Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/SErLiDvIMdGJNdDy9kmRigrZYKg.roa
File:                     SErLiDvIMdGJNdDy9kmRigrZYKg.roa (raw, json)
Hash identifier:          O15GP+ZWjX/p1Gu8QdJsRKemgaBOIBITdGWZ8amcvSw=
Subject key identifier:   48:4A:CB:88:3B:C8:31:D1:89:35:D0:F2:F6:49:91:8A:0A:D9:60:A8
Certificate issuer:       /CN=2b976275547b75df2b04c4f9b291c0710c507740
Certificate serial:       018CC94E2BD92ABD876F664B3AF09B8B8807
Authority key identifier: 2B:97:62:75:54:7B:75:DF:2B:04:C4:F9:B2:91:C0:71:0C:50:77:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5didVR7dd8rBMT5spHAcQxQd0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/SErLiDvIMdGJNdDy9kmRigrZYKg.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        185.135.103.0/24 maxlen: 24
                          85.116.130.0/23 maxlen: 23
                          85.116.128.0/23 maxlen: 23
                          185.89.220.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/K5didVR7dd8rBMT5spHAcQxQd0A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/K5didVR7dd8rBMT5spHAcQxQd0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5didVR7dd8rBMT5spHAcQxQd0A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2b:d9:2a:bd:87:6f:66:4b:3a:f0:9b:8b:88:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b976275547b75df2b04c4f9b291c0710c507740
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=484acb883bc831d18935d0f2f649918a0ad960a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a0:63:15:35:5a:e9:07:2f:13:81:8e:21:1c:
                    a2:95:2a:23:fe:42:9a:59:9a:eb:c7:95:4f:81:35:
                    ba:16:a7:e8:4f:f7:df:b7:4e:61:71:8a:52:f6:50:
                    ad:f1:4b:6c:e3:3a:c3:1d:d0:7b:ff:6d:ea:84:f4:
                    40:3e:85:49:36:40:c1:25:37:e0:0d:27:ef:6d:30:
                    17:3f:97:d3:12:fd:2b:a2:5e:0d:71:3e:5c:74:eb:
                    f5:2d:be:2d:ee:e6:56:18:84:44:01:85:25:4a:ce:
                    b0:69:95:df:e9:b7:ea:78:2c:0f:e6:e0:8f:09:fd:
                    03:c2:49:e4:77:c0:e2:d9:e2:bf:ca:73:81:d2:b9:
                    07:f6:29:01:c2:6b:b2:61:5e:56:d9:20:f0:36:fd:
                    0d:12:85:7c:69:66:fb:85:b3:5e:9c:28:8e:b6:0f:
                    f1:90:fb:02:c1:c4:2a:b1:86:84:9b:83:e2:58:32:
                    c5:73:fb:50:73:86:a3:c6:56:ef:8c:0e:bc:fe:81:
                    f0:e7:89:e1:81:d5:fa:37:aa:fe:f1:7e:69:88:f1:
                    70:e0:4b:a7:e3:9f:5b:6d:29:00:be:50:b5:b5:4b:
                    56:f3:25:ce:a6:24:7e:80:ed:fb:ba:35:36:f0:e5:
                    b1:91:8e:3b:68:88:10:4c:cc:e5:72:11:7b:e0:8f:
                    23:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:4A:CB:88:3B:C8:31:D1:89:35:D0:F2:F6:49:91:8A:0A:D9:60:A8
            X509v3 Authority Key Identifier:
