Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/806RetUC5kj2mlGjqbnKrm1p4ww.roa
File:                     806RetUC5kj2mlGjqbnKrm1p4ww.roa (raw, json)
Hash identifier:          LNMMwW/5PxEEnrgDOTiV46SUWuAttVjnEo+4XmDTawM=
Subject key identifier:   F3:4E:91:7A:D5:02:E6:48:F6:9A:51:A3:A9:B9:CA:AE:6D:69:E3:0C
Certificate issuer:       /CN=f7a8b70aa10069b5515a9cb3c149b885b7a12834
Certificate serial:       018CC2DB5BAC26AE82B1B69DAB8FF769194D
Authority key identifier: F7:A8:B7:0A:A1:00:69:B5:51:5A:9C:B3:C1:49:B8:85:B7:A1:28:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96i3CqEAabVRWpyzwUm4hbehKDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/806RetUC5kj2mlGjqbnKrm1p4ww.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50807
IP address blocks:        195.149.121.0/24 maxlen: 24
                          78.40.16.0/24 maxlen: 24
                          78.40.17.0/24 maxlen: 24
                          78.40.21.0/24 maxlen: 24
                          78.40.20.0/24 maxlen: 24
                          78.40.18.0/24 maxlen: 24
                          78.40.19.0/24 maxlen: 24
                          91.193.104.0/24 maxlen: 24
                          91.193.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/96i3CqEAabVRWpyzwUm4hbehKDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/96i3CqEAabVRWpyzwUm4hbehKDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96i3CqEAabVRWpyzwUm4hbehKDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5b:ac:26:ae:82:b1:b6:9d:ab:8f:f7:69:19:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7a8b70aa10069b5515a9cb3c149b885b7a12834
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f34e917ad502e648f69a51a3a9b9caae6d69e30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:5b:81:82:57:07:ba:5d:ce:72:b4:43:0a:97:
                    63:56:5f:d9:73:8b:32:63:ea:f0:6e:24:c0:39:ee:
                    00:0c:69:3e:8a:80:e7:91:c4:b0:33:16:89:72:32:
                    50:ca:6b:b5:fa:e0:75:03:4a:aa:84:49:a9:d0:02:
                    00:c8:50:c9:97:3a:2b:00:52:28:18:7d:36:94:db:
                    e4:ea:19:16:d6:0c:47:7a:10:b7:b3:72:5b:c0:46:
                    12:ed:ab:67:fb:77:6f:3e:15:e8:fe:31:33:9d:0a:
                    9a:0e:35:36:c3:3c:d7:7d:93:12:44:95:c7:d8:ba:
                    1c:88:99:52:41:d4:92:33:ab:4b:b2:c2:4e:a1:84:
                    9e:a7:2b:9c:ec:fa:f8:65:83:be:0f:ea:fc:e4:8c:
                    22:e1:ae:e5:1b:c4:3f:8b:6f:37:f2:c4:35:e9:c1:
                    09:d1:92:6f:ab:d3:c0:55:fd:46:c1:2e:58:8f:0f:
                    ec:85:75:09:73:d6:58:43:23:95:d6:09:4f:49:1d:
                    d4:7d:90:02:e6:ac:f0:32:b7:fc:f9:12:12:85:dc:
                    76:a3:81:cd:72:64:7b:f7:ef:d8:fd:4a:3b:2a:cf:
                    71:9d:72:35:5b:e7:5d:93:e1:9a:2a:d8:3e:7d:25:
                    64:a4:b5:bd:9a:da:06:f7:c6:eb:98:9e:3b:81:80:
                    05:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:4E:91:7A:D5:02:E6:48:F6:9A:51:A3:A9:B9:CA:AE:6D:69:E3:0C
            X509v3 Authority Key Identifier:
