Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/e9EGyQLhUqjVQ6BG8_mU1KL6A7A.roa
File:                     e9EGyQLhUqjVQ6BG8_mU1KL6A7A.roa (raw, json)
Hash identifier:          jP8pq1seuFSUlCZN84g8cWweLLMUl5jdlT0W3VB+uto=
Subject key identifier:   7B:D1:06:C9:02:E1:52:A8:D5:43:A0:46:F3:F9:94:D4:A2:FA:03:B0
Certificate issuer:       /CN=aff35e383e9cd44a7249ac5d41b6dfadf4357b4f
Certificate serial:       018CC86FAD4BEBB83CA878A3AA9A9B2F9416
Authority key identifier: AF:F3:5E:38:3E:9C:D4:4A:72:49:AC:5D:41:B6:DF:AD:F4:35:7B:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_NeOD6c1EpySaxdQbbfrfQ1e08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/e9EGyQLhUqjVQ6BG8_mU1KL6A7A.roa
Signing time:             Tue 02 Jan 2024 04:30:11 +0000
ROA not before:           Tue 02 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44033
IP address blocks:        185.186.216.0/22 maxlen: 22
                          193.218.132.0/22 maxlen: 22
                          193.22.83.0/24 maxlen: 24
                          194.126.207.0/24 maxlen: 24
                          194.116.192.0/23 maxlen: 23
                          2001:67c:2118::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/r_NeOD6c1EpySaxdQbbfrfQ1e08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/r_NeOD6c1EpySaxdQbbfrfQ1e08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_NeOD6c1EpySaxdQbbfrfQ1e08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ad:4b:eb:b8:3c:a8:78:a3:aa:9a:9b:2f:94:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff35e383e9cd44a7249ac5d41b6dfadf4357b4f
        Validity
            Not Before: Jan  2 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bd106c902e152a8d543a046f3f994d4a2fa03b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:de:fc:44:48:11:8f:e2:db:81:a8:f2:e4:fc:
                    9f:a5:04:d8:00:e9:90:b0:4a:b9:09:5a:69:a5:22:
                    aa:79:b4:71:38:8a:07:07:27:04:b6:d8:84:f6:fc:
                    36:2d:75:61:39:a1:35:09:fe:53:e2:b3:16:3a:97:
                    26:e9:b9:de:85:1c:a5:b3:62:1c:cb:e6:1c:86:89:
                    9f:32:2d:74:d4:67:b9:9f:90:79:da:c2:b2:c9:be:
                    d2:0a:ae:86:bf:6c:4b:9f:b9:61:bd:f8:2c:c3:8e:
                    68:87:9b:44:4c:5a:b0:01:0d:1b:69:5d:56:62:55:
                    38:aa:a6:6c:e8:fe:23:c3:a6:2b:c1:dc:af:91:5e:
                    10:8e:28:e8:19:34:ab:c8:6f:a0:f1:29:d7:3b:bc:
                    b1:97:2d:26:8a:5b:57:cd:f5:a3:d3:18:e8:58:7b:
                    8c:ce:1c:de:3f:c9:28:00:5e:d3:4d:f8:6e:34:74:
                    4c:be:8a:c1:03:ec:24:d9:14:89:91:b4:23:d1:12:
                    cf:f9:a1:73:03:9b:4e:f8:80:61:86:27:10:ec:e9:
                    e1:7e:38:8b:86:cb:d3:11:61:4a:9f:14:ea:82:a7:
                    28:2a:56:78:3f:a7:26:ca:2b:25:d8:9c:32:43:eb:
                    4b:2b:55:40:a6:46:e2:3c:9a:47:c7:c9:09:80:6c:
                    4b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D1:06:C9:02:E1:52:A8:D5:43:A0:46:F3:F9:94:D4:A2:FA:03:B0
            X509v3 Authority Key Identifier:
                keyid:AF:F3:5E:38:3E:9C:D4:4A:72:49:AC:5D:41:B6:DF:AD:F4:35:7B:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_NeOD6c1EpySaxdQbbfrfQ1e08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/e9EGyQLhUqjVQ6BG8_mU1KL6A7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/150282-c9e0-44e3-aa12-570aed58c194/1/r_NeOD6c1EpySaxdQbbfrfQ1e08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.216.0/22
                  193.22.83.0/24
                  193.218.132.0/22
                  194.116.192.0/23
                  194.126.207.0/24
                IPv6:
                  2001:67c:2118::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:95:c8:60:c9:58:1d:c3:cd:38:bb:bd:c0:6f:15:4b:d0:de:
         28:4f:76:f6:97:5c:be:5c:d1:48:8c:53:55:82:88:de:ac:fb:
         d5:4c:75:12:fe:15:bb:d1:78:93:a7:22:2f:03:6e:4c:bf:59:
         0e:e9:e8:dc:eb:d8:94:9b:22:23:11:a0:45:99:4e:53:34:1f:
         f9:e2:bd:14:44:21:36:56:8f:cc:11:aa:b8:38:84:27:24:57:
         08:d6:6e:31:ca:02:a2:2a:72:87:70:dc:7a:47:53:df:83:b2:
         f9:57:d6:dc:46:dd:ef:3f:26:c8:36:1a:87:c5:8e:e5:6a:91:
         95:8b:8b:9f:f8:4b:a6:45:9e:49:b9:7d:16:b6:32:ec:08:80:
         f2:6c:65:13:9c:80:db:78:11:77:5f:8c:95:f2:05:30:8b:7c:
         36:a6:4f:5f:10:6b:81:c9:d6:5a:22:40:2d:d2:57:f8:a6:5b:
         3c:be:2d:5e:e6:29:4d:34:36:19:a9:57:fd:86:be:8f:ac:a3:
         b0:47:6a:cd:5b:04:6e:6a:ff:e7:7f:95:63:4b:dc:ac:ef:69:
         1f:39:c4:df:79:23:7c:57:ee:5a:81:78:ea:c8:ba:70:ac:71:
         4e:07:7f:df:c9:cf:ba:f8:5c:6e:50:23:1f:78:ef:66:2b:ca:
         c8:8d:53:d5
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzIb61L67g8qHijqpqbL5QWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjM1ZTM4M2U5Y2Q0NGE3MjQ5YWM1ZDQxYjZkZmFkZjQz
NTdiNGYwHhcNMjQwMTAyMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQxMDZjOTAyZTE1MmE4ZDU0M2EwNDZmM2Y5OTRkNGEyZmEwM2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjN78REgRj+Lbgajy5PyfpQTYAOmQ
sEq5CVpppSKqebRxOIoHBycEttiE9vw2LXVhOaE1Cf5T4rMWOpcm6bnehRyls2Ic
y+YchomfMi101Ge5n5B52sKyyb7SCq6Gv2xLn7lhvfgsw45oh5tETFqwAQ0baV1W
YlU4qqZs6P4jw6YrwdyvkV4QjijoGTSryG+g8SnXO7yxly0miltXzfWj0xjoWHuM
zhzeP8koAF7TTfhuNHRMvorBA+wk2RSJkbQj0RLP+aFzA5tO+IBhhicQ7OnhfjiL
hsvTEWFKnxTqgqcoKlZ4P6cmyisl2JwyQ+tLK1VApkbiPJpHx8kJgGxL8wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFHvRBskC4VKo1UOgRvP5lNSi+gOwMB8GA1UdIwQY
MBaAFK/zXjg+nNRKckmsXUG23630NXtPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9OZU9ENmMxRXB5U2F4ZFFiYmZyZlExZTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xNTAyODItYzllMC00NGUzLWFhMTIt
NTcwYWVkNThjMTk0LzEvZTlFR3lRTGhVcWpWUTZCRzhfbVUxS0w2QTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xNTAyODItYzllMC00NGUzLWFhMTItNTcwYWVkNThjMTk0
LzEvcl9OZU9ENmMxRXB5U2F4ZFFiYmZyZlExZTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQCubrYAwQA
wRZTAwQCwdqEAwQBwnTAAwQAwn7PMA8EAgACMAkDBwAgAQZ8IRgwDQYJKoZIhvcN
AQELBQADggEBAEuVyGDJWB3DzTi7vcBvFUvQ3ihPdvaXXL5c0UiMU1WCiN6s+9VM
dRL+FbvReJOnIi8Dbky/WQ7p6Nzr2JSbIiMRoEWZTlM0H/nivRREITZWj8wRqrg4
hCckVwjWbjHKAqIqcodw3HpHU9+DsvlX1txG3e8/Jsg2GofFjuVqkZWLi5/4S6ZF
nkm5fRa2MuwIgPJsZROcgNt4EXdfjJXyBTCLfDamT18Qa4HJ1loiQC3SV/imWzy+
LV7mKU00NhmpV/2Gvo+so7BHas1bBG5q/+d/lWNL3KzvaR85xN95I3xX7lqBeOrI
unCscU4Hf9/Jz7r4XG5QIx9472YrysiNU9U=
-----END CERTIFICATE-----
Generated at Sat Nov 23 12:02:09 2024 by rpki-client on console-fra.rpki-client.org