Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/379816-d6b4-42b5-95ad-fe27921e1542/1/Ru2hyhvh2GdW8XthkcARsqLGPjM.roa
File:                     Ru2hyhvh2GdW8XthkcARsqLGPjM.roa (raw, json)
Hash identifier:          MMac/Lhuwg9FM3wjF7SbLog+f97fI42YLCHSHETC5kY=
Subject key identifier:   46:ED:A1:CA:1B:E1:D8:67:56:F1:7B:61:91:C0:11:B2:A2:C6:3E:33
Certificate issuer:       /CN=7b89385c0002330b096567b21514d8e1bc09689f
Certificate serial:       018DFA4825A305D026E379A8E47A4C4F3673
Authority key identifier: 7B:89:38:5C:00:02:33:0B:09:65:67:B2:15:14:D8:E1:BC:09:68:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e4k4XAACMwsJZWeyFRTY4bwJaJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/379816-d6b4-42b5-95ad-fe27921e1542/1/Ru2hyhvh2GdW8XthkcARsqLGPjM.roa
Signing time:             Fri 01 Mar 2024 13:50:48 +0000
ROA not before:           Fri 01 Mar 2024 13:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51580
IP address blocks:        5.172.96.0/22 maxlen: 24
                          185.143.152.0/22 maxlen: 24
                          185.212.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/379816-d6b4-42b5-95ad-fe27921e1542/1/e4k4XAACMwsJZWeyFRTY4bwJaJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/379816-d6b4-42b5-95ad-fe27921e1542/1/e4k4XAACMwsJZWeyFRTY4bwJaJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e4k4XAACMwsJZWeyFRTY4bwJaJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:48:25:a3:05:d0:26:e3:79:a8:e4:7a:4c:4f:36:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b89385c0002330b096567b21514d8e1bc09689f
        Validity
            Not Before: Mar  1 13:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46eda1ca1be1d86756f17b6191c011b2a2c63e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a0:f4:fb:4d:42:37:76:6f:5f:6b:4e:89:3c:
                    98:f6:7d:d1:ad:8b:08:b8:fe:2b:2d:5c:1f:f1:a3:
                    af:2b:7d:3e:25:5a:d4:60:15:9b:bf:89:b3:7a:a9:
                    2e:53:01:91:0b:80:db:5e:59:e5:c4:97:ec:cf:6f:
                    eb:2f:ff:05:39:64:2e:0c:c1:4f:bf:65:c4:f5:af:
                    6e:4f:f5:59:28:81:b6:67:0f:42:a3:89:c8:5a:84:
                    99:bd:05:7b:e5:07:ff:5b:a9:a1:71:c5:15:d2:f3:
                    c7:6d:db:63:9b:37:03:19:78:32:c1:8f:93:ce:df:
                    83:e8:34:75:ef:c1:f0:d7:8a:48:54:9c:d5:69:08:
                    fe:50:08:61:cb:63:f2:7e:83:69:43:b5:a0:30:3c:
                    32:bb:bd:e4:af:9c:d5:78:d5:0d:9a:a1:54:70:a0:
                    ab:56:b7:ee:25:f4:0f:70:61:b5:0d:30:7a:35:b4:
                    73:65:6d:a9:09:ff:f2:c5:02:da:76:6e:1f:73:55:
                    e9:56:d7:a1:75:0f:7a:a2:a8:a4:5e:69:a0:7b:15:
                    18:fe:8d:bd:f2:8d:ea:c7:7d:bc:78:44:f0:0d:ed:
                    91:24:c0:91:d9:8a:27:de:e2:98:af:20:96:b3:60:
                    d9:73:d6:47:29:82:8a:1d:0d:b3:ed:81:05:71:51:
                    3d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:ED:A1:CA:1B:E1:D8:67:56:F1:7B:61:91:C0:11:B2:A2:C6:3E:33
            X509v3 Authority Key Identifier:
                keyid:7B:89:38:5C:00:02:33:0B:09:65:67:B2:15:14:D8:E1:BC:09:68:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4k4XAACMwsJZWeyFRTY4bwJaJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/379816-d6b4-42b5-95ad-fe27921e1542/1/Ru2hyhvh2GdW8XthkcARsqLGPjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/379816-d6b4-42b5-95ad-fe27921e1542/1/e4k4XAACMwsJZWeyFRTY4bwJaJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.96.0/22
                  185.143.152.0/22
                  185.212.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:a1:7e:08:de:89:13:8c:cd:3c:46:9d:8e:88:7a:cb:70:4a:
         d6:20:01:57:3f:6e:4d:c5:12:b4:de:2c:dd:61:79:c4:33:f2:
         68:52:64:9b:f7:27:0d:40:59:ad:1e:7e:aa:42:ea:2b:cd:d9:
         0b:7f:13:94:8a:ba:7b:a6:4c:c2:b2:cb:be:6e:0f:a1:4f:01:
         67:53:85:ce:7e:59:93:32:2a:d0:1d:1d:eb:8d:9c:f4:1d:1f:
         58:35:e1:46:ae:48:f3:e4:9e:3e:9f:df:1a:d3:c3:4c:81:ae:
         cd:a1:c5:93:ea:45:42:91:ab:04:2b:52:20:7e:90:a0:26:1a:
         d6:f2:65:03:0a:46:35:3a:d7:62:a9:4c:df:dd:2b:bb:e4:38:
         60:fa:1e:c8:61:d7:30:e9:12:19:8a:62:9e:ba:3a:1f:7d:93:
         55:8a:b3:c4:58:37:98:5c:4d:a0:2f:0f:f5:47:51:62:4d:31:
         3b:79:b2:b3:18:24:fb:c2:c1:3b:ae:1e:0b:b0:09:90:d1:26:
         56:c8:32:36:09:2b:34:2a:a7:00:dd:90:e4:36:3e:6f:21:4a:
         e0:a3:8c:4b:14:ce:e0:24:e1:5e:cd:97:5c:94:cb:84:b8:c1:
         83:5b:70:c1:74:67:cc:55:ec:cd:d0:ed:a8:95:f6:54:77:9f:
         e6:3a:d8:93
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY36SCWjBdAm43mo5HpMTzZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiODkzODVjMDAwMjMzMGIwOTY1NjdiMjE1MTRkOGUxYmMw
OTY4OWYwHhcNMjQwMzAxMTM1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmVkYTFjYTFiZTFkODY3NTZmMTdiNjE5MWMwMTFiMmEyYzYzZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqD0+01CN3ZvX2tOiTyY9n3RrYsI
uP4rLVwf8aOvK30+JVrUYBWbv4mzeqkuUwGRC4DbXlnlxJfsz2/rL/8FOWQuDMFP
v2XE9a9uT/VZKIG2Zw9Co4nIWoSZvQV75Qf/W6mhccUV0vPHbdtjmzcDGXgywY+T
zt+D6DR178Hw14pIVJzVaQj+UAhhy2PyfoNpQ7WgMDwyu73kr5zVeNUNmqFUcKCr
VrfuJfQPcGG1DTB6NbRzZW2pCf/yxQLadm4fc1XpVtehdQ96oqikXmmgexUY/o29
8o3qx328eETwDe2RJMCR2Yon3uKYryCWs2DZc9ZHKYKKHQ2z7YEFcVE9nQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEbtocob4dhnVvF7YZHAEbKixj4zMB8GA1UdIwQY
MBaAFHuJOFwAAjMLCWVnshUU2OG8CWifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTRrNFhBQUNNd3NKWldleUZSVFk0YndKYUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8zNzk4MTYtZDZiNC00MmI1LTk1YWQt
ZmUyNzkyMWUxNTQyLzEvUnUyaHlodmgyR2RXOFh0aGtjQVJzcUxHUGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8zNzk4MTYtZDZiNC00MmI1LTk1YWQtZmUyNzkyMWUxNTQy
LzEvZTRrNFhBQUNNd3NKWldleUZSVFk0YndKYUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCBaxgAwQC
uY+YAwQCudQQMA0GCSqGSIb3DQEBCwUAA4IBAQCroX4I3okTjM08Rp2OiHrLcErW
IAFXP25NxRK03izdYXnEM/JoUmSb9ycNQFmtHn6qQuorzdkLfxOUirp7pkzCssu+
bg+hTwFnU4XOflmTMirQHR3rjZz0HR9YNeFGrkjz5J4+n98a08NMga7NocWT6kVC
kasEK1IgfpCgJhrW8mUDCkY1OtdiqUzf3Su75Dhg+h7IYdcw6RIZimKeujoffZNV
irPEWDeYXE2gLw/1R1FiTTE7ebKzGCT7wsE7rh4LsAmQ0SZWyDI2CSs0KqcA3ZDk
Nj5vIUrgo4xLFM7gJOFezZdclMuEuMGDW3DBdGfMVezN0O2olfZUd5/mOtiT
-----END CERTIFICATE-----
Generated at Sun Jun 16 11:47:32 2024 by rpki-client on console-ams.rpki-client.org