Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/FjrlhT1M167FHSdwm_rwiutafjk.roa
File:                     FjrlhT1M167FHSdwm_rwiutafjk.roa (raw, json)
Hash identifier:          p4Vv2oS3XKbd0+RJHbs36RdBkIjCU/k2xLvydzWBC5g=
Subject key identifier:   16:3A:E5:85:3D:4C:D7:AE:C5:1D:27:70:9B:FA:F0:8A:EB:5A:7E:39
Certificate issuer:       /CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
Certificate serial:       018CC34891526F69E9499A81D22DF71729CA
Authority key identifier: 89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/FjrlhT1M167FHSdwm_rwiutafjk.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49001
IP address blocks:        185.194.220.0/22 maxlen: 22
                          95.131.33.0/24 maxlen: 24
                          95.131.37.0/24 maxlen: 24
                          95.131.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:91:52:6f:69:e9:49:9a:81:d2:2d:f7:17:29:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=163ae5853d4cd7aec51d27709bfaf08aeb5a7e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f2:bf:2c:c1:05:6b:85:e7:44:dd:be:e4:b6:
                    1c:05:20:3b:77:47:ab:30:d2:01:f2:de:20:3c:73:
                    0d:28:af:a7:ab:b7:e8:78:df:72:30:e1:31:ed:90:
                    93:d9:35:81:d4:4a:d1:5a:25:27:3e:77:9c:42:20:
                    8c:e8:f9:0e:c3:4a:78:0e:4e:a1:70:98:b5:17:38:
                    04:c7:42:58:84:d4:d6:a8:eb:35:be:6c:37:3b:75:
                    06:93:e7:f4:d4:af:1b:f0:17:36:f9:26:97:d9:e3:
                    2a:63:4f:6b:7f:f4:31:55:4c:e4:d5:6b:c5:ae:fb:
                    68:69:ae:51:ec:dd:1c:36:c4:18:09:21:3e:ce:9d:
                    b9:75:1e:d5:eb:78:10:17:52:80:93:70:17:79:7b:
                    5f:f1:b2:87:27:f5:93:87:9b:b2:3f:4d:59:3f:97:
                    81:1d:14:e4:b5:83:e6:68:30:eb:60:bb:b8:af:e2:
                    94:d8:59:3a:f4:bf:56:e1:a5:d9:bc:23:1b:c4:b8:
                    a2:db:52:86:01:22:1b:27:7f:98:cb:1a:46:57:d7:
                    df:eb:94:cf:31:f3:e3:6b:3c:a3:be:8b:f2:02:af:
                    52:24:8e:b2:2a:ee:d9:b2:9e:c5:f5:4c:38:44:43:
                    3f:a3:0f:43:98:e6:e4:39:a7:e0:ce:9b:74:6d:6d:
                    9a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:3A:E5:85:3D:4C:D7:AE:C5:1D:27:70:9B:FA:F0:8A:EB:5A:7E:39
            X509v3 Authority Key Identifier:
                keyid:89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/FjrlhT1M167FHSdwm_rwiutafjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.33.0/24
                  95.131.35.0/24
                  95.131.37.0/24
                  185.194.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:36:b1:9c:a6:a4:6c:3a:22:f9:bc:5b:e5:26:d1:64:99:39:
         27:7d:cf:f8:31:a3:49:89:97:50:51:52:2b:8f:e4:a0:d9:2b:
         e8:74:63:16:ba:d6:95:ab:a5:4d:16:87:e4:6b:72:94:ef:53:
         02:11:0c:8d:04:27:3c:1f:0b:f7:ba:50:f0:78:52:74:2e:bf:
         64:a5:61:39:37:a0:48:91:3c:fd:cf:58:b3:a0:34:8b:83:a8:
         3b:43:3a:29:89:4a:84:cd:49:da:71:db:53:09:03:0e:82:f1:
         bd:41:e7:7a:0d:0c:f3:5d:35:37:20:15:c5:bd:75:e8:06:da:
         93:24:9f:f5:ca:35:23:22:8f:ad:3b:ae:2b:36:13:ee:87:95:
         76:30:31:fb:23:52:67:0e:a1:de:69:a1:8d:6b:60:63:cc:90:
         06:b5:78:a1:b1:bf:7f:38:fa:d3:35:da:be:48:47:62:8c:35:
         f1:ce:ab:7f:5d:b1:d8:51:68:f6:7e:01:39:fd:26:7c:89:15:
         fd:9d:5c:c8:82:a5:13:5e:3c:ee:eb:af:0c:e4:33:8b:20:6d:
         8c:f2:2c:4a:6e:a2:fd:c0:f9:19:24:fd:a3:19:52:e2:67:b8:
         ba:1e:52:01:c7:a7:23:d6:33:89:24:92:51:86:37:88:61:78:
         74:48:70:1b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzDSJFSb2npSZqB0i33FynKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YTZjZDlmNGJlYjdiMGMwNGQzMWZmZTVjNjc0YTg3YTc3
MzlkMjEwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjNhZTU4NTNkNGNkN2FlYzUxZDI3NzA5YmZhZjA4YWViNWE3ZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvK/LMEFa4XnRN2+5LYcBSA7d0er
MNIB8t4gPHMNKK+nq7foeN9yMOEx7ZCT2TWB1ErRWiUnPnecQiCM6PkOw0p4Dk6h
cJi1FzgEx0JYhNTWqOs1vmw3O3UGk+f01K8b8Bc2+SaX2eMqY09rf/QxVUzk1WvF
rvtoaa5R7N0cNsQYCSE+zp25dR7V63gQF1KAk3AXeXtf8bKHJ/WTh5uyP01ZP5eB
HRTktYPmaDDrYLu4r+KU2Fk69L9W4aXZvCMbxLii21KGASIbJ3+YyxpGV9ff65TP
MfPjazyjvovyAq9SJI6yKu7Zsp7F9Uw4REM/ow9DmObkOafgzpt0bW2aGwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBY65YU9TNeuxR0ncJv68IrrWn45MB8GA1UdIwQY
MBaAFImmzZ9L63sMBNMf/lxnSoenc50hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYt
MWY5MjQ0OTVmY2RkLzEvRmpybGhUMU0xNjdGSFNkd21fcndpdXRhZmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYtMWY5MjQ0OTVmY2Rk
LzEvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAX4MhAwQA
X4MjAwQAX4MlAwQCucLcMA0GCSqGSIb3DQEBCwUAA4IBAQAWNrGcpqRsOiL5vFvl
JtFkmTknfc/4MaNJiZdQUVIrj+Sg2SvodGMWutaVq6VNFofka3KU71MCEQyNBCc8
Hwv3ulDweFJ0Lr9kpWE5N6BIkTz9z1izoDSLg6g7QzopiUqEzUnacdtTCQMOgvG9
Qed6DQzzXTU3IBXFvXXoBtqTJJ/1yjUjIo+tO64rNhPuh5V2MDH7I1JnDqHeaaGN
a2BjzJAGtXihsb9/OPrTNdq+SEdijDXxzqt/XbHYUWj2fgE5/SZ8iRX9nVzIgqUT
Xjzu668M5DOLIG2M8ixKbqL9wPkZJP2jGVLiZ7i6HlIBx6cj1jOJJJJRhjeIYXh0
SHAb
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:45:12 2024 by rpki-client on console-fra.rpki-client.org