Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/zeUGjIpQPzh4iPsKYAPFhkkaFUc.roa
File:                     zeUGjIpQPzh4iPsKYAPFhkkaFUc.roa (raw, json)
Hash identifier:          +n5+jVpFG1bJn6J+JoYIcXDJ1LiNO6FL+O4hd4l9hZY=
Subject key identifier:   CD:E5:06:8C:8A:50:3F:38:78:88:FB:0A:60:03:C5:86:49:1A:15:47
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B72D946F457C5CE79BDDA6432E6E07
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/zeUGjIpQPzh4iPsKYAPFhkkaFUc.roa
Signing time:             Mon 01 Jan 2024 06:30:11 +0000
ROA not before:           Mon 01 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8953
IP address blocks:        92.180.0.0/17 maxlen: 24
                          90.84.224.0/20 maxlen: 24
                          90.95.0.0/16 maxlen: 24
                          90.84.208.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2d:94:6f:45:7c:5c:e7:9b:dd:a6:43:2e:6e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cde5068c8a503f387888fb0a6003c586491a1547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:83:2e:73:44:cc:ca:89:e1:bf:5f:ca:b9:76:
                    be:9f:30:eb:7f:5d:44:6b:59:36:f1:ff:1d:b3:cb:
                    ba:71:53:de:90:69:bc:6f:5f:23:a8:1f:af:3c:a8:
                    a4:ec:4d:60:f9:1c:71:88:c6:73:2d:c4:48:9e:6b:
                    4c:2e:c0:e0:9c:84:ff:ef:05:cd:5c:eb:b8:65:be:
                    6f:85:11:66:16:a1:2b:04:09:32:1b:e3:7c:97:b0:
                    bb:d3:2f:c0:15:fb:35:32:ac:ca:29:9f:61:a5:7d:
                    4e:c5:12:d0:51:64:98:53:bb:00:30:2b:28:64:77:
                    c9:99:2d:4e:39:79:eb:4c:1f:6a:7b:31:42:d3:d5:
                    49:b3:56:78:60:a3:db:3e:9a:af:03:64:dd:75:bc:
                    39:f1:b6:2a:45:aa:20:15:4a:2d:5a:5f:c2:cd:ee:
                    27:4f:95:a9:66:c6:3f:66:01:87:e0:d0:9d:83:19:
                    7f:e5:6a:4b:99:ed:55:48:9c:51:bb:8c:22:33:8d:
                    dc:44:04:52:4f:d3:3a:fa:0f:a2:9e:ba:57:84:53:
                    c4:70:3a:10:cc:a7:cb:4d:ec:39:16:3b:64:a4:bb:
                    21:51:e2:0c:2b:0d:85:b9:f0:24:3a:d6:65:71:58:
                    91:ec:1a:e9:d7:f6:1b:06:5d:ce:7c:95:34:53:f3:
                    64:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:E5:06:8C:8A:50:3F:38:78:88:FB:0A:60:03:C5:86:49:1A:15:47
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/zeUGjIpQPzh4iPsKYAPFhkkaFUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.84.208.0/21
                  90.84.224.0/20
                  90.95.0.0/16
                  92.180.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         63:90:fe:36:86:1e:ca:6a:52:38:b1:26:26:d9:47:cd:de:43:
         bb:bd:ce:e4:a8:c8:cc:28:bf:60:31:9d:2e:b0:71:f3:c0:c8:
         63:f9:aa:b4:08:85:04:ce:db:80:ef:b1:02:2b:84:ee:a0:72:
         5e:7a:e4:f5:5f:5f:76:12:94:36:d2:f1:3e:4e:a6:38:76:e3:
         d6:c3:77:9f:17:99:87:fc:02:84:bb:ee:f3:32:70:03:ad:e9:
         81:8d:6d:19:2a:dc:b0:ea:93:bd:7b:e9:d6:14:ee:8b:5a:4b:
         77:9a:c4:3f:b2:55:d4:23:4e:0a:d9:60:49:a7:eb:a4:ca:bb:
         e6:c2:6d:55:f5:fd:fa:84:83:16:01:2a:2b:38:d6:e9:99:c7:
         7a:f2:f2:3f:47:b1:11:f4:ee:75:ff:eb:cc:1e:a4:f8:cd:46:
         cf:74:4c:37:ba:d2:b3:5c:30:27:e5:5b:93:dc:77:6a:8e:2f:
         31:d0:9a:1c:6c:f6:93:55:cb:a5:49:8b:4f:53:51:ac:af:cc:
         92:a9:d3:c2:c4:1c:a3:fe:6f:75:83:bc:6a:08:24:d3:64:98:
         33:8d:54:f0:00:cd:f8:a9:ad:dd:d8:7b:57:91:0b:34:90:a0:
         c8:2f:ef:f9:d2:d8:28:1b:4e:f4:58:d3:2a:e6:fa:f9:23:c4:
         a9:4b:37:0a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDty2Ub0V8XOeb3aZDLm4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGU1MDY4YzhhNTAzZjM4Nzg4OGZiMGE2MDAzYzU4NjQ5MWExNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4Muc0TMyonhv1/KuXa+nzDrf11E
a1k28f8ds8u6cVPekGm8b18jqB+vPKik7E1g+RxxiMZzLcRInmtMLsDgnIT/7wXN
XOu4Zb5vhRFmFqErBAkyG+N8l7C70y/AFfs1MqzKKZ9hpX1OxRLQUWSYU7sAMCso
ZHfJmS1OOXnrTB9qezFC09VJs1Z4YKPbPpqvA2Tddbw58bYqRaogFUotWl/Cze4n
T5WpZsY/ZgGH4NCdgxl/5WpLme1VSJxRu4wiM43cRARST9M6+g+inrpXhFPEcDoQ
zKfLTew5FjtkpLshUeIMKw2FufAkOtZlcViR7Brp1/YbBl3OfJU0U/NkJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM3lBoyKUD84eIj7CmADxYZJGhVHMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvemVVR2pJcFFQemg0aVBzS1lBUEZoa2thRlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAATAXAwQDWlTQAwQE
WlTgAwMAWl8DBAdctAAwDQYJKoZIhvcNAQELBQADggEBAGOQ/jaGHspqUjixJibZ
R83eQ7u9zuSoyMwov2AxnS6wcfPAyGP5qrQIhQTO24DvsQIrhO6gcl565PVfX3YS
lDbS8T5Opjh249bDd58XmYf8AoS77vMycAOt6YGNbRkq3LDqk7176dYU7otaS3ea
xD+yVdQjTgrZYEmn66TKu+bCbVX1/fqEgxYBKis41umZx3ry8j9HsRH07nX/68we
pPjNRs90TDe60rNcMCflW5Pcd2qOLzHQmhxs9pNVy6VJi09TUayvzJKp08LEHKP+
b3WDvGoIJNNkmDONVPAAzfiprd3Ye1eRCzSQoMgv7/nS2CgbTvRY0yrm+vkjxKlL
Nwo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:48:00 2024 by rpki-client on console-fra.rpki-client.org