Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/_Nq2qKBOpf_4kBrga5fPyO1nD9Y.roa
File:                     _Nq2qKBOpf_4kBrga5fPyO1nD9Y.roa (raw, json)
Hash identifier:          gCxJb7CZZFfPwOyK2kRkK2PJ5UQ0Bi3tlx9tULheFb8=
Subject key identifier:   FC:DA:B6:A8:A0:4E:A5:FF:F8:90:1A:E0:6B:97:CF:C8:ED:67:0F:D6
Certificate issuer:       /CN=4801a5b816158f07a8ca8acb37e97e2f20b06911
Certificate serial:       018F2E51C87AADE7259C5EA00506C6AB979C
Authority key identifier: 48:01:A5:B8:16:15:8F:07:A8:CA:8A:CB:37:E9:7E:2F:20:B0:69:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAGluBYVjweoyorLN-l-LyCwaRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/_Nq2qKBOpf_4kBrga5fPyO1nD9Y.roa
Signing time:             Tue 30 Apr 2024 09:24:22 +0000
ROA not before:           Tue 30 Apr 2024 09:24:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16235
IP address blocks:        109.95.63.0/24 maxlen: 24
                          185.186.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/SAGluBYVjweoyorLN-l-LyCwaRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/SAGluBYVjweoyorLN-l-LyCwaRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAGluBYVjweoyorLN-l-LyCwaRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:51:c8:7a:ad:e7:25:9c:5e:a0:05:06:c6:ab:97:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4801a5b816158f07a8ca8acb37e97e2f20b06911
        Validity
            Not Before: Apr 30 09:24:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcdab6a8a04ea5fff8901ae06b97cfc8ed670fd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:61:da:39:4f:63:bc:cd:ab:15:9c:1f:6b:b5:
                    cd:9a:fe:45:7c:96:c6:38:dc:f0:7c:a8:64:95:7b:
                    03:02:6f:a5:e1:ec:df:ac:33:66:47:74:26:da:5b:
                    58:3b:41:c6:fa:19:03:23:6a:db:3e:99:45:4c:23:
                    ca:50:6c:e2:ef:28:53:1d:18:a1:10:4b:d9:10:7e:
                    1d:d5:0b:e7:08:5c:5b:3b:50:a8:fb:7e:f2:3d:71:
                    6f:8c:9c:b9:6d:fb:40:27:8a:c9:ed:84:73:dc:12:
                    d7:15:6e:00:44:67:ff:0c:0c:c8:e7:5c:5e:a1:50:
                    8d:67:62:5c:12:34:34:94:18:83:54:34:91:b2:02:
                    e6:aa:dc:0f:95:95:cc:27:ba:87:b3:ff:eb:8b:f2:
                    f2:40:f5:45:d9:b3:9b:0a:16:bd:f7:7a:5d:2b:ce:
                    6d:f6:64:81:c0:f3:53:d1:18:73:80:f2:4e:56:3f:
                    30:3d:b5:26:7b:e2:fe:f9:e4:9f:9b:31:a0:e0:55:
                    da:76:01:0f:21:76:e6:2e:78:46:86:c6:6d:1f:0d:
                    36:a1:2c:36:d5:ff:26:52:cc:1b:0d:25:5b:af:fe:
                    29:34:01:f4:1d:32:7a:5f:51:72:07:28:ef:59:b8:
                    29:98:c3:ec:24:91:1c:24:11:08:69:54:6e:f2:2a:
                    76:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DA:B6:A8:A0:4E:A5:FF:F8:90:1A:E0:6B:97:CF:C8:ED:67:0F:D6
            X509v3 Authority Key Identifier:
                keyid:48:01:A5:B8:16:15:8F:07:A8:CA:8A:CB:37:E9:7E:2F:20:B0:69:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAGluBYVjweoyorLN-l-LyCwaRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/_Nq2qKBOpf_4kBrga5fPyO1nD9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/7090a9-feed-4ea1-8459-ee810b83adcd/1/SAGluBYVjweoyorLN-l-LyCwaRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.63.0/24
                  185.186.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:ad:ea:bc:b3:17:3c:48:5b:11:ad:31:20:66:a4:5e:2c:6e:
         2c:a1:20:7c:d1:23:8e:35:33:ec:97:0d:a3:5b:03:c7:5d:5f:
         de:0e:1e:18:f6:02:ad:a1:5d:2c:3c:41:59:52:d0:c1:29:6a:
         9a:61:c6:e8:84:7b:cf:61:b9:9e:82:e6:4e:1b:65:13:ae:96:
         fc:a1:81:49:a8:4e:b5:83:a8:29:d0:71:54:5e:33:e2:04:ca:
         08:27:c9:ef:12:75:b5:f7:0e:bc:68:49:2f:7c:f7:7d:a3:f8:
         e8:03:3a:e5:22:fc:0b:d0:6f:bd:e8:f6:d7:f2:41:a0:21:28:
         84:3f:dc:68:72:d8:a0:d9:00:fc:35:f2:15:04:22:ee:d8:45:
         17:f9:d0:35:55:ba:6d:cf:20:1b:22:6b:1f:cf:c8:53:ea:4c:
         70:f1:3f:3d:42:47:bc:e7:09:97:ea:e1:63:da:7e:36:0c:84:
         b0:03:ec:7e:6a:a3:96:e3:78:c8:d2:22:cc:0f:b3:34:10:dd:
         ab:b1:6c:7e:4d:7c:21:60:8e:da:93:df:68:0b:00:9a:0b:28:
         77:1b:c2:72:b7:fd:2e:d4:8f:b0:af:c2:95:23:5c:1d:ea:bd:
         72:78:7c:2d:89:bc:5b:28:5c:99:bf:29:06:b8:c4:20:7c:c6:
         3e:c1:13:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8uUch6reclnF6gBQbGq5ecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDFhNWI4MTYxNThmMDdhOGNhOGFjYjM3ZTk3ZTJmMjBi
MDY5MTEwHhcNMjQwNDMwMDkyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RhYjZhOGEwNGVhNWZmZjg5MDFhZTA2Yjk3Y2ZjOGVkNjcwZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWHaOU9jvM2rFZwfa7XNmv5FfJbG
ONzwfKhklXsDAm+l4ezfrDNmR3Qm2ltYO0HG+hkDI2rbPplFTCPKUGzi7yhTHRih
EEvZEH4d1QvnCFxbO1Co+37yPXFvjJy5bftAJ4rJ7YRz3BLXFW4ARGf/DAzI51xe
oVCNZ2JcEjQ0lBiDVDSRsgLmqtwPlZXMJ7qHs//ri/LyQPVF2bObCha993pdK85t
9mSBwPNT0RhzgPJOVj8wPbUme+L++eSfmzGg4FXadgEPIXbmLnhGhsZtHw02oSw2
1f8mUswbDSVbr/4pNAH0HTJ6X1FyByjvWbgpmMPsJJEcJBEIaVRu8ip2GwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPzatqigTqX/+JAa4GuXz8jtZw/WMB8GA1UdIwQY
MBaAFEgBpbgWFY8HqMqKyzfpfi8gsGkRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FHbHVCWVZqd2VveW9yTE4tbC1MeUN3YVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS83MDkwYTktZmVlZC00ZWExLTg0NTkt
ZWU4MTBiODNhZGNkLzEvX05xMnFLQk9wZl80a0JyZ2E1ZlB5TzFuRDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS83MDkwYTktZmVlZC00ZWExLTg0NTktZWU4MTBiODNhZGNk
LzEvU0FHbHVCWVZqd2VveW9yTE4tbC1MeUN3YVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbV8/AwQA
ubrxMA0GCSqGSIb3DQEBCwUAA4IBAQAjreq8sxc8SFsRrTEgZqReLG4soSB80SOO
NTPslw2jWwPHXV/eDh4Y9gKtoV0sPEFZUtDBKWqaYcbohHvPYbmeguZOG2UTrpb8
oYFJqE61g6gp0HFUXjPiBMoIJ8nvEnW19w68aEkvfPd9o/joAzrlIvwL0G+96PbX
8kGgISiEP9xoctig2QD8NfIVBCLu2EUX+dA1VbptzyAbImsfz8hT6kxw8T89Qke8
5wmX6uFj2n42DISwA+x+aqOW43jI0iLMD7M0EN2rsWx+TXwhYI7ak99oCwCaCyh3
G8Jyt/0u1I+wr8KVI1wd6r1yeHwtibxbKFyZvykGuMQgfMY+wRPf
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:13:24 2024 by rpki-client on console-fra.rpki-client.org