Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/A7PF5xa7GBgSxqdFyg2KaClnCBI.roa
File:                     A7PF5xa7GBgSxqdFyg2KaClnCBI.roa (raw, json)
Hash identifier:          zubFJq28i6gY6OkBh7WWYo68RQUV8MVciZKksKQIIKE=
Subject key identifier:   03:B3:C5:E7:16:BB:18:18:12:C6:A7:45:CA:0D:8A:68:29:67:08:12
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       018CC8DCD71E5F41975C63C06A3D429B487C
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/A7PF5xa7GBgSxqdFyg2KaClnCBI.roa
Signing time:             Tue 02 Jan 2024 06:29:25 +0000
ROA not before:           Tue 02 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50515
IP address blocks:        188.247.130.0/24 maxlen: 24
                          92.55.144.0/24 maxlen: 24
                          92.55.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d7:1e:5f:41:97:5c:63:c0:6a:3d:42:9b:48:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  2 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03b3c5e716bb181812c6a745ca0d8a6829670812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:01:af:fd:3e:53:8b:e2:db:dc:2d:f3:4b:f6:
                    6a:22:e5:86:f0:d2:56:b4:36:2a:fc:d0:84:81:bc:
                    68:b8:e2:2d:ce:6c:92:cd:44:a0:5b:16:bc:26:f1:
                    75:43:c6:ac:75:e8:1d:40:7d:8c:3f:a5:79:81:94:
                    2d:d2:7b:f1:b4:dc:83:e1:c2:b0:bc:c9:e8:4c:59:
                    45:34:f9:c6:ce:3b:8b:ec:e6:12:40:6c:26:e8:bd:
                    48:f1:da:79:78:77:8e:e9:e3:de:4e:28:03:28:7d:
                    30:8d:68:d7:9c:71:8c:5a:8a:41:82:b7:08:88:bb:
                    2b:8e:bd:e9:82:70:e1:85:44:8d:23:7b:c1:07:22:
                    36:4f:ee:e4:aa:cc:31:82:dc:c4:3c:d0:68:e0:8a:
                    02:19:85:2b:43:45:94:b1:05:0a:97:48:19:7c:ef:
                    55:e6:99:52:80:bc:84:76:43:55:e6:38:6c:7f:e3:
                    68:50:6a:6e:f3:4c:83:05:32:27:79:3b:aa:07:d5:
                    8a:e0:c7:e2:c7:67:47:ff:97:5a:90:49:d9:a8:5e:
                    08:05:ee:cf:e9:72:18:3d:01:71:4b:1d:32:98:44:
                    01:65:c0:ce:29:e1:01:d9:68:e3:f1:09:63:07:ba:
                    46:9e:54:ec:03:f3:1c:c7:e4:ca:e8:0d:93:fc:e8:
                    98:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B3:C5:E7:16:BB:18:18:12:C6:A7:45:CA:0D:8A:68:29:67:08:12
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/A7PF5xa7GBgSxqdFyg2KaClnCBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.55.144.0/24
                  92.55.147.0/24
                  188.247.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:9c:07:66:42:78:07:a4:16:12:07:c1:55:6a:04:79:65:b6:
         98:41:0a:71:e0:69:c9:a6:dc:aa:3a:b3:51:e9:93:df:a8:1a:
         44:de:f8:77:62:b3:e5:c9:ad:2b:0f:31:c4:2d:d5:55:18:1c:
         52:93:2c:8f:83:fb:2a:92:bf:f7:a9:7a:41:ff:d2:43:8a:a1:
         44:cc:ec:f0:47:16:9e:a7:e3:ca:1b:17:0c:71:df:88:98:75:
         fb:bb:86:57:18:83:c6:d0:18:55:3e:6d:03:92:ef:2d:f7:34:
         75:49:e6:7a:e9:ea:cd:e3:79:c8:19:57:7f:29:2b:b1:fc:5d:
         d0:08:8d:8c:c3:88:c0:07:39:39:c2:5d:f5:eb:91:d9:39:56:
         81:a4:49:f4:86:0c:68:6f:9b:8c:e8:89:4e:04:63:a0:f7:b4:
         ac:c1:2a:2f:0e:a8:86:69:68:55:3f:53:ed:3b:3c:bd:42:8b:
         24:fd:5b:b0:4f:b1:79:14:5a:36:a2:0b:d7:71:ed:d9:3f:b7:
         87:55:e0:e5:45:36:c6:71:f6:01:a7:88:a0:63:41:10:1a:bc:
         74:b9:87:53:46:09:ad:40:b7:d1:bf:4c:a2:ab:f7:0e:6b:95:
         f5:bc:0c:95:16:1e:03:13:e8:29:d2:af:81:35:d6:ea:6a:ab:
         a1:12:44:fa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3NceX0GXXGPAaj1Cm0h8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2IzYzVlNzE2YmIxODE4MTJjNmE3NDVjYTBkOGE2ODI5NjcwODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQGv/T5Ti+Lb3C3zS/ZqIuWG8NJW
tDYq/NCEgbxouOItzmySzUSgWxa8JvF1Q8asdegdQH2MP6V5gZQt0nvxtNyD4cKw
vMnoTFlFNPnGzjuL7OYSQGwm6L1I8dp5eHeO6ePeTigDKH0wjWjXnHGMWopBgrcI
iLsrjr3pgnDhhUSNI3vBByI2T+7kqswxgtzEPNBo4IoCGYUrQ0WUsQUKl0gZfO9V
5plSgLyEdkNV5jhsf+NoUGpu80yDBTIneTuqB9WK4Mfix2dH/5dakEnZqF4IBe7P
6XIYPQFxSx0ymEQBZcDOKeEB2Wjj8QljB7pGnlTsA/Mcx+TK6A2T/OiYmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAOzxecWuxgYEsanRcoNimgpZwgSMB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvQTdQRjV4YTdHQmdTeHFkRnlnMkthQ2xuQ0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXDeQAwQA
XDeTAwQAvPeCMA0GCSqGSIb3DQEBCwUAA4IBAQCrnAdmQngHpBYSB8FVagR5ZbaY
QQpx4GnJptyqOrNR6ZPfqBpE3vh3YrPlya0rDzHELdVVGBxSkyyPg/sqkr/3qXpB
/9JDiqFEzOzwRxaep+PKGxcMcd+ImHX7u4ZXGIPG0BhVPm0Dku8t9zR1SeZ66erN
43nIGVd/KSux/F3QCI2Mw4jABzk5wl3165HZOVaBpEn0hgxob5uM6IlOBGOg97Ss
wSovDqiGaWhVP1PtOzy9Qosk/VuwT7F5FFo2ogvXce3ZP7eHVeDlRTbGcfYBp4ig
Y0EQGrx0uYdTRgmtQLfRv0yiq/cOa5X1vAyVFh4DE+gp0q+BNdbqaquhEkT6
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:58:22 2024 by rpki-client on console-fra.rpki-client.org