Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/ezgp3pt0gNcFS0wtctJhB2ybhmY.roa
File:                     ezgp3pt0gNcFS0wtctJhB2ybhmY.roa (raw, json)
Hash identifier:          MzNVINZLb2LlxNfWLmmhF0X1PYN/6m/1kHcPQ2ID8+s=
Subject key identifier:   7B:38:29:DE:9B:74:80:D7:05:4B:4C:2D:72:D2:61:07:6C:9B:86:66
Certificate issuer:       /CN=266e0c40e4e9370db99ad27a97298d7d05598f73
Certificate serial:       018CC26D1664063FAD7A22F4AB27F157FB40
Authority key identifier: 26:6E:0C:40:E4:E9:37:0D:B9:9A:D2:7A:97:29:8D:7D:05:59:8F:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jm4MQOTpNw25mtJ6lymNfQVZj3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/ezgp3pt0gNcFS0wtctJhB2ybhmY.roa
Signing time:             Mon 01 Jan 2024 00:29:38 +0000
ROA not before:           Mon 01 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204324
IP address blocks:        185.252.41.0/24 maxlen: 24
                          185.252.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/Jm4MQOTpNw25mtJ6lymNfQVZj3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/Jm4MQOTpNw25mtJ6lymNfQVZj3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jm4MQOTpNw25mtJ6lymNfQVZj3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:16:64:06:3f:ad:7a:22:f4:ab:27:f1:57:fb:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=266e0c40e4e9370db99ad27a97298d7d05598f73
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b3829de9b7480d7054b4c2d72d261076c9b8666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:13:59:2d:06:c2:3c:3e:95:68:59:49:31:a2:
                    7c:36:7c:99:6f:19:da:ba:ba:23:61:6d:ee:c6:25:
                    83:07:c9:de:0b:8e:c2:a6:66:69:26:35:86:20:04:
                    58:4f:d9:00:e0:63:2f:f7:f6:98:02:dc:43:58:ab:
                    e3:05:09:d7:2c:de:d9:02:11:cb:bb:da:24:de:2e:
                    8d:7c:49:bb:16:d7:4c:a2:82:69:d0:b2:48:aa:6f:
                    e2:ec:f3:67:1c:63:2f:ec:a7:57:3d:7b:86:9c:86:
                    60:4c:e6:a4:04:57:1f:4e:c9:49:4c:ac:41:28:58:
                    78:40:19:01:bb:07:d2:51:ef:60:08:88:40:2d:31:
                    d0:4d:db:28:a1:d3:e4:9b:f0:30:42:30:a3:3c:4f:
                    e2:13:b8:1b:e3:fc:13:2c:59:59:a1:28:eb:dc:21:
                    bd:19:07:74:a6:d7:c8:a3:56:cb:b8:df:43:c2:e6:
                    77:72:3a:21:52:b0:10:2f:58:d4:33:8e:90:04:9f:
                    78:d1:ce:da:2a:f3:47:2c:7f:28:9e:e1:fb:02:cc:
                    0a:90:cd:77:f9:a8:73:b6:a2:d4:db:7f:59:72:5a:
                    2d:14:b0:2b:72:a6:2a:18:78:6a:5c:88:21:ba:ca:
                    f7:f9:7d:b2:82:ad:89:07:68:fd:cc:6e:40:16:c8:
                    61:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:38:29:DE:9B:74:80:D7:05:4B:4C:2D:72:D2:61:07:6C:9B:86:66
            X509v3 Authority Key Identifier:
                keyid:26:6E:0C:40:E4:E9:37:0D:B9:9A:D2:7A:97:29:8D:7D:05:59:8F:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jm4MQOTpNw25mtJ6lymNfQVZj3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/ezgp3pt0gNcFS0wtctJhB2ybhmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/9e57aa-8901-4bd8-8295-9c1a53580e39/1/Jm4MQOTpNw25mtJ6lymNfQVZj3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:ae:dc:b6:8c:fa:31:0a:d6:7b:ed:e3:44:a1:3c:30:f8:57:
         53:e6:b6:22:91:16:aa:d7:a3:70:4f:09:be:9b:b0:76:19:a3:
         16:9a:3d:9c:9a:1c:c5:6d:2d:0b:ea:19:71:4d:ee:bd:dc:97:
         bf:f8:7d:97:19:56:9e:a3:2c:01:45:0d:24:4e:ff:d3:c7:aa:
         64:51:7c:2f:98:ca:67:27:19:72:13:86:70:24:e9:db:72:de:
         01:7c:46:b5:db:23:fd:21:40:fe:f1:b4:5a:81:97:57:f0:3f:
         a0:b2:50:cf:2e:eb:db:0a:ab:db:cf:f2:be:85:f3:fd:62:94:
         c0:af:ce:e3:76:c0:f5:0a:52:cf:44:9d:53:17:71:cb:a6:a1:
         25:cf:ce:3b:ae:65:ed:ba:19:75:00:06:10:50:fc:93:99:63:
         1b:2b:2a:30:7c:dc:6a:d4:b3:7b:64:c0:06:6e:60:5f:86:cf:
         3e:8a:5a:44:1e:31:11:f0:9a:08:5d:fa:c7:c3:1e:0c:55:74:
         a8:99:b1:54:66:59:50:fe:80:58:af:f8:62:1d:5b:8c:df:13:
         be:68:0e:b9:42:06:3f:5f:ab:b8:7d:1c:71:5e:55:1b:b3:75:
         46:9b:2f:1c:81:49:14:0c:19:3c:52:85:6a:2e:d5:16:d4:f5:
         12:ab:61:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRZkBj+teiL0qyfxV/tAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NmUwYzQwZTRlOTM3MGRiOTlhZDI3YTk3Mjk4ZDdkMDU1
OThmNzMwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjM4MjlkZTliNzQ4MGQ3MDU0YjRjMmQ3MmQyNjEwNzZjOWI4NjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxNZLQbCPD6VaFlJMaJ8NnyZbxna
urojYW3uxiWDB8neC47CpmZpJjWGIARYT9kA4GMv9/aYAtxDWKvjBQnXLN7ZAhHL
u9ok3i6NfEm7FtdMooJp0LJIqm/i7PNnHGMv7KdXPXuGnIZgTOakBFcfTslJTKxB
KFh4QBkBuwfSUe9gCIhALTHQTdsoodPkm/AwQjCjPE/iE7gb4/wTLFlZoSjr3CG9
GQd0ptfIo1bLuN9DwuZ3cjohUrAQL1jUM46QBJ940c7aKvNHLH8onuH7AswKkM13
+ahztqLU239ZclotFLArcqYqGHhqXIghusr3+X2ygq2JB2j9zG5AFshh/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHs4Kd6bdIDXBUtMLXLSYQdsm4ZmMB8GA1UdIwQY
MBaAFCZuDEDk6TcNuZrSepcpjX0FWY9zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm00TVFPVHBOdzI1bXRKNmx5bU5mUVZaajNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC85ZTU3YWEtODkwMS00YmQ4LTgyOTUt
OWMxYTUzNTgwZTM5LzEvZXpncDNwdDBnTmNGUzB3dGN0SmhCMnliaG1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC85ZTU3YWEtODkwMS00YmQ4LTgyOTUtOWMxYTUzNTgwZTM5
LzEvSm00TVFPVHBOdzI1bXRKNmx5bU5mUVZaajNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufwoMA0G
CSqGSIb3DQEBCwUAA4IBAQCerty2jPoxCtZ77eNEoTww+FdT5rYikRaq16NwTwm+
m7B2GaMWmj2cmhzFbS0L6hlxTe693Je/+H2XGVaeoywBRQ0kTv/Tx6pkUXwvmMpn
JxlyE4ZwJOnbct4BfEa12yP9IUD+8bRagZdX8D+gslDPLuvbCqvbz/K+hfP9YpTA
r87jdsD1ClLPRJ1TF3HLpqElz847rmXtuhl1AAYQUPyTmWMbKyowfNxq1LN7ZMAG
bmBfhs8+ilpEHjER8JoIXfrHwx4MVXSombFUZllQ/oBYr/hiHVuM3xO+aA65QgY/
X6u4fRxxXlUbs3VGmy8cgUkUDBk8UoVqLtUW1PUSq2HX
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:09:36 2024 by rpki-client on console-ams.rpki-client.org