Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/AzezTJah--2Jupg_wKN3CWf_4tQ.roa
File:                     AzezTJah--2Jupg_wKN3CWf_4tQ.roa (raw, json)
Hash identifier:          MSkfPqE0g0Ex8TNjXRrHlyqPd5L/XcnvMesFz6fKg3c=
Subject key identifier:   03:37:B3:4C:96:A1:FB:ED:89:BA:98:3F:C0:A3:77:09:67:FF:E2:D4
Certificate issuer:       /CN=ca290db2f72905f0db626b005bacf08878d17bac
Certificate serial:       01900A8EE21522DFB3AADCFA036D7884CC95
Authority key identifier: CA:29:0D:B2:F7:29:05:F0:DB:62:6B:00:5B:AC:F0:88:78:D1:7B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/AzezTJah--2Jupg_wKN3CWf_4tQ.roa
Signing time:             Wed 12 Jun 2024 03:47:34 +0000
ROA not before:           Wed 12 Jun 2024 03:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     146943
IP address blocks:        185.131.53.0/24 maxlen: 24
                          185.131.54.0/24 maxlen: 24
                          185.131.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0a:8e:e2:15:22:df:b3:aa:dc:fa:03:6d:78:84:cc:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca290db2f72905f0db626b005bacf08878d17bac
        Validity
            Not Before: Jun 12 03:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0337b34c96a1fbed89ba983fc0a3770967ffe2d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:cf:62:17:b2:81:81:d6:2a:7f:3e:19:c5:1b:
                    52:cc:a1:cd:04:a6:4d:b8:24:85:02:06:d5:1d:a6:
                    1d:f7:d0:33:be:b0:2b:69:6f:ba:b2:81:19:87:1e:
                    46:b6:7c:b5:0a:7c:d2:2e:4f:e1:9f:d8:69:12:4e:
                    1c:74:87:82:12:90:ad:4f:b1:93:f6:ae:52:04:13:
                    3d:a3:c2:49:75:ca:34:92:d8:81:a2:5a:d1:8a:d2:
                    6d:7c:e9:2e:5b:c2:b1:17:cc:58:10:2c:76:91:d7:
                    15:bf:c6:ae:84:4a:c1:15:2e:92:7a:51:a0:b5:25:
                    cf:86:75:36:ae:b9:72:05:95:c8:65:a5:a2:5f:60:
                    c5:e5:21:15:39:2e:e9:65:90:ba:a3:8f:ba:cc:c3:
                    12:b6:57:00:69:84:ce:ad:a3:f5:ff:e1:d4:ba:2b:
                    a4:67:8a:ab:20:1e:40:d0:8c:c6:de:8d:90:a5:bd:
                    58:d3:46:93:6b:e7:11:38:73:83:32:8f:e0:3c:91:
                    ac:db:69:86:54:07:53:7f:b6:bf:8d:b2:a0:96:85:
                    a5:d8:a3:3d:b1:21:0e:fe:f5:a8:37:79:06:e2:f2:
                    59:38:cd:cb:6c:6a:e4:64:84:e6:85:9b:99:ec:0f:
                    9d:c0:ed:f4:50:9e:f2:4c:17:96:77:56:f1:36:25:
                    de:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:37:B3:4C:96:A1:FB:ED:89:BA:98:3F:C0:A3:77:09:67:FF:E2:D4
            X509v3 Authority Key Identifier:
                keyid:CA:29:0D:B2:F7:29:05:F0:DB:62:6B:00:5B:AC:F0:88:78:D1:7B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/AzezTJah--2Jupg_wKN3CWf_4tQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.53.0-185.131.55.255

