Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/rn2F7jJzqt-1vSSxlSXfoSaye34.roa
File:                     rn2F7jJzqt-1vSSxlSXfoSaye34.roa (raw, json)
Hash identifier:          lE1P5XHBY7cToewM+c8nOZy6tQbj5DL8FX+PX0sb05Q=
Subject key identifier:   AE:7D:85:EE:32:73:AA:DF:B5:BD:24:B1:95:25:DF:A1:26:B2:7B:7E
Certificate issuer:       /CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
Certificate serial:       018CC26D4B5DC705EE78EC0FBB2FC2F49259
Authority key identifier: 31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/rn2F7jJzqt-1vSSxlSXfoSaye34.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199422
IP address blocks:        185.92.20.0/24 maxlen: 24
                          77.95.64.0/23 maxlen: 23
                          77.95.64.0/22 maxlen: 22
                          77.95.66.0/23 maxlen: 23
                          2a03:9180::/33 maxlen: 33
                          2a03:9180:8000::/33 maxlen: 33
                          2a03:9180::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4b:5d:c7:05:ee:78:ec:0f:bb:2f:c2:f4:92:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae7d85ee3273aadfb5bd24b19525dfa126b27b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e2:77:12:02:c0:87:50:ac:75:f2:66:e7:e9:
                    46:2e:21:5e:8b:f5:73:7b:5b:07:35:fd:c7:7d:2a:
                    21:c2:a1:3b:92:9e:d0:3e:c2:74:d1:8f:ae:fa:20:
                    8c:54:13:8c:ab:7f:de:75:27:82:52:ae:d3:79:cd:
                    b0:0c:22:a4:25:99:f3:d7:0f:4e:58:ec:ad:4e:5f:
                    c4:dc:6b:d8:3d:f4:ac:11:0d:80:4e:ba:62:1f:5f:
                    9a:ae:ca:ff:b6:a8:28:1c:46:25:75:8a:d2:55:c1:
                    5e:c0:67:a4:62:b1:59:48:a7:8e:62:08:c4:17:ae:
                    0a:09:c2:ed:86:bb:10:fe:2f:34:78:00:f3:ab:7b:
                    d2:37:22:bc:7f:c9:6d:de:0c:90:88:aa:fa:a2:72:
                    85:20:a2:76:89:29:22:cd:c5:8a:c4:5f:4d:4c:7e:
                    18:c1:62:c8:8a:fd:3a:53:a6:2f:10:80:39:df:bd:
                    1f:7b:32:91:43:b4:ff:60:0e:5d:0a:b8:13:8f:eb:
                    c4:5c:38:e0:a1:90:42:aa:e7:24:af:e2:b8:6a:e4:
                    15:df:31:89:91:76:0a:28:1b:41:d4:4f:af:d6:5d:
                    03:72:bd:60:49:17:77:0c:17:5f:87:08:f6:cd:58:
                    9c:4d:3c:cf:40:c1:0b:14:fc:56:df:e5:16:65:76:
                    ab:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:7D:85:EE:32:73:AA:DF:B5:BD:24:B1:95:25:DF:A1:26:B2:7B:7E
            X509v3 Authority Key Identifier:
                keyid:31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/rn2F7jJzqt-1vSSxlSXfoSaye34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.64.0/22
                  185.92.20.0/24
                IPv6:
                  2a03:9180::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:c8:ff:74:1d:9d:e3:c5:52:22:79:0b:10:5a:8e:a0:78:90:
         a0:b2:d9:6c:a4:f3:f3:02:de:f8:13:f4:56:eb:40:fc:15:2b:
         72:0c:5a:e5:62:9c:43:0b:95:e1:7b:f5:9f:77:42:cf:ff:75:
         d1:72:21:56:02:ab:f8:c0:ec:40:16:05:ea:91:40:07:04:8e:
         da:90:d8:40:65:2e:db:f1:cb:71:dd:06:a6:21:36:c6:50:5c:
         26:42:7c:d8:f6:03:36:8b:2a:5a:68:e0:e3:15:6d:be:ba:5b:
         d0:4b:a9:cc:b8:4e:43:d7:32:76:07:ed:54:f7:9a:bf:3a:14:
         ad:44:fc:83:60:33:0c:da:34:d3:67:47:df:6a:5b:5d:67:50:
         4d:64:4a:a7:ac:60:d5:3e:15:31:37:47:27:50:93:03:2d:44:
         06:1d:49:f8:cf:51:6d:82:2d:7f:cf:c1:bd:96:4b:6f:4c:2d:
         2f:95:78:f7:64:76:c8:16:35:79:2f:fa:4e:cc:1c:f8:e0:4e:
         d4:78:fc:7b:33:4f:70:f9:65:02:fb:e9:49:6d:6c:d7:8e:89:
         5e:c5:d8:1d:1f:0f:71:29:df:49:5a:85:73:ac:4f:18:59:71:
         d8:4b:bf:6f:29:84:21:4a:cd:ff:9a:77:2e:30:25:7b:d5:94:
         fa:28:33:24
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbUtdxwXueOwPuy/C9JJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMWQ2MmI3ZmQ5ZmNmYzg3ZGZlYTk4NzUxNTc2N2M4Mzhl
MjFiYjkwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTdkODVlZTMyNzNhYWRmYjViZDI0YjE5NTI1ZGZhMTI2YjI3YjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuJ3EgLAh1CsdfJm5+lGLiFei/Vz
e1sHNf3HfSohwqE7kp7QPsJ00Y+u+iCMVBOMq3/edSeCUq7Tec2wDCKkJZnz1w9O
WOytTl/E3GvYPfSsEQ2ATrpiH1+arsr/tqgoHEYldYrSVcFewGekYrFZSKeOYgjE
F64KCcLthrsQ/i80eADzq3vSNyK8f8lt3gyQiKr6onKFIKJ2iSkizcWKxF9NTH4Y
wWLIiv06U6YvEIA5370fezKRQ7T/YA5dCrgTj+vEXDjgoZBCquckr+K4auQV3zGJ
kXYKKBtB1E+v1l0Dcr1gSRd3DBdfhwj2zVicTTzPQMELFPxW3+UWZXarnQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK59he4yc6rftb0ksZUl36Emsnt+MB8GA1UdIwQY
MBaAFDEdYrf9n8/Iff6ph1FXZ8g44hu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEt
ODUwZjM0OTA2MjI5LzEvcm4yRjdqSnpxdC0xdlNTeGxTWGZvU2F5ZTM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEtODUwZjM0OTA2MjI5
LzEvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCTV9AAwQA
uVwUMA0EAgACMAcDBQAqA5GAMA0GCSqGSIb3DQEBCwUAA4IBAQCayP90HZ3jxVIi
eQsQWo6geJCgstlspPPzAt74E/RW60D8FStyDFrlYpxDC5Xhe/Wfd0LP/3XRciFW
Aqv4wOxAFgXqkUAHBI7akNhAZS7b8ctx3QamITbGUFwmQnzY9gM2iypaaODjFW2+
ulvQS6nMuE5D1zJ2B+1U95q/OhStRPyDYDMM2jTTZ0ffaltdZ1BNZEqnrGDVPhUx
N0cnUJMDLUQGHUn4z1Ftgi1/z8G9lktvTC0vlXj3ZHbIFjV5L/pOzBz44E7UePx7
M09w+WUC++lJbWzXjolexdgdHw9xKd9JWoVzrE8YWXHYS79vKYQhSs3/mncuMCV7
1ZT6KDMk
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:12:20 2024 by rpki-client on console-fra.rpki-client.org