Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/h_nz58u08FizJT6QqMmzgvHXa30.roa
File:                     h_nz58u08FizJT6QqMmzgvHXa30.roa (raw, json)
Hash identifier:          a7inPd4S5JOxbx1D7dpV8xXLL/kK45ovN9hEF9GzpLw=
Subject key identifier:   87:F9:F3:E7:CB:B4:F0:58:B3:25:3E:90:A8:C9:B3:82:F1:D7:6B:7D
Certificate issuer:       /CN=65a424cee2fdb0072b541438d913d26636a9b88b
Certificate serial:       018CC79353E6BCC35385CE0C2ADF51AA5855
Authority key identifier: 65:A4:24:CE:E2:FD:B0:07:2B:54:14:38:D9:13:D2:66:36:A9:B8:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZaQkzuL9sAcrVBQ42RPSZjapuIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/h_nz58u08FizJT6QqMmzgvHXa30.roa
Signing time:             Tue 02 Jan 2024 00:29:30 +0000
ROA not before:           Tue 02 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198731
IP address blocks:        5.1.32.0/21 maxlen: 21
                          85.184.224.0/22 maxlen: 22
                          185.64.232.0/22 maxlen: 22
                          185.45.28.0/22 maxlen: 22
                          81.173.40.0/23 maxlen: 23
                          2a00:bc40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/ZaQkzuL9sAcrVBQ42RPSZjapuIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/ZaQkzuL9sAcrVBQ42RPSZjapuIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZaQkzuL9sAcrVBQ42RPSZjapuIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:53:e6:bc:c3:53:85:ce:0c:2a:df:51:aa:58:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65a424cee2fdb0072b541438d913d26636a9b88b
        Validity
            Not Before: Jan  2 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87f9f3e7cbb4f058b3253e90a8c9b382f1d76b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:ab:5f:3a:24:15:7f:67:0e:c2:e1:b1:f4:fe:
                    dc:81:97:db:ed:b6:03:76:d2:56:c6:64:e8:db:cf:
                    ca:1f:a9:f2:7a:fb:b3:a6:4f:ec:55:ae:40:d4:f3:
                    f0:02:4a:b5:f0:d2:ea:bf:38:b3:f9:f2:50:12:95:
                    d5:c8:f5:30:7f:9c:90:cc:7d:30:99:18:53:5b:fc:
                    ce:44:91:80:f5:df:80:ad:2e:65:24:00:52:67:0f:
                    72:ca:a4:85:1c:ae:ce:fd:35:40:9e:3d:9a:a4:ff:
                    32:ed:6d:14:05:df:c9:fb:8f:2b:a1:b3:ee:0d:86:
                    07:59:e5:95:f8:eb:aa:d0:9e:d0:e5:b2:e9:a7:32:
                    91:99:21:bb:21:89:d0:13:88:40:e2:17:23:5a:e5:
                    5b:2e:59:3a:97:2b:24:08:57:97:d3:67:b2:30:16:
                    6b:fa:e0:54:40:df:bd:d7:fb:cb:1b:ec:86:cb:d9:
                    26:65:a3:95:dc:76:b3:87:7b:e5:09:21:59:80:87:
                    3b:e8:7c:2d:eb:d3:7f:69:21:b4:74:b4:32:2b:f0:
                    e1:83:2a:9b:e1:c9:11:dd:36:d0:34:7c:da:2e:e7:
                    55:d9:e4:59:7b:29:b1:bd:ae:3e:39:71:b3:12:50:
                    1b:88:70:6d:90:f3:87:71:3e:b6:56:0e:5d:8f:0a:
                    d1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:F9:F3:E7:CB:B4:F0:58:B3:25:3E:90:A8:C9:B3:82:F1:D7:6B:7D
            X509v3 Authority Key Identifier:
                keyid:65:A4:24:CE:E2:FD:B0:07:2B:54:14:38:D9:13:D2:66:36:A9:B8:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZaQkzuL9sAcrVBQ42RPSZjapuIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/h_nz58u08FizJT6QqMmzgvHXa30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/eb837b-3ae5-4f60-829b-2b8038283017/1/ZaQkzuL9sAcrVBQ42RPSZjapuIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.32.0/21
                  81.173.40.0/23
                  85.184.224.0/22
                  185.45.28.0/22
                  185.64.232.0/22
                IPv6:
                  2a00:bc40::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:c3:fe:66:cc:96:c9:ae:44:e0:a3:d9:2e:56:2e:e2:b2:5a:
         fa:e3:02:00:84:1d:12:9c:14:29:7c:bd:c4:a7:81:96:2c:f1:
         96:da:f2:81:37:77:42:89:ca:7f:72:3c:af:b1:04:a4:7a:5d:
         50:57:4a:ce:0f:40:79:93:6f:5d:8c:38:35:5e:ba:f9:80:c0:
         14:0b:19:64:8b:e3:95:d1:61:04:90:d7:f6:6b:b8:1b:34:e3:
         1d:6b:4e:bc:6d:6e:11:bc:f7:3d:42:c1:4c:df:38:0f:01:9f:
         84:70:69:83:85:d1:c5:5e:a3:12:ab:a3:e9:17:57:e1:45:14:
         8c:59:84:04:df:04:a6:1c:c5:b7:14:f0:9e:02:20:23:eb:6b:
         4a:7a:b5:c6:56:bd:d9:13:9d:d7:ee:ae:37:eb:53:74:7f:5c:
         ef:3a:4e:57:06:43:99:ff:15:47:3e:ee:e0:b4:0b:f8:5d:b0:
         3f:1a:95:0d:86:a4:2c:7c:66:65:ae:c3:62:f5:84:f4:ca:e3:
         b1:4d:98:87:b1:d9:47:00:01:df:4d:3f:84:99:e6:30:32:12:
         ae:13:bc:93:a6:e7:f9:45:a9:91:37:90:38:9a:13:d0:2b:22:
         26:e6:99:57:d3:79:a6:1f:1f:39:d5:9b:67:c4:e8:3a:17:3c:
         e4:1c:94:91
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzHk1PmvMNThc4MKt9RqlhVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YTQyNGNlZTJmZGIwMDcyYjU0MTQzOGQ5MTNkMjY2MzZh
OWI4OGIwHhcNMjQwMTAyMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Y5ZjNlN2NiYjRmMDU4YjMyNTNlOTBhOGM5YjM4MmYxZDc2YjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7atfOiQVf2cOwuGx9P7cgZfb7bYD
dtJWxmTo28/KH6nyevuzpk/sVa5A1PPwAkq18NLqvziz+fJQEpXVyPUwf5yQzH0w
mRhTW/zORJGA9d+ArS5lJABSZw9yyqSFHK7O/TVAnj2apP8y7W0UBd/J+48robPu
DYYHWeWV+Ouq0J7Q5bLppzKRmSG7IYnQE4hA4hcjWuVbLlk6lyskCFeX02eyMBZr
+uBUQN+91/vLG+yGy9kmZaOV3Hazh3vlCSFZgIc76Hwt69N/aSG0dLQyK/Dhgyqb
4ckR3TbQNHzaLudV2eRZeymxva4+OXGzElAbiHBtkPOHcT62Vg5djwrRvQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFIf58+fLtPBYsyU+kKjJs4Lx12t9MB8GA1UdIwQY
MBaAFGWkJM7i/bAHK1QUONkT0mY2qbiLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFRa3p1TDlzQWNyVkJRNDJSUFNaamFwdUlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9lYjgzN2ItM2FlNS00ZjYwLTgyOWIt
MmI4MDM4MjgzMDE3LzEvaF9uejU4dTA4Rml6SlQ2UXFNbXpndkhYYTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9lYjgzN2ItM2FlNS00ZjYwLTgyOWItMmI4MDM4MjgzMDE3
LzEvWmFRa3p1TDlzQWNyVkJRNDJSUFNaamFwdUlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBQEgAwQB
Ua0oAwQCVbjgAwQCuS0cAwQCuUDoMA0EAgACMAcDBQAqALxAMA0GCSqGSIb3DQEB
CwUAA4IBAQCpw/5mzJbJrkTgo9kuVi7islr64wIAhB0SnBQpfL3Ep4GWLPGW2vKB
N3dCicp/cjyvsQSkel1QV0rOD0B5k29djDg1Xrr5gMAUCxlki+OV0WEEkNf2a7gb
NOMda068bW4RvPc9QsFM3zgPAZ+EcGmDhdHFXqMSq6PpF1fhRRSMWYQE3wSmHMW3
FPCeAiAj62tKerXGVr3ZE53X7q4361N0f1zvOk5XBkOZ/xVHPu7gtAv4XbA/GpUN
hqQsfGZlrsNi9YT0yuOxTZiHsdlHAAHfTT+EmeYwMhKuE7yTpuf5RamRN5A4mhPQ
KyIm5plX03mmHx851ZtnxOg6FzzkHJSR
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:34:54 2024 by rpki-client on console-fra.rpki-client.org