Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/186a18-5d7f-43ed-b06a-cea7eb350537/1/Y1NO6rl2b89DGkXejO2UELGLg-4.roa
File:                     Y1NO6rl2b89DGkXejO2UELGLg-4.roa (raw, json)
Hash identifier:          VtZivPbzWlQHJk94BwXbFqmYfL7eqo7AXFiJlsFmEiU=
Subject key identifier:   63:53:4E:EA:B9:76:6F:CF:43:1A:45:DE:8C:ED:94:10:B1:8B:83:EE
Certificate issuer:       /CN=7ff1b81cfe6abb118e97e0325b662eaf984f2f6a
Certificate serial:       018CC3B739E324E17BE57F2791A0E85E4FA5
Authority key identifier: 7F:F1:B8:1C:FE:6A:BB:11:8E:97:E0:32:5B:66:2E:AF:98:4F:2F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f_G4HP5quxGOl-AyW2Yur5hPL2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/186a18-5d7f-43ed-b06a-cea7eb350537/1/Y1NO6rl2b89DGkXejO2UELGLg-4.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50737
IP address blocks:        193.105.111.0/24 maxlen: 24
                          2a03:4740::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/186a18-5d7f-43ed-b06a-cea7eb350537/1/f_G4HP5quxGOl-AyW2Yur5hPL2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/186a18-5d7f-43ed-b06a-cea7eb350537/1/f_G4HP5quxGOl-AyW2Yur5hPL2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f_G4HP5quxGOl-AyW2Yur5hPL2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:39:e3:24:e1:7b:e5:7f:27:91:a0:e8:5e:4f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ff1b81cfe6abb118e97e0325b662eaf984f2f6a
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63534eeab9766fcf431a45de8ced9410b18b83ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f3:32:81:07:76:a2:37:22:c1:f2:c3:ed:e3:
                    4e:ce:22:62:f3:60:42:88:85:03:6b:a0:7e:20:82:
                    35:06:1b:c9:8b:3b:3f:84:f4:1a:1c:a0:41:80:ea:
                    12:ec:61:e1:c1:09:b5:0c:79:dd:81:56:df:28:87:
                    28:43:bd:c7:62:cb:7a:72:8c:79:33:53:90:b3:80:
                    c6:fa:7c:1c:04:76:45:78:01:2e:f8:b2:3f:86:2f:
                    f3:7d:c6:76:c9:20:93:6e:a9:7d:39:d2:10:91:0a:
                    8a:ee:af:67:d6:2b:59:53:e5:fe:3b:4b:74:bb:12:
                    6f:0e:c3:01:3b:df:e5:54:21:d3:73:40:a6:9c:29:
                    f8:a3:92:42:f5:c1:e9:c6:c2:30:2b:d2:e7:6c:2e:
                    25:a0:02:0a:84:f2:87:13:ca:4a:2e:ef:bb:32:cf:
                    9b:3e:8d:f2:58:78:b6:fb:c9:4e:b9:62:89:01:f2:
                    6a:82:65:e8:97:96:4f:b5:6b:b7:3d:00:8a:67:4b:
                    21:8a:3f:ad:9f:b3:1e:94:97:bd:4b:99:55:36:b4:
                    bd:f4:96:aa:37:59:6c:69:da:ba:09:20:82:1a:52:
                    99:24:99:29:dc:ac:6b:9e:59:3a:f4:46:97:45:3e:
                    8c:7a:e7:d6:e1:5d:9e:9c:21:55:30:88:c8:ea:cd:
                    93:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:53:4E:EA:B9:76:6F:CF:43:1A:45:DE:8C:ED:94:10:B1:8B:83:EE
            X509v3 Authority Key Identifier:
                keyid:7F:F1:B8:1C:FE:6A:BB:11:8E:97:E0:32:5B:66:2E:AF:98:4F:2F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f_G4HP5quxGOl-AyW2Yur5hPL2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/186a18-5d7f-43ed-b06a-cea7eb350537/1/Y1NO6rl2b89DGkXejO2UELGLg-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/186a18-5d7f-43ed-b06a-cea7eb350537/1/f_G4HP5quxGOl-AyW2Yur5hPL2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.111.0/24
                IPv6:
                  2a03:4740::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:f3:96:85:e9:d4:d3:6c:fe:fa:a7:57:17:b3:72:a6:42:dd:
         69:1c:f7:0f:8b:64:d7:e7:f3:51:f4:cd:d8:20:dd:2e:43:7d:
         c9:b9:dd:3a:b6:8f:25:69:27:57:6d:db:cd:e7:8f:35:f7:38:
         df:7e:1b:82:ab:67:9c:44:a0:9d:cb:81:c2:d5:14:55:74:72:
         e2:a6:73:97:d3:4e:ce:91:ed:8c:88:fd:5a:fc:b9:69:96:be:
         c1:a2:5a:6f:c7:9a:35:0d:9c:81:1e:ac:42:12:61:4e:fc:5f:
         f4:8a:67:cb:29:e8:66:f6:93:13:7b:32:3d:71:96:bc:19:7d:
         87:ef:f3:39:e7:c1:da:3e:4d:e4:8f:64:b5:f0:6d:35:b4:4c:
         1a:e0:bc:74:36:f4:09:cd:38:2c:bc:74:95:f7:e3:0e:24:7b:
         fb:74:26:5d:b5:40:a6:d5:20:65:9c:ae:66:0d:60:18:31:ee:
         71:ec:40:df:67:3b:f6:0a:f0:76:aa:90:4d:6b:58:e2:8b:98:
         de:8e:18:e6:82:8a:fc:05:da:14:0f:9d:6b:f1:c8:6c:d6:b0:
         b3:cb:b5:d8:f8:24:0b:4a:25:ca:16:66:90:0b:81:62:87:90:
         2e:86:c8:5e:a6:18:3a:c3:f2:98:18:10:20:36:e8:92:74:a9:
         94:e9:56:31
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtznjJOF75X8nkaDoXk+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmZjFiODFjZmU2YWJiMTE4ZTk3ZTAzMjViNjYyZWFmOTg0
ZjJmNmEwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzUzNGVlYWI5NzY2ZmNmNDMxYTQ1ZGU4Y2VkOTQxMGIxOGI4M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfMygQd2ojciwfLD7eNOziJi82BC
iIUDa6B+III1BhvJizs/hPQaHKBBgOoS7GHhwQm1DHndgVbfKIcoQ73HYst6cox5
M1OQs4DG+nwcBHZFeAEu+LI/hi/zfcZ2ySCTbql9OdIQkQqK7q9n1itZU+X+O0t0
uxJvDsMBO9/lVCHTc0CmnCn4o5JC9cHpxsIwK9LnbC4loAIKhPKHE8pKLu+7Ms+b
Po3yWHi2+8lOuWKJAfJqgmXol5ZPtWu3PQCKZ0shij+tn7MelJe9S5lVNrS99Jaq
N1lsadq6CSCCGlKZJJkp3Kxrnlk69EaXRT6MeufW4V2enCFVMIjI6s2TJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGNTTuq5dm/PQxpF3oztlBCxi4PuMB8GA1UdIwQY
MBaAFH/xuBz+arsRjpfgMltmLq+YTy9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZl9HNEhQNXF1eEdPbC1BeVcyWXVyNWhQTDJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8xODZhMTgtNWQ3Zi00M2VkLWIwNmEt
Y2VhN2ViMzUwNTM3LzEvWTFOTzZybDJiODlER2tYZWpPMlVFTEdMZy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8xODZhMTgtNWQ3Zi00M2VkLWIwNmEtY2VhN2ViMzUwNTM3
LzEvZl9HNEhQNXF1eEdPbC1BeVcyWXVyNWhQTDJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwWlvMA0E
AgACMAcDBQAqA0dAMA0GCSqGSIb3DQEBCwUAA4IBAQAO85aF6dTTbP76p1cXs3Km
Qt1pHPcPi2TX5/NR9M3YIN0uQ33Jud06to8laSdXbdvN54819zjffhuCq2ecRKCd
y4HC1RRVdHLipnOX007Oke2MiP1a/Llplr7Bolpvx5o1DZyBHqxCEmFO/F/0imfL
Kehm9pMTezI9cZa8GX2H7/M558HaPk3kj2S18G01tEwa4Lx0NvQJzTgsvHSV9+MO
JHv7dCZdtUCm1SBlnK5mDWAYMe5x7EDfZzv2CvB2qpBNa1jii5jejhjmgor8BdoU
D51r8chs1rCzy7XY+CQLSiXKFmaQC4Fih5Auhshephg6w/KYGBAgNuiSdKmU6VYx
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:16:22 2024 by rpki-client on console-fra.rpki-client.org