Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/kjqDzFZu9kKGc4dBFmu0hDMjznQ.roa
File:                     kjqDzFZu9kKGc4dBFmu0hDMjznQ.roa (raw, json)
Hash identifier:          nHKSYhmJsq8afXz/iZJ/c5NJMx81vr2OS1t0gd1zESk=
Subject key identifier:   92:3A:83:CC:56:6E:F6:42:86:73:87:41:16:6B:B4:84:33:23:CE:74
Certificate issuer:       /CN=1027a8a61299b80a3e71d1a981427ec00b849d17
Certificate serial:       018E2DB909737435E42D0FF17975C44F2177
Authority key identifier: 10:27:A8:A6:12:99:B8:0A:3E:71:D1:A9:81:42:7E:C0:0B:84:9D:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ECeophKZuAo-cdGpgUJ-wAuEnRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/kjqDzFZu9kKGc4dBFmu0hDMjznQ.roa
Signing time:             Mon 11 Mar 2024 13:34:45 +0000
ROA not before:           Mon 11 Mar 2024 13:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47543
IP address blocks:        95.142.100.0/24 maxlen: 24
                          95.142.101.0/24 maxlen: 24
                          178.237.35.0/24 maxlen: 24
                          178.237.36.0/24 maxlen: 24
                          178.237.37.0/24 maxlen: 24
                          178.237.38.0/24 maxlen: 24
                          2a00:1188:12::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/ECeophKZuAo-cdGpgUJ-wAuEnRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/ECeophKZuAo-cdGpgUJ-wAuEnRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ECeophKZuAo-cdGpgUJ-wAuEnRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:b9:09:73:74:35:e4:2d:0f:f1:79:75:c4:4f:21:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1027a8a61299b80a3e71d1a981427ec00b849d17
        Validity
            Not Before: Mar 11 13:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=923a83cc566ef64286738741166bb4843323ce74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a9:c3:31:84:49:1e:7b:86:a4:f1:6d:d4:49:
                    5d:5b:d9:8b:53:0e:cd:36:6d:5c:40:40:5b:f7:ac:
                    be:da:b9:2c:8b:ed:a2:12:c4:22:bf:39:d2:c4:31:
                    87:e2:6f:a7:b4:a3:9d:52:c8:46:43:32:24:b4:48:
                    ab:c7:a0:31:0e:5f:a4:b5:0e:54:24:88:7b:8a:b7:
                    83:d3:3e:72:7e:8e:47:6c:d9:5a:61:21:a0:b4:42:
                    9e:b8:8d:d8:87:d4:f1:a2:f3:79:21:1f:5e:a7:c5:
                    41:88:3b:08:d1:b5:9d:8b:bf:c5:c1:af:d2:d2:aa:
                    e4:11:aa:70:39:4c:c7:a4:be:40:f4:5e:2a:23:d9:
                    7b:57:f2:4e:96:d0:45:3b:50:54:18:3c:da:9b:6d:
                    31:be:6e:f2:d3:30:52:d7:ec:9f:24:6e:f7:26:00:
                    b8:f1:d9:d9:d0:5d:8a:7c:0d:02:3e:e9:db:30:6a:
                    84:ae:9e:f0:4f:a6:bb:a7:c3:41:98:1a:bd:30:72:
                    19:18:d1:e6:5d:f4:ff:68:1f:d4:f5:ef:94:c2:f8:
                    17:46:32:6e:32:a4:2e:73:c8:16:13:02:71:c5:2a:
                    4e:6c:9d:ba:0c:d2:35:9d:9c:47:5e:4f:86:3f:51:
                    cd:00:97:55:26:b1:cd:9c:c6:9c:47:78:c2:06:eb:
                    5a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:3A:83:CC:56:6E:F6:42:86:73:87:41:16:6B:B4:84:33:23:CE:74
            X509v3 Authority Key Identifier:
