Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/0iJOHpJ_VlD9742GoqFt9wqCZA8.roa
File:                     0iJOHpJ_VlD9742GoqFt9wqCZA8.roa (raw, json)
Hash identifier:          sTNyWR913d0IEWzO/0bKgo3E5kWYhETNSJkhoNtVgos=
Subject key identifier:   D2:22:4E:1E:92:7F:56:50:FD:EF:8D:86:A2:A1:6D:F7:0A:82:64:0F
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       018CE9C3030DF1FD5E533F3ACCAC35E0E567
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/0iJOHpJ_VlD9742GoqFt9wqCZA8.roa
Signing time:             Mon 08 Jan 2024 15:48:40 +0000
ROA not before:           Mon 08 Jan 2024 15:48:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49857
IP address blocks:        87.229.101.0/24 maxlen: 24
                          87.229.119.0/24 maxlen: 24
                          178.238.216.0/24 maxlen: 24
                          178.238.217.0/24 maxlen: 24
                          2a02:730:5000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:c3:03:0d:f1:fd:5e:53:3f:3a:cc:ac:35:e0:e5:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  8 15:48:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2224e1e927f5650fdef8d86a2a16df70a82640f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:79:ea:65:5e:8a:01:68:85:cc:28:50:32:e0:
                    36:96:91:73:24:cf:46:94:31:09:b6:32:32:de:0d:
                    64:e2:16:46:ff:84:fa:6d:2b:d6:81:42:8a:af:cf:
                    13:b1:33:19:0a:ac:2f:70:db:1d:2c:1d:a8:fa:d4:
                    cd:2f:0a:be:4d:0e:a6:eb:c9:9e:14:43:5f:14:fc:
                    a2:2e:f0:ce:6c:77:8b:94:09:b1:fb:2a:6e:ce:aa:
                    a4:41:f2:e9:27:39:07:40:6f:3b:b6:24:ae:7b:72:
                    b1:8e:54:f1:1a:5c:ee:fd:6e:2d:9f:39:2b:f7:ef:
                    c7:47:1c:97:b1:cc:48:de:e0:b1:da:34:18:6a:fb:
                    db:34:7e:89:6f:f6:8b:be:1f:86:eb:11:d4:ef:db:
                    53:1e:cd:64:99:25:fb:19:da:0c:b1:ab:72:26:62:
                    48:ce:a8:0d:31:03:aa:fb:1a:df:27:1c:e0:d5:67:
                    c5:92:9f:10:df:b9:48:3f:66:9e:e1:1b:c7:65:b3:
                    e3:03:77:ee:c8:6e:7c:d5:f1:0f:19:30:67:ac:4e:
                    06:f4:f1:15:ef:08:83:6b:32:3d:1d:5b:23:d2:b5:
                    c8:45:67:02:6f:71:ed:18:5f:1f:c6:7c:97:b0:f4:
                    82:27:d0:03:28:ce:a7:29:c9:5f:bb:54:7b:6c:dc:
                    0d:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:22:4E:1E:92:7F:56:50:FD:EF:8D:86:A2:A1:6D:F7:0A:82:64:0F
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/0iJOHpJ_VlD9742GoqFt9wqCZA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.101.0/24
                  87.229.119.0/24
                  178.238.216.0/23
                IPv6:
                  2a02:730:5000::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:1a:c0:c0:58:52:10:3a:0f:d6:aa:6f:80:a8:50:74:a5:40:
         8a:f2:a7:b0:42:6c:73:16:8f:c0:4a:ce:5f:26:3c:c1:2a:1a:
         5c:55:31:88:a5:9a:83:64:eb:5f:0d:08:2e:d7:bd:c5:2e:57:
         9d:dd:7b:e5:05:59:5b:c3:12:93:2a:f2:0d:7f:16:a6:a4:d2:
         5c:bf:50:6c:5f:73:fe:d2:30:be:e9:5d:c1:ca:2f:4b:9f:a7:
         fd:9c:78:c9:19:12:c4:36:07:12:40:bd:f1:39:c5:e9:db:eb:
         04:8e:42:b4:97:b7:df:0b:0d:90:a5:20:92:e0:e2:e3:2b:e7:
         3e:cf:58:a7:b6:b8:6b:f9:d1:b1:1e:5e:f5:1e:e0:e7:7e:2a:
         8b:12:80:8c:d8:68:37:d6:3d:60:01:22:8c:bb:0e:16:db:50:
         62:de:64:25:65:43:c8:8c:ec:56:da:53:f7:18:72:74:e3:8f:
         e8:0e:20:78:72:02:4e:78:d4:6b:b7:16:80:28:1e:f8:8c:b5:
         f3:55:3c:22:7b:14:9b:ae:68:9f:ba:b4:ba:0a:1d:87:f6:a9:
         9b:33:2f:8d:2f:a0:fb:10:04:a0:8c:a1:e6:c8:b4:cb:74:c6:
         15:28:dd:53:52:c9:bd:7b:05:9e:63:39:4c:10:c5:b4:99:b8:
         28:da:1e:9c
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzpwwMN8f1eUz86zKw14OVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjQwMTA4MTU0ODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjIyNGUxZTkyN2Y1NjUwZmRlZjhkODZhMmExNmRmNzBhODI2NDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3nqZV6KAWiFzChQMuA2lpFzJM9G
lDEJtjIy3g1k4hZG/4T6bSvWgUKKr88TsTMZCqwvcNsdLB2o+tTNLwq+TQ6m68me
FENfFPyiLvDObHeLlAmx+ypuzqqkQfLpJzkHQG87tiSue3KxjlTxGlzu/W4tnzkr
9+/HRxyXscxI3uCx2jQYavvbNH6Jb/aLvh+G6xHU79tTHs1kmSX7GdoMsatyJmJI
zqgNMQOq+xrfJxzg1WfFkp8Q37lIP2ae4RvHZbPjA3fuyG581fEPGTBnrE4G9PEV
7wiDazI9HVsj0rXIRWcCb3HtGF8fxnyXsPSCJ9ADKM6nKclfu1R7bNwNEQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFNIiTh6Sf1ZQ/e+NhqKhbfcKgmQPMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvMGlKT0hwSl9WbEQ5NzQyR29xRnQ5d3FDWkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAV+VlAwQA
V+V3AwQBsu7YMA8EAgACMAkDBwAqAgcwUAAwDQYJKoZIhvcNAQELBQADggEBAEMa
wMBYUhA6D9aqb4CoUHSlQIryp7BCbHMWj8BKzl8mPMEqGlxVMYilmoNk618NCC7X
vcUuV53de+UFWVvDEpMq8g1/Fqak0ly/UGxfc/7SML7pXcHKL0ufp/2ceMkZEsQ2
BxJAvfE5xenb6wSOQrSXt98LDZClIJLg4uMr5z7PWKe2uGv50bEeXvUe4Od+KosS
gIzYaDfWPWABIoy7DhbbUGLeZCVlQ8iM7FbaU/cYcnTjj+gOIHhyAk541Gu3FoAo
HviMtfNVPCJ7FJuuaJ+6tLoKHYf2qZszL40voPsQBKCMoebItMt0xhUo3VNSyb17
BZ5jOUwQxbSZuCjaHpw=
-----END CERTIFICATE-----
Generated at Mon Nov 25 20:30:03 2024 by rpki-client on console-fra.rpki-client.org