Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/1-bnIjhaSQ7E1q7jxc6bxA-QJIg0.roa
File:                     1-bnIjhaSQ7E1q7jxc6bxA-QJIg0.roa (raw, json)
Hash identifier:          CmkxEJqXfv/lXNyw9ylACyJrOR1mG09OzcXUlESsIaM=
Subject key identifier:   F9:B9:C8:8E:16:92:43:B1:35:AB:B8:F1:73:A6:F1:03:E4:09:22:0D
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018CC4924C8CDF57AA88A8A7F32B7F0280DC
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/1-bnIjhaSQ7E1q7jxc6bxA-QJIg0.roa
Signing time:             Mon 01 Jan 2024 10:29:31 +0000
ROA not before:           Mon 01 Jan 2024 10:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39396
IP address blocks:        212.21.129.0/24 maxlen: 24
                          212.21.133.0/24 maxlen: 24
                          212.21.159.0/24 maxlen: 24
                          2a00:e200:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:4c:8c:df:57:aa:88:a8:a7:f3:2b:7f:02:80:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 10:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9b9c88e169243b135abb8f173a6f103e409220d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:e3:01:96:83:1c:fa:73:83:49:21:8a:2c:b8:
                    f5:c0:16:ce:5c:fa:19:e7:29:10:b2:c5:52:98:24:
                    4e:7b:94:28:27:60:f8:0b:a9:6a:62:9a:60:dd:87:
                    ce:b4:10:4d:eb:33:53:ed:c8:3b:c3:c8:89:7c:0d:
                    6c:d9:bd:ba:1e:de:6b:f3:11:db:fd:3e:8e:21:d6:
                    c6:46:49:8f:3d:f2:12:d2:83:19:6e:79:71:a1:7b:
                    95:c7:1c:c1:48:00:4a:24:e5:16:ac:c9:e6:6f:cd:
                    55:9d:f3:27:0c:ad:bb:e4:bb:58:62:81:cd:af:1f:
                    8b:31:09:62:72:e9:f3:e1:4b:14:9e:94:46:5c:dd:
                    1b:e0:d8:15:c3:0c:aa:23:c8:b9:c6:e4:a6:98:6a:
                    b4:d6:fe:4f:dd:c3:ad:7c:86:c3:38:66:cf:41:e6:
                    30:33:a5:c4:6f:fd:cc:fa:60:b5:1e:ad:8f:0f:14:
                    1f:b7:d5:40:30:a1:f6:ca:50:1e:11:08:83:4d:b6:
                    e1:22:c3:2c:75:bb:e8:61:04:de:5b:d3:d7:c3:05:
                    9e:3b:d3:4c:74:b2:82:3a:1d:5c:cc:6f:68:ad:28:
                    e2:b2:93:1e:95:7c:ee:b3:c6:0e:c8:4f:14:bd:88:
                    a6:96:40:80:e8:1a:44:38:d5:65:3f:92:f8:b5:c1:
                    27:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:B9:C8:8E:16:92:43:B1:35:AB:B8:F1:73:A6:F1:03:E4:09:22:0D
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/1-bnIjhaSQ7E1q7jxc6bxA-QJIg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.21.129.0/24
                  212.21.133.0/24
                  212.21.159.0/24
                IPv6:
                  2a00:e200:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:ab:12:d8:a4:9c:25:5a:9d:6d:bb:1f:8a:bd:22:f0:2c:48:
         83:04:85:ee:8d:38:6d:0f:b0:66:ee:7d:25:43:b5:8e:f4:07:
         52:06:86:21:df:06:84:fe:9c:12:e0:90:e2:c0:95:58:cc:46:
         8f:23:23:23:e3:61:47:50:ed:fe:34:0b:97:25:ff:c5:46:6c:
         45:bf:7b:d0:bc:be:29:25:5c:1b:42:7c:b3:9a:d8:fe:a0:d1:
         21:7f:12:5f:20:ed:91:16:6c:cf:76:4f:95:d2:4b:d9:37:31:
         9d:61:8d:4e:dd:77:15:3a:30:23:4d:cf:8e:30:a4:ed:3b:82:
         e9:cf:3b:d5:8e:a9:32:1d:19:44:bb:38:ae:88:19:76:d0:1b:
         3d:ee:36:c4:e7:21:ef:45:ca:b3:d2:29:df:33:25:48:f7:6a:
         dd:d9:ad:13:6f:e9:1f:da:2f:fa:45:32:9b:6f:79:ba:21:51:
         1d:a7:e4:36:84:49:3f:48:5a:9c:c8:b2:be:16:6c:f2:34:19:
         d0:42:8d:9d:96:65:fd:25:ac:a2:41:e2:68:77:04:32:ee:c1:
         c7:ff:91:b0:69:33:6b:ea:ea:51:52:3b:f3:d0:0d:aa:3b:f3:
         6c:ca:f5:24:ec:83:2b:2b:7c:33:4a:1b:2f:bc:b3:44:db:38:
         10:11:2b:42
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzEkkyM31eqiKin8yt/AoDcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwMTAxMTAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWI5Yzg4ZTE2OTI0M2IxMzVhYmI4ZjE3M2E2ZjEwM2U0MDkyMjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OMBloMc+nODSSGKLLj1wBbOXPoZ
5ykQssVSmCROe5QoJ2D4C6lqYppg3YfOtBBN6zNT7cg7w8iJfA1s2b26Ht5r8xHb
/T6OIdbGRkmPPfIS0oMZbnlxoXuVxxzBSABKJOUWrMnmb81VnfMnDK275LtYYoHN
rx+LMQlicunz4UsUnpRGXN0b4NgVwwyqI8i5xuSmmGq01v5P3cOtfIbDOGbPQeYw
M6XEb/3M+mC1Hq2PDxQft9VAMKH2ylAeEQiDTbbhIsMsdbvoYQTeW9PXwwWeO9NM
dLKCOh1czG9orSjispMelXzus8YOyE8UvYimlkCA6BpEONVlP5L4tcEnSwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPm5yI4WkkOxNau48XOm8QPkCSINMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvMS1ibklqaGFTUTdFMXE3anhjNmJ4QS1RSklnMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTUvMzcyYjg3LTk1ZjQtNGM5OC1hNmY0LTRhNmY4NjgzMjY1
Yy8xLzYteVFNTWNLUFVHUzFad28zTWpWUjJsRFFMTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA8BggrBgEFBQcBBwEB/wQtMCswGAQCAAEwEgMEANQVgQME
ANQVhQMEANQVnzAPBAIAAjAJAwcAKgDiAAEAMA0GCSqGSIb3DQEBCwUAA4IBAQBC
qxLYpJwlWp1tux+KvSLwLEiDBIXujThtD7Bm7n0lQ7WO9AdSBoYh3waE/pwS4JDi
wJVYzEaPIyMj42FHUO3+NAuXJf/FRmxFv3vQvL4pJVwbQnyzmtj+oNEhfxJfIO2R
FmzPdk+V0kvZNzGdYY1O3XcVOjAjTc+OMKTtO4LpzzvVjqkyHRlEuziuiBl20Bs9
7jbE5yHvRcqz0infMyVI92rd2a0Tb+kf2i/6RTKbb3m6IVEdp+Q2hEk/SFqcyLK+
FmzyNBnQQo2dlmX9JayiQeJodwQy7sHH/5GwaTNr6upRUjvz0A2qO/NsyvUk7IMr
K3wzShsvvLNE2zgQEStC
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:54:37 2024 by rpki-client on console-ams.rpki-client.org