Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/EeWK_sCCzObPcbaQJpperCbNBvc.roa
File:                     EeWK_sCCzObPcbaQJpperCbNBvc.roa (raw, json)
Hash identifier:          1rrJuLL9jsuBECSPquPoYh4f/fdZ3Sh0QIiImIzHUas=
Subject key identifier:   11:E5:8A:FE:C0:82:CC:E6:CF:71:B6:90:26:9A:5E:AC:26:CD:06:F7
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC3E4A7CAE24B1A7A5AC97AF52E875
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/EeWK_sCCzObPcbaQJpperCbNBvc.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3200
IP address blocks:        195.209.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3e:4a:7c:ae:24:b1:a7:a5:ac:97:af:52:e8:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11e58afec082cce6cf71b690269a5eac26cd06f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:4c:3f:f2:1c:0f:90:c1:ee:9f:16:4c:81:86:
                    1c:89:60:c1:ad:6a:c6:1e:fe:97:17:0d:66:4e:4e:
                    dc:c1:21:85:58:63:30:64:ce:96:93:4e:5a:97:0c:
                    44:ca:a7:ab:0b:45:cd:a7:23:de:19:88:45:f6:51:
                    08:7f:a6:f9:de:13:cc:c6:e0:56:a7:45:36:bd:7a:
                    1c:ca:a3:96:c9:7f:3d:1e:84:49:57:29:7e:45:22:
                    6f:68:b3:c9:c1:f0:0e:39:5e:64:41:2f:71:36:d4:
                    67:a1:32:5e:1b:99:97:12:c5:fd:cb:6a:b0:8f:d7:
                    26:79:5b:83:66:70:fb:ed:a7:f6:12:82:ff:56:a3:
                    12:72:92:2f:e3:93:b2:c9:03:ae:21:8d:a5:1c:2d:
                    54:61:8b:4d:04:4d:ab:ce:09:f2:20:45:fc:d2:c4:
                    6e:6d:d7:7c:2a:d6:ea:b6:cd:e4:69:2e:2f:22:c2:
                    88:8a:e3:1c:27:d4:e1:0e:4b:80:84:19:f4:31:83:
                    c8:2a:4e:08:e6:15:48:d3:ab:20:eb:73:07:26:4a:
                    a2:09:03:69:66:99:2c:08:ce:4d:23:7d:1b:ba:d7:
                    f5:ee:8e:bd:a3:3c:24:40:5c:c3:5d:13:be:e7:38:
                    82:b2:8d:1e:7e:53:c2:87:43:d2:6f:2a:a1:98:ab:
                    d7:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:E5:8A:FE:C0:82:CC:E6:CF:71:B6:90:26:9A:5E:AC:26:CD:06:F7
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/EeWK_sCCzObPcbaQJpperCbNBvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.209.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:1a:95:09:bb:d9:16:88:a4:05:11:15:4b:a6:f0:b5:23:e0:
         c8:ad:b5:d0:ef:2e:11:81:a1:ed:ce:fe:73:ec:61:5c:ab:e3:
         85:a4:9e:34:e9:29:d1:fd:c5:3a:3c:5b:31:df:f4:50:94:f7:
         ad:4b:fd:46:19:72:f3:3f:bb:77:ae:86:c5:f6:2b:ab:d6:e1:
         12:20:bc:8c:13:26:5a:ab:c0:25:0c:06:86:d9:12:64:63:98:
         a0:d0:c1:5b:f9:4f:fe:50:7a:fd:25:5b:f7:28:0b:87:45:42:
         f4:52:5b:2a:71:f6:6a:a4:00:dc:2f:e1:12:0d:3e:86:83:7a:
         24:2e:9a:c2:8f:76:dc:9e:ac:2c:0a:f4:f7:11:5c:d2:c5:78:
         59:38:9d:33:59:fe:b4:cb:c3:24:38:2f:b5:5d:3d:ef:13:2e:
         1e:cd:8a:17:ec:dd:2e:99:24:ed:b5:fe:b8:a2:8c:b5:4d:88:
         8c:51:16:68:71:05:c9:ca:fb:c0:39:c0:ab:6e:ee:c8:44:48:
         b5:9d:0b:17:01:19:8c:8d:b4:7e:43:9f:4d:d5:0c:53:af:4e:
         10:84:e1:cb:29:10:48:b2:b3:fd:49:03:2f:70:6a:ff:65:54:
         f4:5b:35:d0:0e:4b:aa:b1:62:b5:94:a9:8a:4a:90:47:54:d4:
         41:99:d9:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3D5KfK4ksaelrJevUuh1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWU1OGFmZWMwODJjY2U2Y2Y3MWI2OTAyNjlhNWVhYzI2Y2QwNmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0w/8hwPkMHunxZMgYYciWDBrWrG
Hv6XFw1mTk7cwSGFWGMwZM6Wk05alwxEyqerC0XNpyPeGYhF9lEIf6b53hPMxuBW
p0U2vXocyqOWyX89HoRJVyl+RSJvaLPJwfAOOV5kQS9xNtRnoTJeG5mXEsX9y2qw
j9cmeVuDZnD77af2EoL/VqMScpIv45OyyQOuIY2lHC1UYYtNBE2rzgnyIEX80sRu
bdd8Ktbqts3kaS4vIsKIiuMcJ9ThDkuAhBn0MYPIKk4I5hVI06sg63MHJkqiCQNp
ZpksCM5NI30butf17o69ozwkQFzDXRO+5ziCso0eflPCh0PSbyqhmKvX7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHliv7Agszmz3G2kCaaXqwmzQb3MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvRWVXS19zQ0N6T2JQY2JhUUpwcGVyQ2JOQnZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9GKMA0G
CSqGSIb3DQEBCwUAA4IBAQCtGpUJu9kWiKQFERVLpvC1I+DIrbXQ7y4RgaHtzv5z
7GFcq+OFpJ406SnR/cU6PFsx3/RQlPetS/1GGXLzP7t3robF9iur1uESILyMEyZa
q8AlDAaG2RJkY5ig0MFb+U/+UHr9JVv3KAuHRUL0UlsqcfZqpADcL+ESDT6Gg3ok
LprCj3bcnqwsCvT3EVzSxXhZOJ0zWf60y8MkOC+1XT3vEy4ezYoX7N0umSTttf64
ooy1TYiMURZocQXJyvvAOcCrbu7IREi1nQsXARmMjbR+Q59N1QxTr04QhOHLKRBI
srP9SQMvcGr/ZVT0WzXQDkuqsWK1lKmKSpBHVNRBmdkc
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:26:34 2024 by rpki-client on console-fra.rpki-client.org