Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/db1p192IpeQ_BbvmmooyRc9pLV8.roa
File:                     db1p192IpeQ_BbvmmooyRc9pLV8.roa (raw, json)
Hash identifier:          biC7yDl790qPG+w9H0yQnHlGzOmzwOOBzPp/Ys0NOds=
Subject key identifier:   75:BD:69:D7:DD:88:A5:E4:3F:05:BB:E6:9A:8A:32:45:CF:69:2D:5F
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A1B08C49F81D96884E4D168256F0A
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/db1p192IpeQ_BbvmmooyRc9pLV8.roa
Signing time:             Tue 02 Jan 2024 12:33:26 +0000
ROA not before:           Tue 02 Jan 2024 12:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58347
IP address blocks:        95.46.159.0/24 maxlen: 24
                          95.47.234.0/23 maxlen: 24
                          93.170.5.0/24 maxlen: 24
                          31.148.248.0/23 maxlen: 24
                          95.47.243.0/24 maxlen: 24
                          95.47.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1b:08:c4:9f:81:d9:68:84:e4:d1:68:25:6f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75bd69d7dd88a5e43f05bbe69a8a3245cf692d5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3f:8f:99:df:61:43:b3:84:09:57:60:dd:58:
                    6b:68:e4:10:48:bc:62:c6:76:22:d8:76:c7:7d:ce:
                    81:c3:37:67:df:dc:39:13:01:ac:7a:6f:05:c0:77:
                    11:ea:15:c7:34:71:ff:09:09:dd:05:f6:ea:2c:27:
                    3d:61:84:58:82:40:dd:96:3b:ba:8b:48:7a:f1:8f:
                    53:e3:32:c5:9c:19:0a:96:0a:a9:72:e1:a9:9b:a6:
                    be:d1:d4:d6:5e:2a:ba:81:5e:b7:c5:ee:80:a1:97:
                    91:9f:9e:aa:0b:d7:5e:1c:13:6a:f8:ab:25:92:25:
                    43:46:dd:ea:35:e7:55:ef:31:36:9a:99:3d:2e:79:
                    6b:17:b5:27:44:30:04:bf:e8:f7:ee:3a:e4:df:8d:
                    d7:d2:fb:39:81:48:21:7f:1a:c0:42:77:fb:08:ef:
                    7e:7c:7c:a4:5e:43:4a:94:b2:ab:ba:60:47:f5:3d:
                    ff:62:7d:4c:9e:34:81:7c:7f:57:d4:fa:f1:c8:cf:
                    2d:99:d5:64:2f:7b:aa:98:92:e1:27:ae:3f:d8:f0:
                    e4:54:34:be:d0:f6:16:d4:af:ee:a2:a8:f9:9b:1e:
                    8a:55:19:3d:39:4c:96:17:af:5c:68:c4:e5:19:bf:
                    7d:10:85:fb:b0:a7:1c:62:6f:3e:c8:7c:c3:66:87:
                    bd:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:BD:69:D7:DD:88:A5:E4:3F:05:BB:E6:9A:8A:32:45:CF:69:2D:5F
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/db1p192IpeQ_BbvmmooyRc9pLV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.248.0/23
                  93.170.5.0/24
                  95.46.159.0/24
                  95.47.36.0/22
                  95.47.234.0/23
                  95.47.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:90:fc:15:9f:63:6e:30:a0:69:06:b9:aa:3f:84:41:6e:84:
         b1:b3:5f:df:54:a4:fb:e1:b7:5b:4d:db:59:ff:31:d6:64:58:
         ad:76:25:cc:52:0c:a5:dd:64:77:04:fc:cb:9e:e9:78:39:e0:
         95:58:05:6e:94:b6:ea:b3:15:b8:e1:c7:01:0f:7a:1f:d7:58:
         b4:6a:3c:bd:5d:2e:0d:36:98:45:01:e7:0d:b5:02:3f:b4:10:
         a3:aa:e3:e9:d3:6a:fe:58:6c:0c:22:0e:63:7b:b5:c8:38:90:
         26:a9:ab:17:ee:e3:bd:5c:ae:73:e6:9f:48:bd:11:9f:94:85:
         bc:28:0e:9d:b0:69:03:6e:2a:26:8a:9f:f0:8e:b7:c4:e2:f0:
         75:10:50:60:5b:f6:bc:e3:bb:e4:fd:8c:e3:77:53:4a:08:fb:
         e7:62:90:f4:1d:ae:43:d6:94:c4:51:fc:0a:6f:c1:44:06:f7:
         5a:0d:f7:ff:b3:ba:fb:d8:a0:5f:a1:f9:1a:35:5a:7a:b7:d7:
         c8:8a:ea:bb:f8:03:9b:29:cb:6e:c1:cf:bb:33:6f:fa:fa:e5:
         7c:84:a5:f2:5d:03:07:9b:18:12:ed:0f:62:98:50:a2:4e:51:
         4f:e9:a8:83:3b:ac:c9:af:f6:41:64:cf:ec:bf:c8:e8:d8:67:
         e4:17:30:f7
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzKKhsIxJ+B2WiE5NFoJW8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWJkNjlkN2RkODhhNWU0M2YwNWJiZTY5YThhMzI0NWNmNjkyZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgD+Pmd9hQ7OECVdg3VhraOQQSLxi
xnYi2HbHfc6Bwzdn39w5EwGsem8FwHcR6hXHNHH/CQndBfbqLCc9YYRYgkDdlju6
i0h68Y9T4zLFnBkKlgqpcuGpm6a+0dTWXiq6gV63xe6AoZeRn56qC9deHBNq+Ksl
kiVDRt3qNedV7zE2mpk9LnlrF7UnRDAEv+j37jrk343X0vs5gUghfxrAQnf7CO9+
fHykXkNKlLKrumBH9T3/Yn1MnjSBfH9X1PrxyM8tmdVkL3uqmJLhJ64/2PDkVDS+
0PYW1K/uoqj5mx6KVRk9OUyWF69caMTlGb99EIX7sKccYm8+yHzDZoe90QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHW9adfdiKXkPwW75pqKMkXPaS1fMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZGIxcDE5MklwZVFfQmJ2bW1vb3lSYzlwTFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBH5T4AwQA
XaoFAwQAXy6fAwQCXy8kAwQBXy/qAwQAXy/zMA0GCSqGSIb3DQEBCwUAA4IBAQAp
kPwVn2NuMKBpBrmqP4RBboSxs1/fVKT74bdbTdtZ/zHWZFitdiXMUgyl3WR3BPzL
nul4OeCVWAVulLbqsxW44ccBD3of11i0ajy9XS4NNphFAecNtQI/tBCjquPp02r+
WGwMIg5je7XIOJAmqasX7uO9XK5z5p9IvRGflIW8KA6dsGkDbiomip/wjrfE4vB1
EFBgW/a847vk/Yzjd1NKCPvnYpD0Ha5D1pTEUfwKb8FEBvdaDff/s7r72KBfofka
NVp6t9fIiuq7+AObKctuwc+7M2/6+uV8hKXyXQMHmxgS7Q9imFCiTlFP6aiDO6zJ
r/ZBZM/sv8jo2GfkFzD3
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:31:03 2024 by rpki-client on console-ams.rpki-client.org