Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/7O5jQHghzXyVtUiFNbwts_9_pLY.roa
File:                     7O5jQHghzXyVtUiFNbwts_9_pLY.roa (raw, json)
Hash identifier:          G1JkQ3Zg01+feH0cFaFtB0Bht4FTbljuzsVm1m6rDUw=
Subject key identifier:   EC:EE:63:40:78:21:CD:7C:95:B5:48:85:35:BC:2D:B3:FF:7F:A4:B6
Certificate issuer:       /CN=374c2617a372e466e98d42532dd0bd8e5cdd993d
Certificate serial:       018CC64A9AD2E467E75F8851FA7717AE2DB2
Authority key identifier: 37:4C:26:17:A3:72:E4:66:E9:8D:42:53:2D:D0:BD:8E:5C:DD:99:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/7O5jQHghzXyVtUiFNbwts_9_pLY.roa
Signing time:             Mon 01 Jan 2024 18:30:27 +0000
ROA not before:           Mon 01 Jan 2024 18:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201510
IP address blocks:        185.73.92.0/24 maxlen: 24
                          185.73.94.0/24 maxlen: 24
                          185.73.93.0/24 maxlen: 24
                          2a03:41e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:9a:d2:e4:67:e7:5f:88:51:fa:77:17:ae:2d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374c2617a372e466e98d42532dd0bd8e5cdd993d
        Validity
            Not Before: Jan  1 18:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecee63407821cd7c95b5488535bc2db3ff7fa4b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:a6:f4:fb:61:b6:54:8e:34:f5:51:84:39:eb:
                    4d:ff:b5:32:ab:f5:24:75:a9:8c:cb:63:aa:60:82:
                    5b:86:2e:a4:91:4d:bd:7f:1c:3d:b3:ea:08:80:af:
                    01:7f:99:10:20:33:73:85:66:ba:d2:41:dc:95:0d:
                    86:4e:62:76:1a:f7:01:13:75:a2:46:7a:15:71:85:
                    b0:c1:57:f8:26:da:47:0f:3b:27:4b:87:e1:41:43:
                    ff:37:8a:1a:92:9f:ee:24:dd:92:88:a2:07:6d:f1:
                    d5:d0:a0:53:92:f3:c6:cf:11:f5:3c:34:94:61:67:
                    30:d4:e1:bd:b5:34:c8:7c:af:1a:c4:58:23:77:0b:
                    e4:c4:cd:03:0b:75:4d:28:b8:2a:62:b1:03:49:7a:
                    10:fa:2a:ac:87:45:5c:94:e2:41:8d:f3:bd:29:3b:
                    e1:32:1b:96:31:80:52:fc:0c:36:1c:45:fb:63:02:
                    82:f9:33:57:dd:9f:fb:0c:9b:61:f2:de:7d:30:33:
                    21:5d:33:59:a1:26:66:35:f0:76:f3:41:64:01:77:
                    dc:45:ba:f6:bb:f8:c9:3f:c8:eb:2a:1f:81:51:e5:
                    4c:47:74:c0:15:c1:f5:73:11:ee:f7:53:53:47:36:
                    6c:b9:3b:e0:dd:f2:f0:38:66:1e:c9:a5:90:a1:33:
                    cb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:EE:63:40:78:21:CD:7C:95:B5:48:85:35:BC:2D:B3:FF:7F:A4:B6
            X509v3 Authority Key Identifier:
                keyid:37:4C:26:17:A3:72:E4:66:E9:8D:42:53:2D:D0:BD:8E:5C:DD:99:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/7O5jQHghzXyVtUiFNbwts_9_pLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.92.0-185.73.94.255
