Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/SpQlHYiYdqpQsCpwOfLDR7arRow.roa
File:                     SpQlHYiYdqpQsCpwOfLDR7arRow.roa (raw, json)
Hash identifier:          XA6SlITSzm5TOdDvAKKHWHnyrckzBgRooDt8TEE7D4s=
Subject key identifier:   4A:94:25:1D:88:98:76:AA:50:B0:2A:70:39:F2:C3:47:B6:AB:46:8C
Certificate issuer:       /CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
Certificate serial:       018CC94E35E7F8C6AC967B636E0DB97AF37B
Authority key identifier: 50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/SpQlHYiYdqpQsCpwOfLDR7arRow.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36892
IP address blocks:        81.199.14.0/24 maxlen: 24
                          62.56.138.0/24 maxlen: 24
                          81.199.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:35:e7:f8:c6:ac:96:7b:63:6e:0d:b9:7a:f3:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a94251d889876aa50b02a7039f2c347b6ab468c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:dc:ca:df:e6:c7:75:0c:d9:6e:3c:cd:ad:3a:
                    a0:5e:fb:8c:79:ac:77:2f:fa:50:f9:c5:22:1f:c1:
                    d1:7b:8c:10:f4:44:1d:07:01:00:7f:25:79:3d:be:
                    ca:d1:a5:31:eb:75:95:f4:14:85:7d:a5:f7:f9:69:
                    af:40:fe:16:f4:14:53:11:6f:2b:d8:ad:9d:f0:78:
                    93:f1:84:f9:22:5c:5f:fe:e9:dd:eb:8d:21:c4:3b:
                    d1:5d:16:59:b1:bd:49:75:2c:83:23:de:e7:2a:4a:
                    24:66:c4:fb:c4:11:38:4e:88:42:13:de:34:c8:11:
                    37:63:fe:6b:2d:74:7a:3f:66:50:9b:b7:c2:01:28:
                    8b:14:23:1a:ac:0e:46:16:88:bc:d6:de:d4:21:7f:
                    18:ab:b6:f3:86:62:d0:e6:6b:21:c8:3d:23:80:02:
                    cc:bd:c0:f7:10:2f:cc:aa:23:07:9f:8c:d3:bf:e7:
                    04:d4:bd:bc:1a:04:5d:77:fd:0d:18:32:d9:9b:f3:
                    65:3b:12:fc:63:28:f6:b1:2d:35:fe:65:a8:04:63:
                    88:68:52:59:48:25:30:4a:28:67:80:df:bf:b4:ba:
                    dd:d6:c4:16:05:6f:3d:aa:e9:aa:10:2a:a1:aa:3d:
                    8f:cf:f7:f6:1e:ad:24:85:31:4d:45:b1:53:c5:98:
                    1e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:94:25:1D:88:98:76:AA:50:B0:2A:70:39:F2:C3:47:B6:AB:46:8C
            X509v3 Authority Key Identifier:
                keyid:50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/SpQlHYiYdqpQsCpwOfLDR7arRow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.56.138.0/24
                  81.199.14.0/24
                  81.199.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:b3:7d:a7:fc:d3:bd:fb:cf:e2:1e:27:9f:f7:d1:af:2f:bd:
         ea:34:0f:bc:7f:76:e0:8b:c7:da:19:d0:f6:44:2f:77:49:71:
         d8:8a:b3:fd:e7:bb:a5:65:5f:58:87:aa:e3:b8:83:84:9f:8a:
         2e:13:a9:fc:2e:ec:db:63:a2:89:1e:c9:f3:8c:7c:fd:b7:7b:
         25:37:12:8b:21:85:55:74:70:4d:76:43:e9:20:cc:b1:4c:14:
         ff:f7:b8:f4:9d:23:0c:9e:8f:49:f5:96:bf:39:f1:80:69:d3:
         4d:3f:09:8e:0b:79:3d:08:3d:42:54:43:17:6b:26:ab:9f:1e:
         9f:9c:41:ee:b1:42:c0:0d:8b:0b:d3:88:ce:57:78:18:e6:9e:
         72:71:e4:25:67:d3:93:24:91:3b:cb:1d:e9:bf:01:13:b3:c8:
         2e:56:1a:59:42:7f:03:65:b7:16:6a:06:d5:84:98:47:a8:f1:
         95:60:e4:ce:27:f5:82:a6:c6:0e:23:5f:b9:b0:d5:9d:e9:fb:
         39:8d:c7:de:9b:67:62:42:03:2c:14:af:9f:90:88:00:4c:16:
         11:9e:31:52:b7:32:52:d3:1f:e0:54:d9:c8:a5:81:c9:a8:2a:
         bb:5a:f7:b2:91:15:0f:86:76:2c:bf:39:06:9a:bf:d8:98:cf:
         0a:fa:19:41
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTjXn+Maslntjbg25evN7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTgyYmVlOWFhMDEwYzFmZmQyZDgwNGY2YWE3YjE0YmRk
YjkxZjcwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTk0MjUxZDg4OTg3NmFhNTBiMDJhNzAzOWYyYzM0N2I2YWI0NjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNzK3+bHdQzZbjzNrTqgXvuMeax3
L/pQ+cUiH8HRe4wQ9EQdBwEAfyV5Pb7K0aUx63WV9BSFfaX3+WmvQP4W9BRTEW8r
2K2d8HiT8YT5Ilxf/und640hxDvRXRZZsb1JdSyDI97nKkokZsT7xBE4TohCE940
yBE3Y/5rLXR6P2ZQm7fCASiLFCMarA5GFoi81t7UIX8Yq7bzhmLQ5mshyD0jgALM
vcD3EC/MqiMHn4zTv+cE1L28GgRdd/0NGDLZm/NlOxL8Yyj2sS01/mWoBGOIaFJZ
SCUwSihngN+/tLrd1sQWBW89qumqECqhqj2Pz/f2Hq0khTFNRbFTxZgekQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEqUJR2ImHaqULAqcDnyw0e2q0aMMB8GA1UdIwQY
MBaAFFAYK+6aoBDB/9LYBPaqexS925H3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0Zjkt
MTlkMWJiNjFkOWE3LzEvU3BRbEhZaVlkcXBRc0Nwd09mTERSN2FyUm93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0ZjktMTlkMWJiNjFkOWE3
LzEvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPjiKAwQA
UccOAwQAUcdZMA0GCSqGSIb3DQEBCwUAA4IBAQCVs32n/NO9+8/iHief99GvL73q
NA+8f3bgi8faGdD2RC93SXHYirP957ulZV9Yh6rjuIOEn4ouE6n8LuzbY6KJHsnz
jHz9t3slNxKLIYVVdHBNdkPpIMyxTBT/97j0nSMMno9J9Za/OfGAadNNPwmOC3k9
CD1CVEMXayarnx6fnEHusULADYsL04jOV3gY5p5yceQlZ9OTJJE7yx3pvwETs8gu
VhpZQn8DZbcWagbVhJhHqPGVYOTOJ/WCpsYOI1+5sNWd6fs5jcfem2diQgMsFK+f
kIgATBYRnjFStzJS0x/gVNnIpYHJqCq7WveykRUPhnYsvzkGmr/YmM8K+hlB
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:16:06 2024 by rpki-client on console-fra.rpki-client.org