                keyid:10:27:A8:A6:12:99:B8:0A:3E:71:D1:A9:81:42:7E:C0:0B:84:9D:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ECeophKZuAo-cdGpgUJ-wAuEnRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/kjqDzFZu9kKGc4dBFmu0hDMjznQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/ECeophKZuAo-cdGpgUJ-wAuEnRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.142.100.0/23
                  178.237.35.0-178.237.38.255
                IPv6:
                  2a00:1188:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:18:80:be:c6:5a:4d:91:a4:7a:b6:b3:47:9f:8b:d7:6e:30:
         e6:33:32:0b:59:94:44:0a:21:a7:5a:2e:ad:23:76:03:21:4f:
         2c:53:b1:c8:78:5d:58:81:61:94:8f:43:34:c0:7b:2b:b0:64:
         22:3c:34:b8:e2:09:63:6e:89:8b:ae:32:d2:bc:a2:79:55:46:
         2f:15:75:fa:19:ba:64:7d:9b:ab:24:fb:17:5c:20:60:7b:c8:
         f9:61:0b:d9:f6:e6:5c:65:94:43:c1:b2:27:86:eb:82:3d:22:
         51:fa:f7:cb:f7:26:03:49:73:36:85:80:97:e0:fa:1e:15:5e:
         e2:d1:54:53:15:8c:b1:7b:7e:d7:c5:b2:8e:35:16:8f:c6:e2:
         99:ce:1c:45:68:03:6c:30:72:a4:86:b3:42:e3:6f:42:6c:69:
         e3:60:4e:a1:91:50:01:b7:0a:62:19:fd:de:b2:06:03:82:f7:
         31:c1:24:2c:90:03:2c:a1:03:1a:2e:e1:a2:8f:cb:92:ad:1f:
         96:5d:77:71:f9:bf:1f:1f:1b:0c:b9:05:0b:22:6b:b3:67:d6:
         3a:b7:27:ab:72:fd:c9:8e:b6:8e:92:36:a4:83:9c:64:db:78:
         52:f7:a8:cd:a1:56:16:4d:6a:ca:18:a7:50:30:ef:66:30:9c:
         1f:e6:df:5e
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAY4tuQlzdDXkLQ/xeXXETyF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMjdhOGE2MTI5OWI4MGEzZTcxZDFhOTgxNDI3ZWMwMGI4
NDlkMTcwHhcNMjQwMzExMTMzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjNhODNjYzU2NmVmNjQyODY3Mzg3NDExNjZiYjQ4NDMzMjNjZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqnDMYRJHnuGpPFt1EldW9mLUw7N
Nm1cQEBb96y+2rksi+2iEsQivznSxDGH4m+ntKOdUshGQzIktEirx6AxDl+ktQ5U
JIh7ireD0z5yfo5HbNlaYSGgtEKeuI3Yh9TxovN5IR9ep8VBiDsI0bWdi7/Fwa/S
0qrkEapwOUzHpL5A9F4qI9l7V/JOltBFO1BUGDzam20xvm7y0zBS1+yfJG73JgC4
8dnZ0F2KfA0CPunbMGqErp7wT6a7p8NBmBq9MHIZGNHmXfT/aB/U9e+UwvgXRjJu
MqQuc8gWEwJxxSpObJ26DNI1nZxHXk+GP1HNAJdVJrHNnMacR3jCButaZQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFJI6g8xWbvZChnOHQRZrtIQzI850MB8GA1UdIwQY
MBaAFBAnqKYSmbgKPnHRqYFCfsALhJ0XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUNlb3BoS1p1QW8tY2RHcGdVSi13QXVFblJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9iYTlkMTMtOGNhNi00NTc3LWE1OWMt
OWRkOTk3ZWVmNGVmLzEva2pxRHpGWnU5a0tHYzRkQkZtdTBoRE1qem5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9iYTlkMTMtOGNhNi00NTc3LWE1OWMtOWRkOTk3ZWVmNGVm
LzEvRUNlb3BoS1p1QW8tY2RHcGdVSi13QXVFblJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUAwQBX45kMAwD
BACy7SMDBACy7SYwDwQCAAIwCQMHACoAEYgAEjANBgkqhkiG9w0BAQsFAAOCAQEA
KBiAvsZaTZGkerazR5+L124w5jMyC1mURAohp1ourSN2AyFPLFOxyHhdWIFhlI9D
NMB7K7BkIjw0uOIJY26Ji64y0ryieVVGLxV1+hm6ZH2bqyT7F1wgYHvI+WEL2fbm
XGWUQ8GyJ4brgj0iUfr3y/cmA0lzNoWAl+D6HhVe4tFUUxWMsXt+18WyjjUWj8bi
mc4cRWgDbDBypIazQuNvQmxp42BOoZFQAbcKYhn93rIGA4L3McEkLJADLKEDGi7h
oo/Lkq0fll13cfm/Hx8bDLkFCyJrs2fWOrcnq3L9yY62jpI2pIOcZNt4UveozaFW
Fk1qyhinUDDvZjCcH+bfXg==
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:15:39 2024 by rpki-client on console-ams.rpki-client.org