Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/7wB1jI_FqGSIGRBZBwOgNEjkmME.roa
File:                     7wB1jI_FqGSIGRBZBwOgNEjkmME.roa (raw, json)
Hash identifier:          vc+yAEOAouCS2G/4mxNtx7n17ELsb3p/XsbmTyWQ6MI=
Subject key identifier:   EF:00:75:8C:8F:C5:A8:64:88:19:10:59:07:03:A0:34:48:E4:98:C1
Certificate issuer:       /CN=509c63c6d756bb2acd3f1ad92ac415da857e6c98
Certificate serial:       018DC17982527E7551C2AEEF0BE9B0961CF2
Authority key identifier: 50:9C:63:C6:D7:56:BB:2A:CD:3F:1A:D9:2A:C4:15:DA:85:7E:6C:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJxjxtdWuyrNPxrZKsQV2oV-bJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/7wB1jI_FqGSIGRBZBwOgNEjkmME.roa
Signing time:             Mon 19 Feb 2024 13:06:22 +0000
ROA not before:           Mon 19 Feb 2024 13:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51862
IP address blocks:        185.122.180.0/22 maxlen: 22
                          185.122.180.0/24 maxlen: 24
                          185.122.181.0/24 maxlen: 24
                          185.122.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/UJxjxtdWuyrNPxrZKsQV2oV-bJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/UJxjxtdWuyrNPxrZKsQV2oV-bJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJxjxtdWuyrNPxrZKsQV2oV-bJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:04:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:79:82:52:7e:75:51:c2:ae:ef:0b:e9:b0:96:1c:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509c63c6d756bb2acd3f1ad92ac415da857e6c98
        Validity
            Not Before: Feb 19 13:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef00758c8fc5a864881910590703a03448e498c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f8:89:84:86:59:a3:16:b6:b2:19:c1:66:79:
                    3a:7e:80:d2:1e:61:3b:6c:19:f6:d1:42:3d:d1:d4:
                    0f:57:3e:0b:68:44:b9:56:4a:91:e5:c7:8a:19:50:
                    4d:fc:5e:85:09:c4:7a:68:9e:5e:73:d5:78:65:8c:
                    de:7b:b1:40:8a:ba:53:01:9d:80:4b:55:c5:46:de:
                    fb:48:9c:7e:a0:4a:68:4f:08:6b:52:fe:4c:48:93:
                    63:d7:64:1c:9e:f6:46:6f:5c:18:9f:07:3a:fd:ec:
                    a3:a1:8f:5b:d0:f3:35:6c:16:75:05:c4:bc:4e:8a:
                    48:84:70:e9:83:6f:06:f2:f5:18:7f:7a:75:9e:68:
                    10:d9:4a:56:fc:07:f0:be:ab:ac:32:ac:e0:2f:53:
                    50:57:1b:e2:5e:75:b5:d1:39:ea:ea:62:b4:1a:56:
                    1c:9b:e5:a0:76:34:fe:01:22:b7:31:ed:82:87:82:
                    52:d9:43:3b:48:69:19:6e:99:54:31:d7:9a:a2:32:
                    29:81:d7:c4:2f:86:b1:a4:b3:11:74:a5:7d:72:32:
                    0f:5d:70:8e:76:19:2b:91:40:47:30:3b:b7:86:17:
                    47:24:b9:74:a1:2f:e1:c5:08:5b:0a:90:78:d6:77:
                    68:02:85:c3:6c:76:2d:ef:a5:7a:f5:ba:8d:79:7f:
                    6c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:00:75:8C:8F:C5:A8:64:88:19:10:59:07:03:A0:34:48:E4:98:C1
            X509v3 Authority Key Identifier:
