Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/sZFsEWLHagoCycXlcSDsttQrtXU.roa
File:                     sZFsEWLHagoCycXlcSDsttQrtXU.roa (raw, json)
Hash identifier:          RI7hxmbp4Q7XicGGyx2NIXmPXmMa1gPE1nmBQStJMdo=
Subject key identifier:   B1:91:6C:11:62:C7:6A:0A:02:C9:C5:E5:71:20:EC:B6:D4:2B:B5:75
Certificate issuer:       /CN=8e8b1071131763aadab1f294e37cd50adac0939c
Certificate serial:       018CC802637836997E88773795B81E7EF0D3
Authority key identifier: 8E:8B:10:71:13:17:63:AA:DA:B1:F2:94:E3:7C:D5:0A:DA:C0:93:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/josQcRMXY6rasfKU43zVCtrAk5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/sZFsEWLHagoCycXlcSDsttQrtXU.roa
Signing time:             Tue 02 Jan 2024 02:30:48 +0000
ROA not before:           Tue 02 Jan 2024 02:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13335
IP address blocks:        185.55.132.0/24 maxlen: 24
                          185.55.135.0/24 maxlen: 24
                          185.55.134.0/24 maxlen: 24
                          185.55.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/josQcRMXY6rasfKU43zVCtrAk5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/josQcRMXY6rasfKU43zVCtrAk5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/josQcRMXY6rasfKU43zVCtrAk5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:63:78:36:99:7e:88:77:37:95:b8:1e:7e:f0:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e8b1071131763aadab1f294e37cd50adac0939c
        Validity
            Not Before: Jan  2 02:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1916c1162c76a0a02c9c5e57120ecb6d42bb575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2c:54:9e:37:a8:1b:63:f2:9b:6e:7f:79:bc:
                    f3:ad:5b:08:ea:5d:cc:db:20:b7:20:97:e0:f4:e0:
                    c8:dc:55:30:c9:d0:c8:79:f1:a1:1f:e0:57:6b:0f:
                    26:f8:0e:19:51:9b:8d:fd:9e:1e:2a:ac:c4:7f:09:
                    e2:47:86:6f:2b:2f:0d:38:6e:dc:59:b0:88:d8:c0:
                    2c:b4:8f:ba:37:6d:4d:20:61:47:9d:19:dc:0b:8b:
                    61:4f:64:c7:f5:b2:9d:f8:fd:d3:66:bd:c1:22:95:
                    73:fe:e6:fa:f5:23:5c:50:d3:0e:3d:d6:74:e3:d6:
                    5b:14:bb:70:07:50:db:3c:8c:2d:27:bf:9d:e5:f0:
                    ac:1b:57:3d:d7:90:76:ba:74:0e:9a:97:fe:10:ce:
                    dd:49:9a:23:81:28:12:1b:60:be:29:c2:fd:08:98:
                    1a:b6:f1:6c:9a:56:30:c1:41:fd:9c:7b:74:90:17:
                    2d:e7:1d:43:91:22:d1:e2:8d:ac:c3:0c:64:c9:ab:
                    50:de:3b:67:d0:73:15:9e:40:26:00:ea:0b:90:29:
                    3c:0b:c7:d2:f8:04:f8:93:e3:15:ec:c3:26:b7:32:
                    52:15:aa:70:53:c8:f4:a1:37:7d:4a:4a:c4:84:18:
                    63:8c:bf:3a:94:a7:55:18:63:44:e2:4d:62:e4:d1:
                    d5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:91:6C:11:62:C7:6A:0A:02:C9:C5:E5:71:20:EC:B6:D4:2B:B5:75
            X509v3 Authority Key Identifier:
