Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/4MSwI34oD0mOB7cYfLlHl6EuZb4.roa
File:                     4MSwI34oD0mOB7cYfLlHl6EuZb4.roa (raw, json)
Hash identifier:          aM7oFwqt1ReGq2doSZe+dL7L9xBdSHJt/aq6Zy1aiDw=
Subject key identifier:   E0:C4:B0:23:7E:28:0F:49:8E:07:B7:18:7C:B9:47:97:A1:2E:65:BE
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A02050C17D49724C86BF77BE193F3
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/4MSwI34oD0mOB7cYfLlHl6EuZb4.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49184
IP address blocks:        93.170.3.0/24 maxlen: 24
                          93.171.96.0/24 maxlen: 24
                          93.171.96.0/23 maxlen: 24
                          93.171.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:02:05:0c:17:d4:97:24:c8:6b:f7:7b:e1:93:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0c4b0237e280f498e07b7187cb94797a12e65be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a6:55:c3:88:8b:96:38:1c:95:e0:7a:6d:2b:
                    ec:84:3c:44:8e:c1:8b:81:7c:40:94:e1:de:8b:9d:
                    fd:1c:c9:20:38:d8:21:c7:ed:2a:8e:f9:53:11:68:
                    17:99:20:8a:f8:8a:30:3d:25:14:20:c0:c1:f4:3b:
                    f2:65:f7:ce:b5:d9:5c:9e:87:95:26:46:f0:57:40:
                    d4:10:f6:24:ca:c0:cd:da:6c:97:aa:06:0e:51:53:
                    37:0a:b5:f5:54:a9:80:9a:5c:be:4d:93:62:07:ee:
                    e0:e0:cc:9b:bb:02:0a:53:2c:4b:67:3a:b7:e0:63:
                    85:d2:1f:e2:2b:c7:af:02:00:78:50:16:f0:bd:92:
                    8f:2d:c3:10:25:1b:c2:ef:8a:cd:b0:57:12:48:e8:
                    87:2a:b5:37:72:0d:91:fa:7b:7c:94:52:79:be:8e:
                    ea:8e:89:dd:3e:be:01:18:83:65:8f:da:76:d6:41:
                    d9:0f:87:5d:6e:3d:8b:d0:87:9d:f0:36:43:5a:e9:
                    7c:f7:07:5d:97:f8:58:17:e3:db:48:cd:e5:e4:30:
                    60:7b:8c:2f:44:9b:f2:a6:e9:5e:74:ec:3b:d0:7b:
                    f4:78:7d:1c:39:28:8d:01:66:8f:5f:83:05:a7:d5:
                    aa:21:27:cb:30:08:32:81:5a:93:c9:24:a5:d8:69:
                    87:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:C4:B0:23:7E:28:0F:49:8E:07:B7:18:7C:B9:47:97:A1:2E:65:BE
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/4MSwI34oD0mOB7cYfLlHl6EuZb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.3.0/24
                  93.171.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:ef:04:f8:c9:df:f5:89:fb:f2:3c:6d:a4:2c:84:74:5a:cc:
         f7:3c:7c:44:13:a5:9f:d5:e2:38:4a:a1:1a:45:81:d0:dd:fb:
         4e:c9:c3:86:ae:ac:24:47:9f:86:4c:6d:40:e7:99:63:ac:7f:
         93:a3:48:88:6c:c3:31:2c:2b:73:87:dc:f7:fb:c0:fc:f0:ab:
         32:55:b3:3e:18:42:f1:19:b9:80:5b:58:9a:66:7e:61:06:de:
         84:ee:7f:37:48:ea:a2:f2:44:97:81:0a:63:02:e0:f8:03:db:
         71:47:24:29:f1:89:cc:9a:77:91:1a:24:17:a8:bb:c2:1d:ef:
         75:c4:fe:42:72:48:2b:86:cd:cc:b8:e9:65:aa:07:06:4f:b2:
         ec:7e:f4:a4:af:1d:3c:83:9a:8a:b3:17:ce:48:1a:6c:f4:dd:
         d5:cb:18:30:51:9f:c3:2e:d6:38:e2:67:1d:25:33:4f:99:49:
         c8:89:43:57:6b:83:99:01:bd:73:56:84:6c:b1:6e:f9:89:22:
         d3:c1:1f:6a:92:98:54:0c:7a:c6:af:4a:26:36:10:9d:5f:f6:
         eb:94:50:e1:99:c5:7f:7f:a8:86:26:e3:23:5f:5d:cb:d4:9f:
         89:33:95:a1:e0:d0:3f:30:e1:70:e5:dd:0b:86:4e:ea:67:8c:
         a1:21:dd:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKgIFDBfUlyTIa/d74ZPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGM0YjAyMzdlMjgwZjQ5OGUwN2I3MTg3Y2I5NDc5N2ExMmU2NWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKZVw4iLljgcleB6bSvshDxEjsGL
gXxAlOHei539HMkgONghx+0qjvlTEWgXmSCK+IowPSUUIMDB9DvyZffOtdlcnoeV
JkbwV0DUEPYkysDN2myXqgYOUVM3CrX1VKmAmly+TZNiB+7g4MybuwIKUyxLZzq3
4GOF0h/iK8evAgB4UBbwvZKPLcMQJRvC74rNsFcSSOiHKrU3cg2R+nt8lFJ5vo7q
jondPr4BGINlj9p21kHZD4ddbj2L0Ied8DZDWul89wddl/hYF+PbSM3l5DBge4wv
RJvypuledOw70Hv0eH0cOSiNAWaPX4MFp9WqISfLMAgygVqTySSl2GmHHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFODEsCN+KA9Jjge3GHy5R5ehLmW+MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvNE1Td0kzNG9EMG1PQjdjWWZMbEhsNkV1WmI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXaoDAwQB
XatgMA0GCSqGSIb3DQEBCwUAA4IBAQCh7wT4yd/1ifvyPG2kLIR0Wsz3PHxEE6Wf
1eI4SqEaRYHQ3ftOycOGrqwkR5+GTG1A55ljrH+To0iIbMMxLCtzh9z3+8D88Ksy
VbM+GELxGbmAW1iaZn5hBt6E7n83SOqi8kSXgQpjAuD4A9txRyQp8YnMmneRGiQX
qLvCHe91xP5Cckgrhs3MuOllqgcGT7LsfvSkrx08g5qKsxfOSBps9N3VyxgwUZ/D
LtY44mcdJTNPmUnIiUNXa4OZAb1zVoRssW75iSLTwR9qkphUDHrGr0omNhCdX/br
lFDhmcV/f6iGJuMjX13L1J+JM5Wh4NA/MOFw5d0Lhk7qZ4yhId1G
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:25:41 2024 by rpki-client on console-ams.rpki-client.org