Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/y-u-Q56xHVZ7YQVEAyW0fe53_Ew.roa
File:                     y-u-Q56xHVZ7YQVEAyW0fe53_Ew.roa (raw, json)
Hash identifier:          VaQxzcgPEMOcTkPHUfiyY9EF5NxnbRxfzKocMXQBf7Q=
Subject key identifier:   CB:EB:BE:43:9E:B1:1D:56:7B:61:05:44:03:25:B4:7D:EE:77:FC:4C
Certificate issuer:       /CN=efe691427c6e41806f6ceb1e218a7dc6320fdeed
Certificate serial:       018CC348BED3EF0F42CBE8E0C068817DA70C
Authority key identifier: EF:E6:91:42:7C:6E:41:80:6F:6C:EB:1E:21:8A:7D:C6:32:0F:DE:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7-aRQnxuQYBvbOseIYp9xjIP3u0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/y-u-Q56xHVZ7YQVEAyW0fe53_Ew.roa
Signing time:             Mon 01 Jan 2024 04:29:33 +0000
ROA not before:           Mon 01 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39142
IP address blocks:        195.191.240.0/24 maxlen: 24
                          195.191.240.0/23 maxlen: 23
                          195.191.241.0/24 maxlen: 24
                          2a0a:dc07::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/7-aRQnxuQYBvbOseIYp9xjIP3u0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/7-aRQnxuQYBvbOseIYp9xjIP3u0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7-aRQnxuQYBvbOseIYp9xjIP3u0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:be:d3:ef:0f:42:cb:e8:e0:c0:68:81:7d:a7:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efe691427c6e41806f6ceb1e218a7dc6320fdeed
        Validity
            Not Before: Jan  1 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbebbe439eb11d567b6105440325b47dee77fc4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c3:0a:c8:a5:cb:1f:65:d9:a6:7c:ca:0c:5c:
                    8e:c9:49:03:d3:56:b6:e1:74:6b:69:c9:0d:71:33:
                    71:18:31:60:65:40:87:4c:f0:e8:47:22:4f:1b:a8:
                    3b:35:ba:8a:b9:4b:34:7d:1b:3c:01:14:9c:f5:d2:
                    e1:95:52:37:0d:ac:38:a7:c3:cc:1a:e1:9f:ca:63:
                    88:92:5c:b2:1c:b0:fa:54:9b:c9:4e:ec:48:3e:c4:
                    fc:2b:af:90:55:a9:32:9d:79:c9:ef:bb:c3:3a:ff:
                    f4:56:a7:89:be:05:c0:6b:81:ed:9b:7e:c0:17:51:
                    0a:61:24:30:14:30:a5:1b:9e:1a:2c:ec:2e:ff:b3:
                    e3:2e:6f:ea:90:0a:e4:10:7c:d2:a9:00:07:2e:88:
                    81:44:6b:82:61:fd:a9:af:bf:dd:56:0f:9d:f5:37:
                    02:c3:16:90:63:8e:d7:da:cd:34:08:fa:08:18:5e:
                    8d:ca:6b:0a:b0:aa:61:56:5d:02:76:32:57:ed:d2:
                    f2:06:c6:e7:5e:e2:22:da:0e:b4:fe:c5:8d:46:d0:
                    1b:28:e8:b5:b9:39:e7:99:d9:cf:6e:1c:63:47:3d:
                    66:40:7d:5f:59:54:51:b5:13:5d:a5:82:3c:58:6a:
                    23:db:ad:29:70:c2:34:d8:1d:20:6d:d9:fd:58:3f:
                    9d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:EB:BE:43:9E:B1:1D:56:7B:61:05:44:03:25:B4:7D:EE:77:FC:4C
            X509v3 Authority Key Identifier:
                keyid:EF:E6:91:42:7C:6E:41:80:6F:6C:EB:1E:21:8A:7D:C6:32:0F:DE:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7-aRQnxuQYBvbOseIYp9xjIP3u0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/y-u-Q56xHVZ7YQVEAyW0fe53_Ew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/7-aRQnxuQYBvbOseIYp9xjIP3u0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.240.0/23
                IPv6:
                  2a0a:dc07::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:5e:f7:03:96:24:a6:ef:28:73:70:09:1e:1f:f6:53:a1:77:
         66:03:22:7c:97:4a:e9:a7:e2:60:b0:15:fa:c0:74:7e:76:34:
         cb:45:9b:12:42:5f:0d:4e:43:7b:e2:9a:79:8a:1e:93:d1:79:
         66:25:18:43:26:8d:9b:24:2c:7e:27:92:8d:66:a3:dd:27:8f:
         55:b2:2b:eb:33:e2:d1:ee:11:65:e8:06:5c:15:52:ca:d3:c6:
         49:bf:f4:0c:f9:65:d7:a2:a4:88:95:c4:2b:d8:01:2a:59:7a:
         c5:6f:f5:79:59:df:e1:12:6f:0f:81:94:ce:ce:a9:12:40:b8:
         8c:a1:52:b3:42:5a:8a:e4:1f:3b:1f:0f:11:d3:b5:61:f7:01:
         88:c3:73:5d:07:77:27:33:ad:4e:82:53:fa:33:b5:63:e5:66:
         7a:6b:4b:5f:25:7b:e1:f2:e5:1f:16:0c:cf:73:02:13:59:62:
         e9:ce:ff:df:a9:b2:46:19:30:dc:aa:4a:93:e1:68:76:26:64:
         41:37:c0:68:ab:5e:52:9e:30:6c:08:44:67:b0:c0:cf:53:eb:
         9e:fe:77:09:24:21:b3:ac:c1:93:53:c7:b2:f7:11:a7:e1:98:
         2b:12:1d:74:cb:ca:aa:45:7c:cd:cc:37:91:42:03:9b:e6:d6:
         72:66:19:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSL7T7w9Cy+jgwGiBfacMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZTY5MTQyN2M2ZTQxODA2ZjZjZWIxZTIxOGE3ZGM2MzIw
ZmRlZWQwHhcNMjQwMTAxMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmViYmU0MzllYjExZDU2N2I2MTA1NDQwMzI1YjQ3ZGVlNzdmYzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcMKyKXLH2XZpnzKDFyOyUkD01a2
4XRrackNcTNxGDFgZUCHTPDoRyJPG6g7NbqKuUs0fRs8ARSc9dLhlVI3Daw4p8PM
GuGfymOIklyyHLD6VJvJTuxIPsT8K6+QVakynXnJ77vDOv/0VqeJvgXAa4Htm37A
F1EKYSQwFDClG54aLOwu/7PjLm/qkArkEHzSqQAHLoiBRGuCYf2pr7/dVg+d9TcC
wxaQY47X2s00CPoIGF6NymsKsKphVl0CdjJX7dLyBsbnXuIi2g60/sWNRtAbKOi1
uTnnmdnPbhxjRz1mQH1fWVRRtRNdpYI8WGoj260pcMI02B0gbdn9WD+dhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMvrvkOesR1We2EFRAMltH3ud/xMMB8GA1UdIwQY
MBaAFO/mkUJ8bkGAb2zrHiGKfcYyD97tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNy1hUlFueHVRWUJ2Yk9zZUlZcDl4aklQM3UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wNTk5NzUtZWY5MC00MjFiLThhZjMt
MzgxNGM1N2ZlOWJiLzEveS11LVE1NnhIVlo3WVFWRUF5VzBmZTUzX0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wNTk5NzUtZWY5MC00MjFiLThhZjMtMzgxNGM1N2ZlOWJi
LzEvNy1hUlFueHVRWUJ2Yk9zZUlZcDl4aklQM3UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBw7/wMA0E
AgACMAcDBQAqCtwHMA0GCSqGSIb3DQEBCwUAA4IBAQCPXvcDliSm7yhzcAkeH/ZT
oXdmAyJ8l0rpp+JgsBX6wHR+djTLRZsSQl8NTkN74pp5ih6T0XlmJRhDJo2bJCx+
J5KNZqPdJ49VsivrM+LR7hFl6AZcFVLK08ZJv/QM+WXXoqSIlcQr2AEqWXrFb/V5
Wd/hEm8PgZTOzqkSQLiMoVKzQlqK5B87Hw8R07Vh9wGIw3NdB3cnM61OglP6M7Vj
5WZ6a0tfJXvh8uUfFgzPcwITWWLpzv/fqbJGGTDcqkqT4Wh2JmRBN8Boq15SnjBs
CERnsMDPU+ue/ncJJCGzrMGTU8ey9xGn4ZgrEh10y8qqRXzNzDeRQgOb5tZyZhlD
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:12:04 2024 by rpki-client on console-fra.rpki-client.org