Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/0e41a6-d845-4da1-8b34-48fb00fc97b6/1/SVJ-kHrpHJj-4FjjeM2s2uG2Hn4.roa
File:                     SVJ-kHrpHJj-4FjjeM2s2uG2Hn4.roa (raw, json)
Hash identifier:          +UtG00QwKjROB3k1GMys/+R/4iZQ0w47BFdGQgPejd0=
Subject key identifier:   49:52:7E:90:7A:E9:1C:98:FE:E0:58:E3:78:CD:AC:DA:E1:B6:1E:7E
Certificate issuer:       /CN=3c87feb4ab9a57765fc0a664572c35032e866ad4
Certificate serial:       01918E9AE962F751510F7CEA89B7378E5300
Authority key identifier: 3C:87:FE:B4:AB:9A:57:76:5F:C0:A6:64:57:2C:35:03:2E:86:6A:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PIf-tKuaV3ZfwKZkVyw1Ay6GatQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/0e41a6-d845-4da1-8b34-48fb00fc97b6/1/SVJ-kHrpHJj-4FjjeM2s2uG2Hn4.roa
Signing time:             Mon 26 Aug 2024 12:13:22 +0000
ROA not before:           Mon 26 Aug 2024 12:13:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39257
IP address blocks:        185.146.48.0/22 maxlen: 22
                          185.191.216.0/22 maxlen: 22
                          185.221.148.0/22 maxlen: 22
                          2a0a:2040::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/0e41a6-d845-4da1-8b34-48fb00fc97b6/1/PIf-tKuaV3ZfwKZkVyw1Ay6GatQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/0e41a6-d845-4da1-8b34-48fb00fc97b6/1/PIf-tKuaV3ZfwKZkVyw1Ay6GatQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PIf-tKuaV3ZfwKZkVyw1Ay6GatQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:9a:e9:62:f7:51:51:0f:7c:ea:89:b7:37:8e:53:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c87feb4ab9a57765fc0a664572c35032e866ad4
        Validity
            Not Before: Aug 26 12:13:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49527e907ae91c98fee058e378cdacdae1b61e7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e3:4a:03:06:83:34:87:54:a4:3e:82:fa:8f:
                    87:75:15:27:5e:4d:44:ad:7d:85:54:58:d6:f9:57:
                    8e:ee:78:49:72:10:70:63:ec:11:12:46:77:6e:fb:
                    ec:91:10:e4:4f:71:b8:eb:36:03:a2:bf:cd:c8:24:
                    d0:dd:5f:2a:9b:d5:e0:eb:dc:9e:ad:67:3f:65:06:
                    a7:03:81:c3:bd:42:e9:2e:29:94:9e:bf:b5:61:31:
                    6f:aa:b1:4d:54:8c:a9:c9:50:c9:3b:36:47:b9:55:
                    43:51:ac:be:1c:cf:ab:42:53:b0:d9:49:ba:18:ef:
                    5a:f3:6f:be:e2:5f:14:4f:64:93:aa:88:f5:1e:19:
                    34:b2:a2:1b:d5:56:cc:49:70:91:f5:91:5a:e6:6f:
                    dd:5e:27:8d:92:a2:2e:ac:07:61:bb:c1:63:ca:cf:
                    84:2f:2c:98:51:38:5f:24:44:fe:d8:f1:2e:f3:bc:
                    f4:77:1a:13:02:49:0c:86:b7:0f:1a:1e:cc:62:ba:
                    fd:9f:51:56:e4:eb:a6:e9:62:04:20:0f:c2:53:2d:
                    48:83:0b:ef:6f:67:bb:a4:23:1f:2b:30:1f:5b:90:
                    11:2b:cf:70:e6:58:ca:ed:88:53:e1:1d:aa:5e:13:
                    4a:a2:ce:fd:0c:7d:6b:bc:ba:cc:48:81:9c:e6:87:
                    d7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:52:7E:90:7A:E9:1C:98:FE:E0:58:E3:78:CD:AC:DA:E1:B6:1E:7E
            X509v3 Authority Key Identifier:
                keyid:3C:87:FE:B4:AB:9A:57:76:5F:C0:A6:64:57:2C:35:03:2E:86:6A:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PIf-tKuaV3ZfwKZkVyw1Ay6GatQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/0e41a6-d845-4da1-8b34-48fb00fc97b6/1/SVJ-kHrpHJj-4FjjeM2s2uG2Hn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/0e41a6-d845-4da1-8b34-48fb00fc97b6/1/PIf-tKuaV3ZfwKZkVyw1Ay6GatQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.48.0/22
                  185.191.216.0/22
                  185.221.148.0/22
                IPv6:
                  2a0a:2040::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:78:ad:29:31:61:31:a4:bb:e5:98:1c:58:0a:b0:12:e8:bf:
         bb:8e:07:16:12:78:78:43:b9:27:94:40:7b:8b:25:9c:20:0b:
         42:92:f6:68:99:4c:27:68:19:59:c5:71:58:5d:4b:fe:88:5c:
         bf:4c:1c:a7:de:91:bc:f8:72:08:a7:f6:58:4d:9e:a2:6d:77:
         22:5e:4e:71:66:1a:05:73:74:c4:b9:86:97:5f:7b:28:f5:8f:
         88:95:d4:fb:3f:76:86:18:c5:c2:8d:9d:d6:28:74:a5:bf:4c:
         6f:88:b8:76:23:0f:9a:b3:be:85:58:95:09:ce:b4:87:6b:a5:
         5c:0a:32:ef:66:59:56:74:2f:24:cd:6f:6f:6b:2c:0d:aa:3d:
         25:fd:5f:4f:87:84:69:8e:a3:e0:18:53:de:ea:0d:89:68:da:
         c0:57:d9:89:57:5b:ac:9a:c6:99:c6:d8:bd:25:60:72:3f:c4:
         b9:37:91:9d:b6:ce:2a:b9:72:f2:bd:79:6e:38:f0:f1:77:56:
         64:b2:2f:51:9b:87:c7:fe:3b:ee:a0:74:99:2c:50:23:24:d4:
         0c:7b:77:ff:7a:7e:3b:62:92:37:57:89:e7:e1:29:78:26:c4:
         3a:2c:44:d6:16:f8:e8:ff:22:3b:f7:71:83:b1:17:a6:4a:30:
         f6:fa:d6:ab
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZGOmuli91FRD3zqibc3jlMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjODdmZWI0YWI5YTU3NzY1ZmMwYTY2NDU3MmMzNTAzMmU4
NjZhZDQwHhcNMjQwODI2MTIxMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTUyN2U5MDdhZTkxYzk4ZmVlMDU4ZTM3OGNkYWNkYWUxYjYxZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+NKAwaDNIdUpD6C+o+HdRUnXk1E
rX2FVFjW+VeO7nhJchBwY+wREkZ3bvvskRDkT3G46zYDor/NyCTQ3V8qm9Xg69ye
rWc/ZQanA4HDvULpLimUnr+1YTFvqrFNVIypyVDJOzZHuVVDUay+HM+rQlOw2Um6
GO9a82++4l8UT2STqoj1Hhk0sqIb1VbMSXCR9ZFa5m/dXieNkqIurAdhu8Fjys+E
LyyYUThfJET+2PEu87z0dxoTAkkMhrcPGh7MYrr9n1FW5Oum6WIEIA/CUy1Igwvv
b2e7pCMfKzAfW5ARK89w5ljK7YhT4R2qXhNKos79DH1rvLrMSIGc5ofXBQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFElSfpB66RyY/uBY43jNrNrhth5+MB8GA1UdIwQY
MBaAFDyH/rSrmld2X8CmZFcsNQMuhmrUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUElmLXRLdWFWM1pmd0taa1Z5dzFBeTZHYXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8wZTQxYTYtZDg0NS00ZGExLThiMzQt
NDhmYjAwZmM5N2I2LzEvU1ZKLWtIcnBISmotNEZqamVNMnMydUcySG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8wZTQxYTYtZDg0NS00ZGExLThiMzQtNDhmYjAwZmM5N2I2
LzEvUElmLXRLdWFWM1pmd0taa1Z5dzFBeTZHYXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuZIwAwQC
ub/YAwQCud2UMA0EAgACMAcDBQAqCiBAMA0GCSqGSIb3DQEBCwUAA4IBAQCBeK0p
MWExpLvlmBxYCrAS6L+7jgcWEnh4Q7knlEB7iyWcIAtCkvZomUwnaBlZxXFYXUv+
iFy/TByn3pG8+HIIp/ZYTZ6ibXciXk5xZhoFc3TEuYaXX3so9Y+IldT7P3aGGMXC
jZ3WKHSlv0xviLh2Iw+as76FWJUJzrSHa6VcCjLvZllWdC8kzW9vaywNqj0l/V9P
h4RpjqPgGFPe6g2JaNrAV9mJV1usmsaZxti9JWByP8S5N5Gdts4quXLyvXluOPDx
d1Zksi9Rm4fH/jvuoHSZLFAjJNQMe3f/en47YpI3V4nn4Sl4JsQ6LETWFvjo/yI7
93GDsRemSjD2+tar
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:54:32 2024 by rpki-client on console-ams.rpki-client.org