Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/R94vGDYsv5pRv5vsg5qkexr6uoI.roa
File:                     R94vGDYsv5pRv5vsg5qkexr6uoI.roa (raw, json)
Hash identifier:          MtmkrSQ3fTN3ZC4aZPOTdgQJw9YNBNZvk1Y/w87dKyQ=
Subject key identifier:   47:DE:2F:18:36:2C:BF:9A:51:BF:9B:EC:83:9A:A4:7B:1A:FA:BA:82
Certificate issuer:       /CN=4c911324e869bc4ca5ec8bad0d3ddff685441979
Certificate serial:       018CC5DC064325D418FAF508BBB7734F3260
Authority key identifier: 4C:91:13:24:E8:69:BC:4C:A5:EC:8B:AD:0D:3D:DF:F6:85:44:19:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/R94vGDYsv5pRv5vsg5qkexr6uoI.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24995
IP address blocks:        185.194.188.0/22 maxlen: 24
                          193.201.60.0/22 maxlen: 24
                          94.199.160.0/22 maxlen: 22
                          94.199.160.0/21 maxlen: 24
                          2a02:680::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:06:43:25:d4:18:fa:f5:08:bb:b7:73:4f:32:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c911324e869bc4ca5ec8bad0d3ddff685441979
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47de2f18362cbf9a51bf9bec839aa47b1afaba82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c6:42:84:f7:05:f1:9b:54:2a:9e:7f:ea:c4:
                    74:89:6e:0e:a2:a8:c0:1b:e4:0c:4d:3a:4b:1f:7c:
                    26:2d:bf:28:ee:68:58:b5:51:9a:f4:c9:b9:00:2d:
                    8c:c1:54:f2:3d:3b:93:6b:96:b8:a8:9e:f5:eb:b0:
                    37:57:6b:dd:1e:99:90:6b:62:d3:96:6a:3d:68:5d:
                    d7:5b:c7:5c:5f:b4:f5:20:f3:0b:4e:c7:09:82:4e:
                    1c:6c:62:69:e6:15:08:6c:6e:79:36:a5:d7:4e:48:
                    ce:8a:86:d4:c1:55:19:85:66:8f:4f:4f:cf:2d:41:
                    16:9b:83:db:15:26:fb:a7:46:54:11:f7:91:2f:b3:
                    51:3a:16:cb:bc:6e:bf:82:ca:af:a1:91:b8:20:67:
                    1f:f8:ce:34:74:91:e2:c1:7d:f7:9f:bf:36:8d:df:
                    98:51:dc:f1:d0:4c:8d:58:8c:c6:68:44:d2:08:9e:
                    b1:3d:86:0a:ee:a1:dc:21:e7:29:17:35:f5:40:9d:
                    86:e8:f8:f0:7a:f6:74:e9:59:11:8b:bf:69:2a:37:
                    1e:35:86:df:b1:90:b9:ce:a0:b5:a6:d2:67:05:b5:
                    63:71:c1:3e:3f:a6:b3:76:fa:45:4e:a5:20:64:7b:
                    88:5a:bb:a4:7c:7c:44:0b:f0:8c:52:78:6d:42:9f:
                    a1:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:DE:2F:18:36:2C:BF:9A:51:BF:9B:EC:83:9A:A4:7B:1A:FA:BA:82
            X509v3 Authority Key Identifier:
                keyid:4C:91:13:24:E8:69:BC:4C:A5:EC:8B:AD:0D:3D:DF:F6:85:44:19:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/R94vGDYsv5pRv5vsg5qkexr6uoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.160.0/21
                  185.194.188.0/22
