Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/fENHGZXKCwhWgysUuP3BYxp9jv0.roa
File:                     fENHGZXKCwhWgysUuP3BYxp9jv0.roa (raw, json)
Hash identifier:          jVbLBohEHqkAgtkk34fvBLaVVG1fLM3ySuZLcCyR4CA=
Subject key identifier:   7C:43:47:19:95:CA:0B:08:56:83:2B:14:B8:FD:C1:63:1A:7D:8E:FD
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018F4CDA29324E4BA52818B7BC5AD5A84370
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/fENHGZXKCwhWgysUuP3BYxp9jv0.roa
Signing time:             Mon 06 May 2024 07:41:56 +0000
ROA not before:           Mon 06 May 2024 07:41:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60490
IP address blocks:        176.109.64.0/23 maxlen: 23
                          176.109.64.0/24 maxlen: 24
                          176.109.65.0/24 maxlen: 24
                          176.109.67.0/24 maxlen: 24
                          176.109.70.0/24 maxlen: 24
                          194.150.88.0/24 maxlen: 24
                          194.150.89.0/24 maxlen: 24
                          194.150.90.0/24 maxlen: 24
                          194.150.91.0/24 maxlen: 24
                          2a02:28:7::/48 maxlen: 48
                          2a02:2a:1000::/41 maxlen: 41

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4c:da:29:32:4e:4b:a5:28:18:b7:bc:5a:d5:a8:43:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: May  6 07:41:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c43471995ca0b0856832b14b8fdc1631a7d8efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d1:a2:ee:3f:99:80:c1:ed:fe:d8:ac:be:3f:
                    64:e5:22:77:7f:4d:b1:be:10:ee:2d:45:e6:0a:da:
                    18:ea:68:22:f7:7b:32:88:62:e1:c0:1e:ed:e9:29:
                    9a:2c:37:36:22:d3:5e:2b:f3:25:50:89:0d:db:a3:
                    25:7e:69:18:c6:4f:e9:d3:9e:60:2d:8b:cd:d5:de:
                    c6:c2:59:c8:ce:9a:e4:d8:1a:f0:3f:82:cd:66:a3:
                    18:66:f9:a7:49:47:75:1f:57:b3:a6:76:ae:1e:3a:
                    96:78:b6:e9:c6:08:7c:50:5e:22:6e:7b:1c:15:fa:
                    c2:42:2b:a6:5a:70:b7:72:34:6e:de:b5:c5:84:c7:
                    91:4b:d2:dc:8f:82:62:8e:9d:1b:d3:36:9a:aa:04:
                    75:c3:85:83:9d:26:7d:9a:65:2a:90:d6:3e:f8:07:
                    2e:97:4e:f9:c9:17:59:e8:a8:aa:c9:80:16:cf:3f:
                    57:b6:c8:ad:ad:0f:16:e6:1f:9a:e7:ed:78:35:a6:
                    40:85:48:b5:1e:72:cb:c0:62:39:20:f4:7f:38:92:
                    f4:47:b5:5c:ca:ad:45:99:72:e8:69:49:a5:28:fa:
                    a7:ef:22:c6:15:35:90:07:84:4e:39:09:dc:3b:ca:
                    70:f2:dc:23:c5:ac:3e:a1:6f:63:60:e1:7a:64:01:
                    3d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:43:47:19:95:CA:0B:08:56:83:2B:14:B8:FD:C1:63:1A:7D:8E:FD
