Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a95c14-2010-43f6-abc8-cba79af5006a/1/S30qDI0BncgdmTFVvU256kj21m4.roa
File:                     S30qDI0BncgdmTFVvU256kj21m4.roa (raw, json)
Hash identifier:          kROEOSwoQ6JBFglYHB9oyGiXvGKUCdSBNc+s5BnZH+w=
Subject key identifier:   4B:7D:2A:0C:8D:01:9D:C8:1D:99:31:55:BD:4D:B9:EA:48:F6:D6:6E
Certificate issuer:       /CN=e73933c08af9c02dbb0d3e97f1f90933f5356fc1
Certificate serial:       018CCA9A1C0822C3430D08BB3F508D1809CD
Authority key identifier: E7:39:33:C0:8A:F9:C0:2D:BB:0D:3E:97:F1:F9:09:33:F5:35:6F:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5zkzwIr5wC27DT6X8fkJM_U1b8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a95c14-2010-43f6-abc8-cba79af5006a/1/S30qDI0BncgdmTFVvU256kj21m4.roa
Signing time:             Tue 02 Jan 2024 14:35:46 +0000
ROA not before:           Tue 02 Jan 2024 14:35:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41424
IP address blocks:        193.41.33.0/24 maxlen: 24
                          89.207.240.0/24 maxlen: 24
                          89.207.241.0/24 maxlen: 24
                          89.207.244.0/24 maxlen: 24
                          89.207.240.0/21 maxlen: 21
                          89.207.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a95c14-2010-43f6-abc8-cba79af5006a/1/5zkzwIr5wC27DT6X8fkJM_U1b8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a95c14-2010-43f6-abc8-cba79af5006a/1/5zkzwIr5wC27DT6X8fkJM_U1b8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5zkzwIr5wC27DT6X8fkJM_U1b8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:1c:08:22:c3:43:0d:08:bb:3f:50:8d:18:09:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e73933c08af9c02dbb0d3e97f1f90933f5356fc1
        Validity
            Not Before: Jan  2 14:35:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b7d2a0c8d019dc81d993155bd4db9ea48f6d66e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:17:f8:78:7a:9e:0c:bd:57:4b:88:22:39:0f:
                    ae:1a:6b:d4:03:3a:88:d7:a2:58:f9:65:22:79:9f:
                    52:a9:89:c0:6d:d7:55:62:bf:47:08:be:d0:31:af:
                    bb:0f:66:96:f8:88:43:48:ee:5c:8e:f3:c7:12:b7:
                    0b:12:32:9c:41:e8:9e:27:ee:ba:be:09:a7:a6:a7:
                    92:d3:00:43:4f:9d:f1:07:7f:d2:81:b7:8f:c8:c7:
                    d4:b4:ec:30:d4:53:de:7e:61:c1:b0:0e:4a:c7:82:
                    71:7f:f7:9d:8a:73:48:5c:3a:fc:d6:8b:82:1c:ab:
                    ae:ab:42:19:e2:6b:6c:a6:ed:b0:58:64:96:41:e1:
                    bc:36:dc:69:64:f4:51:36:a4:32:d1:4d:b4:e6:66:
                    cf:40:7a:61:11:99:4d:b4:a3:2f:5b:42:86:42:36:
                    06:5a:43:7c:6f:40:97:11:9d:33:5b:16:a6:ca:ff:
                    19:cb:3c:d5:45:a7:a1:80:eb:9c:94:77:0e:5e:2f:
                    76:9a:e6:2b:69:33:f3:27:a3:21:bd:92:de:a0:05:
                    67:f5:cb:8f:81:50:f7:11:cb:a1:24:ba:0a:ad:04:
                    93:17:12:16:e7:aa:1f:ce:7f:7b:0c:a3:94:4e:d8:
                    fe:08:d0:79:9a:fd:27:fe:e1:4b:c6:47:79:04:f0:
                    58:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7D:2A:0C:8D:01:9D:C8:1D:99:31:55:BD:4D:B9:EA:48:F6:D6:6E
            X509v3 Authority Key Identifier:
