Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/424b94-e702-4b22-ae2e-0890520b8846/1/e9VBkjn0Yvvk4UM3TajHrAEkQdw.roa
File:                     e9VBkjn0Yvvk4UM3TajHrAEkQdw.roa (raw, json)
Hash identifier:          ECpwXVnWne3Pc7gUkhfVgrc5IFF0li9CYL+U+q+dUXY=
Subject key identifier:   7B:D5:41:92:39:F4:62:FB:E4:E1:43:37:4D:A8:C7:AC:01:24:41:DC
Certificate issuer:       /CN=68bd39d793125c684dff272f88622bac432180f0
Certificate serial:       018CC26D547ABAF751D112EC947D33FD81BA
Authority key identifier: 68:BD:39:D7:93:12:5C:68:4D:FF:27:2F:88:62:2B:AC:43:21:80:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aL0515MSXGhN_ycviGIrrEMhgPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/424b94-e702-4b22-ae2e-0890520b8846/1/e9VBkjn0Yvvk4UM3TajHrAEkQdw.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197650
IP address blocks:        62.102.152.0/21 maxlen: 21
                          185.30.112.0/24 maxlen: 24
                          185.30.113.0/24 maxlen: 24
                          185.30.114.0/24 maxlen: 24
                          185.30.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/424b94-e702-4b22-ae2e-0890520b8846/1/aL0515MSXGhN_ycviGIrrEMhgPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/424b94-e702-4b22-ae2e-0890520b8846/1/aL0515MSXGhN_ycviGIrrEMhgPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aL0515MSXGhN_ycviGIrrEMhgPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:54:7a:ba:f7:51:d1:12:ec:94:7d:33:fd:81:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68bd39d793125c684dff272f88622bac432180f0
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bd5419239f462fbe4e143374da8c7ac012441dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ef:ec:5c:61:13:18:64:a6:00:0c:a6:18:c0:
                    73:49:4c:43:bb:65:d4:cc:28:58:96:ae:77:80:41:
                    48:29:2f:90:6b:0e:b7:af:e8:98:a5:bc:15:e2:34:
                    05:b6:c8:c4:28:dd:4a:d6:c3:27:81:54:3c:e4:9d:
                    1c:e8:99:be:af:37:69:ff:49:f0:68:18:59:4c:a5:
                    ae:c8:6b:d3:70:a1:f4:a8:69:35:24:c1:89:f6:cc:
                    7d:bf:3e:03:48:18:f8:3f:e6:ed:15:b4:b6:bb:c4:
                    33:81:c2:f0:df:f6:8d:65:b7:5f:59:a4:20:6c:33:
                    fb:32:38:f7:33:6a:21:0c:30:b0:b6:f5:4f:3c:59:
                    26:2e:b7:58:df:e8:b1:e6:2d:2d:66:ea:b2:f5:90:
                    3d:a0:17:3d:3d:21:4e:3f:34:fc:38:b0:bb:53:5f:
                    26:4b:f3:56:ae:50:d2:ee:46:f6:4f:5f:c5:38:ba:
                    8b:7e:62:e4:6b:f8:36:37:d0:01:35:0f:34:86:8a:
                    e8:98:57:6a:99:6e:8a:4c:4e:2c:10:0a:ea:da:da:
                    2a:de:1b:e7:79:2f:c6:00:9b:82:5d:1e:76:9f:36:
                    32:54:22:95:92:6e:f2:83:eb:d8:13:57:d8:be:d0:
                    31:39:de:e2:6d:5a:49:ae:0b:a0:1b:d5:88:33:56:
                    9e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D5:41:92:39:F4:62:FB:E4:E1:43:37:4D:A8:C7:AC:01:24:41:DC
            X509v3 Authority Key Identifier:
                keyid:68:BD:39:D7:93:12:5C:68:4D:FF:27:2F:88:62:2B:AC:43:21:80:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aL0515MSXGhN_ycviGIrrEMhgPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/424b94-e702-4b22-ae2e-0890520b8846/1/e9VBkjn0Yvvk4UM3TajHrAEkQdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/424b94-e702-4b22-ae2e-0890520b8846/1/aL0515MSXGhN_ycviGIrrEMhgPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.102.152.0/21
                  185.30.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:7c:eb:c2:8b:5b:c9:63:40:a0:a9:b6:ba:aa:80:4c:72:3f:
         98:ea:cf:79:d2:16:58:80:49:ee:96:ae:3d:70:e9:67:be:86:
         25:f2:2f:c0:e2:e6:c2:0b:85:43:a4:47:99:31:27:13:f0:80:
         10:85:c6:55:f4:bd:f8:7d:c0:36:9f:83:dd:cc:46:8e:e6:53:
         bb:04:0e:02:16:2e:69:8b:9a:63:3a:d2:43:ea:a4:2d:2f:5e:
         15:9e:e0:c3:0b:26:63:ff:b7:45:77:20:0d:65:5c:b9:dc:46:
         cc:d3:2e:62:c6:df:b5:fe:e9:19:62:3a:92:6c:3a:da:cf:5f:
         19:59:51:76:7d:cd:cc:4c:a8:a4:f6:1e:5e:ee:52:73:a8:3e:
         81:65:6a:ff:94:d2:0f:53:4d:f5:17:0e:ae:eb:1b:3e:f5:a6:
         c5:9e:8a:46:f0:d8:5c:03:5b:f9:3f:9a:af:1a:d3:57:53:00:
         3f:79:58:62:7b:f8:6e:1b:22:e9:c7:9f:84:85:8b:22:d0:26:
         31:28:80:91:26:7e:c8:c0:52:c7:93:8b:fe:5a:64:07:5f:e4:
         e6:1a:fc:c5:2b:af:7a:81:f0:1c:46:83:3f:55:a4:65:70:8e:
         88:96:6f:cb:1e:4f:e7:b6:2d:67:32:d3:f1:2e:6b:6d:62:8e:
         0d:8a:90:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbVR6uvdR0RLslH0z/YG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YmQzOWQ3OTMxMjVjNjg0ZGZmMjcyZjg4NjIyYmFjNDMy
MTgwZjAwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQ1NDE5MjM5ZjQ2MmZiZTRlMTQzMzc0ZGE4YzdhYzAxMjQ0MWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1O/sXGETGGSmAAymGMBzSUxDu2XU
zChYlq53gEFIKS+Qaw63r+iYpbwV4jQFtsjEKN1K1sMngVQ85J0c6Jm+rzdp/0nw
aBhZTKWuyGvTcKH0qGk1JMGJ9sx9vz4DSBj4P+btFbS2u8QzgcLw3/aNZbdfWaQg
bDP7Mjj3M2ohDDCwtvVPPFkmLrdY3+ix5i0tZuqy9ZA9oBc9PSFOPzT8OLC7U18m
S/NWrlDS7kb2T1/FOLqLfmLka/g2N9ABNQ80horomFdqmW6KTE4sEArq2toq3hvn
eS/GAJuCXR52nzYyVCKVkm7yg+vYE1fYvtAxOd7ibVpJrgugG9WIM1aedwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHvVQZI59GL75OFDN02ox6wBJEHcMB8GA1UdIwQY
MBaAFGi9OdeTElxoTf8nL4hiK6xDIYDwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUwwNTE1TVNYR2hOX3ljdmlHSXJyRU1oZ1BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy80MjRiOTQtZTcwMi00YjIyLWFlMmUt
MDg5MDUyMGI4ODQ2LzEvZTlWQmtqbjBZdnZrNFVNM1RhakhyQUVrUWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy80MjRiOTQtZTcwMi00YjIyLWFlMmUtMDg5MDUyMGI4ODQ2
LzEvYUwwNTE1TVNYR2hOX3ljdmlHSXJyRU1oZ1BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDPmaYAwQC
uR5wMA0GCSqGSIb3DQEBCwUAA4IBAQBxfOvCi1vJY0Cgqba6qoBMcj+Y6s950hZY
gEnulq49cOlnvoYl8i/A4ubCC4VDpEeZMScT8IAQhcZV9L34fcA2n4PdzEaO5lO7
BA4CFi5pi5pjOtJD6qQtL14VnuDDCyZj/7dFdyANZVy53EbM0y5ixt+1/ukZYjqS
bDraz18ZWVF2fc3MTKik9h5e7lJzqD6BZWr/lNIPU031Fw6u6xs+9abFnopG8Nhc
A1v5P5qvGtNXUwA/eVhie/huGyLpx5+EhYsi0CYxKICRJn7IwFLHk4v+WmQHX+Tm
GvzFK696gfAcRoM/VaRlcI6Ilm/LHk/nti1nMtPxLmttYo4NipCA
-----END CERTIFICATE-----
Generated at Sun Jun 16 21:46:59 2024 by rpki-client on console-fra.rpki-client.org