                  193.201.60.0/22
                IPv6:
                  2a02:680::/36

    Signature Algorithm: sha256WithRSAEncryption
         92:99:da:e1:bc:0e:05:59:34:6c:60:fe:f6:21:4c:b7:7e:40:
         8a:a8:df:8f:9f:f4:e3:cf:30:91:ab:9a:b9:0a:89:4d:24:b2:
         c5:72:b7:66:64:07:89:f2:b9:db:38:e8:50:7b:b6:dc:50:55:
         22:e9:fa:7d:a7:1d:88:f8:62:6a:bf:13:4d:e6:42:f5:98:61:
         f3:c5:36:83:f1:e4:77:50:4d:7e:c5:39:c3:f1:b9:8d:d9:3d:
         13:bc:84:85:ed:00:5a:63:34:9e:d5:00:dc:15:be:b7:5d:b0:
         dd:cc:20:41:d1:0a:12:7f:82:4f:aa:d2:fa:1d:c1:dc:e7:53:
         2b:16:ab:67:69:6b:ba:1e:34:6f:1b:4a:e1:ca:e3:a5:c1:4e:
         d0:c0:46:ea:a4:e5:42:f0:2b:81:e3:a9:c2:1e:eb:87:76:66:
         e8:f8:42:78:bf:83:7b:6b:e8:7e:58:e5:9f:35:c7:fc:b8:80:
         96:ec:fa:a4:93:cc:cb:f4:ff:55:42:36:b3:7e:78:b5:af:c9:
         ed:54:e7:f2:0a:ba:ab:63:9b:d4:6a:92:0f:dd:1c:98:30:3a:
         e8:4d:7a:ac:61:04:90:d9:0f:bc:ae:24:72:cf:1f:16:77:61:
         93:1f:56:44:5b:33:11:6f:ad:3d:36:a9:4a:e9:10:2e:8a:2b:
         14:db:40:aa
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzF3AZDJdQY+vUIu7dzTzJgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOTExMzI0ZTg2OWJjNGNhNWVjOGJhZDBkM2RkZmY2ODU0
NDE5NzkwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2RlMmYxODM2MmNiZjlhNTFiZjliZWM4MzlhYTQ3YjFhZmFiYTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMZChPcF8ZtUKp5/6sR0iW4OoqjA
G+QMTTpLH3wmLb8o7mhYtVGa9Mm5AC2MwVTyPTuTa5a4qJ7167A3V2vdHpmQa2LT
lmo9aF3XW8dcX7T1IPMLTscJgk4cbGJp5hUIbG55NqXXTkjOiobUwVUZhWaPT0/P
LUEWm4PbFSb7p0ZUEfeRL7NROhbLvG6/gsqvoZG4IGcf+M40dJHiwX33n782jd+Y
Udzx0EyNWIzGaETSCJ6xPYYK7qHcIecpFzX1QJ2G6PjwevZ06VkRi79pKjceNYbf
sZC5zqC1ptJnBbVjccE+P6azdvpFTqUgZHuIWrukfHxEC/CMUnhtQp+hDwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFEfeLxg2LL+aUb+b7IOapHsa+rqCMB8GA1UdIwQY
MBaAFEyREyToabxMpeyLrQ093/aFRBl5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEpFVEpPaHB2RXlsN0l1dERUM2Y5b1ZFR1hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yYjM4YjMtMTJmMS00MjQyLWFkYWUt
YjdkMWNhYzUxZTBjLzEvUjk0dkdEWXN2NXBSdjV2c2c1cWtleHI2dW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yYjM4YjMtMTJmMS00MjQyLWFkYWUtYjdkMWNhYzUxZTBj
LzEvVEpFVEpPaHB2RXlsN0l1dERUM2Y5b1ZFR1hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQDXsegAwQC
ucK8AwQCwck8MA4EAgACMAgDBgQqAgaAADANBgkqhkiG9w0BAQsFAAOCAQEAkpna
4bwOBVk0bGD+9iFMt35Aiqjfj5/0488wkauauQqJTSSyxXK3ZmQHifK52zjoUHu2
3FBVIun6facdiPhiar8TTeZC9Zhh88U2g/Hkd1BNfsU5w/G5jdk9E7yEhe0AWmM0
ntUA3BW+t12w3cwgQdEKEn+CT6rS+h3B3OdTKxarZ2lruh40bxtK4crjpcFO0MBG
6qTlQvArgeOpwh7rh3Zm6PhCeL+De2vofljlnzXH/LiAluz6pJPMy/T/VUI2s354
ta/J7VTn8gq6q2Ob1GqSD90cmDA66E16rGEEkNkPvK4kcs8fFndhkx9WRFszEW+t
PTapSukQLoorFNtAqg==
-----END CERTIFICATE-----
Generated at Sun Jun 16 06:45:48 2024 by rpki-client on console-fra.rpki-client.org