                IPv6:
                  2a03:41e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:50:33:97:34:ce:97:38:9c:78:a0:47:21:7c:25:3f:26:dd:
         6b:52:4e:44:e6:74:27:b9:1a:cb:a2:34:b6:89:38:de:f5:66:
         75:84:3a:66:1f:c5:90:44:7b:d7:7e:a8:12:5b:5f:4a:30:98:
         0a:ed:a8:85:46:45:0a:bd:bf:51:26:00:9e:f7:b1:5c:73:c5:
         dc:71:63:e4:22:c7:81:69:25:15:4d:c1:96:a6:df:13:71:a4:
         12:e3:67:dd:05:37:bb:a9:ce:4f:55:be:22:9d:41:07:3e:c1:
         04:93:1c:b3:8b:a7:da:e6:1d:ba:b6:1a:aa:07:a1:bf:d0:da:
         ae:3e:c1:91:10:59:ba:84:13:98:81:3b:53:63:a9:29:bc:01:
         ea:72:0a:6e:42:60:dd:26:17:30:5d:be:1e:49:c2:4c:26:39:
         c5:d1:ce:ae:1c:6c:3c:f3:6a:b2:da:7e:75:99:4c:72:20:15:
         9f:94:e6:9e:c8:f7:08:65:c3:8c:d7:67:e0:47:c8:14:9c:ab:
         99:be:56:47:46:d9:56:96:2f:fb:9d:f1:93:2f:d2:26:22:c8:
         2d:e3:85:9d:e8:a2:85:8c:7a:86:b8:c5:9d:6e:5f:9a:4a:4c:
         0b:9e:18:32:80:f5:16:29:8e:ca:0d:b6:5f:64:be:b5:08:ac:
         c8:9c:68:eb
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzGSprS5GfnX4hR+ncXri2yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGMyNjE3YTM3MmU0NjZlOThkNDI1MzJkZDBiZDhlNWNk
ZDk5M2QwHhcNMjQwMTAxMTgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2VlNjM0MDc4MjFjZDdjOTViNTQ4ODUzNWJjMmRiM2ZmN2ZhNGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgab0+2G2VI409VGEOetN/7Uyq/Uk
damMy2OqYIJbhi6kkU29fxw9s+oIgK8Bf5kQIDNzhWa60kHclQ2GTmJ2GvcBE3Wi
RnoVcYWwwVf4JtpHDzsnS4fhQUP/N4oakp/uJN2SiKIHbfHV0KBTkvPGzxH1PDSU
YWcw1OG9tTTIfK8axFgjdwvkxM0DC3VNKLgqYrEDSXoQ+iqsh0VclOJBjfO9KTvh
MhuWMYBS/Aw2HEX7YwKC+TNX3Z/7DJth8t59MDMhXTNZoSZmNfB280FkAXfcRbr2
u/jJP8jrKh+BUeVMR3TAFcH1cxHu91NTRzZsuTvg3fLwOGYeyaWQoTPLEQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFOzuY0B4Ic18lbVIhTW8LbP/f6S2MB8GA1UdIwQY
MBaAFDdMJhejcuRm6Y1CUy3QvY5c3Zk9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjB3bUY2Tnk1R2JwalVKVExkQzlqbHpkbVQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8zODExMjUtMDI0OC00ZWJjLWE3NGQt
YjhkYWQ2ZTVjM2JmLzEvN081alFIZ2h6WHlWdFVpRk5id3RzXzlfcExZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8zODExMjUtMDI0OC00ZWJjLWE3NGQtYjhkYWQ2ZTVjM2Jm
LzEvTjB3bUY2Tnk1R2JwalVKVExkQzlqbHpkbVQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAK5SVwD
BAC5SV4wDQQCAAIwBwMFACoDQeAwDQYJKoZIhvcNAQELBQADggEBAD1QM5c0zpc4
nHigRyF8JT8m3WtSTkTmdCe5GsuiNLaJON71ZnWEOmYfxZBEe9d+qBJbX0owmArt
qIVGRQq9v1EmAJ73sVxzxdxxY+Qix4FpJRVNwZam3xNxpBLjZ90FN7upzk9VviKd
QQc+wQSTHLOLp9rmHbq2GqoHob/Q2q4+wZEQWbqEE5iBO1NjqSm8AepyCm5CYN0m
FzBdvh5JwkwmOcXRzq4cbDzzarLafnWZTHIgFZ+U5p7I9whlw4zXZ+BHyBScq5m+
VkdG2VaWL/ud8ZMv0iYiyC3jhZ3oooWMeoa4xZ1uX5pKTAueGDKA9RYpjsoNtl9k
vrUIrMicaOs=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:58:14 2024 by rpki-client on console-fra.rpki-client.org