                keyid:E7:39:33:C0:8A:F9:C0:2D:BB:0D:3E:97:F1:F9:09:33:F5:35:6F:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5zkzwIr5wC27DT6X8fkJM_U1b8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a95c14-2010-43f6-abc8-cba79af5006a/1/S30qDI0BncgdmTFVvU256kj21m4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a95c14-2010-43f6-abc8-cba79af5006a/1/5zkzwIr5wC27DT6X8fkJM_U1b8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.240.0/21
                  193.41.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:ff:7f:e2:45:bd:3d:cb:dc:a5:8d:1e:49:b0:28:10:63:9f:
         cd:f6:4d:5f:72:d7:96:c1:48:dd:ac:6a:22:67:cd:1a:6f:d2:
         63:b6:ef:fa:44:83:60:ac:af:85:26:d7:61:48:c8:e9:67:69:
         81:d3:3e:e1:3b:96:01:13:dd:6b:e1:0a:fd:f7:1b:c0:e9:cc:
         4e:13:6e:b0:9b:87:38:f2:7d:55:b9:70:0e:e1:79:05:37:78:
         d5:47:05:c7:3f:4b:89:c2:6e:30:91:46:ae:e8:02:5f:8e:ad:
         38:54:c0:6d:13:5d:fa:d9:91:a8:bb:5d:af:66:7c:a4:3a:0b:
         1d:03:7c:d9:53:59:41:5d:36:a9:40:96:e3:40:a6:41:ce:9d:
         76:66:d1:93:fa:17:0c:5a:6c:c2:cf:75:08:5e:92:d4:fc:2d:
         8a:ea:0d:40:4d:78:b6:0c:ab:94:a0:be:67:d8:31:7f:00:59:
         1f:59:23:f9:51:ea:47:1c:eb:e5:3e:a0:52:14:4c:21:58:11:
         08:3b:1e:db:da:ca:3a:9e:78:c9:72:15:f1:8d:68:cf:ba:9d:
         0b:c6:4c:2c:a2:87:fd:35:8f:ac:37:cc:55:62:33:a5:e9:1a:
         a5:16:91:3d:4b:c6:e6:05:42:77:2d:46:bc:26:5d:8a:3e:dd:
         8f:10:74:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmhwIIsNDDQi7P1CNGAnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MzkzM2MwOGFmOWMwMmRiYjBkM2U5N2YxZjkwOTMzZjUz
NTZmYzEwHhcNMjQwMTAyMTQzNTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjdkMmEwYzhkMDE5ZGM4MWQ5OTMxNTViZDRkYjllYTQ4ZjZkNjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhf4eHqeDL1XS4giOQ+uGmvUAzqI
16JY+WUieZ9SqYnAbddVYr9HCL7QMa+7D2aW+IhDSO5cjvPHErcLEjKcQeieJ+66
vgmnpqeS0wBDT53xB3/SgbePyMfUtOww1FPefmHBsA5Kx4Jxf/edinNIXDr81ouC
HKuuq0IZ4mtspu2wWGSWQeG8NtxpZPRRNqQy0U205mbPQHphEZlNtKMvW0KGQjYG
WkN8b0CXEZ0zWxamyv8ZyzzVRaehgOuclHcOXi92muYraTPzJ6MhvZLeoAVn9cuP
gVD3EcuhJLoKrQSTFxIW56ofzn97DKOUTtj+CNB5mv0n/uFLxkd5BPBYOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEt9KgyNAZ3IHZkxVb1NuepI9tZuMB8GA1UdIwQY
MBaAFOc5M8CK+cAtuw0+l/H5CTP1NW/BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXprendJcjV3QzI3RFQ2WDhma0pNX1UxYjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hOTVjMTQtMjAxMC00M2Y2LWFiYzgt
Y2JhNzlhZjUwMDZhLzEvUzMwcURJMEJuY2dkbVRGVnZVMjU2a2oyMW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hOTVjMTQtMjAxMC00M2Y2LWFiYzgtY2JhNzlhZjUwMDZh
LzEvNXprendJcjV3QzI3RFQ2WDhma0pNX1UxYjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDWc/wAwQA
wSkhMA0GCSqGSIb3DQEBCwUAA4IBAQBO/3/iRb09y9yljR5JsCgQY5/N9k1fcteW
wUjdrGoiZ80ab9Jjtu/6RINgrK+FJtdhSMjpZ2mB0z7hO5YBE91r4Qr99xvA6cxO
E26wm4c48n1VuXAO4XkFN3jVRwXHP0uJwm4wkUau6AJfjq04VMBtE1362ZGou12v
ZnykOgsdA3zZU1lBXTapQJbjQKZBzp12ZtGT+hcMWmzCz3UIXpLU/C2K6g1ATXi2
DKuUoL5n2DF/AFkfWSP5UepHHOvlPqBSFEwhWBEIOx7b2so6nnjJchXxjWjPup0L
xkwsoof9NY+sN8xVYjOl6RqlFpE9S8bmBUJ3LUa8Jl2KPt2PEHQO
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:01:02 2024 by rpki-client on console-fra.rpki-client.org