Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/2f339b-f19f-452f-88be-29ffc4443901/1/ze9RQ4O_kXZQFQ6PyQ_agiynTLg.roa
File:                     ze9RQ4O_kXZQFQ6PyQ_agiynTLg.roa (raw, json)
Hash identifier:          zVmVyK3qt2PyrLyXnTZdZG67ziURIOPc/S8QBCH8zx4=
Subject key identifier:   CD:EF:51:43:83:BF:91:76:50:15:0E:8F:C9:0F:DA:82:2C:A7:4C:B8
Certificate issuer:       /CN=75535bade37a3d6fc380442a285e157b984ca91d
Certificate serial:       018CC8DCE431DD378C2F12DD3BD7496F9A42
Authority key identifier: 75:53:5B:AD:E3:7A:3D:6F:C3:80:44:2A:28:5E:15:7B:98:4C:A9:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVNbreN6PW_DgEQqKF4Ve5hMqR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/2f339b-f19f-452f-88be-29ffc4443901/1/ze9RQ4O_kXZQFQ6PyQ_agiynTLg.roa
Signing time:             Tue 02 Jan 2024 06:29:28 +0000
ROA not before:           Tue 02 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41690
IP address blocks:        188.65.120.0/21 maxlen: 24
                          195.8.214.0/23 maxlen: 24
                          185.223.156.0/22 maxlen: 24
                          2a03:d1c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/2f339b-f19f-452f-88be-29ffc4443901/1/dVNbreN6PW_DgEQqKF4Ve5hMqR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/2f339b-f19f-452f-88be-29ffc4443901/1/dVNbreN6PW_DgEQqKF4Ve5hMqR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVNbreN6PW_DgEQqKF4Ve5hMqR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e4:31:dd:37:8c:2f:12:dd:3b:d7:49:6f:9a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75535bade37a3d6fc380442a285e157b984ca91d
        Validity
            Not Before: Jan  2 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdef514383bf917650150e8fc90fda822ca74cb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:04:c1:22:82:85:f4:40:a5:d1:12:e6:ae:41:
                    6f:c0:8e:4c:2e:86:e1:68:ac:0c:56:5e:f7:d7:5c:
                    45:a5:cf:62:93:d9:b2:75:6b:04:40:83:2a:42:78:
                    1a:b5:a0:96:c8:ac:14:90:6e:91:ad:90:08:8a:64:
                    c7:81:47:bc:d6:c4:f8:e5:4d:c7:e4:20:21:18:55:
                    52:09:f6:60:17:e6:f1:b0:17:df:be:d9:83:6f:f5:
                    2a:33:fd:41:29:58:63:30:10:5b:e5:60:d1:4c:73:
                    1f:fc:74:ca:3d:b4:5a:7b:31:25:20:7a:b4:48:3e:
                    51:43:4b:da:a9:02:dc:fc:5e:f9:cc:8a:24:bc:15:
                    b8:d0:af:56:d4:bc:c4:0e:db:ec:6f:27:92:76:e4:
                    4a:6f:e4:e9:b6:2d:41:52:fd:d0:68:ae:bb:5e:c1:
                    3d:5f:7a:43:ba:c4:1f:83:30:6c:c2:c7:ac:8b:e5:
                    61:ed:33:3a:c3:5a:48:29:98:3d:22:43:cb:3f:4d:
                    9d:56:14:04:be:06:ca:2b:11:69:2e:de:67:aa:ea:
                    48:95:c8:38:5a:34:96:4a:3d:8c:f0:dc:3d:01:a8:
                    06:6e:d3:6d:2d:68:6b:d8:aa:48:1d:95:82:41:73:
                    35:75:35:69:a8:d7:7f:91:52:2c:26:ba:5f:7e:ca:
                    95:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:EF:51:43:83:BF:91:76:50:15:0E:8F:C9:0F:DA:82:2C:A7:4C:B8
            X509v3 Authority Key Identifier:
