Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/zHE-SgU4gukSatALeKuBjSpz9R4.roa
File:                     zHE-SgU4gukSatALeKuBjSpz9R4.roa (raw, json)
Hash identifier:          raBXsfFiXhcqnRtCmrarnVAR9U4kh4Whf7QDbs9Hq9c=
Subject key identifier:   CC:71:3E:4A:05:38:82:E9:12:6A:D0:0B:78:AB:81:8D:2A:73:F5:1E
Certificate issuer:       /CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
Certificate serial:       018CC8DEE836EBCC8774B4FB18A164507D52
Authority key identifier: 5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/zHE-SgU4gukSatALeKuBjSpz9R4.roa
Signing time:             Tue 02 Jan 2024 06:31:40 +0000
ROA not before:           Tue 02 Jan 2024 06:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        185.196.101.0/24 maxlen: 24
                          185.196.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e8:36:eb:cc:87:74:b4:fb:18:a1:64:50:7d:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
        Validity
            Not Before: Jan  2 06:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc713e4a053882e9126ad00b78ab818d2a73f51e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:21:00:21:c3:dd:dd:c3:5d:23:30:ff:2e:a8:
                    d8:e3:cc:4e:18:37:a8:13:7e:c1:e2:2c:f0:8b:68:
                    f6:3f:be:6d:f6:67:43:0b:fd:ad:86:1a:f7:be:c1:
                    61:7f:09:ae:14:ea:e8:14:dd:aa:64:b0:96:a5:53:
                    c3:ba:bc:e7:f8:ce:d0:41:b8:51:cf:cf:1d:59:d3:
                    02:b9:c9:19:41:68:da:a8:47:c6:ea:f2:05:d3:1e:
                    65:eb:42:86:b2:b9:70:42:0c:16:35:00:b2:66:f0:
                    9a:68:03:42:7a:b3:78:81:a5:9c:c8:c1:eb:70:92:
                    10:66:01:ff:0d:72:e8:d0:35:ff:ca:97:45:14:01:
                    ae:11:93:45:3f:a3:aa:3a:41:75:45:4d:b5:49:57:
                    6d:27:6c:de:d2:75:66:df:fa:d1:6e:5a:b4:47:5e:
                    9c:a8:53:8a:9e:90:60:68:a5:bc:72:b8:74:16:1a:
                    76:d4:c0:2c:a1:8f:30:7e:93:77:24:56:20:5a:1b:
                    44:b2:77:a8:5b:f5:8c:b6:b2:c0:97:1f:8d:41:08:
                    9a:e1:41:3b:8c:fe:e7:40:52:2e:eb:8d:e5:53:14:
                    ce:12:03:86:a8:9b:12:ef:51:50:9b:bd:1a:d8:52:
                    a3:be:55:f6:27:7b:40:77:43:ea:23:d9:0e:38:9f:
                    15:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:71:3E:4A:05:38:82:E9:12:6A:D0:0B:78:AB:81:8D:2A:73:F5:1E
            X509v3 Authority Key Identifier:
                keyid:5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/zHE-SgU4gukSatALeKuBjSpz9R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.101.0/24
                  185.196.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:81:e7:39:2c:1b:10:90:78:72:51:00:90:15:57:ad:7a:16:
         65:3a:be:ca:7f:14:4c:55:91:23:70:93:fa:f8:32:93:78:21:
         6a:f0:a0:76:94:f2:81:09:1b:9c:fe:79:d6:98:2c:96:a0:1c:
         31:f4:3a:51:55:4b:2f:2a:3d:ac:c7:33:69:d1:47:1b:76:d3:
         40:38:1e:84:a5:0d:8d:5d:c0:cf:b4:82:2f:e8:aa:19:ce:37:
         c7:72:65:9b:ae:17:df:fe:d6:62:76:d8:bd:dd:13:a5:71:93:
         9e:c3:62:17:55:01:fe:3c:82:d9:ea:2a:f0:5f:25:1e:71:22:
         5c:cc:3c:a6:a7:a2:2e:8e:0e:27:3a:6a:23:f9:e2:81:26:4f:
         ff:9e:07:b7:24:00:20:70:8f:7d:b1:35:12:de:b9:51:53:0b:
         12:ef:58:9f:ec:af:53:ab:e1:f6:0c:70:b4:75:18:c2:98:8b:
         1e:2e:80:85:1b:5c:e2:45:a2:25:02:c2:25:06:17:fe:04:dd:
         56:1f:f6:5a:56:2b:79:b5:bc:c8:2a:28:47:c4:fa:92:c6:32:
         c9:09:1d:a4:8f:bd:e4:05:1c:be:c1:a8:df:1e:e0:a1:b0:9f:
         b7:bf:39:c4:6f:54:59:84:63:fe:79:12:cb:bf:5f:4f:d7:22:
         a7:90:b5:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3ug268yHdLT7GKFkUH1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZTFhYWUwYzkzYWQwNGI3Mjk4MDgyYjY4YmY2YTU0ZmE2
OGJjZjAwHhcNMjQwMTAyMDYzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzcxM2U0YTA1Mzg4MmU5MTI2YWQwMGI3OGFiODE4ZDJhNzNmNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyEAIcPd3cNdIzD/LqjY48xOGDeo
E37B4izwi2j2P75t9mdDC/2thhr3vsFhfwmuFOroFN2qZLCWpVPDurzn+M7QQbhR
z88dWdMCuckZQWjaqEfG6vIF0x5l60KGsrlwQgwWNQCyZvCaaANCerN4gaWcyMHr
cJIQZgH/DXLo0DX/ypdFFAGuEZNFP6OqOkF1RU21SVdtJ2ze0nVm3/rRblq0R16c
qFOKnpBgaKW8crh0Fhp21MAsoY8wfpN3JFYgWhtEsneoW/WMtrLAlx+NQQia4UE7
jP7nQFIu643lUxTOEgOGqJsS71FQm70a2FKjvlX2J3tAd0PqI9kOOJ8V9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMxxPkoFOILpEmrQC3irgY0qc/UeMB8GA1UdIwQY
MBaAFFzhquDJOtBLcpgIK2i/alT6aLzwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQt
YmExNDE4ZDIyMDg3LzEvekhFLVNnVTRndWtTYXRBTGVLdUJqU3B6OVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQtYmExNDE4ZDIyMDg3
LzEvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucRlAwQA
ucRnMA0GCSqGSIb3DQEBCwUAA4IBAQCagec5LBsQkHhyUQCQFVetehZlOr7KfxRM
VZEjcJP6+DKTeCFq8KB2lPKBCRuc/nnWmCyWoBwx9DpRVUsvKj2sxzNp0UcbdtNA
OB6EpQ2NXcDPtIIv6KoZzjfHcmWbrhff/tZidti93ROlcZOew2IXVQH+PILZ6irw
XyUecSJczDymp6Iujg4nOmoj+eKBJk//nge3JAAgcI99sTUS3rlRUwsS71if7K9T
q+H2DHC0dRjCmIseLoCFG1ziRaIlAsIlBhf+BN1WH/ZaVit5tbzIKihHxPqSxjLJ
CR2kj73kBRy+wajfHuChsJ+3vznEb1RZhGP+eRLLv19P1yKnkLXk
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:14:57 2024 by rpki-client on console-ams.rpki-client.org