Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/67c605-010f-4592-a919-9ece0b25658e/1/53EbTN65wPXCJOivHixndKHBOPo.roa
File:                     53EbTN65wPXCJOivHixndKHBOPo.roa (raw, json)
Hash identifier:          fADBiJ6EYGfhJureuwDV1GqhbW0CdMKucNR+Cwe7La4=
Subject key identifier:   E7:71:1B:4C:DE:B9:C0:F5:C2:24:E8:AF:1E:2C:67:74:A1:C1:38:FA
Certificate issuer:       /CN=1c2d3755a3501b9cb0d5ebaa499e5ea149bcf08b
Certificate serial:       018CC4922F45FC89C9B241084CD4CF8640E0
Authority key identifier: 1C:2D:37:55:A3:50:1B:9C:B0:D5:EB:AA:49:9E:5E:A1:49:BC:F0:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HC03VaNQG5yw1euqSZ5eoUm88Is.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/67c605-010f-4592-a919-9ece0b25658e/1/53EbTN65wPXCJOivHixndKHBOPo.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61327
IP address blocks:        185.11.40.0/22 maxlen: 24
                          185.42.216.0/22 maxlen: 24
                          2a03:68c0::/32 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/67c605-010f-4592-a919-9ece0b25658e/1/HC03VaNQG5yw1euqSZ5eoUm88Is.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/67c605-010f-4592-a919-9ece0b25658e/1/HC03VaNQG5yw1euqSZ5eoUm88Is.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HC03VaNQG5yw1euqSZ5eoUm88Is.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2f:45:fc:89:c9:b2:41:08:4c:d4:cf:86:40:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c2d3755a3501b9cb0d5ebaa499e5ea149bcf08b
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7711b4cdeb9c0f5c224e8af1e2c6774a1c138fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:43:26:cf:de:22:ee:26:5b:41:60:0a:3a:c6:
                    bd:33:06:93:e1:a7:ae:dc:2d:e7:32:7e:e2:ae:d2:
                    1a:35:68:67:cb:2c:30:82:c7:f7:9b:6e:41:1e:49:
                    e2:24:55:85:6f:19:c3:40:29:20:51:03:86:2d:77:
                    13:54:db:da:71:f9:dc:55:18:ee:e9:31:e8:27:0b:
                    34:cf:41:6b:b3:cb:cb:bb:22:48:22:66:4d:44:34:
                    c4:fb:a7:eb:46:7e:7d:19:b7:0d:84:5b:5a:4c:22:
                    75:79:f1:84:c8:f0:23:8c:f8:8f:cd:a0:16:03:47:
                    68:3c:77:9b:5f:be:f7:e2:7f:16:45:81:72:60:8b:
                    43:03:3a:b5:c1:0c:d6:bf:d1:b8:25:80:6e:96:ed:
                    f4:b0:b2:39:47:1c:4d:0c:30:d5:eb:2c:c9:f0:b5:
                    df:46:ff:b5:5d:80:13:34:47:63:74:14:4a:f8:2f:
                    41:9c:21:8a:79:19:bb:42:93:f9:12:56:60:ab:e2:
                    a8:70:f9:f3:2a:60:11:01:26:d1:2b:71:30:47:ab:
                    3a:8b:6e:c2:a7:57:d5:d4:00:fc:2e:f1:f3:c1:38:
                    6c:c2:10:af:cb:93:23:53:af:f3:07:25:dc:73:71:
                    1f:e5:d7:3e:58:04:70:d8:6d:43:69:ba:2f:89:a9:
                    8d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:71:1B:4C:DE:B9:C0:F5:C2:24:E8:AF:1E:2C:67:74:A1:C1:38:FA
            X509v3 Authority Key Identifier:
                keyid:1C:2D:37:55:A3:50:1B:9C:B0:D5:EB:AA:49:9E:5E:A1:49:BC:F0:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HC03VaNQG5yw1euqSZ5eoUm88Is.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/67c605-010f-4592-a919-9ece0b25658e/1/53EbTN65wPXCJOivHixndKHBOPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/67c605-010f-4592-a919-9ece0b25658e/1/HC03VaNQG5yw1euqSZ5eoUm88Is.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.40.0/22
                  185.42.216.0/22
                IPv6:
                  2a03:68c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:94:e8:a5:0b:06:9f:e9:ba:90:02:81:7f:b7:78:58:ad:38:
         52:4c:79:4d:b8:da:42:b7:28:7a:13:5a:74:1e:ed:11:de:07:
         10:d3:fc:25:e7:fa:24:48:c6:bc:2e:2e:f6:41:68:42:78:2f:
         d5:1c:b9:48:d5:92:41:eb:8a:80:85:3a:2f:37:3a:fb:0b:f3:
         48:c0:ce:e4:69:9f:f1:2e:55:c1:b1:05:61:e3:7d:c0:e0:6e:
         02:13:56:4a:b2:33:e8:8b:bc:41:e0:ff:51:a4:08:cc:74:e0:
         0d:6f:cc:5f:85:65:13:8b:5b:f4:56:6c:a6:34:b6:d4:9c:61:
         80:10:f5:80:b1:7f:44:9f:69:5d:1f:76:11:a5:6a:b9:fd:2c:
         6d:40:9a:c5:63:9a:34:07:2f:64:68:35:0b:13:31:37:f9:22:
         71:77:b5:bc:51:48:d0:48:43:0f:9f:35:62:a8:f0:91:1e:88:
         c3:76:6d:9b:fd:12:38:99:51:27:eb:70:a9:b9:d8:f0:30:ba:
         a8:30:40:65:8c:92:1f:41:58:f4:d2:af:5f:ec:bf:1f:b6:94:
         07:63:74:1a:52:cb:5e:ea:79:96:e1:46:e2:07:94:52:0c:22:
         e7:66:86:2e:2d:0d:fa:bc:7d:65:6e:59:d0:d6:88:ec:df:4f:
         b2:4a:ec:cc
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEki9F/InJskEITNTPhkDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMmQzNzU1YTM1MDFiOWNiMGQ1ZWJhYTQ5OWU1ZWExNDli
Y2YwOGIwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzcxMWI0Y2RlYjljMGY1YzIyNGU4YWYxZTJjNjc3NGExYzEzOGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUMmz94i7iZbQWAKOsa9MwaT4aeu
3C3nMn7irtIaNWhnyywwgsf3m25BHkniJFWFbxnDQCkgUQOGLXcTVNvacfncVRju
6THoJws0z0Frs8vLuyJIImZNRDTE+6frRn59GbcNhFtaTCJ1efGEyPAjjPiPzaAW
A0doPHebX7734n8WRYFyYItDAzq1wQzWv9G4JYBulu30sLI5RxxNDDDV6yzJ8LXf
Rv+1XYATNEdjdBRK+C9BnCGKeRm7QpP5ElZgq+KocPnzKmARASbRK3EwR6s6i27C
p1fV1AD8LvHzwThswhCvy5MjU6/zByXcc3Ef5dc+WARw2G1DaboviamNUQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOdxG0zeucD1wiTorx4sZ3ShwTj6MB8GA1UdIwQY
MBaAFBwtN1WjUBucsNXrqkmeXqFJvPCLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEMwM1ZhTlFHNXl3MWV1cVNaNWVvVW04OElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC82N2M2MDUtMDEwZi00NTkyLWE5MTkt
OWVjZTBiMjU2NThlLzEvNTNFYlRONjV3UFhDSk9pdkhpeG5kS0hCT1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC82N2M2MDUtMDEwZi00NTkyLWE5MTktOWVjZTBiMjU2NThl
LzEvSEMwM1ZhTlFHNXl3MWV1cVNaNWVvVW04OElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuQsoAwQC
uSrYMA0EAgACMAcDBQAqA2jAMA0GCSqGSIb3DQEBCwUAA4IBAQAWlOilCwaf6bqQ
AoF/t3hYrThSTHlNuNpCtyh6E1p0Hu0R3gcQ0/wl5/okSMa8Li72QWhCeC/VHLlI
1ZJB64qAhTovNzr7C/NIwM7kaZ/xLlXBsQVh433A4G4CE1ZKsjPoi7xB4P9RpAjM
dOANb8xfhWUTi1v0VmymNLbUnGGAEPWAsX9En2ldH3YRpWq5/SxtQJrFY5o0By9k
aDULEzE3+SJxd7W8UUjQSEMPnzViqPCRHojDdm2b/RI4mVEn63CpudjwMLqoMEBl
jJIfQVj00q9f7L8ftpQHY3QaUste6nmW4UbiB5RSDCLnZoYuLQ36vH1lblnQ1ojs
30+ySuzM
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:54:47 2024 by rpki-client on console-ams.rpki-client.org