Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/yDpJNzHnn1oSR0RjF6fqSNb9XBw.roa
File:                     yDpJNzHnn1oSR0RjF6fqSNb9XBw.roa (raw, json)
Hash identifier:          zy5bPBzZKYuPOvwmdF5ELJJFyjoa5a38TLP0612zljA=
Subject key identifier:   C8:3A:49:37:31:E7:9F:5A:12:47:44:63:17:A7:EA:48:D6:FD:5C:1C
Certificate issuer:       /CN=65816774b7c5665d67a86c20ceb6487b5b78b38d
Certificate serial:       018CC49236AC8DF04CF24C6AEF950F27E97E
Authority key identifier: 65:81:67:74:B7:C5:66:5D:67:A8:6C:20:CE:B6:48:7B:5B:78:B3:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYFndLfFZl1nqGwgzrZIe1t4s40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/yDpJNzHnn1oSR0RjF6fqSNb9XBw.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48747
IP address blocks:        178.75.196.0/24 maxlen: 24
                          178.75.197.0/24 maxlen: 24
                          178.75.199.0/24 maxlen: 24
                          178.75.198.0/24 maxlen: 24
                          94.139.204.0/22 maxlen: 22
                          94.139.206.0/24 maxlen: 24
                          94.139.205.0/24 maxlen: 24
                          94.139.204.0/24 maxlen: 24
                          94.139.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/ZYFndLfFZl1nqGwgzrZIe1t4s40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/ZYFndLfFZl1nqGwgzrZIe1t4s40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYFndLfFZl1nqGwgzrZIe1t4s40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:36:ac:8d:f0:4c:f2:4c:6a:ef:95:0f:27:e9:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65816774b7c5665d67a86c20ceb6487b5b78b38d
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c83a493731e79f5a1247446317a7ea48d6fd5c1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:93:00:2c:50:fd:6b:e3:11:da:ce:fe:25:dd:
                    5a:cc:45:bb:d7:13:b4:e2:01:a1:89:5e:19:c3:57:
                    71:4c:78:91:41:1f:a3:72:82:77:48:40:4d:eb:b8:
                    0d:2f:9c:4f:d1:e2:db:d2:7d:9c:a2:fc:bb:40:96:
                    4f:c3:42:5d:05:08:fd:ee:cd:4e:ce:f4:c3:f8:0e:
                    f6:c6:05:6a:5d:6f:f9:07:71:ce:06:ee:78:90:5d:
                    ca:aa:97:e6:12:1a:92:e6:bd:07:3e:06:6a:9c:c5:
                    df:f2:de:a1:f3:35:9a:f6:e2:cf:7a:63:30:a1:5c:
                    22:6f:ab:96:e2:43:81:f6:68:d7:f3:bb:c4:e2:3b:
                    37:2d:2e:e0:1d:22:dd:c7:48:02:12:50:82:90:5c:
                    45:32:b1:a4:07:35:79:b0:59:1f:a2:a6:d1:00:0a:
                    77:d6:0c:1a:ec:fa:8f:30:1a:b5:5d:33:d9:30:97:
                    eb:60:a0:d9:87:23:d7:de:52:f2:35:56:e1:f7:61:
                    43:64:58:10:34:a9:c9:21:71:c5:a5:9a:2f:ae:b7:
                    85:a1:f7:45:a9:19:b6:45:19:9f:45:7e:f9:77:80:
                    88:3a:5b:be:22:bc:a8:6f:7e:83:0a:76:10:18:53:
                    d6:3f:f9:78:80:b3:bb:85:57:12:e2:fc:c9:fb:3a:
                    18:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:3A:49:37:31:E7:9F:5A:12:47:44:63:17:A7:EA:48:D6:FD:5C:1C
            X509v3 Authority Key Identifier:
                keyid:65:81:67:74:B7:C5:66:5D:67:A8:6C:20:CE:B6:48:7B:5B:78:B3:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYFndLfFZl1nqGwgzrZIe1t4s40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/yDpJNzHnn1oSR0RjF6fqSNb9XBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/ZYFndLfFZl1nqGwgzrZIe1t4s40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.139.204.0/22
                  178.75.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:e1:36:e8:09:59:c8:a8:71:ef:4a:36:74:62:b9:1f:88:b9:
         5c:15:4c:12:4a:5b:4f:d9:32:9d:47:26:74:11:e6:74:4b:3b:
         1d:6e:f5:a7:f5:73:d5:4b:5f:7d:47:01:54:0b:a9:78:7d:89:
         a8:c5:29:57:27:c4:36:77:95:86:00:d6:ff:47:4c:d5:60:a9:
         c4:84:a6:89:b9:5e:66:1a:54:aa:fb:4e:ca:39:30:ae:9a:24:
         3f:8b:89:c5:08:7f:27:5a:71:5f:2c:8d:c2:fe:c0:ba:df:64:
         a8:27:13:1a:88:2a:de:0b:b5:db:3f:7b:30:55:40:a3:22:da:
         66:60:56:a8:e1:84:72:b9:d9:40:d5:0b:60:ba:6d:a6:ab:e6:
         31:60:56:84:f9:0e:53:4b:fe:3b:65:2e:32:7a:3b:26:ff:b4:
         9c:3c:b5:57:e9:c1:9e:a3:07:f5:83:a0:8e:f5:2d:a6:21:05:
         b8:6b:36:5a:d5:22:7d:61:50:a3:d7:72:ae:6d:de:f7:6e:5c:
         e9:10:7a:89:40:0f:e0:c9:28:50:6c:25:58:af:0b:15:0f:c0:
         d0:b1:d8:d9:16:b6:a4:bd:7d:ac:4d:3d:9e:1b:38:c4:45:90:
         8d:70:0f:e6:ca:9b:6b:51:75:37:0e:3a:35:bc:5f:92:c5:cd:
         2d:96:62:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkjasjfBM8kxq75UPJ+l+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODE2Nzc0YjdjNTY2NWQ2N2E4NmMyMGNlYjY0ODdiNWI3
OGIzOGQwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODNhNDkzNzMxZTc5ZjVhMTI0NzQ0NjMxN2E3ZWE0OGQ2ZmQ1YzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZMALFD9a+MR2s7+Jd1azEW71xO0
4gGhiV4Zw1dxTHiRQR+jcoJ3SEBN67gNL5xP0eLb0n2covy7QJZPw0JdBQj97s1O
zvTD+A72xgVqXW/5B3HOBu54kF3KqpfmEhqS5r0HPgZqnMXf8t6h8zWa9uLPemMw
oVwib6uW4kOB9mjX87vE4js3LS7gHSLdx0gCElCCkFxFMrGkBzV5sFkfoqbRAAp3
1gwa7PqPMBq1XTPZMJfrYKDZhyPX3lLyNVbh92FDZFgQNKnJIXHFpZovrreFofdF
qRm2RRmfRX75d4CIOlu+Iryob36DCnYQGFPWP/l4gLO7hVcS4vzJ+zoY+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMg6STcx559aEkdEYxen6kjW/VwcMB8GA1UdIwQY
MBaAFGWBZ3S3xWZdZ6hsIM62SHtbeLONMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllGbmRMZkZabDFucUd3Z3pyWkllMXQ0czQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mM2I4MjUtY2JjMC00OWQyLThiNzYt
NmIxNDY5YzNiOTVhLzEveURwSk56SG5uMW9TUjBSakY2ZnFTTmI5WEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mM2I4MjUtY2JjMC00OWQyLThiNzYtNmIxNDY5YzNiOTVh
LzEvWllGbmRMZkZabDFucUd3Z3pyWkllMXQ0czQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXovMAwQC
skvEMA0GCSqGSIb3DQEBCwUAA4IBAQCw4TboCVnIqHHvSjZ0YrkfiLlcFUwSSltP
2TKdRyZ0EeZ0SzsdbvWn9XPVS199RwFUC6l4fYmoxSlXJ8Q2d5WGANb/R0zVYKnE
hKaJuV5mGlSq+07KOTCumiQ/i4nFCH8nWnFfLI3C/sC632SoJxMaiCreC7XbP3sw
VUCjItpmYFao4YRyudlA1Qtgum2mq+YxYFaE+Q5TS/47ZS4yejsm/7ScPLVX6cGe
owf1g6CO9S2mIQW4azZa1SJ9YVCj13Kubd73blzpEHqJQA/gyShQbCVYrwsVD8DQ
sdjZFrakvX2sTT2eGzjERZCNcA/myptrUXU3Djo1vF+Sxc0tlmK6
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:40:55 2024 by rpki-client on console-ams.rpki-client.org