Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/uwnOoSAPK75RVzGI9-xJ0ccygG0.roa
File:                     uwnOoSAPK75RVzGI9-xJ0ccygG0.roa (raw, json)
Hash identifier:          MZwydemFfIiyxfdvDNMWEsXHohSwyj1eWRSxp67+Ano=
Subject key identifier:   BB:09:CE:A1:20:0F:2B:BE:51:57:31:88:F7:EC:49:D1:C7:32:80:6D
Certificate issuer:       /CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Certificate serial:       018CC5013160377C9A47972B66933A8E6285
Authority key identifier: 10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/uwnOoSAPK75RVzGI9-xJ0ccygG0.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2110
IP address blocks:        193.95.128.0/18 maxlen: 24
                          194.125.0.0/17 maxlen: 17
                          213.202.128.0/18 maxlen: 18
                          192.111.39.0/24 maxlen: 24
                          78.16.0.0/14 maxlen: 14
                          212.2.160.0/19 maxlen: 19
                          185.146.180.0/22 maxlen: 22
                          185.146.180.0/24 maxlen: 24
                          193.120.52.0/24 maxlen: 24
                          194.145.128.0/21 maxlen: 21
                          193.120.216.0/24 maxlen: 24
                          194.46.192.0/18 maxlen: 18
                          193.120.0.0/16 maxlen: 16
                          193.203.128.0/19 maxlen: 19
                          194.165.160.0/19 maxlen: 19
                          2001:7c8::/29 maxlen: 29
                          2001:7c8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:31:60:37:7c:9a:47:97:2b:66:93:3a:8e:62:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10543a5197eb2544447e9d36b3ebf14452c777eb
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb09cea1200f2bbe51573188f7ec49d1c732806d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8b:ed:82:17:83:14:01:a3:72:a3:ed:2a:cf:
                    a3:aa:1b:47:f3:c2:9b:25:30:5f:48:3d:14:38:91:
                    3b:5a:c5:25:e4:84:8e:da:40:4c:48:18:0c:4b:c9:
                    3f:93:5c:2e:bc:9a:ce:23:63:39:48:26:d8:79:d7:
                    d1:96:94:e9:b6:8e:32:d5:87:29:a4:81:a7:01:b2:
                    23:a1:81:80:f1:dc:5c:01:5a:66:b1:0f:9a:54:e5:
                    38:52:13:17:8e:76:42:79:eb:61:c0:7e:05:b7:b9:
                    a2:74:16:a7:53:c9:21:32:54:3c:9d:e3:4c:8b:68:
                    14:88:d1:1d:00:35:9e:48:e4:df:43:3b:5e:69:fb:
                    95:43:8d:58:2d:ac:26:32:33:b5:bd:eb:fc:7f:a3:
                    1d:92:fa:f7:a4:3e:9c:f9:4b:e9:8b:4d:b9:30:9e:
                    77:f6:44:33:ce:c6:5a:c5:7b:7c:3c:bd:63:52:a5:
                    03:c7:10:f4:74:2f:b5:fb:7e:92:ef:78:42:6f:a1:
                    4b:70:63:61:b9:0b:90:51:97:cf:e2:48:98:a6:6f:
                    f6:8f:e3:53:95:22:cb:08:e2:a2:f4:2a:ed:d8:2e:
                    09:70:20:26:eb:ce:f8:15:9c:63:0b:f6:38:7e:b1:
                    d4:d6:cb:dd:62:89:a6:53:30:20:64:1d:9f:48:18:
                    2b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:09:CE:A1:20:0F:2B:BE:51:57:31:88:F7:EC:49:D1:C7:32:80:6D
            X509v3 Authority Key Identifier:
