Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/oGf46cYsKwR0TwWfVZ74Y-LZ5uE.roa
File:                     oGf46cYsKwR0TwWfVZ74Y-LZ5uE.roa (raw, json)
Hash identifier:          /reH46sjvBwfeHUJ1aF9ZtUgfb3pZNjc+9tgAFh2yMU=
Subject key identifier:   A0:67:F8:E9:C6:2C:2B:04:74:4F:05:9F:55:9E:F8:63:E2:D9:E6:E1
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       018EA3C3D92F8150FD0EED613683F2076A17
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/oGf46cYsKwR0TwWfVZ74Y-LZ5uE.roa
Signing time:             Wed 03 Apr 2024 11:41:45 +0000
ROA not before:           Wed 03 Apr 2024 11:41:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202302
IP address blocks:        185.143.145.0/24 maxlen: 24
                          185.235.218.0/24 maxlen: 24
                          185.235.219.0/24 maxlen: 24
                          185.253.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:21:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:c3:d9:2f:81:50:fd:0e:ed:61:36:83:f2:07:6a:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Apr  3 11:41:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a067f8e9c62c2b04744f059f559ef863e2d9e6e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e5:aa:d8:c1:85:48:f8:2a:73:41:e9:bd:70:
                    66:75:ec:81:31:65:25:15:e1:15:54:81:a9:af:a7:
                    56:0a:46:d1:2c:91:61:53:89:52:84:b8:75:dd:4a:
                    e7:0e:9d:53:b0:a3:33:b5:a5:f5:6b:ee:f6:2e:2e:
                    84:12:97:ae:b3:32:fd:91:14:ad:d0:b0:40:bd:0c:
                    b2:e8:d0:30:f8:d4:7d:86:5d:de:cc:4a:6e:b4:48:
                    c3:d8:52:4d:a6:8a:6c:d9:6c:dd:06:dd:48:ed:d2:
                    00:78:8d:fe:94:ce:f4:42:5e:4b:31:b1:c2:ef:eb:
                    ed:5f:b3:a4:47:a0:c5:26:5b:22:f6:ab:56:bb:be:
                    9a:08:55:8d:77:53:ee:ad:90:12:cc:06:13:25:bc:
                    8b:9c:4c:ad:fa:0b:8f:72:a8:a0:e1:d1:99:8e:6a:
                    bc:43:ef:76:ad:5f:ec:6a:eb:4e:98:07:25:85:b2:
                    08:2b:97:94:58:f2:64:8f:81:65:9b:10:2c:48:2c:
                    4b:cf:d2:2c:53:2e:1a:ac:28:59:a1:6b:ed:1f:d9:
                    39:8b:f1:2f:36:e2:d8:27:9e:7f:8a:02:46:40:01:
                    66:34:dd:9a:cc:65:ac:88:4f:7b:41:b5:9c:d7:8f:
                    01:1e:e7:12:10:38:3f:9d:9c:50:c0:2a:6b:42:d5:
                    0e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:67:F8:E9:C6:2C:2B:04:74:4F:05:9F:55:9E:F8:63:E2:D9:E6:E1
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/oGf46cYsKwR0TwWfVZ74Y-LZ5uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.145.0/24
                  185.235.218.0/23
                  185.253.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:87:39:5d:c9:5f:9a:e7:17:46:0d:4f:91:76:8d:96:a6:30:
         f0:9a:b0:8f:66:68:76:55:e0:95:5c:0c:f6:3b:30:9a:64:49:
         15:34:fa:83:2a:55:b5:d9:df:fc:9d:ce:12:12:36:3e:ad:45:
         0b:89:6d:bd:bf:e3:ad:9e:24:c2:04:a2:71:5c:92:d2:ed:d1:
         c1:4a:b6:b7:42:59:7a:71:b6:d7:12:5b:05:9c:02:a2:ca:37:
         f6:2a:7c:8f:4b:d7:bc:b8:2b:3a:99:94:8f:a5:77:e1:90:22:
         60:5c:71:cf:40:84:81:51:4b:c3:d6:2d:db:0c:79:c7:2f:04:
         e4:0d:41:0c:6d:3e:11:1b:4b:08:a7:c5:b4:89:8e:1f:af:b8:
         66:bd:d2:01:53:22:e4:87:77:79:7f:76:43:25:2e:c9:82:cc:
         db:eb:cc:31:17:48:79:bf:b2:2b:99:20:c9:66:fe:78:83:52:
         24:c6:6c:06:a6:1f:7d:32:27:59:5d:33:6a:ea:b7:26:5e:ad:
         8c:dc:ad:18:a3:a5:c2:3c:fb:fb:eb:0a:e8:6a:0d:e0:6d:5d:
         a6:9d:ae:b8:93:da:ee:fc:26:78:6f:da:06:ca:b6:ab:5b:62:
         a8:9f:69:f2:81:c6:c5:56:a2:78:6e:da:37:b6:eb:5f:19:f3:
         dc:fd:f3:f8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6jw9kvgVD9Du1hNoPyB2oXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjQwNDAzMTE0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDY3ZjhlOWM2MmMyYjA0NzQ0ZjA1OWY1NTllZjg2M2UyZDllNmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeWq2MGFSPgqc0HpvXBmdeyBMWUl
FeEVVIGpr6dWCkbRLJFhU4lShLh13UrnDp1TsKMztaX1a+72Li6EEpeuszL9kRSt
0LBAvQyy6NAw+NR9hl3ezEputEjD2FJNpops2WzdBt1I7dIAeI3+lM70Ql5LMbHC
7+vtX7OkR6DFJlsi9qtWu76aCFWNd1PurZASzAYTJbyLnEyt+guPcqig4dGZjmq8
Q+92rV/sautOmAclhbIIK5eUWPJkj4FlmxAsSCxLz9IsUy4arChZoWvtH9k5i/Ev
NuLYJ55/igJGQAFmNN2azGWsiE97QbWc148BHucSEDg/nZxQwCprQtUO2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKBn+OnGLCsEdE8Fn1We+GPi2ebhMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvb0dmNDZjWXNLd1IwVHdXZlZaNzRZLUxaNXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuY+RAwQB
uevaAwQAuf3aMA0GCSqGSIb3DQEBCwUAA4IBAQCChzldyV+a5xdGDU+Rdo2WpjDw
mrCPZmh2VeCVXAz2OzCaZEkVNPqDKlW12d/8nc4SEjY+rUULiW29v+OtniTCBKJx
XJLS7dHBSra3Qll6cbbXElsFnAKiyjf2KnyPS9e8uCs6mZSPpXfhkCJgXHHPQISB
UUvD1i3bDHnHLwTkDUEMbT4RG0sIp8W0iY4fr7hmvdIBUyLkh3d5f3ZDJS7Jgszb
68wxF0h5v7IrmSDJZv54g1IkxmwGph99MidZXTNq6rcmXq2M3K0Yo6XCPPv76wro
ag3gbV2mna64k9ru/CZ4b9oGyrarW2Kon2nygcbFVqJ4bto3tutfGfPc/fP4
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:30:20 2024 by rpki-client on console-fra.rpki-client.org