Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/8LR7E753kWKwrVyCsTuWcl7GCQo.roa
File:                     8LR7E753kWKwrVyCsTuWcl7GCQo.roa (raw, json)
Hash identifier:          xv7Kn/nHHoBfzHD+tyVsPM12ZkSeUwVtaFSTL+V9ySU=
Subject key identifier:   F0:B4:7B:13:BE:77:91:62:B0:AD:5C:82:B1:3B:96:72:5E:C6:09:0A
Certificate issuer:       /CN=149d1f67a41ca2e405017cbe48bafff1733e3869
Certificate serial:       018CC9BBEE0053A1B18769E7E5F387B7CBF2
Authority key identifier: 14:9D:1F:67:A4:1C:A2:E4:05:01:7C:BE:48:BA:FF:F1:73:3E:38:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/8LR7E753kWKwrVyCsTuWcl7GCQo.roa
Signing time:             Tue 02 Jan 2024 10:33:05 +0000
ROA not before:           Tue 02 Jan 2024 10:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59729
IP address blocks:        185.162.10.0/24 maxlen: 24
                          93.188.155.0/24 maxlen: 24
                          185.204.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ee:00:53:a1:b1:87:69:e7:e5:f3:87:b7:cb:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=149d1f67a41ca2e405017cbe48bafff1733e3869
        Validity
            Not Before: Jan  2 10:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0b47b13be779162b0ad5c82b13b96725ec6090a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0f:6d:8c:a2:1e:2a:a7:35:8c:33:4d:b4:26:
                    3e:14:e2:8d:9c:94:7c:4f:47:5c:95:53:a3:af:cb:
                    b9:56:8a:a9:7b:b5:8c:5c:a7:0b:22:9d:84:b4:c4:
                    e9:9d:ed:83:25:c6:8a:a1:32:6e:40:67:9c:43:91:
                    1f:f8:2e:a6:2a:e6:fe:69:19:96:26:bf:16:76:06:
                    b8:60:bb:b1:cd:a6:fe:28:38:90:1a:23:69:37:bc:
                    e1:f8:f4:93:eb:6c:21:72:13:dc:ef:b2:7f:c6:39:
                    45:d9:ea:65:74:e5:95:bf:03:d0:94:37:d1:86:10:
                    97:06:97:1c:18:23:51:1b:97:57:ad:d7:04:3c:6d:
                    75:f7:0c:57:37:1a:68:04:cf:96:19:e2:bb:01:55:
                    bc:be:58:58:c3:df:60:5a:59:5d:2c:42:c1:25:67:
                    dc:aa:d2:72:16:c4:96:3d:24:ac:0b:c2:e3:35:a0:
                    7b:7e:0c:95:7b:f7:2d:b2:20:0d:a6:78:74:85:3d:
                    d9:f5:a9:fc:41:b5:a0:2a:be:48:df:ad:05:38:46:
                    a4:b2:7b:fe:bd:61:f0:da:23:65:e5:4e:5a:6c:3e:
                    2e:34:c8:ff:9a:e0:d0:80:f3:35:fe:73:97:e4:f6:
                    7b:9c:dc:7e:e7:0a:fe:c1:37:58:c3:ee:53:30:47:
                    a8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B4:7B:13:BE:77:91:62:B0:AD:5C:82:B1:3B:96:72:5E:C6:09:0A
            X509v3 Authority Key Identifier:
                keyid:14:9D:1F:67:A4:1C:A2:E4:05:01:7C:BE:48:BA:FF:F1:73:3E:38:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/8LR7E753kWKwrVyCsTuWcl7GCQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/b5090a-ec58-46db-9dd9-5485682a05f5/1/FJ0fZ6QcouQFAXy-SLr_8XM-OGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.188.155.0/24
