Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/Un6DMwIU5ezyeuqvgjosVeTzluk.roa
File:                     Un6DMwIU5ezyeuqvgjosVeTzluk.roa (raw, json)
Hash identifier:          /ItzBl93BohxcekQ7AtLKgidK4ZFT0ZU+s3cmLeLIXQ=
Subject key identifier:   52:7E:83:33:02:14:E5:EC:F2:7A:EA:AF:82:3A:2C:55:E4:F3:96:E9
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF85087F3F6328EF93F799F19695E0
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/Un6DMwIU5ezyeuqvgjosVeTzluk.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202561
IP address blocks:        188.132.221.0/24 maxlen: 24
                          188.132.222.0/24 maxlen: 24
                          188.132.152.0/24 maxlen: 24
                          188.132.167.0/24 maxlen: 24
                          188.132.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:85:08:7f:3f:63:28:ef:93:f7:99:f1:96:95:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=527e83330214e5ecf27aeaaf823a2c55e4f396e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:af:e0:b9:40:ff:c1:1d:6d:ba:23:a8:04:6e:
                    17:d7:f5:ac:cc:0c:76:c8:08:d1:32:35:b6:68:a4:
                    6d:f1:95:6b:2e:5f:c2:95:6b:41:33:7b:9e:3d:be:
                    1a:d9:69:9b:cb:97:12:63:80:74:dc:f1:a2:bc:a4:
                    f7:fc:2b:57:2e:aa:30:a3:0e:be:e6:f3:96:76:5c:
                    8c:f8:1f:48:bf:59:4c:5f:82:af:88:27:51:a0:fe:
                    39:56:ec:bb:84:6f:14:ff:cb:6c:eb:87:ba:e0:19:
                    64:e8:4b:ec:92:da:87:04:8b:b4:f6:a4:1b:d5:8f:
                    07:54:3d:16:21:21:8c:a8:13:98:0d:7a:31:75:9c:
                    98:e7:5e:69:40:c2:b3:3e:85:a7:26:f9:00:a8:03:
                    4d:36:ca:63:f4:09:81:5f:38:b8:8f:ba:f4:46:28:
                    09:db:d1:7a:b3:b2:bc:05:1f:0c:ba:8c:02:06:88:
                    d2:00:9b:80:6d:20:c1:1b:f1:c3:0c:1f:99:69:75:
                    e7:c3:94:df:a6:93:11:0a:77:6d:91:50:c5:ba:a5:
                    7c:a7:f7:ea:36:66:5b:43:33:7b:db:ab:e8:ec:92:
                    98:61:d3:f6:cd:d7:d7:66:aa:53:fc:28:7e:f4:4b:
                    aa:36:fb:17:fd:82:8e:d6:27:5d:30:ae:d0:03:75:
                    83:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:7E:83:33:02:14:E5:EC:F2:7A:EA:AF:82:3A:2C:55:E4:F3:96:E9
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/Un6DMwIU5ezyeuqvgjosVeTzluk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.152.0/24
                  188.132.167.0/24
                  188.132.203.0/24
                  188.132.221.0-188.132.222.255

    Signature Algorithm: sha256WithRSAEncryption
         9b:6e:fa:8d:3d:02:0b:37:8c:17:91:02:e4:21:09:1b:fc:18:
         d2:89:0b:8d:d8:eb:76:9f:c0:e6:0a:fe:f9:ce:5c:1c:9e:f4:
         32:bb:d2:7c:84:bd:52:0b:fa:09:15:2a:7a:b3:55:c2:ee:55:
         0b:9b:70:44:23:89:6e:a2:85:6c:4e:7a:51:93:51:d8:05:79:
         5f:e0:cb:58:1e:4c:63:7e:7a:6e:61:a8:83:b0:0a:df:c2:70:
         f3:75:a6:43:a8:c6:8c:8a:ec:2b:18:9d:bf:ed:2e:06:01:04:
         7a:b7:a6:cb:0d:3d:92:88:79:1f:50:5b:b2:78:92:74:7b:f4:
         95:a3:ba:f8:47:86:51:30:fa:29:85:6b:ea:09:89:a8:36:c1:
         a5:5b:9b:c6:d6:c2:e6:5a:0a:87:e8:d8:83:b2:cf:d4:b8:9c:
         fd:80:f5:27:c2:00:0f:0d:d4:55:be:a9:9a:1c:4e:f3:6c:02:
         0d:56:e8:53:e5:6a:67:fd:1b:d3:b9:3a:48:c1:19:52:22:7e:
         0a:61:d8:8b:30:8d:bc:5d:64:89:12:e8:6d:e3:fb:df:c2:53:
         7a:6c:3a:ef:7f:f0:c1:83:ac:ba:66:a0:8c:eb:ba:c0:71:f7:
         5a:04:1f:f6:58:10:00:3d:4e:61:c4:ad:48:d5:07:72:a8:46:
         0a:2f:83:61
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzI34UIfz9jKO+T95nxlpXgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjdlODMzMzAyMTRlNWVjZjI3YWVhYWY4MjNhMmM1NWU0ZjM5NmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtq/guUD/wR1tuiOoBG4X1/WszAx2
yAjRMjW2aKRt8ZVrLl/ClWtBM3uePb4a2Wmby5cSY4B03PGivKT3/CtXLqowow6+
5vOWdlyM+B9Iv1lMX4KviCdRoP45Vuy7hG8U/8ts64e64Blk6EvsktqHBIu09qQb
1Y8HVD0WISGMqBOYDXoxdZyY515pQMKzPoWnJvkAqANNNspj9AmBXzi4j7r0RigJ
29F6s7K8BR8MuowCBojSAJuAbSDBG/HDDB+ZaXXnw5TfppMRCndtkVDFuqV8p/fq
NmZbQzN726vo7JKYYdP2zdfXZqpT/Ch+9EuqNvsX/YKO1iddMK7QA3WDmwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFFJ+gzMCFOXs8nrqr4I6LFXk85bpMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvVW42RE13SVU1ZXp5ZXVxdmdqb3NWZVR6bHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAvISYAwQA
vISnAwQAvITLMAwDBAC8hN0DBAC8hN4wDQYJKoZIhvcNAQELBQADggEBAJtu+o09
Ags3jBeRAuQhCRv8GNKJC43Y63afwOYK/vnOXBye9DK70nyEvVIL+gkVKnqzVcLu
VQubcEQjiW6ihWxOelGTUdgFeV/gy1geTGN+em5hqIOwCt/CcPN1pkOoxoyK7CsY
nb/tLgYBBHq3pssNPZKIeR9QW7J4knR79JWjuvhHhlEw+imFa+oJiag2waVbm8bW
wuZaCofo2IOyz9S4nP2A9SfCAA8N1FW+qZocTvNsAg1W6FPlamf9G9O5OkjBGVIi
fgph2IswjbxdZIkS6G3j+9/CU3psOu9/8MGDrLpmoIzrusBx91oEH/ZYEAA9TmHE
rUjVB3KoRgovg2E=
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:37:09 2024 by rpki-client on console-fra.rpki-client.org