Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/kZP6MCw0QIKlmDn280ska7mo4XU.roa
File:                     kZP6MCw0QIKlmDn280ska7mo4XU.roa (raw, json)
Hash identifier:          61p1PWgE1/QLEDUpWO8SZlN6/NpIW53FIObOwZb1Djo=
Subject key identifier:   91:93:FA:30:2C:34:40:82:A5:98:39:F6:F3:4B:24:6B:B9:A8:E1:75
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B6B773734E4508E71DFC46AABC0AD
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/kZP6MCw0QIKlmDn280ska7mo4XU.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395886
IP address blocks:        193.227.121.0/24 maxlen: 24
                          45.153.8.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6b:77:37:34:e4:50:8e:71:df:c4:6a:ab:c0:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9193fa302c344082a59839f6f34b246bb9a8e175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d0:08:b0:33:97:6d:2d:6c:31:cb:0e:5e:a1:
                    f0:16:22:e9:3e:6f:ae:3e:3c:8e:bc:b5:26:dc:28:
                    09:d2:80:4b:44:ee:62:67:02:e2:13:22:6e:98:2b:
                    27:67:70:4e:ae:d6:36:0a:d0:77:32:bf:1a:31:90:
                    42:c8:0b:0d:e4:cd:1d:bb:b9:a7:d7:1b:f5:e3:09:
                    8a:98:75:aa:a2:64:72:b0:ee:9b:4e:8b:64:d1:7a:
                    8f:ec:3a:e2:e8:b5:64:7c:52:0f:93:89:ba:28:e7:
                    84:41:8c:1c:3b:f1:2e:66:41:54:96:f1:f0:25:2a:
                    ca:4e:00:f6:f1:c7:20:3b:4f:1c:0b:7e:fb:11:1d:
                    09:bd:a8:19:f9:93:4e:d3:bc:94:74:bb:19:3c:34:
                    fc:0b:ad:95:9d:be:d8:fe:28:f1:d1:db:bf:f1:4f:
                    68:cd:5e:e6:a1:1c:4c:4c:56:0f:4f:46:1a:50:f0:
                    9f:07:78:e9:43:67:8a:78:e1:90:40:30:56:df:78:
                    b9:07:f5:ea:38:00:7f:aa:ce:5d:29:6c:1b:a8:6c:
                    64:a1:f7:1e:a4:76:bf:95:d9:8c:90:b0:db:34:2e:
                    73:4f:91:ce:58:3c:80:0e:c7:c3:f0:49:09:79:44:
                    cc:f4:34:e2:92:ea:33:6a:62:95:d7:79:9f:5e:60:
                    ad:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:93:FA:30:2C:34:40:82:A5:98:39:F6:F3:4B:24:6B:B9:A8:E1:75
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/kZP6MCw0QIKlmDn280ska7mo4XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.8.0/23
                  193.227.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:79:4a:28:4e:fa:fd:94:23:c5:23:5b:81:43:bc:5b:c1:ad:
         94:3e:8a:d8:b3:bf:52:f3:55:1a:c9:c0:26:69:c4:e1:94:ab:
         39:05:10:a5:d0:72:b5:3b:7e:00:ba:08:79:8e:26:b1:f7:e3:
         48:b3:68:4c:7f:45:13:3b:a8:7f:24:d4:f9:b5:d9:ec:ef:43:
         20:26:b2:18:a9:24:89:c0:a8:3f:e0:41:7d:50:7b:77:37:83:
         41:d0:7f:ea:10:98:73:03:7b:0c:9c:a1:1e:51:9e:32:72:5d:
         32:f2:5b:1c:67:bf:6a:7b:68:cf:75:26:5e:eb:14:20:ea:80:
         6a:ec:7e:fd:29:dc:42:aa:df:49:26:c5:df:59:52:be:de:8d:
         68:0a:85:84:41:09:bb:69:49:b7:20:de:b9:be:13:70:31:59:
         54:56:0a:25:90:14:88:01:1f:a9:b4:eb:9c:ee:b8:0a:fd:0b:
         21:1b:b4:3c:d2:47:e3:83:c3:7d:90:a2:2b:45:a9:37:08:3c:
         7a:c2:a0:92:13:c4:c6:4e:9e:74:64:5e:3b:92:00:fd:34:ac:
         59:83:8a:9a:47:79:51:33:b3:06:b9:24:a0:cd:69:cf:e0:82:
         b2:40:a9:59:e8:df:26:65:03:44:71:a4:18:f8:79:ea:48:5a:
         f2:bf:61:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS2t3NzTkUI5x38Rqq8CtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTkzZmEzMDJjMzQ0MDgyYTU5ODM5ZjZmMzRiMjQ2YmI5YThlMTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndAIsDOXbS1sMcsOXqHwFiLpPm+u
PjyOvLUm3CgJ0oBLRO5iZwLiEyJumCsnZ3BOrtY2CtB3Mr8aMZBCyAsN5M0du7mn
1xv14wmKmHWqomRysO6bTotk0XqP7Dri6LVkfFIPk4m6KOeEQYwcO/EuZkFUlvHw
JSrKTgD28ccgO08cC377ER0JvagZ+ZNO07yUdLsZPDT8C62Vnb7Y/ijx0du/8U9o
zV7moRxMTFYPT0YaUPCfB3jpQ2eKeOGQQDBW33i5B/XqOAB/qs5dKWwbqGxkofce
pHa/ldmMkLDbNC5zT5HOWDyADsfD8EkJeUTM9DTikuozamKV13mfXmCtqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJGT+jAsNECCpZg59vNLJGu5qOF1MB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEva1pQNk1DdzBRSUtsbURuMjgwc2thN21vNFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZkIAwQA
weN5MA0GCSqGSIb3DQEBCwUAA4IBAQAheUooTvr9lCPFI1uBQ7xbwa2UPorYs79S
81UaycAmacThlKs5BRCl0HK1O34Augh5jiax9+NIs2hMf0UTO6h/JNT5tdns70Mg
JrIYqSSJwKg/4EF9UHt3N4NB0H/qEJhzA3sMnKEeUZ4ycl0y8lscZ79qe2jPdSZe
6xQg6oBq7H79KdxCqt9JJsXfWVK+3o1oCoWEQQm7aUm3IN65vhNwMVlUVgolkBSI
AR+ptOuc7rgK/QshG7Q80kfjg8N9kKIrRak3CDx6wqCSE8TGTp50ZF47kgD9NKxZ
g4qaR3lRM7MGuSSgzWnP4IKyQKlZ6N8mZQNEcaQY+HnqSFryv2HS
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:20:42 2024 by rpki-client on console-ams.rpki-client.org