Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/ujuA6z612YZd57E9aXxcEFuZbTo.roa
File:                     ujuA6z612YZd57E9aXxcEFuZbTo.roa (raw, json)
Hash identifier:          biHveCcqT1YhEtGvzYl9tm7tX9ypoPjM59xcmbtyXjI=
Subject key identifier:   BA:3B:80:EB:3E:B5:D9:86:5D:E7:B1:3D:69:7C:5C:10:5B:99:6D:3A
Certificate issuer:       /CN=d0d852703295ecf8b97201f916310f88f4c08ab7
Certificate serial:       018CC26D342031ECC30CD145A58BF1DC6D17
Authority key identifier: D0:D8:52:70:32:95:EC:F8:B9:72:01:F9:16:31:0F:88:F4:C0:8A:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0NhScDKV7Pi5cgH5FjEPiPTAirc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/ujuA6z612YZd57E9aXxcEFuZbTo.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201079
IP address blocks:        185.250.192.0/24 maxlen: 24
                          185.250.192.0/22 maxlen: 22
                          185.250.195.0/24 maxlen: 24
                          185.250.194.0/24 maxlen: 24
                          185.250.193.0/24 maxlen: 24
                          185.85.206.0/24 maxlen: 24
                          185.85.205.0/24 maxlen: 24
                          185.85.204.0/22 maxlen: 22
                          185.85.204.0/24 maxlen: 24
                          185.85.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/0NhScDKV7Pi5cgH5FjEPiPTAirc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/0NhScDKV7Pi5cgH5FjEPiPTAirc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0NhScDKV7Pi5cgH5FjEPiPTAirc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:34:20:31:ec:c3:0c:d1:45:a5:8b:f1:dc:6d:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0d852703295ecf8b97201f916310f88f4c08ab7
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba3b80eb3eb5d9865de7b13d697c5c105b996d3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1a:df:d5:22:4d:81:e4:74:8a:4b:f5:34:e5:
                    7e:ae:4b:4a:c2:54:6c:5e:0c:1b:3b:96:a8:fa:8f:
                    ea:57:40:45:70:0f:66:87:80:af:c4:94:f8:a2:89:
                    7f:ee:ec:12:89:7e:04:70:a3:98:f4:e6:52:1e:7b:
                    c9:89:0e:ed:c3:55:a6:f9:7d:6b:f7:58:ce:d2:c7:
                    9c:48:4d:c7:75:7d:a2:79:d7:ac:bb:69:3d:41:cd:
                    ea:2e:12:e6:0b:4e:09:c5:6c:41:0f:50:85:d9:67:
                    18:87:82:a7:1d:3f:ca:e7:0e:c8:ab:40:c5:05:03:
                    ff:30:c4:56:25:02:19:e3:d1:d0:76:7b:e6:a9:59:
                    27:4d:ff:2a:ac:73:26:75:d0:21:07:c5:9d:cf:51:
                    fe:5b:02:ac:c9:dd:0a:6a:f1:24:2f:a3:b2:e0:2d:
                    d7:1a:14:61:7f:57:56:97:f2:cf:c2:86:26:34:5c:
                    b2:75:d4:65:cd:ed:33:f5:fc:40:ae:d6:96:b8:46:
                    17:8c:66:47:46:0b:e1:30:cf:1e:6c:5e:8a:8e:35:
                    b0:51:6a:08:e1:6b:58:a5:f1:b0:7a:e4:94:3d:ef:
                    00:68:7f:10:26:e4:3a:b2:32:eb:a1:e1:22:80:67:
                    9f:8d:72:25:7e:33:9e:6f:30:61:eb:31:93:dc:f7:
                    16:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:3B:80:EB:3E:B5:D9:86:5D:E7:B1:3D:69:7C:5C:10:5B:99:6D:3A
            X509v3 Authority Key Identifier:
                keyid:D0:D8:52:70:32:95:EC:F8:B9:72:01:F9:16:31:0F:88:F4:C0:8A:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0NhScDKV7Pi5cgH5FjEPiPTAirc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/ujuA6z612YZd57E9aXxcEFuZbTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/eaf974-6efd-4633-b84a-a8aaf886c820/1/0NhScDKV7Pi5cgH5FjEPiPTAirc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.204.0/22
                  185.250.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c4:10:8d:41:14:df:8b:09:67:10:ff:17:ed:3b:dd:49:d7:88:
         18:1f:34:cf:91:ac:dd:8c:fe:f5:ef:06:80:b9:90:bd:f3:c1:
         68:9d:fd:4e:14:5b:62:31:d0:26:4d:c5:cb:e7:a3:04:60:ed:
         67:ab:12:71:84:0f:49:88:54:4d:d6:27:aa:6c:66:5b:f2:cd:
         26:8e:05:a7:65:ea:ef:07:d7:82:83:41:f2:77:15:61:ef:9d:
         21:7a:a8:38:18:0e:bc:93:35:4c:58:0c:5c:c9:ba:46:32:ab:
         70:14:31:04:09:9f:06:ef:54:f3:24:26:a0:1b:24:f2:7e:e4:
         39:1d:9c:c3:01:3f:9e:f4:5e:b1:a0:a0:e3:d0:a4:6e:65:83:
         e9:49:3a:9a:12:3a:e6:60:3e:ee:45:ae:0e:8d:8d:41:db:1f:
         18:ab:36:58:2b:f9:af:ae:e4:c0:68:89:f8:84:e7:07:98:70:
         66:7e:2a:7b:cb:ef:f8:6f:18:23:89:3b:3f:ec:10:8f:af:88:
         4c:57:6a:d8:d2:2c:5d:c4:a5:f0:83:aa:ff:b8:ee:1b:57:80:
         c7:7d:5f:53:de:84:2e:9d:f2:75:45:72:b9:73:92:b2:68:75:
         13:25:6e:85:f3:3c:bc:34:e5:2f:a1:a4:d8:b2:ce:4f:20:00:
         1b:03:8f:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbTQgMezDDNFFpYvx3G0XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZDg1MjcwMzI5NWVjZjhiOTcyMDFmOTE2MzEwZjg4ZjRj
MDhhYjcwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTNiODBlYjNlYjVkOTg2NWRlN2IxM2Q2OTdjNWMxMDViOTk2ZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRrf1SJNgeR0ikv1NOV+rktKwlRs
XgwbO5ao+o/qV0BFcA9mh4CvxJT4ool/7uwSiX4EcKOY9OZSHnvJiQ7tw1Wm+X1r
91jO0secSE3HdX2iedesu2k9Qc3qLhLmC04JxWxBD1CF2WcYh4KnHT/K5w7Iq0DF
BQP/MMRWJQIZ49HQdnvmqVknTf8qrHMmddAhB8Wdz1H+WwKsyd0KavEkL6Oy4C3X
GhRhf1dWl/LPwoYmNFyyddRlze0z9fxArtaWuEYXjGZHRgvhMM8ebF6KjjWwUWoI
4WtYpfGweuSUPe8AaH8QJuQ6sjLroeEigGefjXIlfjOebzBh6zGT3PcWnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLo7gOs+tdmGXeexPWl8XBBbmW06MB8GA1UdIwQY
MBaAFNDYUnAylez4uXIB+RYxD4j0wIq3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME5oU2NES1Y3UGk1Y2dINUZqRVBpUFRBaXJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9lYWY5NzQtNmVmZC00NjMzLWI4NGEt
YThhYWY4ODZjODIwLzEvdWp1QTZ6NjEyWVpkNTdFOWFYeGNFRnVaYlRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9lYWY5NzQtNmVmZC00NjMzLWI4NGEtYThhYWY4ODZjODIw
LzEvME5oU2NES1Y3UGk1Y2dINUZqRVBpUFRBaXJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuVXMAwQC
ufrAMA0GCSqGSIb3DQEBCwUAA4IBAQDEEI1BFN+LCWcQ/xftO91J14gYHzTPkazd
jP717waAuZC988Fonf1OFFtiMdAmTcXL56MEYO1nqxJxhA9JiFRN1ieqbGZb8s0m
jgWnZervB9eCg0HydxVh750heqg4GA68kzVMWAxcybpGMqtwFDEECZ8G71TzJCag
GyTyfuQ5HZzDAT+e9F6xoKDj0KRuZYPpSTqaEjrmYD7uRa4OjY1B2x8YqzZYK/mv
ruTAaIn4hOcHmHBmfip7y+/4bxgjiTs/7BCPr4hMV2rY0ixdxKXwg6r/uO4bV4DH
fV9T3oQunfJ1RXK5c5KyaHUTJW6F8zy8NOUvoaTYss5PIAAbA49O
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:12:06 2024 by rpki-client on console-fra.rpki-client.org