Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/VULmVpakAxzBHq4bRmxVEgqUGcU.roa
File:                     VULmVpakAxzBHq4bRmxVEgqUGcU.roa (raw, json)
Hash identifier:          8WuBx1lEkp0wwdThO/7OWZl7pbl1KS1BaIRCs7hvOmM=
Subject key identifier:   55:42:E6:56:96:A4:03:1C:C1:1E:AE:1B:46:6C:55:12:0A:94:19:C5
Certificate issuer:       /CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
Certificate serial:       018CC8DEBD8477EFC50DB2BF5502D59FDD4E
Authority key identifier: 50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/VULmVpakAxzBHq4bRmxVEgqUGcU.roa
Signing time:             Tue 02 Jan 2024 06:31:29 +0000
ROA not before:           Tue 02 Jan 2024 06:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15763
IP address blocks:        195.253.8.0/21 maxlen: 21
                          195.253.16.0/22 maxlen: 22
                          195.253.21.0/24 maxlen: 24
                          195.253.24.0/22 maxlen: 22
                          195.138.36.0/24 maxlen: 24
                          195.138.44.0/22 maxlen: 22
                          195.253.28.0/23 maxlen: 23
                          195.253.30.0/24 maxlen: 24
                          195.138.42.0/23 maxlen: 23
                          195.138.48.0/22 maxlen: 22
                          195.138.52.0/24 maxlen: 24
                          195.138.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:bd:84:77:ef:c5:0d:b2:bf:55:02:d5:9f:dd:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50c1e426f58e42ae30e56cdb7ff4d8f9ddd85b30
        Validity
            Not Before: Jan  2 06:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5542e65696a4031cc11eae1b466c55120a9419c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:db:ab:21:6e:68:37:69:bf:25:a4:70:0b:28:
                    f9:ac:04:12:03:c0:33:9b:05:52:d6:02:11:24:12:
                    80:b1:2e:4c:5e:26:07:d5:42:96:ba:28:b4:18:2d:
                    e4:c8:9c:75:3e:bf:1e:24:11:d3:e0:7c:e1:09:95:
                    52:d7:23:6a:84:e7:98:e0:90:0b:02:a1:8e:e4:ef:
                    ee:48:c5:64:78:9e:3c:30:5b:91:f2:e3:d9:9c:11:
                    19:7a:9f:1e:f6:a3:aa:4c:c4:67:f2:06:1a:24:40:
                    76:8a:67:ed:c1:89:36:ce:33:f5:54:15:34:35:58:
                    31:8e:93:bd:4f:a8:37:4d:16:99:2d:5c:b9:03:49:
                    16:b3:b5:f8:31:b2:1b:f7:36:ec:9d:51:48:4c:23:
                    ef:7b:97:46:be:52:c2:97:03:c2:da:ab:d4:b7:f6:
                    e4:d0:06:df:c8:2a:cc:c3:9e:a5:df:85:0d:5b:9b:
                    56:95:3e:9c:c4:5e:f7:64:d2:54:9b:8d:50:5b:3e:
                    67:f2:69:79:6c:fb:11:0b:73:11:7b:fe:33:f5:70:
                    e9:86:f4:a5:91:de:bc:49:6c:05:34:d5:73:ea:f3:
                    8d:39:35:90:ae:4c:0f:69:66:d5:77:28:a2:9b:06:
                    dd:0d:e1:2a:9f:89:c1:a8:1d:9f:e6:57:9b:4a:e2:
                    1a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:42:E6:56:96:A4:03:1C:C1:1E:AE:1B:46:6C:55:12:0A:94:19:C5
            X509v3 Authority Key Identifier:
                keyid:50:C1:E4:26:F5:8E:42:AE:30:E5:6C:DB:7F:F4:D8:F9:DD:D8:5B:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/VULmVpakAxzBHq4bRmxVEgqUGcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/9c6dad-377a-444e-b0dc-063ce6cf460d/1/UMHkJvWOQq4w5Wzbf_TY-d3YWzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.138.36.0/24
                  195.138.42.0-195.138.52.255
                  195.138.59.0/24
                  195.253.8.0-195.253.19.255
                  195.253.21.0/24
                  195.253.24.0-195.253.30.255

    Signature Algorithm: sha256WithRSAEncryption
         0d:d1:f7:da:54:c1:31:35:e4:d2:c5:27:30:42:54:ef:d6:3f:
         53:c3:36:3b:8d:c3:98:38:5f:d6:8a:f1:ea:32:9d:1f:ea:e4:
         bf:82:ae:b1:74:18:3f:f5:1b:f5:47:6c:a6:7f:ed:ff:a5:e8:
         ff:f9:2b:43:a6:19:d1:3d:e4:cc:d2:9b:9a:27:0b:70:79:05:
         5e:34:6f:d3:58:53:3a:70:ab:d7:b9:95:93:1d:17:a3:6a:82:
         63:c8:64:0b:97:7b:50:48:a7:40:11:97:40:82:9d:4e:34:d6:
         02:49:fc:e9:89:ae:09:eb:ab:ef:38:79:96:08:6b:25:b0:d6:
         7a:d2:a3:67:c4:bc:9d:d3:83:96:c9:f1:03:07:47:1e:c3:49:
         4b:88:07:05:85:49:18:bb:c3:b0:ee:1e:99:42:97:a0:ba:d3:
         32:ad:69:a5:21:37:a4:67:98:51:42:2e:86:c3:4a:e4:c3:6c:
         e1:73:fb:1d:58:2e:69:ca:d3:8d:a6:5e:f1:da:db:40:81:e2:
         c7:eb:62:ac:1d:fc:65:b9:92:8a:b9:30:c4:60:6b:ad:33:89:
         68:86:ad:f1:bc:79:20:98:bd:95:f6:0b:6a:f5:c1:8e:eb:48:
         ba:0a:21:06:40:f9:b8:e4:f4:c3:aa:4b:36:65:a9:f7:3b:c6:
         f9:66:6f:7f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzI3r2Ed+/FDbK/VQLVn91OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzFlNDI2ZjU4ZTQyYWUzMGU1NmNkYjdmZjRkOGY5ZGRk
ODViMzAwHhcNMjQwMTAyMDYzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTQyZTY1Njk2YTQwMzFjYzExZWFlMWI0NjZjNTUxMjBhOTQxOWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9urIW5oN2m/JaRwCyj5rAQSA8Az
mwVS1gIRJBKAsS5MXiYH1UKWuii0GC3kyJx1Pr8eJBHT4HzhCZVS1yNqhOeY4JAL
AqGO5O/uSMVkeJ48MFuR8uPZnBEZep8e9qOqTMRn8gYaJEB2imftwYk2zjP1VBU0
NVgxjpO9T6g3TRaZLVy5A0kWs7X4MbIb9zbsnVFITCPve5dGvlLClwPC2qvUt/bk
0AbfyCrMw56l34UNW5tWlT6cxF73ZNJUm41QWz5n8ml5bPsRC3MRe/4z9XDphvSl
kd68SWwFNNVz6vONOTWQrkwPaWbVdyiimwbdDeEqn4nBqB2f5lebSuIaDQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFFVC5laWpAMcwR6uG0ZsVRIKlBnFMB8GA1UdIwQY
MBaAFFDB5Cb1jkKuMOVs23/02Pnd2FswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMt
MDYzY2U2Y2Y0NjBkLzEvVlVMbVZwYWtBeHpCSHE0YlJteFZFZ3FVR2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85YzZkYWQtMzc3YS00NDRlLWIwZGMtMDYzY2U2Y2Y0NjBk
LzEvVU1Ia0p2V09RcTR3NVd6YmZfVFktZDNZV3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAw4okMAwD
BAHDiioDBADDijQDBADDijswDAMEA8P9CAMEAsP9EAMEAMP9FTAMAwQDw/0YAwQA
w/0eMA0GCSqGSIb3DQEBCwUAA4IBAQAN0ffaVMExNeTSxScwQlTv1j9TwzY7jcOY
OF/WivHqMp0f6uS/gq6xdBg/9Rv1R2ymf+3/pej/+StDphnRPeTM0puaJwtweQVe
NG/TWFM6cKvXuZWTHRejaoJjyGQLl3tQSKdAEZdAgp1ONNYCSfzpia4J66vvOHmW
CGslsNZ60qNnxLyd04OWyfEDB0cew0lLiAcFhUkYu8Ow7h6ZQpegutMyrWmlITek
Z5hRQi6Gw0rkw2zhc/sdWC5pytONpl7x2ttAgeLH62KsHfxluZKKuTDEYGutM4lo
hq3xvHkgmL2V9gtq9cGO60i6CiEGQPm45PTDqks2Zan3O8b5Zm9/
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:43:11 2024 by rpki-client on console-ams.rpki-client.org