Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/y1uCwd4PZkfNkTE0rihiPC6pPm0.roa
File:                     y1uCwd4PZkfNkTE0rihiPC6pPm0.roa (raw, json)
Hash identifier:          tRwkDCFz9DprmXrK22bmikK/aKMLD7Ig//iRsLlAJPA=
Subject key identifier:   CB:5B:82:C1:DE:0F:66:47:CD:91:31:34:AE:28:62:3C:2E:A9:3E:6D
Certificate issuer:       /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial:       0192C2A1ADF1C9938BBDFDA3B2EE2AF89F31
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/y1uCwd4PZkfNkTE0rihiPC6pPm0.roa
Signing time:             Fri 25 Oct 2024 07:43:48 +0000
ROA not before:           Fri 25 Oct 2024 07:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212988
IP address blocks:        185.232.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 13:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c2:a1:ad:f1:c9:93:8b:bd:fd:a3:b2:ee:2a:f8:9f:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
        Validity
            Not Before: Oct 25 07:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb5b82c1de0f6647cd913134ae28623c2ea93e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:29:75:06:69:33:e9:0d:0f:6f:a0:17:73:39:
                    92:16:cd:43:0b:86:e8:ae:6f:ab:c5:a6:e3:04:b3:
                    f9:30:14:dd:2d:0f:de:f3:ab:bc:29:c7:e4:83:cb:
                    36:cd:53:f5:6b:b9:e7:75:f2:52:c6:ac:f5:61:84:
                    e2:50:93:b1:e3:f9:b3:f4:14:9d:ea:d4:e6:75:a7:
                    4a:a5:bb:d7:2a:4e:2d:65:54:7d:b2:bb:3a:4b:04:
                    b7:48:ec:7d:64:10:07:31:3d:1b:51:0e:e3:16:fb:
                    a5:c9:05:f1:5b:13:c4:06:b6:18:79:16:8f:a3:8d:
                    46:90:88:96:0a:d7:b0:e7:5b:12:68:27:68:1c:dd:
                    c6:95:77:55:5c:20:ef:cc:83:91:88:46:83:db:c0:
                    b1:91:e8:cc:f0:df:d0:7d:97:f8:56:6a:67:17:2f:
                    02:b7:2c:76:ee:93:ba:8a:c2:8e:8b:45:6d:04:03:
                    cd:93:6a:aa:11:21:d1:29:78:ee:ff:09:ce:66:de:
                    44:96:43:ea:12:3f:e3:5e:57:2d:e0:e6:70:7e:80:
                    b5:95:17:37:76:59:8b:9f:81:53:e0:ef:e0:49:e8:
                    04:e6:23:fb:c8:00:90:48:d8:5e:b3:6c:a2:6f:cc:
                    dc:7e:76:24:b5:e8:d4:1d:86:db:7e:37:2d:8a:92:
                    53:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:5B:82:C1:DE:0F:66:47:CD:91:31:34:AE:28:62:3C:2E:A9:3E:6D
            X509v3 Authority Key Identifier:
                keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/y1uCwd4PZkfNkTE0rihiPC6pPm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:8e:62:33:37:cd:f6:38:4b:b2:5f:ab:32:ce:16:94:45:f1:
         c9:38:91:ed:57:38:0e:19:9e:e8:9f:cf:14:bb:2b:61:47:e2:
         04:50:f8:59:c4:0b:b6:a3:c6:09:25:d6:66:f5:0a:64:27:a0:
         a0:d4:06:72:9f:ef:3e:2d:eb:d0:a7:5d:10:a6:c5:7e:08:7b:
         5f:d9:64:47:b6:6d:db:de:08:91:c1:fd:10:38:07:14:07:4a:
         27:cd:64:f0:8f:ad:b6:92:de:ea:d8:a0:02:4d:80:7b:13:61:
         f2:1d:48:f2:fc:02:85:1a:8d:b6:a3:bf:fa:dc:f5:f2:58:d1:
         03:bd:1f:2e:a5:ef:7b:02:b4:f1:23:a2:bc:3d:43:3c:9f:4b:
         20:a4:ca:f8:55:22:21:9a:2e:fe:d3:dc:b1:46:2e:6f:d0:29:
         e4:b8:95:b1:29:f7:a0:e9:11:98:56:77:6d:38:dc:14:d8:2c:
         5a:02:8d:f4:1c:9c:12:15:65:ee:ab:18:f1:da:5b:b5:33:6c:
         6c:29:16:12:e6:b4:12:76:a1:e7:72:d9:e6:32:ad:61:69:af:
         e7:51:77:f8:9c:8f:3d:3b:c4:15:e5:0f:6e:fd:7e:ca:03:2f:
         56:69:d9:2f:c4:d5:56:cc:17:05:82:61:ba:5a:e6:a7:51:33:
         06:de:37:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLCoa3xyZOLvf2jsu4q+J8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjQxMDI1MDc0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjViODJjMWRlMGY2NjQ3Y2Q5MTMxMzRhZTI4NjIzYzJlYTkzZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Cl1Bmkz6Q0Pb6AXczmSFs1DC4bo
rm+rxabjBLP5MBTdLQ/e86u8Kcfkg8s2zVP1a7nndfJSxqz1YYTiUJOx4/mz9BSd
6tTmdadKpbvXKk4tZVR9srs6SwS3SOx9ZBAHMT0bUQ7jFvulyQXxWxPEBrYYeRaP
o41GkIiWCtew51sSaCdoHN3GlXdVXCDvzIORiEaD28CxkejM8N/QfZf4VmpnFy8C
tyx27pO6isKOi0VtBAPNk2qqESHRKXju/wnOZt5ElkPqEj/jXlct4OZwfoC1lRc3
dlmLn4FT4O/gSegE5iP7yACQSNhes2yib8zcfnYktejUHYbbfjctipJTxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtbgsHeD2ZHzZExNK4oYjwuqT5tMB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEveTF1Q3dkNFBaa2ZOa1RFMHJpaGlQQzZwUG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueiFMA0G
CSqGSIb3DQEBCwUAA4IBAQCajmIzN832OEuyX6syzhaURfHJOJHtVzgOGZ7on88U
uythR+IEUPhZxAu2o8YJJdZm9QpkJ6Cg1AZyn+8+LevQp10QpsV+CHtf2WRHtm3b
3giRwf0QOAcUB0onzWTwj622kt7q2KACTYB7E2HyHUjy/AKFGo22o7/63PXyWNED
vR8upe97ArTxI6K8PUM8n0sgpMr4VSIhmi7+09yxRi5v0CnkuJWxKfeg6RGYVndt
ONwU2CxaAo30HJwSFWXuqxjx2lu1M2xsKRYS5rQSdqHnctnmMq1haa/nUXf4nI89
O8QV5Q9u/X7KAy9WadkvxNVWzBcFgmG6WuanUTMG3jcR
-----END CERTIFICATE-----
Generated at Sat Nov 23 19:15:34 2024 by rpki-client on console-fra.rpki-client.org