Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/pyjOZVhUCG9-NUy1zFx2_4m_RZs.roa
File:                     pyjOZVhUCG9-NUy1zFx2_4m_RZs.roa (raw, json)
Hash identifier:          SKjO1OXVVpHbdxxPXJbJBKavpGvzBke6qz71nvJzra8=
Subject key identifier:   A7:28:CE:65:58:54:08:6F:7E:35:4C:B5:CC:5C:76:FF:89:BF:45:9B
Certificate issuer:       /CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
Certificate serial:       018CC94ADA8DD8C8213632FC9F1053AFA937
Authority key identifier: 5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/pyjOZVhUCG9-NUy1zFx2_4m_RZs.roa
Signing time:             Tue 02 Jan 2024 08:29:35 +0000
ROA not before:           Tue 02 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206757
IP address blocks:        83.175.221.128/25 maxlen: 25
                          83.175.230.0/24 maxlen: 24
                          82.144.12.0/25 maxlen: 25
                          213.171.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:da:8d:d8:c8:21:36:32:fc:9f:10:53:af:a9:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
        Validity
            Not Before: Jan  2 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a728ce655854086f7e354cb5cc5c76ff89bf459b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:79:51:fa:86:b8:78:6d:b6:4f:0b:be:68:4d:
                    6f:07:e2:4d:78:fb:c9:fa:c5:b5:bf:97:a2:16:7a:
                    4d:b8:52:17:e0:fa:c4:2c:79:6b:f5:18:ed:78:08:
                    2c:9d:75:f7:70:3d:23:64:e2:be:6f:67:a1:5f:b8:
                    91:42:03:e2:e0:77:5c:3d:8f:16:31:be:d4:97:76:
                    03:9f:49:7e:e4:53:8a:a8:91:a5:11:85:32:6a:48:
                    42:11:36:09:5a:72:af:97:07:f7:45:9a:14:65:bd:
                    cc:fd:0a:ad:6b:f6:26:ce:8a:26:be:9f:60:06:4d:
                    e8:9b:a2:b5:c7:cc:1e:15:9b:72:98:97:2b:b4:41:
                    ad:86:49:f8:bc:5b:82:95:fd:e2:0f:a2:e3:70:48:
                    f7:59:f2:a3:a8:4a:c2:c3:d4:73:67:c0:d9:fe:25:
                    47:d2:27:68:2c:80:d0:a5:83:a0:ba:72:17:03:b5:
                    75:51:d9:c5:db:47:d8:b3:63:37:62:df:b8:5b:69:
                    24:1a:ac:e7:c8:ec:2d:8a:bd:1a:c6:2d:b5:49:86:
                    11:87:43:f2:08:63:02:4b:60:b3:60:a7:55:59:e5:
                    d6:bd:d6:05:ea:64:fc:5a:1f:19:a0:70:df:11:cb:
                    73:76:65:bd:de:7a:b4:56:c2:b8:90:70:39:f0:bf:
                    58:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:28:CE:65:58:54:08:6F:7E:35:4C:B5:CC:5C:76:FF:89:BF:45:9B
            X509v3 Authority Key Identifier:
                keyid:5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/pyjOZVhUCG9-NUy1zFx2_4m_RZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.144.12.0/25
                  83.175.221.128/25
                  83.175.230.0/24
                  213.171.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:64:b8:9f:40:b3:06:bd:bd:f3:8b:9d:c4:22:2b:98:ce:fe:
         10:dc:a0:20:9b:62:b1:c1:6b:35:54:e2:3f:95:d4:ac:37:ab:
         c1:2b:b8:00:63:f0:5b:3f:57:82:68:9e:4f:7a:25:ba:7c:75:
         c4:24:b7:39:fa:72:f5:f3:c9:ee:5c:2e:75:a1:4a:16:2d:4e:
         12:be:50:55:7b:95:09:00:c8:bf:77:0a:76:9f:61:48:0a:68:
         c9:45:4d:fa:a4:30:4d:ed:46:8b:38:94:ef:0d:04:48:72:cf:
         30:56:54:77:e0:95:84:7d:03:b1:a2:66:ad:1c:9e:07:61:69:
         70:39:13:9a:45:13:03:e3:9c:ec:f8:b7:4c:8b:ee:90:28:c9:
         5b:61:b0:e9:66:8f:84:af:a4:b2:9b:8f:0b:7e:e9:36:70:c6:
         fd:8b:1a:cc:3b:33:86:98:96:45:5d:fc:ed:80:7a:15:d3:b3:
         17:14:74:0c:94:ab:01:88:1c:35:5d:8d:a2:25:60:2c:f4:a9:
         1b:c2:1c:58:be:bf:39:fa:2c:d9:3b:55:b8:b1:68:93:ff:ab:
         8d:cf:e8:9d:68:40:c3:d1:2a:58:a8:8c:05:cd:e6:5a:af:68:
         b5:7c:18:18:23:da:70:19:00:d8:86:59:c3:d0:90:14:2d:c6:
         4b:80:88:44
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzJStqN2MghNjL8nxBTr6k3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTM5YjBjZWQzOGQ3NWNjNjNlZDUwZDZlNWNlNzJiYmI1
YjRiMTAwHhcNMjQwMTAyMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzI4Y2U2NTU4NTQwODZmN2UzNTRjYjVjYzVjNzZmZjg5YmY0NTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3lR+oa4eG22Twu+aE1vB+JNePvJ
+sW1v5eiFnpNuFIX4PrELHlr9RjteAgsnXX3cD0jZOK+b2ehX7iRQgPi4HdcPY8W
Mb7Ul3YDn0l+5FOKqJGlEYUyakhCETYJWnKvlwf3RZoUZb3M/Qqta/Ymzoomvp9g
Bk3om6K1x8weFZtymJcrtEGthkn4vFuClf3iD6LjcEj3WfKjqErCw9RzZ8DZ/iVH
0idoLIDQpYOgunIXA7V1UdnF20fYs2M3Yt+4W2kkGqznyOwtir0axi21SYYRh0Py
CGMCS2CzYKdVWeXWvdYF6mT8Wh8ZoHDfEctzdmW93nq0VsK4kHA58L9Y8QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKcozmVYVAhvfjVMtcxcdv+Jv0WbMB8GA1UdIwQY
MBaAFFqTmwztONdcxj7VDW5c5yu7W0sQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgt
ZDYwYjNiNmNjYTZlLzEvcHlqT1pWaFVDRzktTlV5MXpGeDJfNG1fUlpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgtZDYwYjNiNmNjYTZl
LzEvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwUHUpAMAAMF
B1Ov3YADBABTr+YDBADVq+YwDQYJKoZIhvcNAQELBQADggEBAIhkuJ9Aswa9vfOL
ncQiK5jO/hDcoCCbYrHBazVU4j+V1Kw3q8EruABj8Fs/V4Jonk96Jbp8dcQktzn6
cvXzye5cLnWhShYtThK+UFV7lQkAyL93CnafYUgKaMlFTfqkME3tRos4lO8NBEhy
zzBWVHfglYR9A7GiZq0cngdhaXA5E5pFEwPjnOz4t0yL7pAoyVthsOlmj4SvpLKb
jwt+6TZwxv2LGsw7M4aYlkVd/O2AehXTsxcUdAyUqwGIHDVdjaIlYCz0qRvCHFi+
vzn6LNk7VbixaJP/q43P6J1oQMPRKliojAXN5lqvaLV8GBgj2nAZANiGWcPQkBQt
xkuAiEQ=
-----END CERTIFICATE-----
Generated at Tue Jun 18 07:51:13 2024 by rpki-client on console-fra.rpki-client.org