Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/536-pDj42ed4B5h-04-gmnqWcqY.roa
File:                     536-pDj42ed4B5h-04-gmnqWcqY.roa (raw, json)
Hash identifier:          wZvi6SWaT3IWyBRT1loNWGNzb+UHKYIyx4NreNA2VWc=
Subject key identifier:   E7:7E:BE:A4:38:F8:D9:E7:78:07:98:7E:D3:8F:A0:9A:7A:96:72:A6
Certificate issuer:       /CN=fbbe33c8d18e53bfd24822098dc748640550c504
Certificate serial:       018CCA2A2CFD644D11701E5062E0B90C8F04
Authority key identifier: FB:BE:33:C8:D1:8E:53:BF:D2:48:22:09:8D:C7:48:64:05:50:C5:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/536-pDj42ed4B5h-04-gmnqWcqY.roa
Signing time:             Tue 02 Jan 2024 12:33:30 +0000
ROA not before:           Tue 02 Jan 2024 12:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        185.118.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2c:fd:64:4d:11:70:1e:50:62:e0:b9:0c:8f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbbe33c8d18e53bfd24822098dc748640550c504
        Validity
            Not Before: Jan  2 12:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e77ebea438f8d9e77807987ed38fa09a7a9672a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:32:dd:38:a1:15:15:52:60:b8:dc:9e:75:7c:
                    99:0d:e0:bf:92:80:15:25:00:4f:0a:66:8c:12:c0:
                    8b:ed:b1:36:84:9a:21:03:6a:bb:9f:7f:73:3d:f4:
                    18:1e:98:13:9a:03:a6:67:1c:9e:cd:45:df:51:85:
                    54:e3:67:4f:27:b8:65:91:79:a2:5e:e4:a1:1d:e3:
                    01:d4:07:8b:cd:bb:51:4b:91:df:6a:57:dc:d7:99:
                    03:10:eb:c8:22:eb:46:be:47:01:e8:7b:68:b4:8b:
                    4b:7a:c3:e1:07:c0:51:76:71:3a:78:20:e0:74:34:
                    ca:64:06:3d:b8:4c:52:ab:6f:b3:73:cb:86:2b:c8:
                    a5:7a:05:7e:6f:02:d7:e5:9f:65:1f:9e:ba:ba:b6:
                    21:b9:36:29:47:58:18:53:c2:91:c8:07:75:7c:a3:
                    d1:92:fa:52:5b:38:b3:1d:f3:fd:ae:34:f4:91:29:
                    47:6d:d4:6f:29:c1:72:37:2a:0a:4f:70:a9:f8:66:
                    37:98:1c:48:d0:7e:9e:4a:de:56:bc:6d:c6:d7:08:
                    76:0c:af:d1:0a:b7:c7:25:a8:76:9f:70:74:7a:df:
                    98:e4:e3:b6:20:5c:04:49:cb:40:8a:9c:5d:41:65:
                    2d:32:ff:e0:8e:74:8a:de:6f:b4:d3:97:c1:01:94:
                    0b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:7E:BE:A4:38:F8:D9:E7:78:07:98:7E:D3:8F:A0:9A:7A:96:72:A6
            X509v3 Authority Key Identifier:
                keyid:FB:BE:33:C8:D1:8E:53:BF:D2:48:22:09:8D:C7:48:64:05:50:C5:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/536-pDj42ed4B5h-04-gmnqWcqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/9cfee8-9446-4f5e-ad1e-0554311d87b5/1/1-74zyNGOU7_SSCIJjcdIZAVQxQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:70:da:af:e7:f3:72:06:d0:03:c5:6d:45:ba:b6:dc:2a:64:
