Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/4WpPrtCE_7rknq0aVZe7A_ulG4U.roa
File:                     4WpPrtCE_7rknq0aVZe7A_ulG4U.roa (raw, json)
Hash identifier:          x5ojkzK45OALUxTmtNfEYqD//j0ZQux2Ceu/uvGos/I=
Subject key identifier:   E1:6A:4F:AE:D0:84:FF:BA:E4:9E:AD:1A:55:97:BB:03:FB:A5:1B:85
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348ACC164A587F8816107AC4A36E2FB
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/4WpPrtCE_7rknq0aVZe7A_ulG4U.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211249
IP address blocks:        193.140.4.0/22 maxlen: 22
                          193.140.2.0/23 maxlen: 23
                          193.140.1.0/24 maxlen: 24
                          193.255.112.0/21 maxlen: 21
                          95.183.138.0/23 maxlen: 23
                          194.27.96.0/22 maxlen: 22
                          194.27.92.0/22 maxlen: 22
                          194.27.100.0/23 maxlen: 23
                          95.183.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ac:c1:64:a5:87:f8:81:61:07:ac:4a:36:e2:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e16a4faed084ffbae49ead1a5597bb03fba51b85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:69:72:ac:3b:1d:37:a9:6a:de:ce:85:66:9d:
                    35:ad:dd:aa:96:25:02:08:a1:77:bb:e8:5b:66:b3:
                    ba:37:5a:9d:3f:c0:40:76:e5:2c:0b:23:54:ff:d5:
                    25:37:88:9a:ec:ef:5c:8d:79:7e:f7:e1:cd:f6:29:
                    bf:4f:4d:06:18:ad:c6:f3:88:16:c7:7d:db:5b:9a:
                    3a:dc:fa:07:af:33:a7:25:8a:de:52:1d:54:69:65:
                    ad:25:83:a5:42:82:ab:57:c7:37:85:d5:92:e5:40:
                    58:8d:dd:20:bd:c0:8b:82:18:8b:78:86:10:c8:1d:
                    5b:38:a3:f2:01:9e:d2:83:28:7f:45:4a:76:46:5c:
                    46:83:31:f5:5a:1c:4e:95:f7:8b:15:f5:fc:86:2a:
                    98:24:b7:1d:12:8e:14:12:1d:f3:48:66:ca:ed:39:
                    14:d8:05:6b:49:2e:95:98:98:d5:79:57:59:4a:90:
                    0f:84:eb:9b:5f:93:c8:89:ce:89:f6:45:b2:9b:06:
                    8d:ee:b1:f3:b2:39:05:a1:68:d5:6f:9b:dc:1b:b6:
                    d3:3a:47:da:e0:50:fb:7c:6c:57:95:75:5f:c2:50:
                    61:4c:dc:6a:2b:44:17:0c:6a:39:4e:1c:b3:dd:0b:
                    f8:3e:df:35:f4:04:30:ee:78:47:3c:07:f8:05:da:
                    f1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:6A:4F:AE:D0:84:FF:BA:E4:9E:AD:1A:55:97:BB:03:FB:A5:1B:85
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/4WpPrtCE_7rknq0aVZe7A_ulG4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.183.138.0/23
                  95.183.192.0/22
                  193.140.1.0-193.140.7.255
                  193.255.112.0/21
                  194.27.92.0-194.27.101.255

    Signature Algorithm: sha256WithRSAEncryption
         ae:a9:b7:0a:f3:2f:e2:82:6e:3d:cd:91:13:e0:64:6d:1e:85:
         6b:65:49:58:de:4b:16:b8:e2:a3:fa:b0:09:93:42:ab:3a:ef:
         5a:7d:98:f3:10:76:ad:d0:e7:26:bf:ab:5b:07:5c:05:bf:2e:
         08:7d:35:bb:10:6e:26:71:09:35:af:5b:ee:bc:ba:a9:04:0d:
         43:b7:e5:fe:5a:3e:a4:fd:64:95:70:18:79:97:1b:63:95:45:
         60:63:94:7c:b8:9b:08:90:72:70:e4:9a:c4:20:47:e0:c5:27:
         94:1f:5d:a4:6b:8d:89:66:49:4f:93:92:5d:1c:72:bc:92:56:
         6e:9b:ff:04:7a:4a:3d:d8:ed:b0:74:62:25:1c:bb:47:ec:c9:
         79:bf:dc:fe:74:28:4f:bd:9b:e2:fe:3d:7e:25:7c:bd:41:91:
         2f:78:c1:95:f8:b3:5c:b6:3c:9b:d4:40:04:27:e3:64:ad:c7:
         e2:73:36:9e:d2:aa:e2:36:08:ee:7e:a9:89:90:e8:c1:6b:09:
         46:23:fe:ee:14:ca:23:db:90:e1:48:ff:dd:ff:b9:f3:8e:ca:
         c4:e4:93:81:30:ed:f7:9b:23:b8:96:e1:41:bc:35:f9:31:63:
         83:94:59:b0:6c:e3:63:de:11:f8:91:4a:3b:86:d2:b5:52:12:
         00:0b:fa:61
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzDSKzBZKWH+IFhB6xKNuL7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTZhNGZhZWQwODRmZmJhZTQ5ZWFkMWE1NTk3YmIwM2ZiYTUxYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2lyrDsdN6lq3s6FZp01rd2qliUC
CKF3u+hbZrO6N1qdP8BAduUsCyNU/9UlN4ia7O9cjXl+9+HN9im/T00GGK3G84gW
x33bW5o63PoHrzOnJYreUh1UaWWtJYOlQoKrV8c3hdWS5UBYjd0gvcCLghiLeIYQ
yB1bOKPyAZ7Sgyh/RUp2RlxGgzH1WhxOlfeLFfX8hiqYJLcdEo4UEh3zSGbK7TkU
2AVrSS6VmJjVeVdZSpAPhOubX5PIic6J9kWymwaN7rHzsjkFoWjVb5vcG7bTOkfa
4FD7fGxXlXVfwlBhTNxqK0QXDGo5Thyz3Qv4Pt819AQw7nhHPAf4BdrxRQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFOFqT67QhP+65J6tGlWXuwP7pRuFMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvNFdwUHJ0Q0VfN3JrbnEwYVZaZTdBX3VsRzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBX7eKAwQC
X7fAMAwDBADBjAEDBAPBjAADBAPB/3AwDAMEAsIbXAMEAcIbZDANBgkqhkiG9w0B
AQsFAAOCAQEArqm3CvMv4oJuPc2RE+BkbR6Fa2VJWN5LFrjio/qwCZNCqzrvWn2Y
8xB2rdDnJr+rWwdcBb8uCH01uxBuJnEJNa9b7ry6qQQNQ7fl/lo+pP1klXAYeZcb
Y5VFYGOUfLibCJBycOSaxCBH4MUnlB9dpGuNiWZJT5OSXRxyvJJWbpv/BHpKPdjt
sHRiJRy7R+zJeb/c/nQoT72b4v49fiV8vUGRL3jBlfizXLY8m9RABCfjZK3H4nM2
ntKq4jYI7n6piZDowWsJRiP+7hTKI9uQ4Uj/3f+5847KxOSTgTDt95sjuJbhQbw1
+TFjg5RZsGzjY94R+JFKO4bStVISAAv6YQ==
-----END CERTIFICATE-----
Generated at Sat Jun 15 22:02:24 2024 by rpki-client on console-ams.rpki-client.org