Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/nexXK3blSfUe2AnW7rizutBjFnk.roa
File:                     nexXK3blSfUe2AnW7rizutBjFnk.roa (raw, json)
Hash identifier:          aMJOJmQD1QK7uvkJqxLadFyEvDf033Wfo8K+5EhuPDE=
Subject key identifier:   9D:EC:57:2B:76:E5:49:F5:1E:D8:09:D6:EE:B8:B3:BA:D0:63:16:79
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424FAE4CB9A6C0DE1E3BCEEFACE3232
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/nexXK3blSfUe2AnW7rizutBjFnk.roa
Signing time:             Mon 01 Jan 2024 08:30:06 +0000
ROA not before:           Mon 01 Jan 2024 08:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212249
IP address blocks:        160.20.111.0/24 maxlen: 24
                          160.20.110.0/24 maxlen: 24
                          185.85.236.0/24 maxlen: 24
                          93.190.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fa:e4:cb:9a:6c:0d:e1:e3:bc:ee:fa:ce:32:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dec572b76e549f51ed809d6eeb8b3bad0631679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:68:f8:64:e6:3c:a9:50:db:65:d0:00:d3:80:
                    32:ee:cf:db:22:dd:eb:64:c2:66:0b:ae:48:e5:8d:
                    a5:93:11:99:e1:b5:84:1b:35:7b:c4:de:b9:60:69:
                    7b:db:09:a8:40:86:f1:67:fc:cc:be:50:5a:3b:13:
                    8c:d3:5a:9c:25:a0:e3:e7:86:57:a7:7b:ca:96:1d:
                    f8:ca:be:20:bb:e7:3b:fa:99:a7:28:41:1d:4d:7c:
                    c7:5d:ba:1e:42:56:de:09:d0:73:b4:18:f3:40:f3:
                    0d:7f:58:27:26:48:1b:81:7a:09:ee:4a:ec:ce:5d:
                    26:a2:c2:17:5e:f0:62:6a:57:7a:b1:eb:da:57:7a:
                    4d:0d:06:4b:df:fd:64:93:31:3d:10:9f:49:56:a6:
                    99:a9:62:5d:9f:4a:1c:f4:2a:91:7b:bf:6c:58:2e:
                    e8:72:02:9a:f3:be:38:ca:e0:7d:ba:88:d4:e3:d4:
                    af:48:81:86:56:2d:76:9c:e1:5a:2d:a5:17:f0:42:
                    0e:08:49:26:17:54:74:42:48:e4:07:56:37:25:ca:
                    62:dd:f1:0d:b8:c7:e3:da:76:28:6e:dd:e0:37:b7:
                    6d:0a:4d:3e:56:40:26:b8:f1:cc:b3:ec:c7:c5:a0:
                    d9:9f:8b:a4:58:f1:0e:c4:d3:e6:bd:bd:8f:2b:ae:
                    c3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:EC:57:2B:76:E5:49:F5:1E:D8:09:D6:EE:B8:B3:BA:D0:63:16:79
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/nexXK3blSfUe2AnW7rizutBjFnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.15.0/24
                  160.20.110.0/23
                  185.85.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:04:bc:c2:6f:58:71:61:d5:cc:3b:1f:85:f1:e9:79:e3:30:
         e2:41:61:28:91:31:64:76:6d:66:dc:29:f4:34:50:a2:44:c3:
         b2:7d:1d:b8:1f:ac:03:5a:d7:8f:7a:d7:83:21:2c:3c:a7:cb:
         28:d0:48:6c:d8:27:db:a0:a3:aa:59:37:de:7c:12:33:af:3b:
         c2:fd:86:5e:ab:65:57:8c:e6:46:0a:0b:98:97:43:15:ab:58:
         10:9d:cc:bb:7e:d3:07:73:ee:9a:18:9d:16:23:f5:9e:8d:70:
         15:8f:d8:09:2c:1b:bc:0e:e0:71:92:87:7e:37:32:98:d4:e5:
         b2:6d:5b:39:10:f1:27:b3:e6:df:87:81:d1:52:ec:31:86:80:
         e5:b1:08:fd:4b:46:34:79:46:b9:95:9e:dd:ff:d4:dd:04:8f:
         f2:6d:c9:e1:89:fc:41:24:fa:cf:f9:97:6d:48:fd:a1:aa:1c:
         b1:fa:41:9c:b6:9c:0d:8b:5e:7d:07:b2:18:dd:62:d4:61:31:
         54:ec:bb:1f:6b:e8:25:55:9d:24:5d:9d:2d:08:bc:8f:f3:bf:
         ac:c2:8e:1d:1f:ca:a2:8d:89:d2:22:ce:90:b3:be:47:64:87:
         71:55:b7:af:b2:d3:23:e1:49:79:9b:78:01:49:77:20:5b:e7:
         b4:7f:ec:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEJPrky5psDeHjvO76zjIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVjNTcyYjc2ZTU0OWY1MWVkODA5ZDZlZWI4YjNiYWQwNjMxNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22j4ZOY8qVDbZdAA04Ay7s/bIt3r
ZMJmC65I5Y2lkxGZ4bWEGzV7xN65YGl72wmoQIbxZ/zMvlBaOxOM01qcJaDj54ZX
p3vKlh34yr4gu+c7+pmnKEEdTXzHXboeQlbeCdBztBjzQPMNf1gnJkgbgXoJ7krs
zl0mosIXXvBiald6sevaV3pNDQZL3/1kkzE9EJ9JVqaZqWJdn0oc9CqRe79sWC7o
cgKa8744yuB9uojU49SvSIGGVi12nOFaLaUX8EIOCEkmF1R0QkjkB1Y3Jcpi3fEN
uMfj2nYobt3gN7dtCk0+VkAmuPHMs+zHxaDZn4ukWPEOxNPmvb2PK67DQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ3sVyt25Un1HtgJ1u64s7rQYxZ5MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvbmV4WEszYmxTZlVlMkFuVzdyaXp1dEJqRm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXb4PAwQB
oBRuAwQAuVXsMA0GCSqGSIb3DQEBCwUAA4IBAQCPBLzCb1hxYdXMOx+F8el54zDi
QWEokTFkdm1m3Cn0NFCiRMOyfR24H6wDWtePeteDISw8p8so0Ehs2CfboKOqWTfe
fBIzrzvC/YZeq2VXjOZGCguYl0MVq1gQncy7ftMHc+6aGJ0WI/WejXAVj9gJLBu8
DuBxkod+NzKY1OWybVs5EPEns+bfh4HRUuwxhoDlsQj9S0Y0eUa5lZ7d/9TdBI/y
bcnhifxBJPrP+ZdtSP2hqhyx+kGctpwNi159B7IY3WLUYTFU7Lsfa+glVZ0kXZ0t
CLyP87+swo4dH8qijYnSIs6Qs75HZIdxVbevstMj4Ul5m3gBSXcgW+e0f+xD
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:44:41 2024 by rpki-client on console-fra.rpki-client.org