Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/EMJN9bBZT67PwIIuvSKJK8Xxsrs.roa
File:                     EMJN9bBZT67PwIIuvSKJK8Xxsrs.roa (raw, json)
Hash identifier:          oV1x4YeyA8lLvR3fTiEzdHY2tbrtoIOg1/0TqXVKXwg=
Subject key identifier:   10:C2:4D:F5:B0:59:4F:AE:CF:C0:82:2E:BD:22:89:2B:C5:F1:B2:BB
Certificate issuer:       /CN=74a59b7fb4e034f67775f2875efbfc9eff247e8e
Certificate serial:       018FBE4065D62DAED747036265D9ACE7D8AC
Authority key identifier: 74:A5:9B:7F:B4:E0:34:F6:77:75:F2:87:5E:FB:FC:9E:FF:24:7E:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/EMJN9bBZT67PwIIuvSKJK8Xxsrs.roa
Signing time:             Tue 28 May 2024 08:10:42 +0000
ROA not before:           Tue 28 May 2024 08:10:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210318
IP address blocks:        94.156.75.0/24 maxlen: 24
                          185.37.232.0/24 maxlen: 24
                          185.37.233.0/24 maxlen: 24
                          185.37.234.0/24 maxlen: 24
                          185.37.235.0/24 maxlen: 24
                          185.37.235.2/32 maxlen: 32
                          194.55.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:be:40:65:d6:2d:ae:d7:47:03:62:65:d9:ac:e7:d8:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74a59b7fb4e034f67775f2875efbfc9eff247e8e
        Validity
            Not Before: May 28 08:10:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10c24df5b0594faecfc0822ebd22892bc5f1b2bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d1:a1:16:a6:8e:92:bd:2f:64:4f:e1:ea:37:
                    e5:07:a8:5b:53:18:e5:b8:a4:f5:3e:6a:54:6a:c8:
                    21:7e:d7:2d:b7:87:ad:a7:0c:12:93:2d:b1:bc:1d:
                    bd:0b:cb:3d:5a:2d:5d:51:c1:94:dc:43:5c:54:53:
                    17:c0:29:c4:6e:bf:f2:59:7e:05:5d:bd:48:94:af:
                    fd:7c:84:5f:ba:bd:15:c5:0b:07:5c:ec:01:50:48:
                    ed:4e:c2:0d:76:6f:7b:81:41:7e:e8:f9:d4:4a:0b:
                    cf:d8:da:f6:4e:c7:0e:87:e9:cb:c7:8b:69:cb:66:
                    69:dd:00:6e:13:0b:3e:75:14:fc:ff:f2:f5:3f:a6:
                    31:5b:0b:01:28:70:98:41:7f:e5:a0:58:d4:eb:b3:
                    61:ad:84:e8:3c:b5:c2:69:c6:11:ee:52:f5:5b:f7:
                    8c:7b:e2:b6:52:3b:cb:0c:de:dd:43:ed:4f:a5:5f:
                    ac:34:ab:89:82:2d:0e:c0:e2:dd:7f:00:bf:21:45:
                    e8:12:95:34:94:9b:c5:9c:d2:8d:a0:1f:b4:c1:e1:
                    12:1f:23:04:77:36:47:83:d6:a8:c1:27:8d:06:4a:
                    b1:00:d9:ac:62:8d:e3:f5:bf:73:c2:01:60:d8:d5:
                    16:5c:a8:f7:ce:ef:73:f7:5f:d5:62:1c:25:f8:90:
                    05:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C2:4D:F5:B0:59:4F:AE:CF:C0:82:2E:BD:22:89:2B:C5:F1:B2:BB
            X509v3 Authority Key Identifier:
                keyid:74:A5:9B:7F:B4:E0:34:F6:77:75:F2:87:5E:FB:FC:9E:FF:24:7E:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/EMJN9bBZT67PwIIuvSKJK8Xxsrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.75.0/24
                  185.37.232.0/22
                  194.55.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:18:28:d4:c8:89:e9:6c:18:fc:34:a4:78:b8:f7:b8:a6:ae:
         b1:13:ad:ec:76:9c:74:1e:ad:41:0c:cd:e6:3e:b7:b9:9c:82:
         e2:c9:ef:42:ba:c2:d4:e5:d3:0c:80:85:f5:7f:4f:6e:38:3d:
         fa:fa:a9:f9:da:eb:27:3b:26:af:71:c4:30:8a:c4:5c:7c:b6:
         58:32:34:43:3c:7e:70:e9:47:50:44:44:44:69:7d:fa:92:65:
         d0:14:ce:25:78:a7:20:29:6b:27:ec:fd:af:4b:d1:89:4c:22:
         61:a9:97:8e:3a:84:14:3e:34:fb:a9:92:90:6a:f4:6b:df:db:
         d7:e5:c2:a1:df:fb:97:dc:a9:9e:9b:5b:91:99:65:33:f8:6d:
         70:1c:e5:79:33:3d:4a:f0:d0:33:6b:e0:4a:2d:d5:86:a2:1d:
         56:91:2c:c9:4b:17:5b:1a:20:6a:f0:19:72:df:f3:a4:4d:0a:
         d7:27:b4:4a:ff:14:42:28:15:1b:b4:25:79:b9:08:3c:b9:63:
         4f:ad:9d:76:39:8f:6e:9c:ce:a2:4a:71:82:c8:0c:dc:58:4e:
         1f:75:d7:5e:0b:5e:51:da:59:ac:80:43:de:a2:e3:00:db:fe:
         86:75:fb:3a:5f:31:eb:bd:dc:ff:f8:c7:87:df:cb:f0:f1:f5:
         5c:02:31:de
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY++QGXWLa7XRwNiZdms59isMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YTU5YjdmYjRlMDM0ZjY3Nzc1ZjI4NzVlZmJmYzllZmYy
NDdlOGUwHhcNMjQwNTI4MDgxMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGMyNGRmNWIwNTk0ZmFlY2ZjMDgyMmViZDIyODkyYmM1ZjFiMmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNGhFqaOkr0vZE/h6jflB6hbUxjl
uKT1PmpUasghftctt4etpwwSky2xvB29C8s9Wi1dUcGU3ENcVFMXwCnEbr/yWX4F
Xb1IlK/9fIRfur0VxQsHXOwBUEjtTsINdm97gUF+6PnUSgvP2Nr2TscOh+nLx4tp
y2Zp3QBuEws+dRT8//L1P6YxWwsBKHCYQX/loFjU67NhrYToPLXCacYR7lL1W/eM
e+K2UjvLDN7dQ+1PpV+sNKuJgi0OwOLdfwC/IUXoEpU0lJvFnNKNoB+0weESHyME
dzZHg9aowSeNBkqxANmsYo3j9b9zwgFg2NUWXKj3zu9z91/VYhwl+JAFbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBDCTfWwWU+uz8CCLr0iiSvF8bK7MB8GA1UdIwQY
MBaAFHSlm3+04DT2d3Xyh177/J7/JH6OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEtXYmY3VGdOUFozZGZLSFh2djhudjhrZm80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yYjE5NWUtMGFiYS00N2Q0LThlM2It
YWQzMmVmNDlkNDE5LzEvRU1KTjliQlpUNjdQd0lJdXZTS0pLOFh4c3JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yYjE5NWUtMGFiYS00N2Q0LThlM2ItYWQzMmVmNDlkNDE5
LzEvZEtXYmY3VGdOUFozZGZLSFh2djhudjhrZm80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXpxLAwQC
uSXoAwQAwje7MA0GCSqGSIb3DQEBCwUAA4IBAQCjGCjUyInpbBj8NKR4uPe4pq6x
E63sdpx0Hq1BDM3mPre5nILiye9CusLU5dMMgIX1f09uOD36+qn52usnOyavccQw
isRcfLZYMjRDPH5w6UdQREREaX36kmXQFM4leKcgKWsn7P2vS9GJTCJhqZeOOoQU
PjT7qZKQavRr39vX5cKh3/uX3Kmem1uRmWUz+G1wHOV5Mz1K8NAza+BKLdWGoh1W
kSzJSxdbGiBq8Bly3/OkTQrXJ7RK/xRCKBUbtCV5uQg8uWNPrZ12OY9unM6iSnGC
yAzcWE4fdddeC15R2lmsgEPeouMA2/6Gdfs6XzHrvdz/+MeH38vw8fVcAjHe
-----END CERTIFICATE-----
Generated at Sat Nov 23 17:11:35 2024 by rpki-client on console-ams.rpki-client.org