Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/abacf1-f4c6-4710-93e9-fc83db13f3a1/1/mWcgUYzwcY21P3WT4JyVYaq5b28.roa
File:                     mWcgUYzwcY21P3WT4JyVYaq5b28.roa (raw, json)
Hash identifier:          LEPfK/SZ96vfo4FnLxAkn8Q4VMoOflW/bmtwNQo6Y78=
Subject key identifier:   99:67:20:51:8C:F0:71:8D:B5:3F:75:93:E0:9C:95:61:AA:B9:6F:6F
Certificate issuer:       /CN=f875df13bf8c1ba8b10e2da480ae61a5348ab8e9
Certificate serial:       018CCA28F6BD5F12FCAE63224744906AB768
Authority key identifier: F8:75:DF:13:BF:8C:1B:A8:B1:0E:2D:A4:80:AE:61:A5:34:8A:B8:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-HXfE7-MG6ixDi2kgK5hpTSKuOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/abacf1-f4c6-4710-93e9-fc83db13f3a1/1/mWcgUYzwcY21P3WT4JyVYaq5b28.roa
Signing time:             Tue 02 Jan 2024 12:32:11 +0000
ROA not before:           Tue 02 Jan 2024 12:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50919
IP address blocks:        178.23.72.0/21 maxlen: 21
                          194.62.224.0/22 maxlen: 22
                          188.164.200.0/21 maxlen: 21
                          2a00:1f68::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/abacf1-f4c6-4710-93e9-fc83db13f3a1/1/1-HXfE7-MG6ixDi2kgK5hpTSKuOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/abacf1-f4c6-4710-93e9-fc83db13f3a1/1/1-HXfE7-MG6ixDi2kgK5hpTSKuOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-HXfE7-MG6ixDi2kgK5hpTSKuOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:f6:bd:5f:12:fc:ae:63:22:47:44:90:6a:b7:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f875df13bf8c1ba8b10e2da480ae61a5348ab8e9
        Validity
            Not Before: Jan  2 12:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=996720518cf0718db53f7593e09c9561aab96f6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:96:88:0a:be:d2:22:dc:b5:63:2c:67:d9:cb:
                    83:73:6b:ed:04:c2:34:00:dd:50:1b:52:81:e0:15:
                    e9:47:11:34:a7:3b:02:64:ac:b6:86:11:a6:b2:ed:
                    69:98:0f:b5:e2:a7:fa:3f:a9:d5:0b:b3:8f:ca:37:
                    46:92:69:cc:ac:e7:e7:e0:e5:8c:e5:2f:74:f0:a9:
                    0a:0d:bb:88:cd:4a:59:79:8b:25:b9:c2:21:b5:fc:
                    93:44:ed:b4:5a:03:93:95:29:e5:56:47:76:31:28:
                    01:17:54:c2:0b:42:88:4e:48:08:bc:79:2c:ef:c8:
                    a3:b9:7f:64:ec:c0:e8:9f:02:7b:90:d9:89:43:e5:
                    ad:91:54:5c:d6:65:0d:e7:3e:e9:95:30:ee:e2:7c:
                    23:96:76:13:6f:bf:aa:8f:32:25:50:55:96:7e:e4:
                    f7:7a:a9:68:2b:87:49:b5:55:06:65:4a:1f:02:b2:
                    31:06:9f:4b:64:6d:15:fc:c9:14:c9:ea:22:40:52:
                    a9:1c:c7:09:00:1d:36:37:ee:9b:93:89:b7:1d:49:
                    33:bc:d0:05:d6:86:75:4a:dd:f5:50:2a:c7:ad:a8:
                    a6:8b:a2:e3:bf:13:37:ba:72:93:aa:41:c9:2d:b5:
                    48:81:fe:b6:a5:ff:6d:49:11:8b:fc:d2:45:19:4c:
                    12:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:67:20:51:8C:F0:71:8D:B5:3F:75:93:E0:9C:95:61:AA:B9:6F:6F
            X509v3 Authority Key Identifier:
                keyid:F8:75:DF:13:BF:8C:1B:A8:B1:0E:2D:A4:80:AE:61:A5:34:8A:B8:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-HXfE7-MG6ixDi2kgK5hpTSKuOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/abacf1-f4c6-4710-93e9-fc83db13f3a1/1/mWcgUYzwcY21P3WT4JyVYaq5b28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/abacf1-f4c6-4710-93e9-fc83db13f3a1/1/1-HXfE7-MG6ixDi2kgK5hpTSKuOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.23.72.0/21
                  188.164.200.0/21
                  194.62.224.0/22
                IPv6:
                  2a00:1f68::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:0b:01:60:88:fb:3c:ba:32:4a:08:33:a5:93:f1:ac:b1:e6:
         46:3c:2b:6a:6c:eb:a5:b3:a5:bd:5b:ce:5d:6a:94:31:69:58:
         45:1f:d5:f6:c3:f4:ca:46:1a:67:69:a4:64:7c:60:4e:e9:54:
         80:a1:be:39:89:0b:7f:aa:0f:e7:d5:f0:8f:a4:09:7e:1d:e1:
         48:c8:aa:dc:5d:dc:5f:98:4b:b7:88:50:e1:80:e1:0e:e9:a5:
         6d:74:11:cd:3c:d8:1b:10:33:28:83:1f:32:2b:dd:f2:79:42:
         03:ad:0c:1a:a9:8b:58:95:c0:73:9b:8f:ef:a4:e9:a8:e2:af:
         2a:72:a8:5e:08:aa:30:b5:9e:0d:c5:d7:23:51:80:28:da:a5:
         27:ed:b6:d7:7f:e7:da:27:5d:87:9c:e3:e1:58:0d:79:23:0b:
         94:be:fb:ba:b3:e7:a3:65:bc:29:d0:a3:86:4f:a2:72:ae:cc:
         68:4b:e6:0b:c5:c2:58:47:17:22:43:7c:0d:b3:1a:b8:8a:20:
         cd:e4:6f:c4:48:3d:76:b7:c2:4e:d0:40:3f:3e:ed:21:4a:ad:
         8c:a5:43:f2:60:43:cd:79:65:86:30:9b:20:88:17:28:38:17:
         3d:19:33:2b:f5:ba:10:e1:96:9b:f2:06:57:bc:ee:cd:c0:07:
         0b:0c:56:23
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzKKPa9XxL8rmMiR0SQardoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NzVkZjEzYmY4YzFiYThiMTBlMmRhNDgwYWU2MWE1MzQ4
YWI4ZTkwHhcNMjQwMTAyMTIzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTY3MjA1MThjZjA3MThkYjUzZjc1OTNlMDljOTU2MWFhYjk2ZjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8paICr7SIty1Yyxn2cuDc2vtBMI0
AN1QG1KB4BXpRxE0pzsCZKy2hhGmsu1pmA+14qf6P6nVC7OPyjdGkmnMrOfn4OWM
5S908KkKDbuIzUpZeYslucIhtfyTRO20WgOTlSnlVkd2MSgBF1TCC0KITkgIvHks
78ijuX9k7MDonwJ7kNmJQ+WtkVRc1mUN5z7plTDu4nwjlnYTb7+qjzIlUFWWfuT3
eqloK4dJtVUGZUofArIxBp9LZG0V/MkUyeoiQFKpHMcJAB02N+6bk4m3HUkzvNAF
1oZ1St31UCrHraimi6LjvxM3unKTqkHJLbVIgf62pf9tSRGL/NJFGUwStwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFJlnIFGM8HGNtT91k+CclWGquW9vMB8GA1UdIwQY
MBaAFPh13xO/jBuosQ4tpICuYaU0irjpMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1IWGZFNy1NRzZpeERpMmtnSzVocFRTS3VPay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2IvYWJhY2YxLWY0YzYtNDcxMC05M2U5
LWZjODNkYjEzZjNhMS8xL21XY2dVWXp3Y1kyMVAzV1Q0SnlWWWFxNWIyOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2IvYWJhY2YxLWY0YzYtNDcxMC05M2U5LWZjODNkYjEzZjNh
MS8xLzEtSFhmRTctTUc2aXhEaTJrZ0s1aHBUU0t1T2suY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOgYIKwYBBQUHAQcBAf8EKzApMBgEAgABMBIDBAOyF0gD
BAO8pMgDBALCPuAwDQQCAAIwBwMFACoAH2gwDQYJKoZIhvcNAQELBQADggEBAJYL
AWCI+zy6MkoIM6WT8ayx5kY8K2ps66Wzpb1bzl1qlDFpWEUf1fbD9MpGGmdppGR8
YE7pVIChvjmJC3+qD+fV8I+kCX4d4UjIqtxd3F+YS7eIUOGA4Q7ppW10Ec082BsQ
MyiDHzIr3fJ5QgOtDBqpi1iVwHObj++k6ajirypyqF4IqjC1ng3F1yNRgCjapSft
ttd/59onXYec4+FYDXkjC5S++7qz56NlvCnQo4ZPonKuzGhL5gvFwlhHFyJDfA2z
GriKIM3kb8RIPXa3wk7QQD8+7SFKrYylQ/JgQ815ZYYwmyCIFyg4Fz0ZMyv1uhDh
lpvyBle87s3ABwsMViM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:07:20 2024 by rpki-client on console-fra.rpki-client.org