Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/goNNlWpp0GAHEhFcaNcAq01c6uQ.roa
File:                     goNNlWpp0GAHEhFcaNcAq01c6uQ.roa (raw, json)
Hash identifier:          44jDG/bTSF0PVFBRtyba3lvRLLtNrQ0m67TbRxyt39A=
Subject key identifier:   82:83:4D:95:6A:69:D0:60:07:12:11:5C:68:D7:00:AB:4D:5C:EA:E4
Certificate issuer:       /CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Certificate serial:       018CC94BE366A3D428C01AB58C65A9DA2785
Authority key identifier: 0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/goNNlWpp0GAHEhFcaNcAq01c6uQ.roa
Signing time:             Tue 02 Jan 2024 08:30:43 +0000
ROA not before:           Tue 02 Jan 2024 08:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49287
IP address blocks:        91.192.82.0/24 maxlen: 24
                          213.183.35.0/24 maxlen: 24
                          213.183.34.0/24 maxlen: 24
                          5.188.174.0/24 maxlen: 24
                          5.188.175.0/24 maxlen: 24
                          185.224.251.0/24 maxlen: 24
                          93.189.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e3:66:a3:d4:28:c0:1a:b5:8c:65:a9:da:27:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
        Validity
            Not Before: Jan  2 08:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82834d956a69d0600712115c68d700ab4d5ceae4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b4:df:49:d4:81:fb:be:c4:a9:4c:83:ee:c0:
                    a8:c0:9a:21:1a:cf:b5:f1:02:d9:94:2a:76:cf:10:
                    18:d2:c5:9c:91:b9:e9:ec:4d:80:dc:dd:0e:cf:12:
                    e5:fa:3f:26:2b:16:14:ec:48:b1:89:86:81:88:54:
                    2c:9d:18:dd:9b:24:e1:50:47:d0:38:eb:59:fc:94:
                    2a:a6:4c:b6:d5:87:52:d1:9a:3c:ce:01:6a:ee:e7:
                    e4:d8:05:1c:10:b5:57:d4:16:c6:a7:c3:5f:54:7b:
                    f9:83:1d:c8:b0:ef:bd:a4:3d:3f:b4:ef:59:48:ec:
                    54:26:8a:7a:fd:80:72:18:9a:b4:65:36:a2:f1:50:
                    27:f1:49:6b:39:78:88:e0:32:70:31:92:6d:30:25:
                    ab:54:aa:99:da:4b:5c:31:77:1a:07:ec:48:05:de:
                    e8:ea:0f:d5:76:2e:f1:a4:a2:e0:09:3a:bd:3a:9d:
                    0c:c5:93:ff:92:68:d6:2c:06:e2:4f:7e:17:5f:86:
                    db:15:d4:8a:f0:f2:1c:72:20:d6:36:89:e6:89:88:
                    1a:bf:b3:41:01:ff:cb:6d:73:b9:85:c5:c0:d6:e7:
                    97:d3:70:6f:d9:74:e4:b3:16:12:41:92:ec:e1:40:
                    b8:c6:2d:2a:6b:e4:86:2f:f9:eb:8e:5e:7a:f1:20:
                    aa:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:83:4D:95:6A:69:D0:60:07:12:11:5C:68:D7:00:AB:4D:5C:EA:E4
            X509v3 Authority Key Identifier:
                keyid:0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/goNNlWpp0GAHEhFcaNcAq01c6uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.174.0/23
                  91.192.82.0/24
                  93.189.59.0/24
                  185.224.251.0/24
                  213.183.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:f2:c1:82:47:44:f0:78:a5:b0:75:03:01:b1:ac:98:f4:73:
         c4:a0:41:2a:15:a1:62:13:bd:b7:3c:82:1a:81:90:c2:70:c4:
         8f:83:f5:78:18:d4:75:28:b0:0c:0d:80:5d:90:3d:01:94:d1:
         72:90:38:f6:77:ca:63:18:5d:18:e4:05:1e:86:7d:93:9c:5c:
         f4:a6:b1:0a:cf:0e:2b:a8:a8:50:e0:5f:aa:a6:6a:d0:6d:6b:
         f2:d1:b1:5e:01:5a:b6:69:48:b3:fb:60:1a:d1:7a:fe:b6:75:
         9c:fa:46:2d:3d:85:24:2a:3f:10:43:fc:53:38:14:f4:42:7a:
         e5:86:66:53:d2:f9:2f:a4:9e:5f:95:47:f0:9e:80:92:31:76:
         e2:77:a5:64:f4:1c:16:a6:28:31:b8:3b:d9:30:c5:be:4e:9c:
         81:dd:b0:18:4e:2d:7f:57:99:6f:bb:5b:ee:ea:8c:d1:1e:77:
         5b:a0:af:bc:96:4b:df:89:27:69:a6:92:41:43:44:05:b0:e6:
         4c:ed:be:5d:f3:6b:35:ab:10:d4:18:38:e6:df:7c:6e:04:12:
         f7:d9:a7:1c:5c:8f:fa:f3:56:69:71:43:fe:4e:5b:ae:de:d0:
         55:1f:91:1e:66:88:c0:1e:42:61:a6:33:cd:40:cf:0b:d8:46:
         c7:c9:2b:9c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzJS+Nmo9QowBq1jGWp2ieFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWJmYmZkNmY5MzdjNWFlMzllM2UzOGU4YWI4Mzg0MTA3
NDIxYTYwHhcNMjQwMTAyMDgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjgzNGQ5NTZhNjlkMDYwMDcxMjExNWM2OGQ3MDBhYjRkNWNlYWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybTfSdSB+77EqUyD7sCowJohGs+1
8QLZlCp2zxAY0sWckbnp7E2A3N0OzxLl+j8mKxYU7EixiYaBiFQsnRjdmyThUEfQ
OOtZ/JQqpky21YdS0Zo8zgFq7ufk2AUcELVX1BbGp8NfVHv5gx3IsO+9pD0/tO9Z
SOxUJop6/YByGJq0ZTai8VAn8UlrOXiI4DJwMZJtMCWrVKqZ2ktcMXcaB+xIBd7o
6g/Vdi7xpKLgCTq9Op0MxZP/kmjWLAbiT34XX4bbFdSK8PIcciDWNonmiYgav7NB
Af/LbXO5hcXA1ueX03Bv2XTksxYSQZLs4UC4xi0qa+SGL/nrjl568SCqMQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIKDTZVqadBgBxIRXGjXAKtNXOrkMB8GA1UdIwQY
MBaAFA/r+/1vk3xa454+OOirg4QQdCGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGIt
N2Q3MDM3NGQ3NmQyLzEvZ29OTmxXcHAwR0FIRWhGY2FOY0FxMDFjNnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQy
LzEvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBBbyuAwQA
W8BSAwQAXb07AwQAueD7AwQB1bciMA0GCSqGSIb3DQEBCwUAA4IBAQA/8sGCR0Tw
eKWwdQMBsayY9HPEoEEqFaFiE723PIIagZDCcMSPg/V4GNR1KLAMDYBdkD0BlNFy
kDj2d8pjGF0Y5AUehn2TnFz0prEKzw4rqKhQ4F+qpmrQbWvy0bFeAVq2aUiz+2Aa
0Xr+tnWc+kYtPYUkKj8QQ/xTOBT0QnrlhmZT0vkvpJ5flUfwnoCSMXbid6Vk9BwW
pigxuDvZMMW+TpyB3bAYTi1/V5lvu1vu6ozRHndboK+8lkvfiSdpppJBQ0QFsOZM
7b5d82s1qxDUGDjm33xuBBL32accXI/681ZpcUP+Tluu3tBVH5EeZojAHkJhpjPN
QM8L2EbHySuc
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:25:06 2024 by rpki-client on console-ams.rpki-client.org