Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/5UYNliX38NaeYQSBgtTYPWv1Fn4.roa
File:                     5UYNliX38NaeYQSBgtTYPWv1Fn4.roa (raw, json)
Hash identifier:          HRCa8LUbqapCV7HvlKVRj2YKl0rd0zRrN6Kjlu6b14w=
Subject key identifier:   E5:46:0D:96:25:F7:F0:D6:9E:61:04:81:82:D4:D8:3D:6B:F5:16:7E
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA9CFF9C0CE9D000ED54D277CCFB66
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/5UYNliX38NaeYQSBgtTYPWv1Fn4.roa
Signing time:             Tue 02 Jan 2024 10:31:39 +0000
ROA not before:           Tue 02 Jan 2024 10:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        94.241.172.0/24 maxlen: 24
                          94.241.173.0/24 maxlen: 24
                          94.241.174.0/24 maxlen: 24
                          94.241.175.0/24 maxlen: 24
                          178.253.22.0/24 maxlen: 24
                          178.253.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:9c:ff:9c:0c:e9:d0:00:ed:54:d2:77:cc:fb:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5460d9625f7f0d69e61048182d4d83d6bf5167e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:08:53:e6:2c:a0:24:a2:59:ef:27:d8:7e:fd:
                    3a:b8:2e:61:e9:69:7d:46:b7:98:77:16:62:25:6e:
                    d9:71:dd:a6:b8:4c:38:c2:f9:64:33:04:ad:37:fe:
                    c5:7a:45:d3:79:20:cd:80:ce:b8:4a:7d:24:d0:b7:
                    d9:cc:6c:dc:2d:eb:da:73:c7:4d:7b:b8:f3:d7:40:
                    4a:c4:19:1a:c2:9f:24:04:45:b0:5e:c8:58:12:3f:
                    5c:63:86:6d:6d:4d:20:f2:bc:75:fe:66:15:cd:9d:
                    79:7d:78:7b:ef:1b:30:44:5c:45:03:e2:93:c2:b3:
                    9a:02:b2:6c:b1:23:0e:fb:8c:0c:6a:aa:01:43:9c:
                    73:42:0f:50:11:58:4b:25:4e:01:65:41:b9:e6:78:
                    11:b4:e5:dc:3c:68:30:a8:23:b1:90:1d:f6:cf:65:
                    26:1c:8d:8c:5b:39:3b:17:1c:e1:ee:bd:ad:87:68:
                    83:78:b7:46:d0:4a:45:82:83:12:99:72:d7:51:0c:
                    7b:6d:cc:b5:e1:c7:ac:97:72:a5:c2:d5:70:fc:fa:
                    88:d9:ab:2a:a9:4a:f7:83:86:eb:83:0d:2f:7d:3e:
                    6e:87:4e:3a:a3:c4:96:1e:75:95:a9:86:04:1a:d8:
                    7e:ce:98:51:7d:88:2d:6e:db:76:15:fe:54:78:13:
                    1a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:46:0D:96:25:F7:F0:D6:9E:61:04:81:82:D4:D8:3D:6B:F5:16:7E
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/5UYNliX38NaeYQSBgtTYPWv1Fn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.241.172.0/22
                  178.253.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:a5:ce:77:2c:0d:98:7f:cd:6e:27:57:02:bf:7f:52:9b:e8:
         c8:ed:e4:bf:47:e6:55:76:a0:7f:47:9b:57:2f:3f:a9:ea:4f:
         fb:da:62:56:47:54:c0:15:5f:77:0f:98:b1:9e:2d:e1:a0:0b:
         91:b4:35:30:a8:54:6f:22:13:11:a5:8e:53:2c:d6:03:b6:b2:
         17:86:f2:64:dc:2b:62:73:01:26:c9:f4:2f:32:a0:3e:63:00:
         cf:c6:5f:4f:e1:00:1f:d0:1d:98:d6:6f:bf:41:61:4e:21:0a:
         5c:80:60:2c:4f:7a:2c:ca:d4:a8:77:0f:fc:ce:f4:5d:31:17:
         d3:68:4b:2a:6d:d1:ae:c6:9f:09:57:c2:da:c2:ad:a6:5e:cf:
         5e:4f:9f:fb:ba:85:dc:80:a6:62:db:d7:54:2d:ef:68:2f:ac:
         c8:c7:83:df:e8:4b:fc:93:93:37:0c:2a:d0:f1:8c:7f:a8:cd:
         65:f8:93:82:7d:2e:f8:e0:40:5d:41:ec:c3:40:8c:28:67:40:
         e9:67:4f:39:89:23:07:a9:0b:74:dc:66:05:54:99:aa:5f:15:
         39:d2:44:97:62:ff:41:e6:8b:49:db:e0:cd:d8:f3:bc:76:f2:
         ec:88:9f:86:a1:26:cb:dc:56:e1:98:0f:03:6a:e9:b7:2d:d0:
         83:3a:c5:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJupz/nAzp0ADtVNJ3zPtmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTQ2MGQ5NjI1ZjdmMGQ2OWU2MTA0ODE4MmQ0ZDgzZDZiZjUxNjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAhT5iygJKJZ7yfYfv06uC5h6Wl9
RreYdxZiJW7Zcd2muEw4wvlkMwStN/7FekXTeSDNgM64Sn0k0LfZzGzcLevac8dN
e7jz10BKxBkawp8kBEWwXshYEj9cY4ZtbU0g8rx1/mYVzZ15fXh77xswRFxFA+KT
wrOaArJssSMO+4wMaqoBQ5xzQg9QEVhLJU4BZUG55ngRtOXcPGgwqCOxkB32z2Um
HI2MWzk7Fxzh7r2th2iDeLdG0EpFgoMSmXLXUQx7bcy14cesl3KlwtVw/PqI2asq
qUr3g4brgw0vfT5uh046o8SWHnWVqYYEGth+zphRfYgtbtt2Ff5UeBMaLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOVGDZYl9/DWnmEEgYLU2D1r9RZ+MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvNVVZTmxpWDM4TmFlWVFTQmd0VFlQV3YxRm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXvGsAwQB
sv0WMA0GCSqGSIb3DQEBCwUAA4IBAQCLpc53LA2Yf81uJ1cCv39Sm+jI7eS/R+ZV
dqB/R5tXLz+p6k/72mJWR1TAFV93D5ixni3hoAuRtDUwqFRvIhMRpY5TLNYDtrIX
hvJk3CticwEmyfQvMqA+YwDPxl9P4QAf0B2Y1m+/QWFOIQpcgGAsT3osytSodw/8
zvRdMRfTaEsqbdGuxp8JV8Lawq2mXs9eT5/7uoXcgKZi29dULe9oL6zIx4Pf6Ev8
k5M3DCrQ8Yx/qM1l+JOCfS744EBdQezDQIwoZ0DpZ085iSMHqQt03GYFVJmqXxU5
0kSXYv9B5otJ2+DN2PO8dvLsiJ+GoSbL3FbhmA8Daum3LdCDOsV+
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:07:40 2024 by rpki-client on console-fra.rpki-client.org