                keyid:10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/uwnOoSAPK75RVzGI9-xJ0ccygG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.16.0.0/14
                  185.146.180.0/22
                  192.111.39.0/24
                  193.95.128.0/18
                  193.120.0.0/16
                  193.203.128.0/19
                  194.46.192.0/18
                  194.125.0.0/17
                  194.145.128.0/21
                  194.165.160.0/19
                  212.2.160.0/19
                  213.202.128.0/18
                IPv6:
                  2001:7c8::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:27:11:74:31:b9:5d:06:26:ef:50:db:4e:ba:11:34:fe:1b:
         48:36:4d:6a:29:70:35:7a:50:d0:ff:7b:bf:4d:d1:d7:55:28:
         28:b4:64:9c:17:45:7d:c2:bd:d4:92:2a:05:77:d7:f3:68:d6:
         53:f9:74:2e:99:4f:79:a1:18:6a:93:b4:5a:f0:36:5b:e9:5c:
         a7:3d:ef:10:0b:80:7f:b8:02:db:9b:f5:6c:6b:73:3e:dd:ac:
         31:0e:60:1d:5a:92:5f:a7:9d:ef:7d:1b:6b:9a:7d:88:4f:3d:
         d2:43:07:88:71:79:ca:73:e9:fb:ce:f6:ae:7b:57:e4:83:23:
         ca:4a:21:04:a4:8d:93:46:0f:2b:c0:f4:fb:fc:26:5f:d0:bf:
         3e:75:96:16:75:d2:87:33:46:bf:b0:8a:16:6b:ad:57:20:b3:
         9b:1d:7c:ca:9f:63:31:7a:09:98:94:f1:7e:61:5e:42:95:72:
         fa:45:40:80:9c:1c:ce:0c:2c:cc:89:37:67:1b:7c:41:fb:3a:
         05:11:09:1e:d8:d9:23:2e:30:98:b6:f3:c1:c6:33:f0:c1:66:
         5f:4f:10:18:d9:41:d3:09:e7:30:75:a6:70:cb:9a:2c:d2:d7:
         96:41:bf:aa:67:e7:3e:5f:25:3b:c5:8c:4e:8f:0b:69:04:f7:
         38:d4:32:c6
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYzFATFgN3yaR5crZpM6jmKFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTQzYTUxOTdlYjI1NDQ0NDdlOWQzNmIzZWJmMTQ0NTJj
Nzc3ZWIwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjA5Y2VhMTIwMGYyYmJlNTE1NzMxODhmN2VjNDlkMWM3MzI4MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYvtgheDFAGjcqPtKs+jqhtH88Kb
JTBfSD0UOJE7WsUl5ISO2kBMSBgMS8k/k1wuvJrOI2M5SCbYedfRlpTpto4y1Ycp
pIGnAbIjoYGA8dxcAVpmsQ+aVOU4UhMXjnZCeethwH4Ft7midBanU8khMlQ8neNM
i2gUiNEdADWeSOTfQzteafuVQ41YLawmMjO1vev8f6Mdkvr3pD6c+Uvpi025MJ53
9kQzzsZaxXt8PL1jUqUDxxD0dC+1+36S73hCb6FLcGNhuQuQUZfP4kiYpm/2j+NT
lSLLCOKi9Crt2C4JcCAm6874FZxjC/Y4frHU1svdYommUzAgZB2fSBgrjwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFLsJzqEgDyu+UVcxiPfsSdHHMoBtMB8GA1UdIwQY
MBaAFBBUOlGX6yVERH6dNrPr8URSx3frMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmIt
ZjdlMGM1ZTI3MDJlLzEvdXduT29TQVBLNzVSVnpHSTkteEowY2N5Z0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmItZjdlMGM1ZTI3MDJl
LzEvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwMCThADBAK5
krQDBADAbycDBAbBX4ADAwDBeAMEBcHLgAMEBsIuwAMEB8J9AAMEA8KRgAMEBcKl
oAMEBdQCoAMEBtXKgDANBAIAAjAHAwUDIAEHyDANBgkqhkiG9w0BAQsFAAOCAQEA
uycRdDG5XQYm71DbTroRNP4bSDZNailwNXpQ0P97v03R11UoKLRknBdFfcK91JIq
BXfX82jWU/l0LplPeaEYapO0WvA2W+lcpz3vEAuAf7gC25v1bGtzPt2sMQ5gHVqS
X6ed730ba5p9iE890kMHiHF5ynPp+872rntX5IMjykohBKSNk0YPK8D0+/wmX9C/
PnWWFnXShzNGv7CKFmutVyCzmx18yp9jMXoJmJTxfmFeQpVy+kVAgJwczgwszIk3
Zxt8Qfs6BREJHtjZIy4wmLbzwcYz8MFmX08QGNlB0wnnMHWmcMuaLNLXlkG/qmfn
Pl8lO8WMTo8LaQT3ONQyxg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:52:23 2024 by rpki-client on console-fra.rpki-client.org