Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/RFZoPMK6xvPsWEuAiZmF8Nb5aCk.roa
File:                     RFZoPMK6xvPsWEuAiZmF8Nb5aCk.roa (raw, json)
Hash identifier:          aNvdfoYHqBo6UDrKTq9uQ/JlrxiAyOPJsHnB0//gQAM=
Subject key identifier:   44:56:68:3C:C2:BA:C6:F3:EC:58:4B:80:89:99:85:F0:D6:F9:68:29
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC7274D9F7F344099393B8348394D3F86
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/RFZoPMK6xvPsWEuAiZmF8Nb5aCk.roa
Signing time:             Mon 01 Jan 2024 22:31:30 +0000
ROA not before:           Mon 01 Jan 2024 22:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25145
IP address blocks:        213.238.160.0/24 maxlen: 24
                          213.238.161.0/24 maxlen: 24
                          213.238.164.0/24 maxlen: 24
                          213.238.165.0/24 maxlen: 24
                          213.238.162.0/24 maxlen: 24
                          213.238.163.0/24 maxlen: 24
                          213.238.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4d:9f:7f:34:40:99:39:3b:83:48:39:4d:3f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4456683cc2bac6f3ec584b80899985f0d6f96829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ce:b1:23:78:91:04:95:fb:7a:47:12:d2:6d:
                    5d:6b:e1:42:a7:ed:9c:d8:cc:dc:7d:fc:df:d7:46:
                    11:21:6a:85:b5:c5:93:06:4c:fc:15:59:29:6d:16:
                    42:07:85:57:53:96:5a:2e:23:90:15:ef:89:e3:33:
                    5f:d4:70:40:7d:6f:50:0d:f9:63:b8:e3:cb:9a:43:
                    a5:a3:09:2a:43:55:94:f0:fa:d9:5e:49:64:fa:d9:
                    4f:58:df:12:32:52:77:7a:e4:ea:a2:0d:da:68:24:
                    13:eb:13:62:a5:50:b5:09:e6:56:5d:57:e4:a2:73:
                    ba:e2:d3:0b:63:73:c1:81:9a:09:20:b1:9c:fc:82:
                    ca:4d:f8:22:7a:a5:7f:ed:98:0a:86:d0:fd:b9:b3:
                    9d:71:da:82:6f:65:27:e7:b6:47:6a:91:a8:99:88:
                    64:aa:32:e1:ed:46:42:a2:2b:9d:f1:da:2d:1a:90:
                    4d:a3:1e:f0:08:5f:01:99:fa:99:28:61:4d:66:09:
                    5c:81:af:d1:57:fb:77:8a:05:5a:e7:01:19:6e:2e:
                    8f:83:9e:8b:bd:d6:a0:a5:49:4c:09:b0:3d:71:e7:
                    ad:5a:de:15:cd:7f:32:cb:03:7e:51:0c:9e:d2:74:
                    26:f3:87:bd:2e:2b:a4:6c:50:64:e2:00:3c:b0:c5:
                    95:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:56:68:3C:C2:BA:C6:F3:EC:58:4B:80:89:99:85:F0:D6:F9:68:29
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/RFZoPMK6xvPsWEuAiZmF8Nb5aCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.160.0-213.238.165.255
                  213.238.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:cf:6e:7a:9b:81:1d:51:9e:18:c1:67:86:7f:3c:3f:95:f5:
         e8:22:ed:5d:83:8a:f4:4d:c0:0f:ad:4a:06:cd:76:4f:75:9b:
         f6:e9:b0:24:12:49:3b:f6:e0:50:69:4e:54:6c:6f:17:8e:bd:
         c5:09:9b:64:c6:e8:17:f6:b4:38:21:27:ae:2c:aa:be:0d:65:
         f5:6f:de:ef:22:b2:46:d4:29:b8:1d:4a:7c:b8:e7:8a:81:60:
         55:7a:7b:ef:be:86:b1:0d:a3:50:b2:30:af:59:d8:08:ed:08:
         d0:b5:54:b7:6f:33:81:f4:e3:33:a6:55:a1:69:2f:bb:83:f2:
         d8:ad:cf:04:61:28:3e:9e:7b:3e:51:31:98:5f:e8:6d:9a:50:
         46:37:e9:75:f0:57:04:ac:f2:fc:b9:22:15:9d:d5:5f:6d:2d:
         2a:bb:86:1a:3d:27:af:7b:3c:1e:49:f5:71:09:f6:d7:0f:8e:
         c5:aa:8b:38:c4:da:f8:fd:b3:bf:3f:19:b4:66:87:71:8e:63:
         41:4f:83:be:c4:e4:1d:36:52:f2:de:25:22:37:d5:80:50:f2:
         2f:76:41:41:fa:3a:f8:8f:7e:0e:c6:21:96:0e:51:7d:e3:8e:
         88:5f:e7:2b:b5:c4:cb:4c:ec:6e:27:cd:98:30:22:13:56:ae:
         ef:29:18:9a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzHJ02ffzRAmTk7g0g5TT+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDU2NjgzY2MyYmFjNmYzZWM1ODRiODA4OTk5ODVmMGQ2Zjk2ODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvM6xI3iRBJX7ekcS0m1da+FCp+2c
2Mzcffzf10YRIWqFtcWTBkz8FVkpbRZCB4VXU5ZaLiOQFe+J4zNf1HBAfW9QDflj
uOPLmkOlowkqQ1WU8PrZXklk+tlPWN8SMlJ3euTqog3aaCQT6xNipVC1CeZWXVfk
onO64tMLY3PBgZoJILGc/ILKTfgieqV/7ZgKhtD9ubOdcdqCb2Un57ZHapGomYhk
qjLh7UZCoiud8dotGpBNox7wCF8BmfqZKGFNZglcga/RV/t3igVa5wEZbi6Pg56L
vdagpUlMCbA9ceetWt4VzX8yywN+UQye0nQm84e9LiukbFBk4gA8sMWVAQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFERWaDzCusbz7FhLgImZhfDW+WgpMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvUkZab1BNSzZ4dlBzV0V1QWlabUY4TmI1YUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAXV7qAD
BAHV7qQDBADV7qgwDQYJKoZIhvcNAQELBQADggEBADbPbnqbgR1RnhjBZ4Z/PD+V
9egi7V2DivRNwA+tSgbNdk91m/bpsCQSSTv24FBpTlRsbxeOvcUJm2TG6Bf2tDgh
J64sqr4NZfVv3u8iskbUKbgdSny454qBYFV6e+++hrENo1CyMK9Z2AjtCNC1VLdv
M4H04zOmVaFpL7uD8titzwRhKD6eez5RMZhf6G2aUEY36XXwVwSs8vy5IhWd1V9t
LSq7hho9J697PB5J9XEJ9tcPjsWqizjE2vj9s78/GbRmh3GOY0FPg77E5B02UvLe
JSI31YBQ8i92QUH6OviPfg7GIZYOUX3jjohf5yu1xMtM7G4nzZgwIhNWru8pGJo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:42:49 2024 by rpki-client on console-fra.rpki-client.org