                  185.162.10.0/24
                  185.204.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:71:76:44:05:d6:78:66:82:9e:00:31:1a:32:52:0c:50:5e:
         f3:bd:63:16:f8:30:d5:aa:c6:63:09:60:bc:33:98:9c:4d:73:
         f2:8e:6e:0a:62:c7:a3:85:31:52:d9:20:b2:1e:2a:8f:ab:64:
         88:55:69:e9:b6:8e:25:e1:bf:5b:f1:3c:51:8b:8e:02:6d:1e:
         3b:bf:73:cd:83:4c:ac:f5:f7:f4:bd:cf:42:92:f8:27:5d:23:
         5c:73:37:17:38:19:39:f6:3b:ee:3f:d9:d1:65:78:d1:b4:ab:
         b0:0d:24:cd:f3:66:79:63:f5:a5:d3:71:2f:80:8a:49:d4:2a:
         ca:13:f1:20:13:c3:4f:5c:ab:45:11:22:f3:71:37:58:a8:37:
         88:51:96:3c:fc:61:52:10:2d:5d:d1:86:88:c6:b4:fb:de:b9:
         47:d4:31:c1:85:ee:de:6f:64:b8:3a:0d:b0:3d:38:a7:03:5f:
         9e:a7:3d:77:fa:36:0e:b0:4e:bb:45:d0:35:13:eb:45:f7:29:
         f7:e7:a8:29:14:a2:22:f7:86:b9:6b:ae:03:7a:65:c2:82:43:
         eb:36:1c:1f:c7:9d:d8:9e:e4:94:6e:f3:54:33:b1:15:e8:7e:
         7d:12:2b:d5:8f:56:9b:f6:89:6a:19:14:b6:7f:61:fe:86:e8:
         2c:af:a2:e4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJu+4AU6Gxh2nn5fOHt8vyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0OWQxZjY3YTQxY2EyZTQwNTAxN2NiZTQ4YmFmZmYxNzMz
ZTM4NjkwHhcNMjQwMTAyMTAzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGI0N2IxM2JlNzc5MTYyYjBhZDVjODJiMTNiOTY3MjVlYzYwOTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQ9tjKIeKqc1jDNNtCY+FOKNnJR8
T0dclVOjr8u5Voqpe7WMXKcLIp2EtMTpne2DJcaKoTJuQGecQ5Ef+C6mKub+aRmW
Jr8Wdga4YLuxzab+KDiQGiNpN7zh+PST62whchPc77J/xjlF2epldOWVvwPQlDfR
hhCXBpccGCNRG5dXrdcEPG119wxXNxpoBM+WGeK7AVW8vlhYw99gWlldLELBJWfc
qtJyFsSWPSSsC8LjNaB7fgyVe/ctsiANpnh0hT3Z9an8QbWgKr5I360FOEaksnv+
vWHw2iNl5U5abD4uNMj/muDQgPM1/nOX5PZ7nNx+5wr+wTdYw+5TMEeo3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPC0exO+d5FisK1cgrE7lnJexgkKMB8GA1UdIwQY
MBaAFBSdH2ekHKLkBQF8vki6//FzPjhpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkowZlo2UWNvdVFGQVh5LVNMcl84WE0tT0drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9iNTA5MGEtZWM1OC00NmRiLTlkZDkt
NTQ4NTY4MmEwNWY1LzEvOExSN0U3NTNrV0t3clZ5Q3NUdVdjbDdHQ1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9iNTA5MGEtZWM1OC00NmRiLTlkZDktNTQ4NTY4MmEwNWY1
LzEvRkowZlo2UWNvdVFGQVh5LVNMcl84WE0tT0drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXbybAwQA
uaIKAwQAucw1MA0GCSqGSIb3DQEBCwUAA4IBAQChcXZEBdZ4ZoKeADEaMlIMUF7z
vWMW+DDVqsZjCWC8M5icTXPyjm4KYsejhTFS2SCyHiqPq2SIVWnpto4l4b9b8TxR
i44CbR47v3PNg0ys9ff0vc9CkvgnXSNcczcXOBk59jvuP9nRZXjRtKuwDSTN82Z5
Y/Wl03EvgIpJ1CrKE/EgE8NPXKtFESLzcTdYqDeIUZY8/GFSEC1d0YaIxrT73rlH
1DHBhe7eb2S4Og2wPTinA1+epz13+jYOsE67RdA1E+tF9yn356gpFKIi94a5a64D
emXCgkPrNhwfx53YnuSUbvNUM7EV6H59EivVj1ab9olqGRS2f2H+hugsr6Lk
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:51:13 2024 by rpki-client on console-fra.rpki-client.org