Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Cpj4CS5Syfv8p1MkSDbM2HHOQIA.roa
File:                     Cpj4CS5Syfv8p1MkSDbM2HHOQIA.roa (raw, json)
Hash identifier:          QYdoLyP1ugdtttBATb01GlyvniZSmhwbFfG0SubmXXY=
Subject key identifier:   0A:98:F8:09:2E:52:C9:FB:FC:A7:53:24:48:36:CC:D8:71:CE:40:80
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94E02F2C2F26937BB6BAD78BDC49ABF
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Cpj4CS5Syfv8p1MkSDbM2HHOQIA.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41494
IP address blocks:        185.1.36.0/24 maxlen: 24
                          185.86.67.0/24 maxlen: 24
                          195.95.178.0/24 maxlen: 24
                          2a05:b680:11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:02:f2:c2:f2:69:37:bb:6b:ad:78:bd:c4:9a:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a98f8092e52c9fbfca753244836ccd871ce4080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5d:2f:6d:24:ac:19:00:88:87:23:20:45:1a:
                    fc:56:74:c4:29:0c:4a:6d:0d:07:4e:af:8f:9f:7b:
                    e9:37:aa:4c:5e:55:fd:12:54:06:16:86:e5:5e:3f:
                    48:ae:4b:3d:b6:d1:c4:18:c0:34:41:a4:a8:52:99:
                    cd:d5:f6:76:1f:ba:ef:b9:24:8b:cd:2e:c8:85:a8:
                    f0:b1:e8:48:6c:25:71:28:26:0c:1c:ce:73:46:8a:
                    68:af:78:8e:b1:70:7c:84:05:3c:27:af:16:63:9a:
                    d5:f3:8d:e3:38:83:d5:35:4b:be:b9:6c:5a:23:81:
                    fd:eb:99:ed:eb:d6:0d:de:49:fc:bb:6b:39:35:77:
                    75:56:00:de:7d:a6:67:75:fa:ab:40:9d:b3:0d:73:
                    54:64:4c:aa:bd:57:e5:3f:fb:4d:60:fa:d5:4c:9f:
                    65:4b:10:19:1b:6f:e2:92:20:e7:dc:45:7e:8a:de:
                    ef:4d:b9:db:ac:43:51:6a:cf:47:e5:fa:fa:79:22:
                    d8:7a:c1:8c:0d:55:33:9d:09:f6:02:10:4f:0e:66:
                    5b:6f:0f:12:cf:43:fe:e4:c5:20:1a:f9:1d:6f:25:
                    d6:8a:52:a0:bf:42:fb:83:60:bc:df:71:90:0f:00:
                    79:53:83:e6:aa:2c:70:30:a2:e8:ea:ab:ef:ab:e9:
                    25:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:98:F8:09:2E:52:C9:FB:FC:A7:53:24:48:36:CC:D8:71:CE:40:80
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Cpj4CS5Syfv8p1MkSDbM2HHOQIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.36.0/24
                  185.86.67.0/24
                  195.95.178.0/24
                IPv6:
                  2a05:b680:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:ee:e7:f5:a8:05:44:f0:57:50:8f:9a:66:91:50:8a:a1:32:
         61:7f:be:91:3a:19:68:c8:c9:3f:00:5a:2f:e5:18:14:dc:2c:
         2a:c0:7b:4f:15:9a:de:9c:b3:72:42:16:62:14:d9:8d:c4:f2:
         4c:47:84:9b:0f:10:b6:bb:e4:e1:96:7b:92:9b:76:cf:b0:8b:
         45:d6:3e:bb:03:06:4c:f7:6e:57:78:46:4e:31:b8:1e:43:e6:
         65:fc:59:f2:25:4c:99:86:af:7c:a8:85:b5:9f:89:64:cb:e3:
         e5:0d:91:15:9a:58:84:6e:cd:63:b0:a8:7a:bb:4e:10:e3:53:
         5e:68:1b:5c:5d:43:3c:61:67:0d:b9:d0:bc:52:4e:eb:19:63:
         9e:0a:c0:e4:83:4a:c5:ce:1b:a4:fd:d2:6c:51:42:8a:6e:99:
         8a:22:fb:79:ec:c7:08:59:ff:dd:b9:ee:57:7b:64:72:b0:2f:
         4e:8a:a0:e8:04:a8:88:3d:55:76:06:fc:07:4a:b4:b1:1e:aa:
         88:e2:d6:7a:72:fb:6b:d5:dd:33:c8:6a:d4:e5:33:0b:c3:ca:
         be:84:72:a9:f4:90:1d:5f:ec:91:47:a5:0d:84:99:66:94:40:
         a8:e0:f9:f3:75:23:26:31:77:0a:76:82:d1:ac:07:70:2c:6b:
         c8:3e:c3:38
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzJTgLywvJpN7trrXi9xJq/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTk4ZjgwOTJlNTJjOWZiZmNhNzUzMjQ0ODM2Y2NkODcxY2U0MDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk10vbSSsGQCIhyMgRRr8VnTEKQxK
bQ0HTq+Pn3vpN6pMXlX9ElQGFoblXj9Irks9ttHEGMA0QaSoUpnN1fZ2H7rvuSSL
zS7IhajwsehIbCVxKCYMHM5zRopor3iOsXB8hAU8J68WY5rV843jOIPVNUu+uWxa
I4H965nt69YN3kn8u2s5NXd1VgDefaZndfqrQJ2zDXNUZEyqvVflP/tNYPrVTJ9l
SxAZG2/ikiDn3EV+it7vTbnbrENRas9H5fr6eSLYesGMDVUznQn2AhBPDmZbbw8S
z0P+5MUgGvkdbyXWilKgv0L7g2C833GQDwB5U4PmqixwMKLo6qvvq+klLQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFAqY+AkuUsn7/KdTJEg2zNhxzkCAMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvQ3BqNENTNVN5ZnY4cDFNa1NEYk0ySEhPUUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAuQEkAwQA
uVZDAwQAw1+yMA8EAgACMAkDBwAqBbaAABEwDQYJKoZIhvcNAQELBQADggEBAJPu
5/WoBUTwV1CPmmaRUIqhMmF/vpE6GWjIyT8AWi/lGBTcLCrAe08Vmt6cs3JCFmIU
2Y3E8kxHhJsPELa75OGWe5Kbds+wi0XWPrsDBkz3bld4Rk4xuB5D5mX8WfIlTJmG
r3yohbWfiWTL4+UNkRWaWIRuzWOwqHq7ThDjU15oG1xdQzxhZw250LxSTusZY54K
wOSDSsXOG6T90mxRQopumYoi+3nsxwhZ/9257ld7ZHKwL06KoOgEqIg9VXYG/AdK
tLEeqoji1npy+2vV3TPIatTlMwvDyr6Ecqn0kB1f7JFHpQ2EmWaUQKjg+fN1IyYx
dwp2gtGsB3Asa8g+wzg=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:10:35 2024 by rpki-client on console-fra.rpki-client.org