Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/1bmPhFmR4sfWFjy49SL0blkZWwA.roa
File:                     1bmPhFmR4sfWFjy49SL0blkZWwA.roa (raw, json)
Hash identifier:          2OTOwkZBB90MA/hey/N7G/nYVVKJ8g11EihorNWXh9A=
Subject key identifier:   D5:B9:8F:84:59:91:E2:C7:D6:16:3C:B8:F5:22:F4:6E:59:19:5B:00
Certificate issuer:       /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial:       018CC56ECD4AAFBF3950F2E3B34C5FFE8DC5
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/1bmPhFmR4sfWFjy49SL0blkZWwA.roa
Signing time:             Mon 01 Jan 2024 14:30:22 +0000
ROA not before:           Mon 01 Jan 2024 14:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        194.213.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:cd:4a:af:bf:39:50:f2:e3:b3:4c:5f:fe:8d:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
        Validity
            Not Before: Jan  1 14:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5b98f845991e2c7d6163cb8f522f46e59195b00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7d:cb:a4:1b:f0:96:cd:fa:10:a9:b9:9d:b8:
                    f4:2a:a6:6f:36:6b:51:59:54:8d:d0:ed:b8:7e:37:
                    2a:41:87:c4:16:23:d5:c8:ac:fd:78:08:f3:8e:1e:
                    5c:ba:4c:3b:a1:ed:33:cc:cc:ae:57:a8:4b:87:bc:
                    5d:46:f5:1a:2d:42:27:6c:03:e8:36:11:7c:2c:fc:
                    a5:39:93:3e:66:28:9c:88:04:e7:56:f7:aa:5e:54:
                    4f:26:1f:09:ff:57:c9:66:9f:89:ae:3f:92:7e:28:
                    b0:0c:3b:88:27:fb:ba:1e:1e:1d:d3:b6:55:58:51:
                    d1:b8:eb:0f:35:45:24:75:7a:4e:5f:a1:ea:6e:75:
                    e8:ef:fe:32:3d:01:ac:b0:db:6e:3c:3e:54:24:4f:
                    1a:a5:ae:85:d8:32:71:1e:bd:a8:94:f9:dc:38:9b:
                    c1:b1:48:be:44:33:5f:3c:08:db:ee:79:e3:aa:2f:
                    9c:20:ba:5d:c0:ff:74:c6:9e:08:88:96:ea:24:16:
                    2e:b0:88:0c:66:f7:8c:ea:62:db:bb:78:32:a7:56:
                    43:a1:84:f4:97:07:22:50:95:85:46:f0:8f:79:b2:
                    60:e3:b2:76:b5:25:76:cc:4e:5d:95:58:e5:1c:fd:
                    78:8c:1d:06:0c:c8:d6:61:df:32:c1:51:d1:ef:f0:
                    d5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B9:8F:84:59:91:E2:C7:D6:16:3C:B8:F5:22:F4:6E:59:19:5B:00
            X509v3 Authority Key Identifier:
                keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/1bmPhFmR4sfWFjy49SL0blkZWwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:04:1c:be:dc:bb:15:ed:2d:32:f6:a5:37:c4:33:49:69:80:
         fc:b7:2f:74:76:df:06:36:bc:55:53:09:a9:b8:a6:c5:da:8c:
         0c:4f:e9:a5:7a:02:d7:8a:f5:23:63:b1:15:02:25:94:e7:87:
         86:46:7e:92:00:8a:a7:9f:2c:8a:f0:d4:64:4f:0a:3b:ac:c8:
         36:9e:0a:ec:dd:b3:7f:b3:51:04:fe:f6:40:a6:d3:b9:f4:b1:
         98:99:7f:5f:11:f7:79:39:c9:92:4a:b2:b5:11:47:07:72:fc:
         01:c1:f1:d1:33:a2:67:90:b6:cb:ce:ac:a0:9b:53:5e:93:6c:
         e8:a9:31:5e:3d:3b:cc:93:4e:04:02:aa:b0:98:09:14:19:13:
         e5:77:f2:46:20:a9:31:df:81:26:2b:41:82:c2:b3:cc:1d:7c:
         97:f2:89:46:1b:3b:bb:fd:31:94:e1:0a:e4:c7:55:10:62:38:
         8d:03:41:bf:ba:22:93:79:e3:b2:ee:f6:52:93:88:4f:b7:84:
         64:44:bb:ef:4b:5f:95:64:c0:40:b4:ac:8f:ff:eb:a4:81:72:
         d5:83:42:c5:90:7a:ef:4d:06:6f:c3:60:fb:50:4d:1f:fb:4d:
         25:c2:58:26:d0:79:42:f3:43:bb:47:bc:7b:b1:7a:43:f3:30:
         9e:cc:c0:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbs1Kr785UPLjs0xf/o3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjQwMTAxMTQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWI5OGY4NDU5OTFlMmM3ZDYxNjNjYjhmNTIyZjQ2ZTU5MTk1YjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv33LpBvwls36EKm5nbj0KqZvNmtR
WVSN0O24fjcqQYfEFiPVyKz9eAjzjh5cukw7oe0zzMyuV6hLh7xdRvUaLUInbAPo
NhF8LPylOZM+ZiiciATnVveqXlRPJh8J/1fJZp+Jrj+SfiiwDDuIJ/u6Hh4d07ZV
WFHRuOsPNUUkdXpOX6HqbnXo7/4yPQGssNtuPD5UJE8apa6F2DJxHr2olPncOJvB
sUi+RDNfPAjb7nnjqi+cILpdwP90xp4IiJbqJBYusIgMZveM6mLbu3gyp1ZDoYT0
lwciUJWFRvCPebJg47J2tSV2zE5dlVjlHP14jB0GDMjWYd8ywVHR7/DV0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNW5j4RZkeLH1hY8uPUi9G5ZGVsAMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvMWJtUGhGbVI0c2ZXRmp5NDlTTDBibGtaV3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtUUMA0G
CSqGSIb3DQEBCwUAA4IBAQBvBBy+3LsV7S0y9qU3xDNJaYD8ty90dt8GNrxVUwmp
uKbF2owMT+mlegLXivUjY7EVAiWU54eGRn6SAIqnnyyK8NRkTwo7rMg2ngrs3bN/
s1EE/vZAptO59LGYmX9fEfd5OcmSSrK1EUcHcvwBwfHRM6JnkLbLzqygm1Nek2zo
qTFePTvMk04EAqqwmAkUGRPld/JGIKkx34EmK0GCwrPMHXyX8olGGzu7/TGU4Qrk
x1UQYjiNA0G/uiKTeeOy7vZSk4hPt4RkRLvvS1+VZMBAtKyP/+ukgXLVg0LFkHrv
TQZvw2D7UE0f+00lwlgm0HlC80O7R7x7sXpD8zCezMBn
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:43:16 2024 by rpki-client on console-fra.rpki-client.org