucE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.200.128.0/23
                  81.200.140.0/22
                  185.156.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:06:e0:66:46:af:2a:0d:64:c5:5b:55:77:32:e2:c8:a7:3f:
         60:69:56:59:b1:30:00:f3:7f:ea:ff:5a:0b:42:1a:b5:17:6e:
         a6:07:5d:64:60:40:10:79:0e:29:57:bc:a1:90:f7:0b:24:33:
         5a:77:55:92:cd:a6:de:61:6f:45:77:c6:58:7a:b4:2f:e0:38:
         93:e0:04:9b:02:7c:a1:1a:38:bf:30:ef:2a:de:90:66:80:a7:
         0f:1f:d0:3d:91:45:e5:fc:05:98:b4:b2:98:78:96:f3:f5:95:
         8e:b8:ce:76:58:0a:a3:8e:91:e7:9b:47:e4:b2:12:ee:1b:5c:
         5e:a8:ba:a8:75:3a:85:13:0f:38:58:4a:d7:54:a2:46:d1:ca:
         1e:42:de:c5:cb:2c:f3:d5:ad:fe:86:4c:1d:8a:91:79:c9:42:
         67:c9:ef:4e:fb:8d:0b:bf:13:09:7e:a0:39:3e:c3:f9:b5:13:
         88:84:6c:50:8f:0e:02:66:ca:d3:26:28:81:bd:00:da:fb:b0:
         a6:ee:23:09:c4:f2:7b:29:7a:d3:fd:3b:54:46:43:cc:2b:48:
         fd:16:9c:d0:b0:0b:0f:55:91:01:db:89:f6:14:88:38:7e:2b:
         ec:6b:21:23:e6:82:b3:66:ff:75:0a:a8:54:4e:49:3b:65:2d:
         c8:dc:18:53
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAhiSLrUxS7bFCt2o2mlfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZTBmNzk4NDFjMDIxMGQ5NWI0ZWY1NmZmNjg0NDFjMmFh
OWZjMGYwHhcNMjQwMTAyMDIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmVjNWE1MDg5NTFiMWU5MDZhNTUyNWJkMzc1ZGZmM2Y5MzRiOWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIVpvQ49qFv0ZBDYThcJjYy01tzC
Uw4o0FFr8wCM5GeXxVddhhfaJXifmbGLMJM21iR4x5ehIJv2Nlx2zrzAI/Yp+VaY
xsIgIvNUn5ZKMBFQdQgqXKOpZww2ME89eQ58MI4buNcJh0XNMZGgtKDa5wvGmgXw
m71ccM00A/5XTllHo+9on6Vc5G7FYD7DDMirayn1jgslYyKSdu6sQYuZIaK81DRf
Y9A7Z/wWl6tsbwwI72XI0uKAN71KM0HxU3aa2KV47MY8aPJl/Sv8uo/RufFINi9z
2gKjOFtiFFNuefm/r87CILrLcuR2ns/yCD3+oToOiFJbgVt/WJZMQhSmyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFILsWlCJUbHpBqVSW9N13/P5NLnBMB8GA1UdIwQY
MBaAFLjg95hBwCENlbTvVv9oRBwqqfwPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU9EM21FSEFJUTJWdE85V18yaEVIQ3FwX0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9jOWU3MDQtOTU4ZC00MTNmLThhY2Mt
NmVhM2NiZmQzYTg0LzEvZ3V4YVVJbFJzZWtHcFZKYjAzWGY4X2swdWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9jOWU3MDQtOTU4ZC00MTNmLThhY2MtNmVhM2NiZmQzYTg0
LzEvdU9EM21FSEFJUTJWdE85V18yaEVIQ3FwX0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUciAAwQC
UciMAwQCuZyUMA0GCSqGSIb3DQEBCwUAA4IBAQCyBuBmRq8qDWTFW1V3MuLIpz9g
aVZZsTAA83/q/1oLQhq1F26mB11kYEAQeQ4pV7yhkPcLJDNad1WSzabeYW9Fd8ZY
erQv4DiT4ASbAnyhGji/MO8q3pBmgKcPH9A9kUXl/AWYtLKYeJbz9ZWOuM52WAqj
jpHnm0fkshLuG1xeqLqodTqFEw84WErXVKJG0coeQt7Fyyzz1a3+hkwdipF5yUJn
ye9O+40LvxMJfqA5PsP5tROIhGxQjw4CZsrTJiiBvQDa+7Cm7iMJxPJ7KXrT/TtU
RkPMK0j9FpzQsAsPVZEB24n2FIg4fivsayEj5oKzZv91CqhUTkk7ZS3I3BhT
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:59:16 2024 by rpki-client on console-fra.rpki-client.org