Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/ru4RKqxJKavzEDtf0Zso79y9uVQ.roa
File:                     ru4RKqxJKavzEDtf0Zso79y9uVQ.roa (raw, json)
Hash identifier:          3oBkCRM2AvjUsBRGO7S4e26qmz7viUz5qLFAH5VsCik=
Subject key identifier:   AE:EE:11:2A:AC:49:29:AB:F3:10:3B:5F:D1:9B:28:EF:DC:BD:B9:54
Certificate issuer:       /CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
Certificate serial:       018CC56EF555BC6D30C126F44EA451F3C6C6
Authority key identifier: 58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/ru4RKqxJKavzEDtf0Zso79y9uVQ.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208208
IP address blocks:        185.240.243.0/24 maxlen: 24
                          185.240.242.0/24 maxlen: 24
                          185.240.241.0/24 maxlen: 24
                          84.252.121.0/24 maxlen: 24
                          84.252.120.0/24 maxlen: 24
                          84.252.123.0/24 maxlen: 24
                          84.252.122.0/24 maxlen: 24
                          185.230.162.0/24 maxlen: 24
                          185.230.161.0/24 maxlen: 24
                          185.230.160.0/24 maxlen: 24
                          185.230.163.0/24 maxlen: 24
                          2a0c:2500::/32 maxlen: 32
                          2a09:6302::/32 maxlen: 32
                          2a09:6301::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f5:55:bc:6d:30:c1:26:f4:4e:a4:51:f3:c6:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aeee112aac4929abf3103b5fd19b28efdcbdb954
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:04:1f:15:d3:2a:6b:06:ef:c0:a1:f6:60:8f:
                    46:f6:41:87:63:e4:30:7c:57:b4:99:3d:0b:58:da:
                    31:9e:7c:13:90:d9:dd:bc:00:4c:9a:71:09:bf:45:
                    c1:13:9e:d4:9e:21:99:9c:d0:11:19:ac:0e:31:7f:
                    ba:f4:65:c8:c8:6e:52:3f:36:46:6b:05:29:1b:36:
                    38:a6:d6:67:9f:f8:52:3e:d6:0a:19:d9:f2:d4:d6:
                    83:aa:ad:a8:cb:2b:36:1a:36:76:19:64:d9:66:83:
                    1d:03:1e:05:61:44:32:60:61:f0:b6:b4:0a:e7:0c:
                    b2:fb:82:af:9c:a3:3f:a8:15:7a:96:72:fc:04:70:
                    e9:63:de:9f:46:e3:37:99:0b:59:33:e1:31:81:f9:
                    31:61:ca:c0:34:31:49:df:62:5c:b9:55:df:66:16:
                    ad:6a:b8:9b:8e:f9:f1:7a:71:4d:fa:d2:4d:ff:d8:
                    89:9d:f5:06:b7:ca:01:f9:5d:fb:ab:f3:88:0d:74:
                    72:f5:a5:6a:76:2a:76:bf:0d:24:50:36:c5:1e:6c:
                    6b:9b:08:b7:86:09:ca:99:0e:0c:3b:48:70:7f:a5:
                    cc:93:87:17:06:1e:4f:5c:1c:9c:ce:0f:08:59:a7:
                    c2:b1:30:87:93:5d:86:d7:e2:a2:52:c0:4e:6b:87:
                    88:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:EE:11:2A:AC:49:29:AB:F3:10:3B:5F:D1:9B:28:EF:DC:BD:B9:54
            X509v3 Authority Key Identifier:
                keyid:58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/ru4RKqxJKavzEDtf0Zso79y9uVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.120.0/22
                  185.230.160.0/22
                  185.240.241.0-185.240.243.255
                IPv6:
                  2a09:6301::-2a09:6302:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:2500::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:2e:ea:3e:47:79:40:64:bf:a3:cf:13:0a:fe:cc:37:c1:7a:
         d5:e7:68:6f:aa:ea:21:7a:95:01:f7:65:07:1e:79:b0:bd:08:
         9a:82:6d:bd:dd:2d:bb:01:58:17:23:24:f3:6a:75:14:1d:b3:
         da:e9:37:c6:cd:1f:10:3b:76:ac:61:cd:31:83:c7:78:a3:77:
         e7:f0:63:65:d9:2d:6a:09:c7:7d:91:22:29:98:41:62:af:da:
         a9:d8:8d:a6:da:83:e1:3f:e9:35:d9:b0:09:a4:5a:53:3e:80:
         6d:f2:a0:6a:8b:cc:32:a5:2c:b5:f1:64:fd:c9:51:1b:b2:c8:
         32:15:22:ae:d3:df:b2:cd:70:d9:65:0f:80:0a:d8:91:17:5c:
         61:c1:9f:18:3c:01:37:1b:3c:4e:b7:9a:a7:48:ab:d9:e5:bc:
         21:66:ab:4a:9a:6e:fe:d2:9f:d7:2e:8e:de:a9:bb:cc:f6:96:
         e8:cd:a6:36:41:af:40:7f:cc:17:8f:a7:1c:9d:fb:ce:2f:15:
         74:52:6c:d9:d0:14:81:31:4f:c4:0d:b3:07:c0:e1:29:4a:dd:
         42:b2:cd:df:b5:f5:2b:0e:41:cd:f6:b5:45:77:f9:ae:ca:1a:
         4e:5a:83:07:a6:29:77:5b:87:d1:48:3b:d5:85:5a:43:6a:22:
         4e:76:82:4e
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzFbvVVvG0wwSb0TqRR88bGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGIxMDI0ZWEwNTZlNWVkNDk4ZjZlOWRkYzIwNjMyYmRm
NmM5YzUwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWVlMTEyYWFjNDkyOWFiZjMxMDNiNWZkMTliMjhlZmRjYmRiOTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwQfFdMqawbvwKH2YI9G9kGHY+Qw
fFe0mT0LWNoxnnwTkNndvABMmnEJv0XBE57UniGZnNARGawOMX+69GXIyG5SPzZG
awUpGzY4ptZnn/hSPtYKGdny1NaDqq2oyys2GjZ2GWTZZoMdAx4FYUQyYGHwtrQK
5wyy+4KvnKM/qBV6lnL8BHDpY96fRuM3mQtZM+ExgfkxYcrANDFJ32JcuVXfZhat
aribjvnxenFN+tJN/9iJnfUGt8oB+V37q/OIDXRy9aVqdip2vw0kUDbFHmxrmwi3
hgnKmQ4MO0hwf6XMk4cXBh5PXByczg8IWafCsTCHk12G1+KiUsBOa4eIfwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFK7uESqsSSmr8xA7X9GbKO/cvblUMB8GA1UdIwQY
MBaAFFiLECTqBW5e1Jj26d3CBjK99snFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2Qt
NTY2MjhhNDZkZjQwLzEvcnU0UktxeEpLYXZ6RUR0ZjBac283OXk5dVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2QtNTY2MjhhNDZkZjQw
LzEvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAgBAIAATAaAwQCVPx4AwQC
ueagMAwDBAC58PEDBAK58PAwHQQCAAIwFzAOAwUAKgljAQMFACoJYwIDBQAqDCUA
MA0GCSqGSIb3DQEBCwUAA4IBAQCNLuo+R3lAZL+jzxMK/sw3wXrV52hvquohepUB
92UHHnmwvQiagm293S27AVgXIyTzanUUHbPa6TfGzR8QO3asYc0xg8d4o3fn8GNl
2S1qCcd9kSIpmEFir9qp2I2m2oPhP+k12bAJpFpTPoBt8qBqi8wypSy18WT9yVEb
ssgyFSKu09+yzXDZZQ+ACtiRF1xhwZ8YPAE3GzxOt5qnSKvZ5bwhZqtKmm7+0p/X
Lo7eqbvM9pbozaY2Qa9Af8wXj6ccnfvOLxV0UmzZ0BSBMU/EDbMHwOEpSt1Css3f
tfUrDkHN9rVFd/muyhpOWoMHpil3W4fRSDvVhVpDaiJOdoJO
-----END CERTIFICATE-----
Generated at Sat Jun 22 11:51:57 2024 by rpki-client on console-fra.rpki-client.org