                keyid:75:53:5B:AD:E3:7A:3D:6F:C3:80:44:2A:28:5E:15:7B:98:4C:A9:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVNbreN6PW_DgEQqKF4Ve5hMqR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/2f339b-f19f-452f-88be-29ffc4443901/1/ze9RQ4O_kXZQFQ6PyQ_agiynTLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/2f339b-f19f-452f-88be-29ffc4443901/1/dVNbreN6PW_DgEQqKF4Ve5hMqR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.156.0/22
                  188.65.120.0/21
                  195.8.214.0/23
                IPv6:
                  2a03:d1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:c5:ab:c1:59:57:be:67:32:c2:5e:1f:22:f4:7e:97:83:48:
         e6:f7:b6:f7:5b:da:9e:8e:7d:df:fc:26:23:76:f9:94:5a:20:
         53:ac:06:86:25:27:34:19:7c:53:d7:9d:6a:2e:84:f4:d6:4c:
         b0:72:a2:7c:55:21:fc:64:56:4b:e7:cd:84:d7:bf:d0:a2:2b:
         a8:35:51:6e:fd:82:10:6e:77:d9:d8:d0:b6:ce:80:ee:bf:b3:
         97:43:f6:8b:55:d6:24:78:91:b8:ee:3a:e0:2c:41:ab:f9:fe:
         2a:7c:6b:5a:c1:c0:48:8c:5b:4b:9d:f0:4b:83:50:87:9a:8e:
         67:b6:51:22:3e:fd:11:72:d1:df:57:09:7b:b0:22:09:1a:96:
         84:3d:db:a5:88:03:4b:b1:15:85:39:d3:e8:a1:fb:a9:4a:47:
         23:0b:98:fc:41:e2:95:57:21:06:30:64:06:d7:0b:af:98:47:
         8c:a1:95:23:ca:a9:e7:bf:b5:eb:2b:a9:b1:fb:d8:bb:01:54:
         78:ea:52:2f:d8:89:35:02:6d:0a:29:13:50:4d:b3:be:85:bf:
         b0:d5:d4:5d:12:31:2e:9a:51:80:7e:cf:ac:05:f7:6b:ca:9a:
         4a:ad:66:38:63:d1:60:ce:5a:ff:85:df:20:72:f7:f3:6f:7e:
         cd:c4:5b:19
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzI3OQx3TeMLxLdO9dJb5pCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTM1YmFkZTM3YTNkNmZjMzgwNDQyYTI4NWUxNTdiOTg0
Y2E5MWQwHhcNMjQwMTAyMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGVmNTE0MzgzYmY5MTc2NTAxNTBlOGZjOTBmZGE4MjJjYTc0Y2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlATBIoKF9ECl0RLmrkFvwI5MLobh
aKwMVl7311xFpc9ik9mydWsEQIMqQngataCWyKwUkG6RrZAIimTHgUe81sT45U3H
5CAhGFVSCfZgF+bxsBffvtmDb/UqM/1BKVhjMBBb5WDRTHMf/HTKPbRaezElIHq0
SD5RQ0vaqQLc/F75zIokvBW40K9W1LzEDtvsbyeSduRKb+Tpti1BUv3QaK67XsE9
X3pDusQfgzBswsesi+Vh7TM6w1pIKZg9IkPLP02dVhQEvgbKKxFpLt5nqupIlcg4
WjSWSj2M8Nw9AagGbtNtLWhr2KpIHZWCQXM1dTVpqNd/kVIsJrpffsqVyQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFM3vUUODv5F2UBUOj8kP2oIsp0y4MB8GA1UdIwQY
MBaAFHVTW63jej1vw4BEKiheFXuYTKkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZOYnJlTjZQV19EZ0VRcUtGNFZlNWhNcVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yZjMzOWItZjE5Zi00NTJmLTg4YmUt
MjlmZmM0NDQzOTAxLzEvemU5UlE0T19rWFpRRlE2UHlRX2FnaXluVExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yZjMzOWItZjE5Zi00NTJmLTg4YmUtMjlmZmM0NDQzOTAx
LzEvZFZOYnJlTjZQV19EZ0VRcUtGNFZlNWhNcVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCud+cAwQD
vEF4AwQBwwjWMA0EAgACMAcDBQMqA9HAMA0GCSqGSIb3DQEBCwUAA4IBAQBixavB
WVe+ZzLCXh8i9H6Xg0jm97b3W9qejn3f/CYjdvmUWiBTrAaGJSc0GXxT151qLoT0
1kywcqJ8VSH8ZFZL582E17/QoiuoNVFu/YIQbnfZ2NC2zoDuv7OXQ/aLVdYkeJG4
7jrgLEGr+f4qfGtawcBIjFtLnfBLg1CHmo5ntlEiPv0RctHfVwl7sCIJGpaEPdul
iANLsRWFOdPoofupSkcjC5j8QeKVVyEGMGQG1wuvmEeMoZUjyqnnv7XrK6mx+9i7
AVR46lIv2Ik1Am0KKRNQTbO+hb+w1dRdEjEumlGAfs+sBfdryppKrWY4Y9Fgzlr/
hd8gcvfzb37NxFsZ
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:29:40 2024 by rpki-client on console-ams.rpki-client.org