Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/KZ3gI0Z3F5JIZVEPuBHW-TTycR8.roa
File:                     KZ3gI0Z3F5JIZVEPuBHW-TTycR8.roa (raw, json)
Hash identifier:          hIJFfQnhl+PqtfGJcLooN7IspTm/Baui2VccJK7wiys=
Subject key identifier:   29:9D:E0:23:46:77:17:92:48:65:51:0F:B8:11:D6:F9:34:F2:71:1F
Certificate issuer:       /CN=c4eb34dda2f8094968494892063351ee0f10e91a
Certificate serial:       018CC500C1B6559D624D89FE79C24909EE71
Authority key identifier: C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/KZ3gI0Z3F5JIZVEPuBHW-TTycR8.roa
Signing time:             Mon 01 Jan 2024 12:30:10 +0000
ROA not before:           Mon 01 Jan 2024 12:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        152.89.228.0/23 maxlen: 23
                          152.89.230.0/23 maxlen: 23
                          152.89.228.0/22 maxlen: 22
                          45.80.250.0/23 maxlen: 23
                          2.58.176.0/22 maxlen: 22
                          2.58.178.0/23 maxlen: 23
                          2.58.176.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c1:b6:55:9d:62:4d:89:fe:79:c2:49:09:ee:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4eb34dda2f8094968494892063351ee0f10e91a
        Validity
            Not Before: Jan  1 12:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=299de023467717924865510fb811d6f934f2711f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e4:84:2f:90:b0:3d:1f:b7:a6:cc:0d:56:f7:
                    a8:36:ac:d8:52:81:21:96:c2:09:3d:2d:39:10:d1:
                    3a:3c:ae:99:a8:c1:2f:ef:70:99:f0:bd:4f:0d:6b:
                    00:a3:da:20:fb:ef:cb:3b:59:ea:e4:11:db:e6:d7:
                    b0:d9:48:89:1f:1a:0f:7a:f5:d1:60:af:b2:b2:a3:
                    5c:6a:02:87:b9:e1:31:52:cd:03:9a:f5:59:b9:76:
                    a4:cd:ac:42:cc:53:0e:14:37:a2:12:98:b9:fa:05:
                    e2:63:2e:b2:17:15:43:a5:b9:26:08:bb:60:ec:06:
                    29:69:25:93:5c:9e:4d:b9:d9:9a:0d:47:53:d1:f4:
                    37:63:74:e6:df:74:14:ca:5c:0f:fe:78:8d:b8:4c:
                    3d:ca:86:fa:71:02:88:b2:8c:2a:21:ea:e8:ba:76:
                    ca:9f:4c:1e:da:fa:5c:a4:07:b8:8d:1d:27:ae:84:
                    aa:b0:93:9d:fd:a6:19:7d:55:73:3c:32:8f:e8:69:
                    24:31:28:81:a0:9a:2e:03:e2:2b:94:92:f4:b1:64:
                    91:58:87:7d:13:f7:32:d5:9e:69:11:09:56:63:db:
                    18:4e:f4:28:8d:49:c6:51:52:22:67:da:e2:3a:28:
                    13:1a:0e:6a:4b:ad:7e:da:85:81:26:29:3f:18:b9:
                    2b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9D:E0:23:46:77:17:92:48:65:51:0F:B8:11:D6:F9:34:F2:71:1F
            X509v3 Authority Key Identifier:
                keyid:C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/KZ3gI0Z3F5JIZVEPuBHW-TTycR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.176.0/22
                  45.80.250.0/23
                  152.89.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d7:c9:84:c4:dc:ed:64:08:a2:00:bf:e5:c7:a7:5c:b4:f6:46:
         49:9a:f1:c9:4c:c6:fe:fc:ee:16:26:87:9b:24:3e:e9:d4:a6:
         22:0c:36:35:a9:89:22:97:1b:83:47:1e:97:d4:b9:df:21:9d:
         b3:ea:0f:97:bd:0b:be:9f:02:49:65:0c:74:5c:83:53:a5:5d:
         de:98:b8:40:a0:d7:5c:f6:be:80:40:2c:c1:c2:0f:7f:bb:12:
         e2:12:ca:a8:47:b3:a4:6a:7d:1e:d8:53:31:74:13:bb:46:ca:
         52:e0:70:8a:5e:0c:26:1c:20:0c:95:54:59:65:02:ea:63:7d:
         09:4e:ad:b8:82:bb:f6:08:70:9e:4d:67:bd:2c:24:52:e6:00:
         90:8c:c3:bb:50:52:f7:1d:82:85:f9:f6:3a:9c:0e:3b:cd:db:
         d0:68:3d:1f:ad:bc:6d:0b:e8:73:63:00:b6:68:db:65:e3:90:
         67:05:9a:4a:36:c2:5b:0f:6f:10:7f:8c:b1:40:04:2d:61:63:
         9b:81:48:5d:97:a8:c4:43:36:f3:5f:33:9d:cb:53:70:5d:2c:
         0f:0f:1d:75:5b:37:c7:4f:51:dd:d5:b6:62:ea:e0:27:36:1a:
         c4:b9:0e:d4:cd:b6:4f:70:10:92:68:0e:f9:5b:5a:d5:9b:65:
         e5:30:98:49
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFAMG2VZ1iTYn+ecJJCe5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZWIzNGRkYTJmODA5NDk2ODQ5NDg5MjA2MzM1MWVlMGYx
MGU5MWEwHhcNMjQwMTAxMTIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTlkZTAyMzQ2NzcxNzkyNDg2NTUxMGZiODExZDZmOTM0ZjI3MTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+SEL5CwPR+3pswNVveoNqzYUoEh
lsIJPS05ENE6PK6ZqMEv73CZ8L1PDWsAo9og++/LO1nq5BHb5tew2UiJHxoPevXR
YK+ysqNcagKHueExUs0DmvVZuXakzaxCzFMOFDeiEpi5+gXiYy6yFxVDpbkmCLtg
7AYpaSWTXJ5NudmaDUdT0fQ3Y3Tm33QUylwP/niNuEw9yob6cQKIsowqIerounbK
n0we2vpcpAe4jR0nroSqsJOd/aYZfVVzPDKP6GkkMSiBoJouA+IrlJL0sWSRWId9
E/cy1Z5pEQlWY9sYTvQojUnGUVIiZ9riOigTGg5qS61+2oWBJik/GLkrYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCmd4CNGdxeSSGVRD7gR1vk08nEfMB8GA1UdIwQY
MBaAFMTrNN2i+AlJaElIkgYzUe4PEOkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEt
YTM0N2I1NmYzYjlhLzEvS1ozZ0kwWjNGNUpJWlZFUHVCSFctVFR5Y1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEtYTM0N2I1NmYzYjlh
LzEveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjqwAwQB
LVD6AwQCmFnkMA0GCSqGSIb3DQEBCwUAA4IBAQDXyYTE3O1kCKIAv+XHp1y09kZJ
mvHJTMb+/O4WJoebJD7p1KYiDDY1qYkilxuDRx6X1LnfIZ2z6g+XvQu+nwJJZQx0
XINTpV3emLhAoNdc9r6AQCzBwg9/uxLiEsqoR7Okan0e2FMxdBO7RspS4HCKXgwm
HCAMlVRZZQLqY30JTq24grv2CHCeTWe9LCRS5gCQjMO7UFL3HYKF+fY6nA47zdvQ
aD0frbxtC+hzYwC2aNtl45BnBZpKNsJbD28Qf4yxQAQtYWObgUhdl6jEQzbzXzOd
y1NwXSwPDx11WzfHT1Hd1bZi6uAnNhrEuQ7UzbZPcBCSaA75W1rVm2XlMJhJ
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:33:41 2024 by rpki-client on console-fra.rpki-client.org