Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/886163-65b3-4599-bf4b-f36cd8790b0a/1/GyCW7_agtd8HAHuz_GWTU4PF_bo.roa
File:                     GyCW7_agtd8HAHuz_GWTU4PF_bo.roa (raw, json)
Hash identifier:          n6oELK/+8OlfyKyCEH16j6e6+8FoR7ic6tjVeZwAWFc=
Subject key identifier:   1B:20:96:EF:F6:A0:B5:DF:07:00:7B:B3:FC:65:93:53:83:C5:FD:BA
Certificate issuer:       /CN=1ea7a6afb21bb148742f6155d1a39afc8fc7e79c
Certificate serial:       018CC6B7850FB342EDEABC851EFC55865D1D
Authority key identifier: 1E:A7:A6:AF:B2:1B:B1:48:74:2F:61:55:D1:A3:9A:FC:8F:C7:E7:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hqemr7IbsUh0L2FV0aOa_I_H55w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/886163-65b3-4599-bf4b-f36cd8790b0a/1/GyCW7_agtd8HAHuz_GWTU4PF_bo.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211501
IP address blocks:        194.26.238.0/24 maxlen: 24
                          2a11:75c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/886163-65b3-4599-bf4b-f36cd8790b0a/1/Hqemr7IbsUh0L2FV0aOa_I_H55w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/886163-65b3-4599-bf4b-f36cd8790b0a/1/Hqemr7IbsUh0L2FV0aOa_I_H55w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hqemr7IbsUh0L2FV0aOa_I_H55w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:85:0f:b3:42:ed:ea:bc:85:1e:fc:55:86:5d:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ea7a6afb21bb148742f6155d1a39afc8fc7e79c
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b2096eff6a0b5df07007bb3fc65935383c5fdba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e5:88:60:bf:6d:d8:d1:33:9b:2e:01:fa:09:
                    8d:1c:2d:2a:b1:e5:89:36:85:8a:cc:b6:00:26:86:
                    b7:75:56:94:cc:e3:62:d1:f7:a2:1b:29:07:d5:4f:
                    3f:1a:ca:97:ed:d7:66:75:95:c4:fe:83:ed:1c:39:
                    e3:9a:81:db:9b:44:69:04:f8:ad:9e:43:3c:63:d6:
                    28:87:c6:8f:51:8d:0c:18:e9:bb:80:9c:9f:b7:b6:
                    b5:f8:48:bb:eb:6e:ed:82:e5:a4:81:64:ab:73:19:
                    e4:0b:e8:47:27:14:52:3b:e2:59:90:f6:c0:dc:b4:
                    7e:dd:f1:8d:1f:0a:e3:f3:c0:f2:33:2f:42:84:af:
                    a8:a6:3c:57:67:74:3d:7e:ab:f4:e1:c9:4c:3f:c8:
                    ad:51:bb:8f:c0:5d:7a:3f:c8:66:eb:fe:6e:4b:fd:
                    be:3c:2b:84:3b:32:5d:ef:62:b0:92:6d:ec:90:18:
                    b3:32:2c:08:b7:85:59:10:5d:f7:1f:0c:2f:57:3c:
                    e8:bc:02:be:2f:9f:59:4a:ab:5a:66:d9:ec:03:c1:
                    1f:f3:de:92:a3:37:0b:07:26:1c:ac:21:73:e8:1b:
                    c8:10:8b:d0:92:53:4b:ef:6a:5a:d4:58:54:8d:7e:
                    04:6a:f2:e7:d8:68:4b:d5:c5:03:10:18:6f:98:85:
                    b4:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:20:96:EF:F6:A0:B5:DF:07:00:7B:B3:FC:65:93:53:83:C5:FD:BA
            X509v3 Authority Key Identifier:
                keyid:1E:A7:A6:AF:B2:1B:B1:48:74:2F:61:55:D1:A3:9A:FC:8F:C7:E7:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hqemr7IbsUh0L2FV0aOa_I_H55w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/886163-65b3-4599-bf4b-f36cd8790b0a/1/GyCW7_agtd8HAHuz_GWTU4PF_bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/886163-65b3-4599-bf4b-f36cd8790b0a/1/Hqemr7IbsUh0L2FV0aOa_I_H55w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.238.0/24
                IPv6:
                  2a11:75c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:41:2c:84:aa:34:da:45:e7:7c:be:09:b7:fc:7f:2e:65:a4:
         d0:a4:b7:4c:77:44:5b:42:d5:fa:30:18:88:20:d6:4b:48:76:
         dc:f3:6a:fe:a3:0b:4c:9a:8e:a4:b6:26:ae:8c:71:9b:92:55:
         8f:ef:60:06:ee:7f:7c:82:db:5d:df:b5:3f:9c:9f:aa:10:8a:
         0f:da:8d:7b:24:a0:50:88:b0:ea:f9:3a:58:1b:1d:1e:c2:24:
         a2:8c:14:89:e4:4a:c5:8e:a2:ce:2d:cc:38:72:2e:6a:a9:da:
         0c:57:c5:87:1a:38:e5:a7:92:a1:0a:a2:f8:71:b9:61:bd:e0:
         43:87:13:c0:b7:4a:cc:0e:be:ae:57:e0:0b:77:ee:d9:27:17:
         61:aa:c6:32:ac:cb:33:25:e4:45:d8:a3:b6:cd:8b:2e:68:62:
         cb:a4:3f:f6:a0:d8:d8:79:1c:fd:a7:c2:61:c5:a2:b3:c0:9f:
         6e:94:a6:d5:08:94:5d:9d:5b:b3:33:41:a5:de:e1:d1:c6:1c:
         97:de:9c:b5:58:3e:83:8f:44:05:23:bc:f4:7d:b2:6b:b0:dc:
         9e:01:45:10:0e:59:4d:32:10:46:70:5c:d9:ed:e6:6a:4b:5c:
         94:d1:3c:e8:e6:c9:e2:02:5b:03:d1:34:10:1d:09:63:54:ff:
         46:19:3c:66
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt4UPs0Lt6ryFHvxVhl0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYTdhNmFmYjIxYmIxNDg3NDJmNjE1NWQxYTM5YWZjOGZj
N2U3OWMwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjIwOTZlZmY2YTBiNWRmMDcwMDdiYjNmYzY1OTM1MzgzYzVmZGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOWIYL9t2NEzmy4B+gmNHC0qseWJ
NoWKzLYAJoa3dVaUzONi0feiGykH1U8/GsqX7ddmdZXE/oPtHDnjmoHbm0RpBPit
nkM8Y9Yoh8aPUY0MGOm7gJyft7a1+Ei7627tguWkgWSrcxnkC+hHJxRSO+JZkPbA
3LR+3fGNHwrj88DyMy9ChK+opjxXZ3Q9fqv04clMP8itUbuPwF16P8hm6/5uS/2+
PCuEOzJd72Kwkm3skBizMiwIt4VZEF33HwwvVzzovAK+L59ZSqtaZtnsA8Ef896S
ozcLByYcrCFz6BvIEIvQklNL72pa1FhUjX4EavLn2GhL1cUDEBhvmIW0GwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBsglu/2oLXfBwB7s/xlk1ODxf26MB8GA1UdIwQY
MBaAFB6npq+yG7FIdC9hVdGjmvyPx+ecMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHFlbXI3SWJzVWgwTDJGVjBhT2FfSV9INTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84ODYxNjMtNjViMy00NTk5LWJmNGIt
ZjM2Y2Q4NzkwYjBhLzEvR3lDVzdfYWd0ZDhIQUh1el9HV1RVNFBGX2JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84ODYxNjMtNjViMy00NTk5LWJmNGItZjM2Y2Q4NzkwYjBh
LzEvSHFlbXI3SWJzVWgwTDJGVjBhT2FfSV9INTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwhruMA0E
AgACMAcDBQMqEXXAMA0GCSqGSIb3DQEBCwUAA4IBAQAzQSyEqjTaRed8vgm3/H8u
ZaTQpLdMd0RbQtX6MBiIINZLSHbc82r+owtMmo6ktiaujHGbklWP72AG7n98gttd
37U/nJ+qEIoP2o17JKBQiLDq+TpYGx0ewiSijBSJ5ErFjqLOLcw4ci5qqdoMV8WH
Gjjlp5KhCqL4cblhveBDhxPAt0rMDr6uV+ALd+7ZJxdhqsYyrMszJeRF2KO2zYsu
aGLLpD/2oNjYeRz9p8JhxaKzwJ9ulKbVCJRdnVuzM0Gl3uHRxhyX3py1WD6Dj0QF
I7z0fbJrsNyeAUUQDllNMhBGcFzZ7eZqS1yU0Tzo5sniAlsD0TQQHQljVP9GGTxm
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:40 2024 by rpki-client on console-fra.rpki-client.org