Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/unRRwHenhVFuwSQC9kTv92-HVpU.roa
File:                     unRRwHenhVFuwSQC9kTv92-HVpU.roa (raw, json)
Hash identifier:          Sa8INmcIrWBLlR1HVMa1eib+o3UvQZyaLA30502j27Y=
Subject key identifier:   BA:74:51:C0:77:A7:85:51:6E:C1:24:02:F6:44:EF:F7:6F:87:56:95
Certificate issuer:       /CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
Certificate serial:       018CC5DC83B72F16ADCB221DEE0CC58C9019
Authority key identifier: 23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/unRRwHenhVFuwSQC9kTv92-HVpU.roa
Signing time:             Mon 01 Jan 2024 16:30:12 +0000
ROA not before:           Mon 01 Jan 2024 16:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        194.146.135.0/24 maxlen: 24
                          194.146.133.0/24 maxlen: 24
                          93.157.24.0/22 maxlen: 22
                          93.157.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:83:b7:2f:16:ad:cb:22:1d:ee:0c:c5:8c:90:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
        Validity
            Not Before: Jan  1 16:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba7451c077a785516ec12402f644eff76f875695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:d3:9e:c3:e3:63:3e:20:44:96:4f:bd:df:8d:
                    ef:60:f6:d1:bf:cd:75:7c:15:15:9e:b6:21:ee:d2:
                    db:38:5f:4c:bf:67:97:9c:d0:c6:49:ab:86:c3:b4:
                    b0:7f:eb:1d:0a:74:34:46:ac:24:d2:fe:cb:bc:27:
                    0e:66:72:e4:c1:eb:27:4d:17:a3:32:d4:27:d2:0a:
                    e4:e3:77:36:59:8f:7b:fd:a8:c5:71:fe:2a:81:18:
                    67:0f:fd:3e:ea:d9:ca:a0:96:6c:da:77:e0:d7:f9:
                    10:dd:75:3f:c0:14:2d:67:cc:e5:55:99:ef:86:6b:
                    15:2e:5f:2d:fc:a3:ee:14:de:ea:85:88:7d:e3:19:
                    d6:a5:de:85:09:04:64:28:18:c9:92:f0:b9:30:b7:
                    d0:cc:75:f7:68:64:6f:56:48:db:57:7a:e0:52:f0:
                    2a:55:3c:4b:08:53:10:9b:0e:c6:9c:cd:26:37:f0:
                    e8:49:cf:e2:1e:ae:be:a1:01:89:75:5b:95:e6:49:
                    f5:0c:17:cf:51:56:0d:33:b2:43:e9:45:ed:47:92:
                    5b:ca:f8:cf:53:27:cf:31:6b:cc:ea:5e:e1:80:9b:
                    09:2b:b2:a4:99:f9:66:02:c4:84:d6:7d:d4:5c:94:
                    fe:ed:49:25:4a:e4:44:e3:ff:bd:04:ee:f5:cb:25:
                    c6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:74:51:C0:77:A7:85:51:6E:C1:24:02:F6:44:EF:F7:6F:87:56:95
            X509v3 Authority Key Identifier:
                keyid:23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/unRRwHenhVFuwSQC9kTv92-HVpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.24.0/21
                  194.146.133.0/24
                  194.146.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d7:3e:0a:c2:2c:d3:26:f7:aa:c5:20:ed:ac:6b:21:e6:a2:
         c0:ff:52:96:9e:f2:03:ab:e1:ee:fe:b6:cb:c4:fb:8e:72:31:
         26:b2:bb:4a:12:b4:af:9d:9f:9c:42:fc:a8:4c:98:82:77:72:
         d0:d7:f4:fd:22:e2:1c:00:b7:f5:ac:8c:70:7d:b9:2c:dc:2f:
         fc:e7:94:99:2d:dd:95:f9:15:5e:e5:6c:fc:ab:ed:09:71:be:
         ff:75:63:f1:a0:52:d0:b8:58:72:09:eb:5c:97:67:b8:14:3d:
         25:05:c3:1a:6b:5f:8a:bc:61:47:81:79:b0:f8:7b:af:03:e0:
         ae:57:d7:91:3c:9e:7d:79:f9:7c:ce:0f:36:dd:88:9b:94:1c:
         fe:4f:d0:a3:14:67:ad:f5:d7:0e:a6:7c:a2:b9:31:69:8a:03:
         90:59:50:16:74:1f:1b:6b:11:c5:80:8a:28:e2:0b:a0:d1:23:
         1f:80:cd:f6:5d:b3:7d:44:45:8d:2f:59:06:63:85:0e:1e:f7:
         7f:5f:b4:8b:1a:bc:13:18:2a:2d:e7:04:34:bb:c3:17:8c:0d:
         6a:17:e7:55:46:ed:34:19:c4:5d:fa:67:50:b5:b2:87:a8:aa:
         f3:5e:00:cb:d1:5a:d9:d5:4e:1a:1d:58:8f:85:02:7d:f2:63:
         5e:9e:7e:9e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3IO3LxatyyId7gzFjJAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYmExZWM0ZjAzNWE3MmRmYTM5ZTkzMGFkOGVjNTQzNjhl
YjdhZjQwHhcNMjQwMTAxMTYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTc0NTFjMDc3YTc4NTUxNmVjMTI0MDJmNjQ0ZWZmNzZmODc1Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5dOew+NjPiBElk+9343vYPbRv811
fBUVnrYh7tLbOF9Mv2eXnNDGSauGw7Swf+sdCnQ0Rqwk0v7LvCcOZnLkwesnTRej
MtQn0grk43c2WY97/ajFcf4qgRhnD/0+6tnKoJZs2nfg1/kQ3XU/wBQtZ8zlVZnv
hmsVLl8t/KPuFN7qhYh94xnWpd6FCQRkKBjJkvC5MLfQzHX3aGRvVkjbV3rgUvAq
VTxLCFMQmw7GnM0mN/DoSc/iHq6+oQGJdVuV5kn1DBfPUVYNM7JD6UXtR5JbyvjP
UyfPMWvM6l7hgJsJK7KkmflmAsSE1n3UXJT+7UklSuRE4/+9BO71yyXGSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLp0UcB3p4VRbsEkAvZE7/dvh1aVMB8GA1UdIwQY
MBaAFCO6HsTwNact+jnpMK2OxUNo63r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDct
YmRlNjQ0OGI3ODZjLzEvdW5SUndIZW5oVkZ1d1NRQzlrVHY5Mi1IVnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDctYmRlNjQ0OGI3ODZj
LzEvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDXZ0YAwQA
wpKFAwQAwpKHMA0GCSqGSIb3DQEBCwUAA4IBAQB81z4KwizTJveqxSDtrGsh5qLA
/1KWnvIDq+Hu/rbLxPuOcjEmsrtKErSvnZ+cQvyoTJiCd3LQ1/T9IuIcALf1rIxw
fbks3C/855SZLd2V+RVe5Wz8q+0Jcb7/dWPxoFLQuFhyCetcl2e4FD0lBcMaa1+K
vGFHgXmw+HuvA+CuV9eRPJ59efl8zg823YiblBz+T9CjFGet9dcOpnyiuTFpigOQ
WVAWdB8baxHFgIoo4gug0SMfgM32XbN9REWNL1kGY4UOHvd/X7SLGrwTGCot5wQ0
u8MXjA1qF+dVRu00GcRd+mdQtbKHqKrzXgDL0VrZ1U4aHViPhQJ98mNenn6e
-----END CERTIFICATE-----
Generated at Sun Nov 24 22:22:59 2024 by rpki-client on console-fra.rpki-client.org