Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1ZkgAFuweqJMx3cg3yyiT50jvAU.roa
File:                     1ZkgAFuweqJMx3cg3yyiT50jvAU.roa (raw, json)
Hash identifier:          lSOo4hAy1mxj1zBK7qqwMmZUNMf4QUTBJkRQRVxUHQU=
Subject key identifier:   D5:99:20:00:5B:B0:7A:A2:4C:C7:77:20:DF:2C:A2:4F:9D:23:BC:05
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018CCA2989B108147AAF57D69CFBDC0D8926
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1ZkgAFuweqJMx3cg3yyiT50jvAU.roa
Signing time:             Tue 02 Jan 2024 12:32:48 +0000
ROA not before:           Tue 02 Jan 2024 12:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212042
IP address blocks:        85.203.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Dec 2024 07:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:89:b1:08:14:7a:af:57:d6:9c:fb:dc:0d:89:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 12:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d59920005bb07aa24cc77720df2ca24f9d23bc05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6b:aa:9b:44:f9:c5:f8:45:4c:5a:1b:0c:f1:
                    fd:6a:9e:a8:c7:ee:de:2c:19:42:ec:0a:07:5a:3d:
                    63:f5:a7:35:e5:66:a2:3b:90:a4:86:96:65:97:48:
                    7a:c4:04:c9:3f:1e:cb:bf:58:32:9e:16:a3:19:b3:
                    65:d9:70:df:32:e2:cd:a2:84:c9:91:b2:a7:bd:87:
                    20:c9:e9:37:6a:fe:b8:69:73:04:5d:6c:f0:67:18:
                    af:a2:4a:db:23:c3:22:5f:10:db:7f:97:75:a8:4f:
                    73:63:5b:3f:51:66:ee:09:ac:c4:7c:55:bb:aa:b4:
                    05:c4:d5:79:a6:e6:bd:8d:7b:83:b7:f2:65:70:1d:
                    3c:d7:96:c6:d6:b9:f9:67:2e:79:32:0d:e9:81:12:
                    ec:78:37:84:2f:f1:82:6b:50:48:a1:0a:45:dd:7d:
                    a6:14:2a:82:ab:e8:70:ce:77:b7:59:b3:d3:46:7d:
                    3d:79:9c:d3:12:39:8d:1a:59:64:98:fd:1b:9e:ae:
                    9c:58:3a:08:c3:72:76:88:f5:ca:f7:3e:4a:44:7f:
                    65:c8:67:3c:b5:0f:c1:28:7f:aa:d0:06:03:ef:28:
                    c3:41:ed:84:a6:00:8f:fd:dc:c8:61:f3:e7:60:7a:
                    14:c4:38:e1:da:f4:44:23:15:7a:7e:0e:f0:33:b7:
                    c2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:99:20:00:5B:B0:7A:A2:4C:C7:77:20:DF:2C:A2:4F:9D:23:BC:05
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1ZkgAFuweqJMx3cg3yyiT50jvAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:a5:79:b0:ee:39:15:1e:af:2c:f6:bf:20:7a:db:49:04:a5:
         fd:bd:45:46:3d:46:d5:48:6a:88:5a:99:0b:b6:b2:37:7d:ca:
         62:ab:b4:01:72:57:5e:e7:26:3a:60:c7:a5:76:8e:93:c6:1e:
         a4:1b:76:8e:70:c2:99:22:78:ec:e4:76:6e:00:bf:45:e9:46:
         ac:46:6e:74:fd:6c:61:41:c1:93:7d:1e:28:14:0f:22:02:93:
         b4:ac:99:22:d4:43:e8:00:b9:05:20:58:53:92:32:89:29:d6:
         46:67:ca:26:7b:c5:93:54:20:d3:96:a8:92:3e:35:1d:8f:f6:
         de:cc:c1:26:b0:d0:bd:80:d2:12:87:2e:cb:bd:df:c3:dd:45:
         8b:42:aa:c5:96:00:19:52:75:0f:4c:c5:4f:e6:7f:74:9e:2c:
         8e:f3:44:7d:fd:2e:47:ee:0a:ec:c2:ca:46:44:79:c7:19:d6:
         cc:6f:88:ca:16:8a:68:38:35:54:fc:09:d2:d0:5a:32:e0:80:
         02:35:d8:51:d3:cf:92:57:db:e2:95:45:72:ba:bf:70:83:38:
         6f:8b:66:e0:59:92:63:46:69:1c:80:a6:94:53:a8:f4:f7:7d:
         88:09:f9:a5:80:be:cc:01:97:16:b8:ce:b3:39:aa:58:1e:de:
         5a:ba:47:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKYmxCBR6r1fWnPvcDYkmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwMTAyMTIzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTk5MjAwMDViYjA3YWEyNGNjNzc3MjBkZjJjYTI0ZjlkMjNiYzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGuqm0T5xfhFTFobDPH9ap6ox+7e
LBlC7AoHWj1j9ac15WaiO5CkhpZll0h6xATJPx7Lv1gynhajGbNl2XDfMuLNooTJ
kbKnvYcgyek3av64aXMEXWzwZxivokrbI8MiXxDbf5d1qE9zY1s/UWbuCazEfFW7
qrQFxNV5pua9jXuDt/JlcB0815bG1rn5Zy55Mg3pgRLseDeEL/GCa1BIoQpF3X2m
FCqCq+hwzne3WbPTRn09eZzTEjmNGllkmP0bnq6cWDoIw3J2iPXK9z5KRH9lyGc8
tQ/BKH+q0AYD7yjDQe2EpgCP/dzIYfPnYHoUxDjh2vREIxV6fg7wM7fCKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWZIABbsHqiTMd3IN8sok+dI7wFMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvMVprZ0FGdXdlcUpNeDNjZzN5eWlUNTBqdkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcshMA0G
CSqGSIb3DQEBCwUAA4IBAQBYpXmw7jkVHq8s9r8gettJBKX9vUVGPUbVSGqIWpkL
trI3fcpiq7QBclde5yY6YMeldo6Txh6kG3aOcMKZInjs5HZuAL9F6UasRm50/Wxh
QcGTfR4oFA8iApO0rJki1EPoALkFIFhTkjKJKdZGZ8ome8WTVCDTlqiSPjUdj/be
zMEmsNC9gNIShy7Lvd/D3UWLQqrFlgAZUnUPTMVP5n90niyO80R9/S5H7grswspG
RHnHGdbMb4jKFopoODVU/AnS0Foy4IACNdhR08+SV9vilUVyur9wgzhvi2bgWZJj
RmkcgKaUU6j0932ICfmlgL7MAZcWuM6zOapYHt5aukdB
-----END CERTIFICATE-----
Generated at Mon Dec 9 12:20:31 2024 by rpki-client on console-fra.rpki-client.org