         31:57:d5:8e:b6:f8:f1:e3:ba:76:7d:73:cf:90:fc:fc:61:d0:
         9b:7b:13:bc:e4:70:19:4f:1e:c8:3f:5f:80:cc:06:e1:30:b2:
         d6:e7:cc:27:1b:6b:fb:a4:2f:5a:f9:03:2e:e1:81:44:29:24:
         0d:7a:45:fb:96:83:13:3d:1f:21:2b:e6:1f:43:34:56:15:4b:
         69:ea:e4:f9:f8:12:9d:45:8d:fc:ee:ea:94:f6:98:ed:6f:ad:
         81:f4:46:0a:9b:6b:0d:a4:bc:91:9e:0a:f7:9f:5b:0e:3f:82:
         d0:52:31:c0:7e:1c:5c:81:5a:fb:18:a9:aa:06:bd:2a:6e:ff:
         31:42:75:36:e7:45:c1:88:cd:e8:6d:5d:bf:73:83:e6:a4:81:
         11:79:00:8f:0d:03:87:58:f8:a0:b8:9b:c7:3f:29:57:54:9d:
         29:76:a1:53:db:6b:08:4b:1c:7c:15:43:94:5e:97:a9:73:5d:
         11:f7:96:36:6d:94:3a:b3:ab:ce:1a:73:50:44:9d:92:50:c8:
         16:39:98:cc:f5:17:97:b6:7e:89:b5:69:f5:3d:91:77:2f:22:
         44:24:7c:fb:bc:e5:87:ea:7e:8b:58:e3:77:db:9d:99:85:55:
         81:6c:e7:97
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKiz9ZE0RcB5QYuC5DI8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYmUzM2M4ZDE4ZTUzYmZkMjQ4MjIwOThkYzc0ODY0MDU1
MGM1MDQwHhcNMjQwMTAyMTIzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzdlYmVhNDM4ZjhkOWU3NzgwNzk4N2VkMzhmYTA5YTdhOTY3MmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTLdOKEVFVJguNyedXyZDeC/koAV
JQBPCmaMEsCL7bE2hJohA2q7n39zPfQYHpgTmgOmZxyezUXfUYVU42dPJ7hlkXmi
XuShHeMB1AeLzbtRS5Hfalfc15kDEOvIIutGvkcB6HtotItLesPhB8BRdnE6eCDg
dDTKZAY9uExSq2+zc8uGK8ilegV+bwLX5Z9lH566urYhuTYpR1gYU8KRyAd1fKPR
kvpSWzizHfP9rjT0kSlHbdRvKcFyNyoKT3Cp+GY3mBxI0H6eSt5WvG3G1wh2DK/R
CrfHJah2n3B0et+Y5OO2IFwESctAipxdQWUtMv/gjnSK3m+005fBAZQLywIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOd+vqQ4+NnneAeYftOPoJp6lnKmMB8GA1UdIwQY
MBaAFPu+M8jRjlO/0kgiCY3HSGQFUMUEMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS03NHp5TkdPVTdfU1NDSUpqY2RJWkFWUXhRUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAvOWNmZWU4LTk0NDYtNGY1ZS1hZDFl
LTA1NTQzMTFkODdiNS8xLzUzNi1wRGo0MmVkNEI1aC0wNC1nbW5xV2NxWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzAvOWNmZWU4LTk0NDYtNGY1ZS1hZDFlLTA1NTQzMTFkODdi
NS8xLzEtNzR6eU5HT1U3X1NTQ0lKamNkSVpBVlF4UVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5dmgw
DQYJKoZIhvcNAQELBQADggEBAB5w2q/n83IG0APFbUW6ttwqZDFX1Y62+PHjunZ9
c8+Q/Pxh0Jt7E7zkcBlPHsg/X4DMBuEwstbnzCcba/ukL1r5Ay7hgUQpJA16RfuW
gxM9HyEr5h9DNFYVS2nq5Pn4Ep1Fjfzu6pT2mO1vrYH0Rgqbaw2kvJGeCvefWw4/
gtBSMcB+HFyBWvsYqaoGvSpu/zFCdTbnRcGIzehtXb9zg+akgRF5AI8NA4dY+KC4
m8c/KVdUnSl2oVPbawhLHHwVQ5Rel6lzXRH3ljZtlDqzq84ac1BEnZJQyBY5mMz1
F5e2fom1afU9kXcvIkQkfPu85YfqfotY43fbnZmFVYFs55c=
-----END CERTIFICATE-----
Generated at Mon Nov 25 00:03:06 2024 by rpki-client on console-fra.rpki-client.org