    Signature Algorithm: sha256WithRSAEncryption
         21:54:97:9e:00:ba:81:19:0f:f6:74:84:8c:48:68:5a:dc:4d:
         00:7c:2c:38:9d:32:c4:f1:c0:ed:b9:9d:f1:89:60:87:f8:50:
         bc:00:0c:06:29:df:3a:d8:ed:73:a1:4b:b0:58:ae:57:4d:b7:
         ec:6f:fd:e2:d8:36:75:86:54:cd:20:bf:58:a9:72:20:e4:94:
         6b:cd:85:8e:52:c4:37:01:dc:3e:05:cf:17:64:d9:e0:a5:06:
         02:52:a5:9d:35:2f:98:af:76:0d:38:7b:7a:cc:6a:df:79:89:
         12:23:60:0e:ec:a6:76:56:a4:5d:14:59:74:78:2e:d1:c7:58:
         39:74:3e:97:4d:ae:1f:5c:50:9c:7b:37:7e:f2:25:a1:16:a2:
         b1:b5:42:aa:61:99:b6:d2:9b:bd:5e:02:7a:a3:b4:69:b7:fa:
         07:ff:2a:f6:f2:c7:e8:a9:a7:dd:6d:89:be:f6:a3:e0:d0:35:
         00:e8:2d:69:fc:a0:e5:19:c5:14:ac:3d:f3:60:35:37:ff:0f:
         73:ee:73:fd:a5:43:69:4c:be:74:eb:5b:73:3c:cd:0e:33:ad:
         10:e5:55:ff:a8:01:a7:9b:4c:34:6d:2b:f7:92:ce:4f:55:99:
         f7:1a:05:45:47:7a:71:5d:9b:2f:f7:fa:99:e8:ac:13:d3:a2:
         3d:28:1c:7b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZAKjuIVIt+zqtz6A214hMyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMjkwZGIyZjcyOTA1ZjBkYjYyNmIwMDViYWNmMDg4Nzhk
MTdiYWMwHhcNMjQwNjEyMDM0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzM3YjM0Yzk2YTFmYmVkODliYTk4M2ZjMGEzNzcwOTY3ZmZlMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxs9iF7KBgdYqfz4ZxRtSzKHNBKZN
uCSFAgbVHaYd99AzvrAraW+6soEZhx5Gtny1CnzSLk/hn9hpEk4cdIeCEpCtT7GT
9q5SBBM9o8JJdco0ktiBolrRitJtfOkuW8KxF8xYECx2kdcVv8auhErBFS6SelGg
tSXPhnU2rrlyBZXIZaWiX2DF5SEVOS7pZZC6o4+6zMMStlcAaYTOraP1/+HUuiuk
Z4qrIB5A0IzG3o2Qpb1Y00aTa+cROHODMo/gPJGs22mGVAdTf7a/jbKgloWl2KM9
sSEO/vWoN3kG4vJZOM3LbGrkZITmhZuZ7A+dwO30UJ7yTBeWd1bxNiXeXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAM3s0yWofvtibqYP8Cjdwln/+LUMB8GA1UdIwQY
MBaAFMopDbL3KQXw22JrAFus8Ih40XusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWlrTnN2Y3BCZkRiWW1zQVc2endpSGpSZTZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yMTY5NzMtNTE2Zi00NTAxLTkxNjQt
N2Y0MzViZjU1MDFjLzEvQXplelRKYWgtLTJKdXBnX3dLTjNDV2ZfNHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yMTY5NzMtNTE2Zi00NTAxLTkxNjQtN2Y0MzViZjU1MDFj
LzEveWlrTnN2Y3BCZkRiWW1zQVc2endpSGpSZTZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5gzUD
BAO5gzAwDQYJKoZIhvcNAQELBQADggEBACFUl54AuoEZD/Z0hIxIaFrcTQB8LDid
MsTxwO25nfGJYIf4ULwADAYp3zrY7XOhS7BYrldNt+xv/eLYNnWGVM0gv1ipciDk
lGvNhY5SxDcB3D4Fzxdk2eClBgJSpZ01L5ivdg04e3rMat95iRIjYA7spnZWpF0U
WXR4LtHHWDl0PpdNrh9cUJx7N37yJaEWorG1QqphmbbSm71eAnqjtGm3+gf/Kvby
x+ipp91tib72o+DQNQDoLWn8oOUZxRSsPfNgNTf/D3Puc/2lQ2lMvnTrW3M8zQ4z
rRDlVf+oAaebTDRtK/eSzk9VmfcaBUVHenFdmy/3+pnorBPToj0oHHs=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:08:12 2024 by rpki-client on console-fra.rpki-client.org