Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/4159c3-814d-4001-8527-139043749c48/1/u50_wKG1fyOwHvWkzRwzICXpDWg.roa
File:                     u50_wKG1fyOwHvWkzRwzICXpDWg.roa (raw, json)
Hash identifier:          CZdrB6w1qzmX5lmOiy7eRx/Bep2giQy9ZtJiJEeI0F0=
Subject key identifier:   BB:9D:3F:C0:A1:B5:7F:23:B0:1E:F5:A4:CD:1C:33:20:25:E9:0D:68
Certificate issuer:       /CN=e14f264fa4a4c90dcb4a99cccec50c5508f44498
Certificate serial:       018EA9D861B1F870E511B543D947018407F6
Authority key identifier: E1:4F:26:4F:A4:A4:C9:0D:CB:4A:99:CC:CE:C5:0C:55:08:F4:44:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4U8mT6SkyQ3LSpnMzsUMVQj0RJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/4159c3-814d-4001-8527-139043749c48/1/u50_wKG1fyOwHvWkzRwzICXpDWg.roa
Signing time:             Thu 04 Apr 2024 16:01:54 +0000
ROA not before:           Thu 04 Apr 2024 16:01:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207594
IP address blocks:        85.116.148.0/22 maxlen: 22
                          85.116.152.0/22 maxlen: 22
                          85.116.156.0/23 maxlen: 23
                          85.116.158.0/24 maxlen: 24
                          85.116.159.0/24 maxlen: 24
                          185.30.80.0/22 maxlen: 22
                          185.68.192.0/22 maxlen: 22
                          2a00:a2a0::/32 maxlen: 32
                          2a05:10c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/4159c3-814d-4001-8527-139043749c48/1/4U8mT6SkyQ3LSpnMzsUMVQj0RJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/4159c3-814d-4001-8527-139043749c48/1/4U8mT6SkyQ3LSpnMzsUMVQj0RJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4U8mT6SkyQ3LSpnMzsUMVQj0RJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:d8:61:b1:f8:70:e5:11:b5:43:d9:47:01:84:07:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14f264fa4a4c90dcb4a99cccec50c5508f44498
        Validity
            Not Before: Apr  4 16:01:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb9d3fc0a1b57f23b01ef5a4cd1c332025e90d68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:40:68:e8:20:46:68:64:19:6d:58:a7:6a:5c:
                    c4:ea:01:a8:a8:9d:47:42:1e:99:23:88:ae:b3:2f:
                    d2:d0:6b:52:f2:df:7b:d8:8f:3d:12:e2:b9:67:5f:
                    18:e1:63:06:e1:5d:d3:54:aa:59:cd:7a:95:56:9f:
                    88:a5:b9:c7:f8:b9:9b:62:cc:0f:c1:81:6c:9f:26:
                    7e:de:83:c1:47:19:6c:c8:e8:2e:56:70:6e:00:27:
                    88:d2:f4:9d:13:f3:5d:3b:65:4d:82:d1:18:29:dc:
                    09:5f:e0:42:e2:4e:27:06:1d:e4:a9:06:12:4a:28:
                    6b:87:43:69:92:1c:88:92:1d:0a:82:e0:6a:89:98:
                    90:6a:df:f1:ac:be:e7:81:8d:1b:79:5f:b0:55:b3:
                    44:a3:13:67:77:cf:4a:4f:5e:e5:e8:a4:48:6f:a8:
                    52:e4:b9:23:b7:f0:7e:b9:3e:5c:34:3c:22:26:d9:
                    16:10:6c:22:88:b3:e6:cc:41:50:6a:25:2c:ba:61:
                    29:6b:cb:b6:81:42:4e:4e:a2:73:e8:d1:b8:65:be:
                    db:6c:ee:d6:35:58:ab:ef:0a:3c:10:7a:97:27:15:
                    18:ed:2b:0c:98:9d:ca:5a:dd:fd:34:05:b9:e4:14:
                    ef:c0:2b:c6:77:28:58:8a:75:c7:5d:59:60:f7:59:
                    ab:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:9D:3F:C0:A1:B5:7F:23:B0:1E:F5:A4:CD:1C:33:20:25:E9:0D:68
            X509v3 Authority Key Identifier:
                keyid:E1:4F:26:4F:A4:A4:C9:0D:CB:4A:99:CC:CE:C5:0C:55:08:F4:44:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4U8mT6SkyQ3LSpnMzsUMVQj0RJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4159c3-814d-4001-8527-139043749c48/1/u50_wKG1fyOwHvWkzRwzICXpDWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4159c3-814d-4001-8527-139043749c48/1/4U8mT6SkyQ3LSpnMzsUMVQj0RJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.148.0-85.116.159.255
                  185.30.80.0/22
                  185.68.192.0/22
                IPv6:
                  2a00:a2a0::/32
                  2a05:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         bd:12:c1:12:ca:99:51:35:19:5c:6e:d2:d1:17:1b:39:5a:cb:
         aa:27:4a:0d:de:ad:9b:5d:53:70:26:10:f7:f9:8d:8a:d3:81:
         a5:10:49:9c:a7:01:43:21:41:4a:2e:2c:2e:29:21:cd:d1:11:
         73:5b:64:45:f2:47:ee:f4:2f:a5:50:1f:ee:58:7a:2c:84:ee:
         b7:29:cd:6a:9d:b6:a0:31:b0:06:51:b4:b8:31:f4:ec:96:f2:
         e6:fd:dd:de:bd:8f:19:42:63:22:14:25:58:03:dc:9a:97:ae:
         49:b2:ef:3d:e2:f9:f0:1b:a3:eb:e3:a3:7c:ac:9d:eb:56:b7:
         76:2d:83:b1:05:c9:2d:dd:fe:69:5a:1d:b4:b8:ed:ad:7f:f0:
         aa:18:49:dc:42:06:c7:4c:28:8c:4c:49:92:a2:fd:f7:46:df:
         5a:af:d6:80:ae:70:9d:f0:45:9d:83:60:8e:88:e6:ca:59:bb:
         17:3a:b2:1a:ea:ad:df:a5:7a:fe:5f:75:ab:07:71:ce:6a:de:
         5e:89:ad:3d:91:98:76:fe:0f:0f:d6:bf:b5:9c:68:46:cb:66:
         5e:58:7a:21:c0:b2:e3:72:8a:08:4a:6e:fe:8d:42:79:0b:ee:
         18:37:b5:f2:df:93:d2:64:43:ce:2a:b8:ce:94:ab:88:31:b5:
         7f:27:db:47
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY6p2GGx+HDlEbVD2UcBhAf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGYyNjRmYTRhNGM5MGRjYjRhOTljY2NlYzUwYzU1MDhm
NDQ0OTgwHhcNMjQwNDA0MTYwMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjlkM2ZjMGExYjU3ZjIzYjAxZWY1YTRjZDFjMzMyMDI1ZTkwZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkBo6CBGaGQZbVinalzE6gGoqJ1H
Qh6ZI4iusy/S0GtS8t972I89EuK5Z18Y4WMG4V3TVKpZzXqVVp+IpbnH+LmbYswP
wYFsnyZ+3oPBRxlsyOguVnBuACeI0vSdE/NdO2VNgtEYKdwJX+BC4k4nBh3kqQYS
Sihrh0NpkhyIkh0KguBqiZiQat/xrL7ngY0beV+wVbNEoxNnd89KT17l6KRIb6hS
5Lkjt/B+uT5cNDwiJtkWEGwiiLPmzEFQaiUsumEpa8u2gUJOTqJz6NG4Zb7bbO7W
NVir7wo8EHqXJxUY7SsMmJ3KWt39NAW55BTvwCvGdyhYinXHXVlg91mr4wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLudP8ChtX8jsB71pM0cMyAl6Q1oMB8GA1UdIwQY
MBaAFOFPJk+kpMkNy0qZzM7FDFUI9ESYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFU4bVQ2U2t5UTNMU3BuTXpzVU1WUWowUkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy80MTU5YzMtODE0ZC00MDAxLTg1Mjct
MTM5MDQzNzQ5YzQ4LzEvdTUwX3dLRzFmeU93SHZXa3pSd3pJQ1hwRFdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy80MTU5YzMtODE0ZC00MDAxLTg1MjctMTM5MDQzNzQ5YzQ4
LzEvNFU4bVQ2U2t5UTNMU3BuTXpzVU1WUWowUkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAgBAIAATAaMAwDBAJVdJQD
BAVVdIADBAK5HlADBAK5RMAwFAQCAAIwDgMFACoAoqADBQMqBRDAMA0GCSqGSIb3
DQEBCwUAA4IBAQC9EsESyplRNRlcbtLRFxs5WsuqJ0oN3q2bXVNwJhD3+Y2K04Gl
EEmcpwFDIUFKLiwuKSHN0RFzW2RF8kfu9C+lUB/uWHoshO63Kc1qnbagMbAGUbS4
MfTslvLm/d3evY8ZQmMiFCVYA9yal65Jsu894vnwG6Pr46N8rJ3rVrd2LYOxBckt
3f5pWh20uO2tf/CqGEncQgbHTCiMTEmSov33Rt9ar9aArnCd8EWdg2COiObKWbsX
OrIa6q3fpXr+X3WrB3HOat5eia09kZh2/g8P1r+1nGhGy2ZeWHohwLLjcooISm7+
jUJ5C+4YN7Xy35PSZEPOKrjOlKuIMbV/J9tH
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:52:12 2024 by rpki-client on console-fra.rpki-client.org