                keyid:50:9C:63:C6:D7:56:BB:2A:CD:3F:1A:D9:2A:C4:15:DA:85:7E:6C:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJxjxtdWuyrNPxrZKsQV2oV-bJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/7wB1jI_FqGSIGRBZBwOgNEjkmME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/UJxjxtdWuyrNPxrZKsQV2oV-bJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:ea:7b:06:fb:a9:d5:d5:1b:43:4a:88:8c:bd:24:8e:d7:e2:
         9d:a4:70:bc:24:9e:d2:b9:94:55:9e:10:00:e6:24:b0:e9:6a:
         23:e9:ea:50:5d:44:69:cd:1b:98:83:75:2f:b3:2e:17:22:2c:
         a6:30:3c:8c:8d:f1:ca:91:b2:fc:03:9f:41:2a:d7:d2:a6:a4:
         19:ad:53:83:12:11:89:77:d1:6b:94:b4:ad:dd:d7:78:3b:91:
         cd:95:3f:26:00:61:ce:bc:87:2b:81:36:33:3e:87:00:04:89:
         cb:05:1a:6f:95:58:c9:2c:a7:02:a8:25:92:70:e5:9d:c8:d1:
         f4:79:55:9a:ae:0e:78:99:e6:1c:f3:f8:17:6c:79:e7:4e:d1:
         15:72:62:4b:c0:cf:43:88:90:15:74:14:ec:35:84:f3:14:84:
         1d:e0:57:67:ed:20:57:98:a5:b8:36:47:bc:41:74:9a:62:64:
         31:eb:84:96:fe:5d:be:77:08:4d:07:11:b2:7c:d1:f7:5a:72:
         0e:c2:2b:33:98:15:ff:aa:49:d9:24:2f:01:b2:e8:a2:a6:2d:
         e1:5e:61:67:63:77:fe:29:14:55:6f:6c:a2:6f:98:49:3b:85:
         00:5d:b7:d2:d6:b9:2d:f2:76:92:20:c5:84:f2:e0:3e:3d:4a:
         74:6f:44:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3BeYJSfnVRwq7vC+mwlhzyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWM2M2M2ZDc1NmJiMmFjZDNmMWFkOTJhYzQxNWRhODU3
ZTZjOTgwHhcNMjQwMjE5MTMwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjAwNzU4YzhmYzVhODY0ODgxOTEwNTkwNzAzYTAzNDQ4ZTQ5OGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPiJhIZZoxa2shnBZnk6foDSHmE7
bBn20UI90dQPVz4LaES5VkqR5ceKGVBN/F6FCcR6aJ5ec9V4ZYzee7FAirpTAZ2A
S1XFRt77SJx+oEpoTwhrUv5MSJNj12QcnvZGb1wYnwc6/eyjoY9b0PM1bBZ1BcS8
TopIhHDpg28G8vUYf3p1nmgQ2UpW/AfwvqusMqzgL1NQVxviXnW10Tnq6mK0GlYc
m+WgdjT+ASK3Me2Ch4JS2UM7SGkZbplUMdeaojIpgdfEL4axpLMRdKV9cjIPXXCO
dhkrkUBHMDu3hhdHJLl0oS/hxQhbCpB41ndoAoXDbHYt76V69bqNeX9sjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8AdYyPxahkiBkQWQcDoDRI5JjBMB8GA1UdIwQY
MBaAFFCcY8bXVrsqzT8a2SrEFdqFfmyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUp4anh0ZFd1eXJOUHhyWktzUVYyb1YtYkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi84NDU0OGQtM2YzYi00NmI5LTgzNmMt
MzhhMzkyNDc3NmU5LzEvN3dCMWpJX0ZxR1NJR1JCWkJ3T2dORWprbU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi84NDU0OGQtM2YzYi00NmI5LTgzNmMtMzhhMzkyNDc3NmU5
LzEvVUp4anh0ZFd1eXJOUHhyWktzUVYyb1YtYkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXq0MA0G
CSqGSIb3DQEBCwUAA4IBAQB86nsG+6nV1RtDSoiMvSSO1+KdpHC8JJ7SuZRVnhAA
5iSw6Woj6epQXURpzRuYg3Uvsy4XIiymMDyMjfHKkbL8A59BKtfSpqQZrVODEhGJ
d9FrlLSt3dd4O5HNlT8mAGHOvIcrgTYzPocABInLBRpvlVjJLKcCqCWScOWdyNH0
eVWarg54meYc8/gXbHnnTtEVcmJLwM9DiJAVdBTsNYTzFIQd4Fdn7SBXmKW4Nke8
QXSaYmQx64SW/l2+dwhNBxGyfNH3WnIOwiszmBX/qknZJC8Bsuiipi3hXmFnY3f+
KRRVb2yib5hJO4UAXbfS1rkt8naSIMWE8uA+PUp0b0Ty
-----END CERTIFICATE-----
Generated at Mon Jun 17 08:08:23 2024 by rpki-client on console-fra.rpki-client.org