Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/4umJtXPvpt6ycshDdGMwxEV4_Iw.roa
File:                     4umJtXPvpt6ycshDdGMwxEV4_Iw.roa (raw, json)
Hash identifier:          172DBbJuLSebP9+Y+HOFsU0Y608KlCZsSjFeX4mDB/M=
Subject key identifier:   E2:E9:89:B5:73:EF:A6:DE:B2:72:C8:43:74:63:30:C4:45:78:FC:8C
Certificate issuer:       /CN=12c305404e80b5a4d70d21dab86fc5b6b801a8b8
Certificate serial:       018CC86F068BF3592DD9D6FC7B54CB71C948
Authority key identifier: 12:C3:05:40:4E:80:B5:A4:D7:0D:21:DA:B8:6F:C5:B6:B8:01:A8:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsMFQE6AtaTXDSHauG_FtrgBqLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/4umJtXPvpt6ycshDdGMwxEV4_Iw.roa
Signing time:             Tue 02 Jan 2024 04:29:28 +0000
ROA not before:           Tue 02 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24594
IP address blocks:        185.120.52.0/22 maxlen: 22
                          93.95.123.0/24 maxlen: 24
                          93.95.125.0/24 maxlen: 24
                          93.95.120.0/21 maxlen: 21
                          93.95.126.0/24 maxlen: 24
                          2a00:d68::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/EsMFQE6AtaTXDSHauG_FtrgBqLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/EsMFQE6AtaTXDSHauG_FtrgBqLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsMFQE6AtaTXDSHauG_FtrgBqLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:06:8b:f3:59:2d:d9:d6:fc:7b:54:cb:71:c9:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c305404e80b5a4d70d21dab86fc5b6b801a8b8
        Validity
            Not Before: Jan  2 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2e989b573efa6deb272c843746330c44578fc8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3f:96:26:ae:47:da:44:3a:b5:58:12:ad:e3:
                    3a:7a:b0:88:b0:3c:2f:a1:d7:fb:c7:ed:16:76:00:
                    8f:1e:d8:17:d3:61:9e:cc:94:3d:ee:eb:f6:d2:0e:
                    b4:d8:4b:a3:e5:e3:f8:1f:6e:58:fa:54:fe:a4:e7:
                    93:f1:a0:12:6d:e4:b4:86:91:53:da:76:b4:b6:4c:
                    14:52:5b:68:73:97:4d:dc:ed:f8:52:76:23:fd:98:
                    9b:b4:f1:bb:2f:80:41:ec:16:a7:0b:77:53:70:56:
                    61:bf:53:18:6a:d8:5c:c0:d7:b6:84:78:72:c8:0b:
                    98:94:d4:cc:c5:ca:08:40:01:1e:c9:60:43:eb:89:
                    5b:6c:75:cc:78:ee:aa:ec:1e:48:e2:00:69:f2:87:
                    03:13:2d:c8:5e:4f:b8:72:1c:77:49:91:05:3a:85:
                    5f:f3:3d:a4:1e:16:6c:4f:d0:8d:8f:e5:f5:1e:0e:
                    73:b7:73:80:84:06:cb:58:23:5f:8b:bf:97:f3:c7:
                    17:38:1e:0f:09:89:0d:3e:cb:11:fe:60:37:f2:89:
                    7b:69:f6:a4:37:f2:32:4c:2e:c9:02:48:3e:c9:91:
                    52:b0:b2:69:c6:4a:a7:81:7d:e9:b5:c8:fd:66:08:
                    3f:2b:a8:25:ea:55:31:fd:35:a2:0f:70:01:a6:c8:
                    41:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:E9:89:B5:73:EF:A6:DE:B2:72:C8:43:74:63:30:C4:45:78:FC:8C
            X509v3 Authority Key Identifier:
                keyid:12:C3:05:40:4E:80:B5:A4:D7:0D:21:DA:B8:6F:C5:B6:B8:01:A8:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsMFQE6AtaTXDSHauG_FtrgBqLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/4umJtXPvpt6ycshDdGMwxEV4_Iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/7c7e90-c781-42ab-9691-ce923d19508f/1/EsMFQE6AtaTXDSHauG_FtrgBqLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.120.0/21
                  185.120.52.0/22
                IPv6:
                  2a00:d68::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:09:88:a2:08:07:aa:41:6d:fd:1d:ac:b0:81:18:69:2a:b9:
         4f:07:1c:17:e6:0f:3f:01:20:f3:a1:f8:b2:c8:1d:75:0e:d5:
         b8:f3:4a:d8:7b:f3:f2:99:1b:0c:03:8d:d0:bf:b9:f3:b2:c0:
         af:04:e7:26:2c:6f:0b:ff:c1:ae:c3:21:85:bc:92:a8:43:bc:
         d1:e4:74:ac:75:2b:95:48:46:90:b5:2b:ed:43:b0:4a:9a:08:
         c7:f7:03:0a:a4:5e:0e:a0:5b:ca:c7:e5:c1:e2:34:8e:f5:57:
         a4:e4:8e:50:da:e7:1e:81:d1:58:fd:b3:bd:86:fd:bf:47:41:
         b0:0b:44:a7:54:ca:81:2a:e4:18:01:47:73:a5:4e:cd:cd:28:
         42:c6:1c:69:3f:7b:a2:b1:11:f3:13:95:7e:4a:d4:8d:2c:8c:
         f0:d6:11:81:22:57:af:4b:86:37:4e:05:6e:40:00:54:59:2c:
         00:76:92:34:ea:a8:ee:49:03:43:bf:16:65:cf:f7:ae:f1:4c:
         57:fe:ce:65:49:c5:92:d3:e0:32:e1:11:de:f6:17:d3:f9:33:
         88:f6:43:30:34:6f:de:9d:0d:4e:f8:86:06:b7:f3:a8:31:c2:
         82:3c:66:24:f1:2e:fb:63:f2:4c:ed:b1:4a:12:61:d3:e5:e0:
         f2:1e:65:a5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIbwaL81kt2db8e1TLcclIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzMwNTQwNGU4MGI1YTRkNzBkMjFkYWI4NmZjNWI2Yjgw
MWE4YjgwHhcNMjQwMTAyMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmU5ODliNTczZWZhNmRlYjI3MmM4NDM3NDYzMzBjNDQ1NzhmYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhD+WJq5H2kQ6tVgSreM6erCIsDwv
odf7x+0WdgCPHtgX02GezJQ97uv20g602Euj5eP4H25Y+lT+pOeT8aASbeS0hpFT
2na0tkwUUltoc5dN3O34UnYj/ZibtPG7L4BB7BanC3dTcFZhv1MYathcwNe2hHhy
yAuYlNTMxcoIQAEeyWBD64lbbHXMeO6q7B5I4gBp8ocDEy3IXk+4chx3SZEFOoVf
8z2kHhZsT9CNj+X1Hg5zt3OAhAbLWCNfi7+X88cXOB4PCYkNPssR/mA38ol7afak
N/IyTC7JAkg+yZFSsLJpxkqngX3ptcj9Zgg/K6gl6lUx/TWiD3ABpshBbwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOLpibVz76besnLIQ3RjMMRFePyMMB8GA1UdIwQY
MBaAFBLDBUBOgLWk1w0h2rhvxba4Aai4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNNRlFFNkF0YVRYRFNIYXVHX0Z0cmdCcUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni83YzdlOTAtYzc4MS00MmFiLTk2OTEt
Y2U5MjNkMTk1MDhmLzEvNHVtSnRYUHZwdDZ5Y3NoRGRHTXd4RVY0X0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni83YzdlOTAtYzc4MS00MmFiLTk2OTEtY2U5MjNkMTk1MDhm
LzEvRXNNRlFFNkF0YVRYRFNIYXVHX0Z0cmdCcUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXV94AwQC
uXg0MA0EAgACMAcDBQAqAA1oMA0GCSqGSIb3DQEBCwUAA4IBAQChCYiiCAeqQW39
HaywgRhpKrlPBxwX5g8/ASDzofiyyB11DtW480rYe/PymRsMA43Qv7nzssCvBOcm
LG8L/8GuwyGFvJKoQ7zR5HSsdSuVSEaQtSvtQ7BKmgjH9wMKpF4OoFvKx+XB4jSO
9Vek5I5Q2ucegdFY/bO9hv2/R0GwC0SnVMqBKuQYAUdzpU7NzShCxhxpP3uisRHz
E5V+StSNLIzw1hGBIlevS4Y3TgVuQABUWSwAdpI06qjuSQNDvxZlz/eu8UxX/s5l
ScWS0+Ay4RHe9hfT+TOI9kMwNG/enQ1O+IYGt/OoMcKCPGYk8S77Y/JM7bFKEmHT
5eDyHmWl
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:22:40 2024 by rpki-client on console-ams.rpki-client.org