Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/71jXUkXt0tWUoZlC2v5TE4H66xE.roa
File:                     71jXUkXt0tWUoZlC2v5TE4H66xE.roa (raw, json)
Hash identifier:          ML8SkBjln86EYkAXcteVDGMn96Od1WfCBDoinHfiO68=
Subject key identifier:   EF:58:D7:52:45:ED:D2:D5:94:A1:99:42:DA:FE:53:13:81:FA:EB:11
Certificate issuer:       /CN=ebdfa7c0ad7ef674dd5b4194960f2ffd4115f261
Certificate serial:       018CC4246667D5CEE503EFD5E5311CC8AF8C
Authority key identifier: EB:DF:A7:C0:AD:7E:F6:74:DD:5B:41:94:96:0F:2F:FD:41:15:F2:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/69-nwK1-9nTdW0GUlg8v_UEV8mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/71jXUkXt0tWUoZlC2v5TE4H66xE.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43201
IP address blocks:        195.158.222.0/23 maxlen: 23
                          195.158.223.0/24 maxlen: 24
                          195.158.220.0/24 maxlen: 24
                          195.158.221.0/24 maxlen: 24
                          195.158.220.0/23 maxlen: 23
                          195.158.220.0/22 maxlen: 22
                          195.158.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/69-nwK1-9nTdW0GUlg8v_UEV8mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/69-nwK1-9nTdW0GUlg8v_UEV8mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/69-nwK1-9nTdW0GUlg8v_UEV8mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:66:67:d5:ce:e5:03:ef:d5:e5:31:1c:c8:af:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebdfa7c0ad7ef674dd5b4194960f2ffd4115f261
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef58d75245edd2d594a19942dafe531381faeb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e0:15:1d:b1:00:0d:da:e1:3e:0a:b1:33:bf:
                    e6:1c:c9:7c:e4:d3:93:3b:43:b8:77:c5:60:18:dc:
                    92:f5:ea:d0:fd:c9:c4:b4:85:bc:f6:f1:73:da:d0:
                    4b:81:c8:c7:13:f6:17:45:01:dd:d7:41:13:26:f8:
                    65:ad:2b:cc:00:2d:58:3c:f2:6f:84:a1:5e:f7:e6:
                    5f:3f:ec:74:07:8b:1d:d1:a4:f6:75:49:32:4c:3e:
                    4b:3d:d1:77:f8:6a:d9:08:bf:e8:c0:41:29:de:89:
                    c3:61:53:d2:69:68:60:f6:42:10:dd:b5:41:5d:85:
                    69:fd:42:66:43:0f:36:9a:56:21:65:e1:4f:f3:37:
                    36:a9:52:cb:31:c6:71:f2:7d:52:de:45:32:09:9b:
                    46:e3:34:ea:aa:cf:08:67:0d:3a:8b:ec:92:07:70:
                    66:eb:95:81:ca:12:07:52:81:e0:59:c9:35:31:cf:
                    99:e9:7b:9a:cc:47:00:1a:a6:04:0a:6e:e2:eb:37:
                    5c:66:a6:2e:af:83:69:91:67:ab:9b:90:4b:d7:45:
                    49:fb:ec:cc:c3:1e:60:bb:ea:d7:22:6c:73:07:5f:
                    84:cc:27:4f:b8:76:d3:43:e6:71:c1:6b:48:82:1d:
                    48:e0:05:06:93:4a:68:f0:2b:12:0d:ca:fe:c8:11:
                    5d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:58:D7:52:45:ED:D2:D5:94:A1:99:42:DA:FE:53:13:81:FA:EB:11
            X509v3 Authority Key Identifier:
                keyid:EB:DF:A7:C0:AD:7E:F6:74:DD:5B:41:94:96:0F:2F:FD:41:15:F2:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/69-nwK1-9nTdW0GUlg8v_UEV8mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/71jXUkXt0tWUoZlC2v5TE4H66xE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/69-nwK1-9nTdW0GUlg8v_UEV8mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.158.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:77:84:ed:75:c8:31:6f:73:99:7d:44:5c:fd:1d:09:93:28:
         71:c4:c8:f4:c2:cd:14:82:73:50:17:fb:03:e8:75:ca:b5:96:
         0e:48:9d:01:1e:fe:ed:11:12:87:92:e8:bb:e7:0c:e2:83:6e:
         66:2a:32:22:66:d7:da:b9:72:d7:90:db:7c:10:e2:48:07:69:
         63:ee:9f:85:2e:b5:9b:55:d9:45:0d:a9:ec:73:49:b8:aa:cb:
         86:a0:4a:f2:d7:34:08:81:60:f1:67:92:15:8a:c1:37:45:98:
         7a:49:19:f2:84:d7:a0:b1:94:54:eb:d2:b7:cb:66:56:ae:9c:
         05:5e:41:b8:c3:eb:18:af:33:90:0f:61:3a:4c:d8:fe:92:c5:
         e5:4a:b3:85:ae:c1:43:cf:d8:d3:82:b7:bb:b3:0c:c8:bd:7d:
         e9:02:db:c8:90:ba:99:66:3d:63:f5:0d:04:f9:f0:8d:0f:64:
         c7:49:4e:e0:1f:b9:24:6e:1f:6b:e3:e0:a8:66:05:a5:e8:f1:
         b0:eb:20:84:0e:49:f1:d5:ea:2c:aa:59:1a:bb:56:3f:0f:ef:
         62:0d:be:ad:93:41:78:66:61:45:a9:f5:70:7c:8b:ab:41:67:
         94:f7:83:1a:cb:9f:58:00:d3:58:14:a9:91:28:14:57:78:32:
         1a:f7:af:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGZn1c7lA+/V5TEcyK+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZGZhN2MwYWQ3ZWY2NzRkZDViNDE5NDk2MGYyZmZkNDEx
NWYyNjEwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjU4ZDc1MjQ1ZWRkMmQ1OTRhMTk5NDJkYWZlNTMxMzgxZmFlYjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uAVHbEADdrhPgqxM7/mHMl85NOT
O0O4d8VgGNyS9erQ/cnEtIW89vFz2tBLgcjHE/YXRQHd10ETJvhlrSvMAC1YPPJv
hKFe9+ZfP+x0B4sd0aT2dUkyTD5LPdF3+GrZCL/owEEp3onDYVPSaWhg9kIQ3bVB
XYVp/UJmQw82mlYhZeFP8zc2qVLLMcZx8n1S3kUyCZtG4zTqqs8IZw06i+ySB3Bm
65WByhIHUoHgWck1Mc+Z6XuazEcAGqYECm7i6zdcZqYur4NpkWerm5BL10VJ++zM
wx5gu+rXImxzB1+EzCdPuHbTQ+ZxwWtIgh1I4AUGk0po8CsSDcr+yBFdpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9Y11JF7dLVlKGZQtr+UxOB+usRMB8GA1UdIwQY
MBaAFOvfp8CtfvZ03VtBlJYPL/1BFfJhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjktbndLMS05blRkVzBHVWxnOHZfVUVWOG1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny80MzRmZWQtODc3ZC00YTBmLWEyNTYt
ODUzNDVmNjYwNjU1LzEvNzFqWFVrWHQwdFdVb1psQzJ2NVRFNEg2NnhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny80MzRmZWQtODc3ZC00YTBmLWEyNTYtODUzNDVmNjYwNjU1
LzEvNjktbndLMS05blRkVzBHVWxnOHZfVUVWOG1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw57cMA0G
CSqGSIb3DQEBCwUAA4IBAQAsd4Ttdcgxb3OZfURc/R0JkyhxxMj0ws0UgnNQF/sD
6HXKtZYOSJ0BHv7tERKHkui75wzig25mKjIiZtfauXLXkNt8EOJIB2lj7p+FLrWb
VdlFDansc0m4qsuGoEry1zQIgWDxZ5IVisE3RZh6SRnyhNegsZRU69K3y2ZWrpwF
XkG4w+sYrzOQD2E6TNj+ksXlSrOFrsFDz9jTgre7swzIvX3pAtvIkLqZZj1j9Q0E
+fCND2THSU7gH7kkbh9r4+CoZgWl6PGw6yCEDknx1eosqlkau1Y/D+9iDb6tk0F4
ZmFFqfVwfIurQWeU94May59YANNYFKmRKBRXeDIa96+w
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:13:28 2024 by rpki-client on console-fra.rpki-client.org