                keyid:8E:8B:10:71:13:17:63:AA:DA:B1:F2:94:E3:7C:D5:0A:DA:C0:93:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/josQcRMXY6rasfKU43zVCtrAk5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/sZFsEWLHagoCycXlcSDsttQrtXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/33339f-6d98-4b5f-ab60-1c94cb7dfeb3/1/josQcRMXY6rasfKU43zVCtrAk5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:05:5c:48:b9:51:48:d5:83:44:cd:49:c0:8a:4c:8b:00:a9:
         ca:31:f7:8b:7c:14:2b:87:51:93:0a:00:c8:28:de:68:3b:aa:
         b2:14:44:77:f2:c6:82:99:7c:05:fb:7c:06:15:37:f9:43:e6:
         b5:26:13:3d:73:56:ff:45:a5:e8:de:a8:d4:45:5b:bd:e6:3e:
         66:3e:ae:33:a2:a9:3c:5b:d8:99:67:18:76:ad:12:27:aa:dc:
         0f:02:19:ed:20:88:b4:be:45:ea:22:2c:b6:ae:d1:e8:43:34:
         c8:c2:4a:59:e8:b6:60:c6:04:29:c4:c7:cc:7f:5a:63:be:60:
         8d:18:17:0c:82:cc:39:22:f0:d5:c9:c2:a2:1b:5c:81:04:74:
         e6:d7:b6:8b:02:b1:d8:e7:b6:c1:89:df:ff:ec:b1:e0:7b:2b:
         ed:de:2c:c2:5f:5f:a9:cc:e7:bb:10:82:82:70:0b:85:2d:ae:
         f8:11:7f:67:f7:b9:ea:6d:8c:fa:4e:3d:e2:98:64:93:f2:46:
         bf:db:bd:0e:fa:46:ef:0f:c4:c6:27:5f:21:a3:9f:c3:0a:f5:
         76:51:76:6e:2a:a1:a1:be:2a:b9:b3:3a:c4:84:93:ed:4c:09:
         f2:1f:5a:b7:6a:17:dd:ba:30:6f:c2:21:df:bb:27:78:4a:9b:
         28:ed:dd:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAmN4Npl+iHc3lbgefvDTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOGIxMDcxMTMxNzYzYWFkYWIxZjI5NGUzN2NkNTBhZGFj
MDkzOWMwHhcNMjQwMTAyMDIzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTkxNmMxMTYyYzc2YTBhMDJjOWM1ZTU3MTIwZWNiNmQ0MmJiNTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSxUnjeoG2Pym25/ebzzrVsI6l3M
2yC3IJfg9ODI3FUwydDIefGhH+BXaw8m+A4ZUZuN/Z4eKqzEfwniR4ZvKy8NOG7c
WbCI2MAstI+6N21NIGFHnRncC4thT2TH9bKd+P3TZr3BIpVz/ub69SNcUNMOPdZ0
49ZbFLtwB1DbPIwtJ7+d5fCsG1c915B2unQOmpf+EM7dSZojgSgSG2C+KcL9CJga
tvFsmlYwwUH9nHt0kBct5x1DkSLR4o2swwxkyatQ3jtn0HMVnkAmAOoLkCk8C8fS
+AT4k+MV7MMmtzJSFapwU8j0oTd9SkrEhBhjjL86lKdVGGNE4k1i5NHVJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGRbBFix2oKAsnF5XEg7LbUK7V1MB8GA1UdIwQY
MBaAFI6LEHETF2Oq2rHylON81QrawJOcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam9zUWNSTVhZNnJhc2ZLVTQzelZDdHJBazV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8zMzMzOWYtNmQ5OC00YjVmLWFiNjAt
MWM5NGNiN2RmZWIzLzEvc1pGc0VXTEhhZ29DeWNYbGNTRHN0dFFydFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8zMzMzOWYtNmQ5OC00YjVmLWFiNjAtMWM5NGNiN2RmZWIz
LzEvam9zUWNSTVhZNnJhc2ZLVTQzelZDdHJBazV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTeEMA0G
CSqGSIb3DQEBCwUAA4IBAQClBVxIuVFI1YNEzUnAikyLAKnKMfeLfBQrh1GTCgDI
KN5oO6qyFER38saCmXwF+3wGFTf5Q+a1JhM9c1b/RaXo3qjURVu95j5mPq4zoqk8
W9iZZxh2rRInqtwPAhntIIi0vkXqIiy2rtHoQzTIwkpZ6LZgxgQpxMfMf1pjvmCN
GBcMgsw5IvDVycKiG1yBBHTm17aLArHY57bBid//7LHgeyvt3izCX1+pzOe7EIKC
cAuFLa74EX9n97nqbYz6Tj3imGST8ka/270O+kbvD8TGJ18ho5/DCvV2UXZuKqGh
viq5szrEhJPtTAnyH1q3ahfdujBvwiHfuyd4Spso7d35
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:43:26 2024 by rpki-client on console-ams.rpki-client.org