                keyid:F7:A8:B7:0A:A1:00:69:B5:51:5A:9C:B3:C1:49:B8:85:B7:A1:28:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96i3CqEAabVRWpyzwUm4hbehKDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/806RetUC5kj2mlGjqbnKrm1p4ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48aeaf-9545-4d4b-9cda-9d0743370495/1/96i3CqEAabVRWpyzwUm4hbehKDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.16.0-78.40.21.255
                  91.193.104.0/23
                  195.149.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:21:e1:78:c4:58:5b:d1:ff:ea:c6:99:c9:f8:74:09:f1:26:
         4c:59:dd:7d:08:37:dd:6b:8f:72:5f:6e:f4:02:af:90:8b:af:
         2c:46:37:53:4a:5a:b5:8e:2a:81:fe:eb:4b:3c:34:b7:cd:d1:
         bb:4e:27:28:92:3d:f3:dd:5c:5d:98:ec:a9:86:9c:7b:f6:e5:
         ef:58:5c:4e:ce:d4:46:b5:5f:ba:aa:bb:ae:c8:69:1c:0d:91:
         1e:69:b4:4a:32:e8:ae:2c:8b:26:58:8b:05:eb:0a:61:91:97:
         e7:87:27:df:54:b3:1c:cb:62:4b:83:27:74:43:90:e7:6d:55:
         eb:07:8d:44:04:9c:55:01:8b:31:7c:b1:f3:61:6b:eb:fd:86:
         ea:35:90:75:8d:2e:2a:76:42:90:28:cf:71:a3:f7:36:28:2e:
         1e:cf:d5:9f:0e:c8:1f:91:37:48:c1:8c:35:5c:13:90:94:ca:
         5c:71:3e:47:1c:84:a8:a0:a7:23:34:b5:b0:09:4e:88:e0:c2:
         ad:90:38:ed:75:d5:74:b6:ac:16:b0:a2:1c:72:9b:41:df:21:
         e5:10:03:87:09:19:a5:46:1a:87:82:fa:19:31:57:cd:43:d8:
         ff:93:fb:a6:97:80:2a:3d:38:99:aa:a2:26:5a:2d:ba:38:2e:
         97:79:bf:ea
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzC21usJq6Csbadq4/3aRlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YThiNzBhYTEwMDY5YjU1MTVhOWNiM2MxNDliODg1Yjdh
MTI4MzQwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzRlOTE3YWQ1MDJlNjQ4ZjY5YTUxYTNhOWI5Y2FhZTZkNjllMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FuBglcHul3OcrRDCpdjVl/Zc4sy
Y+rwbiTAOe4ADGk+ioDnkcSwMxaJcjJQymu1+uB1A0qqhEmp0AIAyFDJlzorAFIo
GH02lNvk6hkW1gxHehC3s3JbwEYS7atn+3dvPhXo/jEznQqaDjU2wzzXfZMSRJXH
2LociJlSQdSSM6tLssJOoYSepyuc7Pr4ZYO+D+r85Iwi4a7lG8Q/i2838sQ16cEJ
0ZJvq9PAVf1GwS5Yjw/shXUJc9ZYQyOV1glPSR3UfZAC5qzwMrf8+RIShdx2o4HN
cmR79+/Y/Uo7Ks9xnXI1W+ddk+GaKtg+fSVkpLW9mtoG98brmJ47gYAFgQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPNOkXrVAuZI9ppRo6m5yq5taeMMMB8GA1UdIwQY
MBaAFPeotwqhAGm1UVqcs8FJuIW3oSg0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZpM0NxRUFhYlZSV3B5endVbTRoYmVoS0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80OGFlYWYtOTU0NS00ZDRiLTljZGEt
OWQwNzQzMzcwNDk1LzEvODA2UmV0VUM1a2oybWxHanFibktybTFwNHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80OGFlYWYtOTU0NS00ZDRiLTljZGEtOWQwNzQzMzcwNDk1
LzEvOTZpM0NxRUFhYlZSV3B5endVbTRoYmVoS0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAROKBAD
BAFOKBQDBAFbwWgDBADDlXkwDQYJKoZIhvcNAQELBQADggEBAJoh4XjEWFvR/+rG
mcn4dAnxJkxZ3X0IN91rj3JfbvQCr5CLryxGN1NKWrWOKoH+60s8NLfN0btOJyiS
PfPdXF2Y7KmGnHv25e9YXE7O1Ea1X7qqu67IaRwNkR5ptEoy6K4siyZYiwXrCmGR
l+eHJ99UsxzLYkuDJ3RDkOdtVesHjUQEnFUBizF8sfNha+v9huo1kHWNLip2QpAo
z3Gj9zYoLh7P1Z8OyB+RN0jBjDVcE5CUylxxPkcchKigpyM0tbAJTojgwq2QOO11
1XS2rBawohxym0HfIeUQA4cJGaVGGoeC+hkxV81D2P+T+6aXgCo9OJmqoiZaLbo4
Lpd5v+o=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:42:19 2024 by rpki-client on console-fra.rpki-client.org