Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/c63c94-e569-41b8-8e2b-d18b09cf3a1d/1/LrhGDwEseOaCT_Ax0uFHimCjfd4.roa
File:                     LrhGDwEseOaCT_Ax0uFHimCjfd4.roa (raw, json)
Hash identifier:          LpJDQOBbupdbf3DSoQbvt6U8WtXQk9sc3Q8oJGyEnrI=
Subject key identifier:   2E:B8:46:0F:01:2C:78:E6:82:4F:F0:31:D2:E1:47:8A:60:A3:7D:DE
Certificate issuer:       /CN=cb1383473e8aa8727068fc752e060e3dbf63e0ef
Certificate serial:       018CC492377C11BC636A2D9D8A291A561DD1
Authority key identifier: CB:13:83:47:3E:8A:A8:72:70:68:FC:75:2E:06:0E:3D:BF:63:E0:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yxODRz6KqHJwaPx1LgYOPb9j4O8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/c63c94-e569-41b8-8e2b-d18b09cf3a1d/1/LrhGDwEseOaCT_Ax0uFHimCjfd4.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        194.34.199.0/24 maxlen: 24
                          194.35.73.0/24 maxlen: 24
                          194.35.75.0/24 maxlen: 24
                          194.104.99.0/24 maxlen: 24
                          194.35.11.0/24 maxlen: 24
                          2a00:7940::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/c63c94-e569-41b8-8e2b-d18b09cf3a1d/1/yxODRz6KqHJwaPx1LgYOPb9j4O8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/c63c94-e569-41b8-8e2b-d18b09cf3a1d/1/yxODRz6KqHJwaPx1LgYOPb9j4O8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yxODRz6KqHJwaPx1LgYOPb9j4O8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:37:7c:11:bc:63:6a:2d:9d:8a:29:1a:56:1d:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb1383473e8aa8727068fc752e060e3dbf63e0ef
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eb8460f012c78e6824ff031d2e1478a60a37dde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1e:a7:27:1e:8f:9a:66:35:a0:5b:e0:20:49:
                    af:0b:24:87:8c:16:f6:c9:52:b8:88:8a:9b:52:bc:
                    b0:43:8c:dd:fd:6c:ea:b3:bf:4f:c5:1f:20:ef:99:
                    42:86:6f:e9:ae:82:e5:fa:b4:ef:5e:e3:25:d6:9e:
                    fa:da:96:a8:58:46:85:41:9d:5a:6a:08:a2:38:61:
                    77:8c:2a:09:fb:3a:1e:d0:6b:66:66:8d:bb:5b:66:
                    b6:b5:9b:55:e6:da:98:d9:f2:3e:8a:2e:20:ec:2e:
                    6a:96:b5:22:13:72:12:18:5a:af:f9:b1:ed:21:21:
                    2e:32:48:e9:e8:bc:c7:40:28:93:31:5a:a3:dd:6d:
                    98:66:53:05:bd:8d:ff:dd:65:81:52:a4:2c:ce:36:
                    93:c3:4e:96:15:70:77:82:34:ca:3a:e4:9b:d7:1e:
                    a8:48:44:4e:67:66:1b:02:3c:1e:0e:8f:0b:a6:3b:
                    fc:33:9f:c4:72:f3:c0:0d:1f:8b:8a:61:7d:e1:1c:
                    b5:0d:4e:d2:20:1e:c7:5c:3b:55:c2:57:05:d8:33:
                    e2:4e:2b:65:bf:3c:35:01:0c:fe:5f:d2:98:98:6b:
                    4a:50:c4:f0:41:ed:23:ab:a2:89:37:4e:52:e9:73:
                    c2:81:b3:d3:6c:08:af:81:b8:2b:fc:12:17:10:9b:
                    3b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B8:46:0F:01:2C:78:E6:82:4F:F0:31:D2:E1:47:8A:60:A3:7D:DE
            X509v3 Authority Key Identifier:
                keyid:CB:13:83:47:3E:8A:A8:72:70:68:FC:75:2E:06:0E:3D:BF:63:E0:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yxODRz6KqHJwaPx1LgYOPb9j4O8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/c63c94-e569-41b8-8e2b-d18b09cf3a1d/1/LrhGDwEseOaCT_Ax0uFHimCjfd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/c63c94-e569-41b8-8e2b-d18b09cf3a1d/1/yxODRz6KqHJwaPx1LgYOPb9j4O8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.199.0/24
                  194.35.11.0/24
                  194.35.73.0/24
                  194.35.75.0/24
                  194.104.99.0/24
                IPv6:
                  2a00:7940::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:36:fa:16:9e:19:48:8f:4e:bc:02:06:40:e0:f0:6a:1b:d3:
         a5:30:63:7a:e1:91:4d:ea:f5:f1:84:36:b5:71:c8:8d:49:37:
         53:9e:a0:2c:74:08:60:a5:49:36:69:c9:d1:25:36:73:85:de:
         52:de:72:b0:b0:db:f7:f6:4a:4f:8d:f4:24:2b:f6:64:7b:f2:
         b6:bd:77:9a:9e:8b:84:0c:da:1e:48:c2:52:78:20:92:b5:f3:
         86:77:e9:96:6d:22:d5:97:f3:e9:32:aa:ee:6c:be:76:14:c9:
         3e:7d:83:f1:97:96:f2:9f:01:d0:ba:8f:14:80:80:59:95:89:
         5f:5f:8d:61:b5:b7:f2:9c:17:00:75:32:8d:f7:fe:37:e0:30:
         ca:c2:6c:c2:98:63:fd:22:4a:fa:56:63:52:3a:6b:6a:ad:3b:
         af:4a:f4:e9:6d:fb:23:74:f2:b5:d7:af:66:b2:6a:49:6d:0e:
         ea:d8:f3:31:17:ea:b5:b2:b0:dd:fd:86:a7:c3:71:b7:55:07:
         88:a0:ae:57:aa:4d:f8:d6:9c:87:e5:c9:85:29:fa:51:e2:32:
         85:53:2b:73:15:40:af:d4:c2:b9:a3:ca:55:23:f8:81:12:34:
         01:e9:74:2d:f8:03:3e:e5:d9:03:67:fa:3e:6f:dd:a5:c3:76:
         b9:5f:f2:84
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzEkjd8Ebxjai2diikaVh3RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMTM4MzQ3M2U4YWE4NzI3MDY4ZmM3NTJlMDYwZTNkYmY2
M2UwZWYwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWI4NDYwZjAxMmM3OGU2ODI0ZmYwMzFkMmUxNDc4YTYwYTM3ZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsB6nJx6PmmY1oFvgIEmvCySHjBb2
yVK4iIqbUrywQ4zd/Wzqs79PxR8g75lChm/proLl+rTvXuMl1p762paoWEaFQZ1a
agiiOGF3jCoJ+zoe0GtmZo27W2a2tZtV5tqY2fI+ii4g7C5qlrUiE3ISGFqv+bHt
ISEuMkjp6LzHQCiTMVqj3W2YZlMFvY3/3WWBUqQszjaTw06WFXB3gjTKOuSb1x6o
SEROZ2YbAjweDo8Lpjv8M5/EcvPADR+LimF94Ry1DU7SIB7HXDtVwlcF2DPiTitl
vzw1AQz+X9KYmGtKUMTwQe0jq6KJN05S6XPCgbPTbAivgbgr/BIXEJs7YwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFC64Rg8BLHjmgk/wMdLhR4pgo33eMB8GA1UdIwQY
MBaAFMsTg0c+iqhycGj8dS4GDj2/Y+DvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXhPRFJ6NktxSEp3YVB4MUxnWU9QYjlqNE84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9jNjNjOTQtZTU2OS00MWI4LThlMmIt
ZDE4YjA5Y2YzYTFkLzEvTHJoR0R3RXNlT2FDVF9BeDB1RkhpbUNqZmQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9jNjNjOTQtZTU2OS00MWI4LThlMmItZDE4YjA5Y2YzYTFk
LzEveXhPRFJ6NktxSEp3YVB4MUxnWU9QYjlqNE84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAwiLHAwQA
wiMLAwQAwiNJAwQAwiNLAwQAwmhjMA0EAgACMAcDBQAqAHlAMA0GCSqGSIb3DQEB
CwUAA4IBAQApNvoWnhlIj068AgZA4PBqG9OlMGN64ZFN6vXxhDa1cciNSTdTnqAs
dAhgpUk2acnRJTZzhd5S3nKwsNv39kpPjfQkK/Zke/K2vXeanouEDNoeSMJSeCCS
tfOGd+mWbSLVl/PpMqrubL52FMk+fYPxl5bynwHQuo8UgIBZlYlfX41htbfynBcA
dTKN9/434DDKwmzCmGP9Ikr6VmNSOmtqrTuvSvTpbfsjdPK1169msmpJbQ7q2PMx
F+q1srDd/Yanw3G3VQeIoK5Xqk341pyH5cmFKfpR4jKFUytzFUCv1MK5o8pVI/iB
EjQB6XQt+AM+5dkDZ/o+b92lw3a5X/KE
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:10:54 2024 by rpki-client on console-fra.rpki-client.org