Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/a4cb95-9127-4869-8f90-9e4e46f60a68/1/uyQh3vwi8KneminSjM7CXUT1ME4.roa
File:                     uyQh3vwi8KneminSjM7CXUT1ME4.roa (raw, json)
Hash identifier:          94otQcm56KX8q2Yk/0zP1Oi2buHsAYR1VfDAdz39PQU=
Subject key identifier:   BB:24:21:DE:FC:22:F0:A9:DE:9A:29:D2:8C:CE:C2:5D:44:F5:30:4E
Certificate issuer:       /CN=32facf5d02730268d3b1e76c96b0f8588d998b4f
Certificate serial:       018CC56E168F3C2983425FFAEECB38B2C8A0
Authority key identifier: 32:FA:CF:5D:02:73:02:68:D3:B1:E7:6C:96:B0:F8:58:8D:99:8B:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MvrPXQJzAmjTsedslrD4WI2Zi08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/a4cb95-9127-4869-8f90-9e4e46f60a68/1/uyQh3vwi8KneminSjM7CXUT1ME4.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203247
IP address blocks:        185.141.48.0/24 maxlen: 24
                          185.141.51.0/24 maxlen: 24
                          185.141.50.0/24 maxlen: 24
                          185.141.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/a4cb95-9127-4869-8f90-9e4e46f60a68/1/MvrPXQJzAmjTsedslrD4WI2Zi08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/a4cb95-9127-4869-8f90-9e4e46f60a68/1/MvrPXQJzAmjTsedslrD4WI2Zi08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MvrPXQJzAmjTsedslrD4WI2Zi08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:16:8f:3c:29:83:42:5f:fa:ee:cb:38:b2:c8:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32facf5d02730268d3b1e76c96b0f8588d998b4f
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb2421defc22f0a9de9a29d28ccec25d44f5304e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:95:3c:9c:78:5c:b5:12:45:f2:ac:31:fd:3c:
                    95:1e:8b:75:73:9d:5c:7a:83:0e:6f:25:62:f9:31:
                    01:19:e4:fa:a6:b6:52:9c:89:44:f8:c9:e1:7f:48:
                    e6:80:79:92:dd:95:81:46:fc:2d:d3:96:77:87:06:
                    d2:b6:ec:c6:8a:8c:d6:fb:2a:71:9d:cd:e2:73:54:
                    81:d7:ac:d5:67:ba:2b:de:b3:83:49:76:34:33:70:
                    ae:c7:33:dd:ad:03:81:bf:17:57:74:a5:43:4b:f1:
                    d8:c7:68:08:c8:3c:cf:39:5c:a6:4c:b1:8b:63:07:
                    bd:ec:c5:88:c1:72:97:c0:86:d2:dd:9f:33:1c:69:
                    07:9f:92:42:26:48:68:c4:c7:b5:f1:d7:da:14:d2:
                    71:63:f6:ec:94:04:28:32:74:1b:62:e1:52:89:55:
                    c3:be:dd:ed:bc:d9:10:0f:1a:48:32:97:dd:56:09:
                    2a:29:77:24:d6:b4:f5:ad:66:74:f0:03:5f:f0:58:
                    2f:5c:28:a6:78:a9:cc:a0:5c:e2:21:e7:94:dd:df:
                    3c:5c:6e:8b:b2:36:0f:14:3f:c5:e2:ce:be:c0:5e:
                    e0:5b:be:da:8a:a3:46:cb:a4:ea:35:35:ec:6c:cd:
                    07:f9:b1:20:b5:3d:23:53:f4:03:c9:99:7b:4f:ce:
                    6d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:24:21:DE:FC:22:F0:A9:DE:9A:29:D2:8C:CE:C2:5D:44:F5:30:4E
            X509v3 Authority Key Identifier:
                keyid:32:FA:CF:5D:02:73:02:68:D3:B1:E7:6C:96:B0:F8:58:8D:99:8B:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MvrPXQJzAmjTsedslrD4WI2Zi08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a4cb95-9127-4869-8f90-9e4e46f60a68/1/uyQh3vwi8KneminSjM7CXUT1ME4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a4cb95-9127-4869-8f90-9e4e46f60a68/1/MvrPXQJzAmjTsedslrD4WI2Zi08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:af:33:b0:4f:f2:44:bb:f4:c6:06:99:ec:ec:8e:b1:7b:54:
         29:e4:e2:67:72:93:ae:7f:48:ec:7d:58:8d:fc:42:95:47:3b:
         d6:2c:14:57:a4:0d:11:56:e9:5b:05:8a:ec:37:4f:61:09:08:
         2c:ba:fc:39:b9:b5:d5:92:06:24:00:5b:e8:65:a5:8c:67:92:
         9f:a2:a5:b1:4a:ec:49:26:58:14:88:54:15:ff:95:96:0a:01:
         36:f1:4a:30:d4:dd:ff:50:9d:06:bf:65:98:96:3a:91:1d:36:
         f2:a4:02:b2:dd:89:4c:e5:0c:28:4e:11:04:97:17:c1:2c:f9:
         2b:fa:74:36:cc:59:d3:46:5b:eb:f5:eb:73:a5:8a:55:d2:d9:
         0d:35:1a:cc:96:cc:9e:e8:b5:e6:2d:7d:dd:2c:c8:53:90:ff:
         80:83:e1:eb:65:ce:a2:22:a4:57:1c:e1:e4:f0:08:85:b3:ae:
         1a:f3:33:4e:a6:e1:49:c0:cf:0e:e4:a3:ee:36:30:8e:d2:f9:
         e6:79:68:87:41:d8:89:76:08:06:32:59:d7:8c:48:3f:50:d4:
         a3:81:d2:1c:a7:7d:4b:cf:01:19:3d:52:5f:09:ec:2d:48:28:
         5a:78:9d:fa:2a:cf:f1:4c:8d:ec:1c:70:70:8a:8e:1e:22:23:
         f3:84:e0:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhaPPCmDQl/67ss4ssigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZmFjZjVkMDI3MzAyNjhkM2IxZTc2Yzk2YjBmODU4OGQ5
OThiNGYwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjI0MjFkZWZjMjJmMGE5ZGU5YTI5ZDI4Y2NlYzI1ZDQ0ZjUzMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJU8nHhctRJF8qwx/TyVHot1c51c
eoMObyVi+TEBGeT6prZSnIlE+Mnhf0jmgHmS3ZWBRvwt05Z3hwbStuzGiozW+ypx
nc3ic1SB16zVZ7or3rODSXY0M3CuxzPdrQOBvxdXdKVDS/HYx2gIyDzPOVymTLGL
Ywe97MWIwXKXwIbS3Z8zHGkHn5JCJkhoxMe18dfaFNJxY/bslAQoMnQbYuFSiVXD
vt3tvNkQDxpIMpfdVgkqKXck1rT1rWZ08ANf8FgvXCimeKnMoFziIeeU3d88XG6L
sjYPFD/F4s6+wF7gW77aiqNGy6TqNTXsbM0H+bEgtT0jU/QDyZl7T85tWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLskId78IvCp3pop0ozOwl1E9TBOMB8GA1UdIwQY
MBaAFDL6z10CcwJo07HnbJaw+FiNmYtPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXZyUFhRSnpBbWpUc2Vkc2xyRDRXSTJaaTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9hNGNiOTUtOTEyNy00ODY5LThmOTAt
OWU0ZTQ2ZjYwYTY4LzEvdXlRaDN2d2k4S25lbWluU2pNN0NYVVQxTUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9hNGNiOTUtOTEyNy00ODY5LThmOTAtOWU0ZTQ2ZjYwYTY4
LzEvTXZyUFhRSnpBbWpUc2Vkc2xyRDRXSTJaaTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY0wMA0G
CSqGSIb3DQEBCwUAA4IBAQAyrzOwT/JEu/TGBpns7I6xe1Qp5OJncpOuf0jsfViN
/EKVRzvWLBRXpA0RVulbBYrsN09hCQgsuvw5ubXVkgYkAFvoZaWMZ5KfoqWxSuxJ
JlgUiFQV/5WWCgE28Uow1N3/UJ0Gv2WYljqRHTbypAKy3YlM5QwoThEElxfBLPkr
+nQ2zFnTRlvr9etzpYpV0tkNNRrMlsye6LXmLX3dLMhTkP+Ag+HrZc6iIqRXHOHk
8AiFs64a8zNOpuFJwM8O5KPuNjCO0vnmeWiHQdiJdggGMlnXjEg/UNSjgdIcp31L
zwEZPVJfCewtSChaeJ36Ks/xTI3sHHBwio4eIiPzhODL
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:55:14 2024 by rpki-client on console-ams.rpki-client.org