Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/6b169d-7f1f-4214-a25b-8c498077578f/1/Eho67qyLyk0Un50bzwF3LwrwlUg.roa
File:                     Eho67qyLyk0Un50bzwF3LwrwlUg.roa (raw, json)
Hash identifier:          ZU3wT1Kc11x7b3C14TSWWog1KU7wRCU0L2MDDGZwmJY=
Subject key identifier:   12:1A:3A:EE:AC:8B:CA:4D:14:9F:9D:1B:CF:01:77:2F:0A:F0:95:48
Certificate issuer:       /CN=d7ca53ae8442236757a78066e4e21733f758407a
Certificate serial:       018CC7955DF16A2E238B838BC6B7F1FA7B04
Authority key identifier: D7:CA:53:AE:84:42:23:67:57:A7:80:66:E4:E2:17:33:F7:58:40:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/18pTroRCI2dXp4Bm5OIXM_dYQHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/6b169d-7f1f-4214-a25b-8c498077578f/1/Eho67qyLyk0Un50bzwF3LwrwlUg.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211941
IP address blocks:        185.197.237.0/24 maxlen: 24
                          185.197.236.0/24 maxlen: 24
                          185.197.236.0/22 maxlen: 24
                          2a0a:7fc0:4::/46 maxlen: 46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/6b169d-7f1f-4214-a25b-8c498077578f/1/18pTroRCI2dXp4Bm5OIXM_dYQHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/6b169d-7f1f-4214-a25b-8c498077578f/1/18pTroRCI2dXp4Bm5OIXM_dYQHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/18pTroRCI2dXp4Bm5OIXM_dYQHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5d:f1:6a:2e:23:8b:83:8b:c6:b7:f1:fa:7b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7ca53ae8442236757a78066e4e21733f758407a
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=121a3aeeac8bca4d149f9d1bcf01772f0af09548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b1:ff:77:b6:4f:f3:c5:16:c9:02:82:11:39:
                    bc:e3:4a:11:59:4c:d2:31:9d:c1:0d:91:88:03:32:
                    f8:08:cf:3e:8f:ca:b0:17:28:88:ba:df:3e:1a:ed:
                    1b:c0:a6:17:b3:33:89:25:2a:9b:b4:d6:8b:e2:f5:
                    94:73:e1:7e:d0:fb:dd:41:75:d3:c9:74:f2:0b:4c:
                    58:8d:fb:cc:62:6a:87:ed:33:a4:44:68:04:c0:7e:
                    85:49:0e:bc:bd:64:12:f3:9a:4b:3b:7f:e3:a6:10:
                    88:1b:fa:9d:c5:2a:07:90:e7:1a:b5:e8:e4:5a:af:
                    2a:9e:7d:01:83:e8:f6:66:5c:49:2c:48:cf:32:ea:
                    5f:53:0e:24:75:e7:d0:9f:ad:a0:c7:ba:36:cc:ad:
                    d9:f8:cf:d4:1e:0e:63:1c:d2:cc:f0:06:fe:96:f0:
                    a0:6e:3e:27:1c:30:e1:aa:41:8b:44:af:30:89:26:
                    d7:b0:d9:48:ae:37:7e:90:44:ba:9f:d9:40:2c:46:
                    c2:ea:61:55:cf:6e:5b:9b:3d:88:8b:f9:c6:4d:dc:
                    64:95:c3:7b:16:6c:73:37:74:6d:53:4e:98:4f:f7:
                    db:1f:17:bb:68:42:33:f1:9f:bb:ef:78:4d:ed:b4:
                    93:8c:76:39:69:dd:fc:e0:71:7d:6c:cb:9f:6a:29:
                    39:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:1A:3A:EE:AC:8B:CA:4D:14:9F:9D:1B:CF:01:77:2F:0A:F0:95:48
            X509v3 Authority Key Identifier:
                keyid:D7:CA:53:AE:84:42:23:67:57:A7:80:66:E4:E2:17:33:F7:58:40:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/18pTroRCI2dXp4Bm5OIXM_dYQHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/6b169d-7f1f-4214-a25b-8c498077578f/1/Eho67qyLyk0Un50bzwF3LwrwlUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/6b169d-7f1f-4214-a25b-8c498077578f/1/18pTroRCI2dXp4Bm5OIXM_dYQHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.236.0/22
                IPv6:
                  2a0a:7fc0:4::/46

    Signature Algorithm: sha256WithRSAEncryption
         33:dd:e5:53:d7:ce:83:8a:1f:5e:bb:24:05:62:e2:89:da:c4:
         bc:30:f2:33:a5:7c:09:38:c8:0a:b2:d2:bb:37:9a:11:7a:5c:
         b4:8e:fe:53:53:87:76:b8:19:1c:c3:9c:49:93:cd:26:1c:82:
         cc:e0:00:84:16:67:cc:1c:72:50:fa:b6:a9:01:f7:d3:8b:6e:
         ac:a0:87:13:1d:85:18:57:22:98:b1:51:f6:12:15:46:43:bb:
         3e:e0:53:a8:67:57:d0:fa:40:da:59:a8:da:80:7d:b3:17:4d:
         a7:bc:d4:22:23:14:b2:c6:17:ae:22:1f:44:c5:97:fe:ed:23:
         da:80:84:e7:ba:21:d1:62:24:b1:08:33:f9:fd:d5:f1:f2:a1:
         35:f4:72:a6:0e:dc:c0:28:f4:36:a9:8b:14:43:b5:b2:c5:4d:
         3d:1b:90:16:e4:0f:f7:72:a2:db:21:9c:2f:e9:9c:cc:c8:3d:
         75:a5:ce:5b:a6:dd:6a:c1:d3:16:3a:89:f3:11:a8:12:c1:83:
         c4:09:f5:a1:65:8e:ca:9c:b2:0f:86:79:79:88:57:6b:04:2c:
         4e:dc:41:b7:6b:3f:79:8a:fd:1f:c9:08:43:4f:da:5b:21:56:
         c4:07:23:50:59:a8:f5:a9:ee:14:1e:37:56:cb:a3:5b:ac:c5:
         a6:68:15:89
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlV3xai4ji4OLxrfx+nsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3Y2E1M2FlODQ0MjIzNjc1N2E3ODA2NmU0ZTIxNzMzZjc1
ODQwN2EwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjFhM2FlZWFjOGJjYTRkMTQ5ZjlkMWJjZjAxNzcyZjBhZjA5NTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrH/d7ZP88UWyQKCETm840oRWUzS
MZ3BDZGIAzL4CM8+j8qwFyiIut8+Gu0bwKYXszOJJSqbtNaL4vWUc+F+0PvdQXXT
yXTyC0xYjfvMYmqH7TOkRGgEwH6FSQ68vWQS85pLO3/jphCIG/qdxSoHkOcatejk
Wq8qnn0Bg+j2ZlxJLEjPMupfUw4kdefQn62gx7o2zK3Z+M/UHg5jHNLM8Ab+lvCg
bj4nHDDhqkGLRK8wiSbXsNlIrjd+kES6n9lALEbC6mFVz25bmz2Ii/nGTdxklcN7
FmxzN3RtU06YT/fbHxe7aEIz8Z+773hN7bSTjHY5ad384HF9bMufaik5bwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBIaOu6si8pNFJ+dG88Bdy8K8JVIMB8GA1UdIwQY
MBaAFNfKU66EQiNnV6eAZuTiFzP3WEB6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMThwVHJvUkNJMmRYcDRCbTVPSVhNX2RZUUhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS82YjE2OWQtN2YxZi00MjE0LWEyNWIt
OGM0OTgwNzc1NzhmLzEvRWhvNjdxeUx5azBVbjUwYnp3RjNMd3J3bFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS82YjE2OWQtN2YxZi00MjE0LWEyNWItOGM0OTgwNzc1Nzhm
LzEvMThwVHJvUkNJMmRYcDRCbTVPSVhNX2RZUUhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCucXsMA8E
AgACMAkDBwIqCn/AAAQwDQYJKoZIhvcNAQELBQADggEBADPd5VPXzoOKH167JAVi
4onaxLww8jOlfAk4yAqy0rs3mhF6XLSO/lNTh3a4GRzDnEmTzSYcgszgAIQWZ8wc
clD6tqkB99OLbqyghxMdhRhXIpixUfYSFUZDuz7gU6hnV9D6QNpZqNqAfbMXTae8
1CIjFLLGF64iH0TFl/7tI9qAhOe6IdFiJLEIM/n91fHyoTX0cqYO3MAo9DapixRD
tbLFTT0bkBbkD/dyotshnC/pnMzIPXWlzlum3WrB0xY6ifMRqBLBg8QJ9aFljsqc
sg+GeXmIV2sELE7cQbdrP3mK/R/JCENP2lshVsQHI1BZqPWp7hQeN1bLo1usxaZo
FYk=
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:05:07 2024 by rpki-client on console-ams.rpki-client.org