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/fENHGZXKCwhWgysUuP3BYxp9jv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.109.64.0/23
                  176.109.67.0/24
                  176.109.70.0/24
                  194.150.88.0/22
                IPv6:
                  2a02:28:7::/48
                  2a02:2a:1000::/41

    Signature Algorithm: sha256WithRSAEncryption
         20:52:97:01:be:f2:a0:a9:ad:72:3c:79:bb:5c:ac:51:8d:bb:
         45:0d:35:cc:82:e5:38:7b:60:16:bb:ae:a1:c8:2f:c1:a7:25:
         ce:f2:1d:1a:2c:46:58:56:7c:c4:c5:cc:b2:9c:62:0b:ba:bb:
         83:e0:18:7b:5a:98:30:f6:a3:d6:d5:1d:25:4d:38:a8:8f:d7:
         ed:9d:1d:36:4c:a4:e3:56:1b:08:62:a9:30:1f:a2:c5:d2:5c:
         1f:fd:e6:b3:1e:4a:3d:05:38:51:63:5a:ad:67:9a:40:9d:ac:
         e3:e7:59:4b:11:ef:05:53:97:08:fc:72:9a:5a:8e:9f:cd:81:
         f3:d5:53:76:3f:61:f8:be:a3:9b:4d:0b:5a:94:9b:8d:d9:42:
         e2:d2:aa:1a:27:8d:c3:ae:38:a4:92:f9:30:81:7c:b3:9d:e2:
         6e:9f:62:63:77:52:90:41:e3:f7:90:67:d2:c8:4b:d1:13:50:
         9b:34:57:5a:89:cf:19:b7:b2:04:d7:11:51:40:4f:2f:90:43:
         c9:7e:bd:5d:9f:c1:a9:bd:d3:4d:a0:53:5f:3d:a7:f6:0b:82:
         a5:23:6b:f4:b5:78:77:01:cb:82:46:98:c2:54:da:29:d5:93:
         f5:67:21:66:27:de:db:29:bd:a1:58:37:89:d7:7f:50:b1:5e:
         54:a0:89:64
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY9M2ikyTkulKBi3vFrVqENwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwNTA2MDc0MTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzQzNDcxOTk1Y2EwYjA4NTY4MzJiMTRiOGZkYzE2MzFhN2Q4ZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtGi7j+ZgMHt/tisvj9k5SJ3f02x
vhDuLUXmCtoY6mgi93syiGLhwB7t6SmaLDc2ItNeK/MlUIkN26MlfmkYxk/p055g
LYvN1d7GwlnIzprk2BrwP4LNZqMYZvmnSUd1H1ezpnauHjqWeLbpxgh8UF4ibnsc
FfrCQiumWnC3cjRu3rXFhMeRS9Lcj4Jijp0b0zaaqgR1w4WDnSZ9mmUqkNY++Acu
l075yRdZ6KiqyYAWzz9XtsitrQ8W5h+a5+14NaZAhUi1HnLLwGI5IPR/OJL0R7Vc
yq1FmXLoaUmlKPqn7yLGFTWQB4ROOQncO8pw8twjxaw+oW9jYOF6ZAE9IwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFHxDRxmVygsIVoMrFLj9wWMafY79MB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvZkVOSEdaWEtDd2hXZ3lzVXVQM0JZeHA5anYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjAeBAIAATAYAwQBsG1AAwQA
sG1DAwQAsG1GAwQCwpZYMBgEAgACMBIDBwAqAgAoAAcDBwcqAgAqEAAwDQYJKoZI
hvcNAQELBQADggEBACBSlwG+8qCprXI8ebtcrFGNu0UNNcyC5Th7YBa7rqHIL8Gn
Jc7yHRosRlhWfMTFzLKcYgu6u4PgGHtamDD2o9bVHSVNOKiP1+2dHTZMpONWGwhi
qTAfosXSXB/95rMeSj0FOFFjWq1nmkCdrOPnWUsR7wVTlwj8cppajp/NgfPVU3Y/
Yfi+o5tNC1qUm43ZQuLSqhonjcOuOKSS+TCBfLOd4m6fYmN3UpBB4/eQZ9LIS9ET
UJs0V1qJzxm3sgTXEVFATy+QQ8l+vV2fwam9002gU189p/YLgqUja/S1eHcBy4JG
mMJU2inVk/VnIWYn3tspvaFYN4nXf1CxXlSgiWQ=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:52 2024 by rpki-client on console-fra.rpki-client.org