                keyid:2B:97:62:75:54:7B:75:DF:2B:04:C4:F9:B2:91:C0:71:0C:50:77:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5didVR7dd8rBMT5spHAcQxQd0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/SErLiDvIMdGJNdDy9kmRigrZYKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/58f45f-8b07-4e6a-9548-d5b0f91d97c2/1/K5didVR7dd8rBMT5spHAcQxQd0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.128.0/22
                  185.89.220.0/23
                  185.135.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:82:38:10:3e:64:d6:95:89:1a:72:f5:08:54:be:76:6b:c2:
         f1:a7:da:7f:6b:23:b8:8a:db:9d:bb:72:0b:d5:b1:03:b9:c5:
         5d:11:95:12:ff:5a:10:14:b5:94:cf:46:00:bb:1e:3a:d0:bf:
         cf:cc:33:ee:c5:17:a2:41:7a:a6:fd:f3:73:09:46:a2:85:5d:
         5e:55:18:c2:40:32:b1:e0:23:79:69:0a:7f:5a:9a:b7:8d:4a:
         af:e1:c0:03:ad:05:4b:e2:1c:c7:b7:54:b9:8c:9b:40:b4:65:
         61:53:eb:30:82:da:68:6b:0e:02:1e:0e:46:ec:c3:dd:d9:0b:
         5a:87:1a:e3:83:53:72:5c:78:74:6b:7c:f9:41:a6:01:6f:6c:
         b0:87:a5:eb:4e:cb:7d:7d:38:3e:32:7b:fe:c3:8c:20:41:b0:
         7e:91:35:e1:90:f3:53:2c:a2:84:21:89:8f:4f:30:d4:23:4f:
         30:b1:cf:8f:3e:7e:b4:9b:cb:71:41:97:b9:40:f5:09:77:c5:
         ef:d7:d6:87:37:5a:be:6a:3e:9f:d8:fc:a6:77:df:9b:e6:28:
         80:e9:81:f3:da:05:d0:b5:31:14:40:65:f5:1f:23:56:e5:8e:
         94:5e:b4:40:54:3f:bb:d1:f8:e8:e3:01:41:32:43:7d:2e:01:
         3a:45:05:7a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTivZKr2Hb2ZLOvCbi4gHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTc2Mjc1NTQ3Yjc1ZGYyYjA0YzRmOWIyOTFjMDcxMGM1
MDc3NDAwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODRhY2I4ODNiYzgzMWQxODkzNWQwZjJmNjQ5OTE4YTBhZDk2MGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6BjFTVa6QcvE4GOIRyilSoj/kKa
WZrrx5VPgTW6FqfoT/fft05hcYpS9lCt8Uts4zrDHdB7/23qhPRAPoVJNkDBJTfg
DSfvbTAXP5fTEv0rol4NcT5cdOv1Lb4t7uZWGIREAYUlSs6waZXf6bfqeCwP5uCP
Cf0Dwknkd8Di2eK/ynOB0rkH9ikBwmuyYV5W2SDwNv0NEoV8aWb7hbNenCiOtg/x
kPsCwcQqsYaEm4PiWDLFc/tQc4ajxlbvjA68/oHw54nhgdX6N6r+8X5piPFw4Eun
459bbSkAvlC1tUtW8yXOpiR+gO37ujU28OWxkY47aIgQTMzlchF74I8jjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEhKy4g7yDHRiTXQ8vZJkYoK2WCoMB8GA1UdIwQY
MBaAFCuXYnVUe3XfKwTE+bKRwHEMUHdAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVkaWRWUjdkZDhyQk1UNXNwSEFjUXhRZDBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81OGY0NWYtOGIwNy00ZTZhLTk1NDgt
ZDViMGY5MWQ5N2MyLzEvU0VyTGlEdklNZEdKTmREeTlrbVJpZ3JaWUtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81OGY0NWYtOGIwNy00ZTZhLTk1NDgtZDViMGY5MWQ5N2My
LzEvSzVkaWRWUjdkZDhyQk1UNXNwSEFjUXhRZDBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCVXSAAwQB
uVncAwQAuYdnMA0GCSqGSIb3DQEBCwUAA4IBAQAKgjgQPmTWlYkacvUIVL52a8Lx
p9p/ayO4itudu3IL1bEDucVdEZUS/1oQFLWUz0YAux460L/PzDPuxReiQXqm/fNz
CUaihV1eVRjCQDKx4CN5aQp/Wpq3jUqv4cADrQVL4hzHt1S5jJtAtGVhU+swgtpo
aw4CHg5G7MPd2Qtahxrjg1NyXHh0a3z5QaYBb2ywh6XrTst9fTg+Mnv+w4wgQbB+
kTXhkPNTLKKEIYmPTzDUI08wsc+PPn60m8txQZe5QPUJd8Xv19aHN1q+aj6f2Pym
d9+b5iiA6YHz2gXQtTEUQGX1HyNW5Y6UXrRAVD+70fjo4wFBMkN9LgE6RQV6
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:30:38 2024 by rpki-client on console-ams.rpki-client.org