Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/baVDzC4s-yHYrzRPe2m87K8cPrM.roa
File:                     baVDzC4s-yHYrzRPe2m87K8cPrM.roa (raw, json)
Hash identifier:          HSmKBlqTZKPGkjo14L6b/Gdc3SfobpHMU3Kk6LTKatc=
Subject key identifier:   6D:A5:43:CC:2E:2C:FB:21:D8:AF:34:4F:7B:69:BC:EC:AF:1C:3E:B3
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A2D8D285D906BEDF14CDEC71A3AC4
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/baVDzC4s-yHYrzRPe2m87K8cPrM.roa
Signing time:             Tue 02 Jan 2024 12:33:30 +0000
ROA not before:           Tue 02 Jan 2024 12:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62006
IP address blocks:        95.47.103.0/24 maxlen: 24
                          92.38.43.0/24 maxlen: 24
                          93.170.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2d:8d:28:5d:90:6b:ed:f1:4c:de:c7:1a:3a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6da543cc2e2cfb21d8af344f7b69bcecaf1c3eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3e:65:81:19:fb:6b:6c:fd:c1:56:fe:46:08:
                    e5:b7:42:7b:ef:4e:7e:08:83:cc:76:71:74:ce:22:
                    9e:0c:d1:ca:e7:72:a1:be:c8:98:e6:35:d7:53:5c:
                    48:85:0f:e0:10:8a:c7:b4:29:12:a6:7b:e2:36:79:
                    98:5f:12:cf:73:8d:f4:79:10:7b:6d:91:db:f2:be:
                    30:a0:67:a2:e2:c4:2b:ea:91:65:c8:7c:a5:f8:04:
                    7a:09:50:d9:78:9b:68:52:d2:a2:0d:5b:26:ae:44:
                    df:06:43:9c:ad:af:8b:78:f2:4d:74:2d:7d:dc:01:
                    70:4a:57:56:bc:1a:18:d4:9a:f3:49:fa:f7:51:1d:
                    df:3b:95:4f:a9:46:a7:d0:a8:c9:01:09:44:ec:7e:
                    67:ef:a5:6c:87:2a:82:2c:23:92:d0:af:6d:39:f2:
                    91:16:b3:cb:91:65:d5:7c:72:d5:b9:d6:82:bf:5a:
                    a1:17:82:98:93:cf:2e:94:c0:78:6f:1c:78:cf:10:
                    85:c8:47:f4:04:9c:3a:fb:b5:d6:8d:5f:3a:c7:c8:
                    bd:37:92:40:d8:74:4a:da:3d:cf:01:77:43:d7:7a:
                    c5:5c:9b:b9:e1:dd:da:9b:b6:53:74:f7:cd:8d:5b:
                    a7:43:d6:25:28:9d:9a:49:bd:4d:99:1b:da:4e:af:
                    1f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:A5:43:CC:2E:2C:FB:21:D8:AF:34:4F:7B:69:BC:EC:AF:1C:3E:B3
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/baVDzC4s-yHYrzRPe2m87K8cPrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.43.0/24
                  93.170.101.0/24
                  95.47.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:b1:6f:93:be:b5:e7:dc:d8:72:30:6f:72:6d:7a:75:61:07:
         be:b2:a9:d1:1b:d4:da:44:60:2a:ab:3c:1f:90:44:ba:8c:a6:
         2e:f2:c6:bd:ec:83:fe:78:9c:dd:c8:aa:69:b4:49:78:61:09:
         d1:51:96:32:19:8c:ef:cc:73:51:b6:21:75:c1:f6:92:9d:fb:
         b2:86:38:b2:25:19:13:93:9d:aa:f8:33:90:15:c6:5a:4b:39:
         5e:84:c5:6b:51:ef:6d:60:1e:51:7c:0d:cc:c6:74:3f:63:b4:
         52:0b:6b:ff:87:25:46:7e:7a:a9:82:ff:97:72:5b:2e:dc:62:
         f0:9a:85:e4:85:69:bd:0b:d1:93:2c:d3:87:fc:82:cc:46:f1:
         1c:e8:c5:cf:28:8b:64:f8:4c:6f:39:e2:af:70:c2:87:50:05:
         e0:f0:bc:af:d1:a9:d4:74:a4:e1:f8:68:08:49:c4:9d:d2:da:
         df:1e:da:5b:d7:28:d0:4e:20:5c:38:3f:b0:48:da:b0:a6:f7:
         12:e3:83:ab:2e:ba:56:ae:54:2d:90:44:2e:3f:99:da:54:60:
         49:50:19:4b:98:65:74:68:f9:fd:ac:8f:a4:72:42:ef:b7:96:
         3f:21:8e:4f:67:cf:e6:79:a7:f6:ef:7f:04:5e:45:8d:fa:7c:
         32:5e:18:bf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKi2NKF2Qa+3xTN7HGjrEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGE1NDNjYzJlMmNmYjIxZDhhZjM0NGY3YjY5YmNlY2FmMWMzZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT5lgRn7a2z9wVb+Rgjlt0J7705+
CIPMdnF0ziKeDNHK53KhvsiY5jXXU1xIhQ/gEIrHtCkSpnviNnmYXxLPc430eRB7
bZHb8r4woGei4sQr6pFlyHyl+AR6CVDZeJtoUtKiDVsmrkTfBkOcra+LePJNdC19
3AFwSldWvBoY1JrzSfr3UR3fO5VPqUan0KjJAQlE7H5n76VshyqCLCOS0K9tOfKR
FrPLkWXVfHLVudaCv1qhF4KYk88ulMB4bxx4zxCFyEf0BJw6+7XWjV86x8i9N5JA
2HRK2j3PAXdD13rFXJu54d3am7ZTdPfNjVunQ9YlKJ2aSb1NmRvaTq8ftwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG2lQ8wuLPsh2K80T3tpvOyvHD6zMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvYmFWRHpDNHMteUhZcnpSUGUybTg3SzhjUHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXCYrAwQA
XaplAwQAXy9nMA0GCSqGSIb3DQEBCwUAA4IBAQCtsW+TvrXn3NhyMG9ybXp1YQe+
sqnRG9TaRGAqqzwfkES6jKYu8sa97IP+eJzdyKpptEl4YQnRUZYyGYzvzHNRtiF1
wfaSnfuyhjiyJRkTk52q+DOQFcZaSzlehMVrUe9tYB5RfA3MxnQ/Y7RSC2v/hyVG
fnqpgv+Xclsu3GLwmoXkhWm9C9GTLNOH/ILMRvEc6MXPKItk+ExvOeKvcMKHUAXg
8Lyv0anUdKTh+GgIScSd0trfHtpb1yjQTiBcOD+wSNqwpvcS44OrLrpWrlQtkEQu
P5naVGBJUBlLmGV0aPn9rI+kckLvt5Y/IY5PZ8/meaf2738EXkWN+nwyXhi/
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:31:03 2024 by rpki-client on console-ams.rpki-client.org