Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a87ea8-c3b6-472d-a96c-a971a334faa4/1/eUumkvwZMIoQ7bC4unqWk005_cs.roa
File:                     eUumkvwZMIoQ7bC4unqWk005_cs.roa (raw, json)
Hash identifier:          bc6Wyi7aRXhU3AiJklD7d9+BcehMtEaY1/gIK8Zm5GM=
Subject key identifier:   79:4B:A6:92:FC:19:30:8A:10:ED:B0:B8:BA:7A:96:93:4D:39:FD:CB
Certificate issuer:       /CN=407ce78f4ac3ba902a0c38dc01a0c5f2126519b0
Certificate serial:       018CC725B9917B699057E3990EA793932F69
Authority key identifier: 40:7C:E7:8F:4A:C3:BA:90:2A:0C:38:DC:01:A0:C5:F2:12:65:19:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHznj0rDupAqDDjcAaDF8hJlGbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a87ea8-c3b6-472d-a96c-a971a334faa4/1/eUumkvwZMIoQ7bC4unqWk005_cs.roa
Signing time:             Mon 01 Jan 2024 22:29:47 +0000
ROA not before:           Mon 01 Jan 2024 22:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394094
IP address blocks:        185.106.241.0/24 maxlen: 24
                          185.106.243.0/24 maxlen: 24
                          31.25.199.0/24 maxlen: 24
                          2a06:4101::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/a87ea8-c3b6-472d-a96c-a971a334faa4/1/QHznj0rDupAqDDjcAaDF8hJlGbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/a87ea8-c3b6-472d-a96c-a971a334faa4/1/QHznj0rDupAqDDjcAaDF8hJlGbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHznj0rDupAqDDjcAaDF8hJlGbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b9:91:7b:69:90:57:e3:99:0e:a7:93:93:2f:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407ce78f4ac3ba902a0c38dc01a0c5f2126519b0
        Validity
            Not Before: Jan  1 22:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=794ba692fc19308a10edb0b8ba7a96934d39fdcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c8:4f:d5:cf:df:59:59:49:89:70:a1:86:d0:
                    7c:e5:ad:74:5c:8b:1b:00:eb:96:9a:62:e4:f2:96:
                    be:92:6a:3e:3b:be:0d:77:0e:bd:cd:33:43:4b:7f:
                    1b:c0:8c:87:c5:e8:93:f8:03:2e:73:43:96:87:72:
                    33:46:5e:36:5b:73:72:ba:37:7c:e7:d3:05:1c:63:
                    da:be:95:2f:d1:7b:85:26:97:3a:87:73:02:ca:6e:
                    91:57:0a:00:74:77:1c:2d:60:0a:f5:b5:d2:e9:2e:
                    3b:95:5d:3c:9e:b8:1d:28:27:10:12:77:8d:a2:69:
                    f3:63:90:d7:93:1c:2a:be:69:d8:b2:98:90:37:4a:
                    34:d3:e6:c2:d2:76:2c:97:85:46:1d:4e:d0:1b:12:
                    14:f4:d7:3b:b3:42:b6:e4:35:1e:87:2d:c6:99:a4:
                    c0:93:91:f7:20:7d:bf:a4:49:8d:3b:4e:da:f5:31:
                    03:42:58:cf:72:b0:0c:b9:44:1c:82:da:ef:6f:22:
                    6e:4e:fb:47:dd:72:dc:67:c9:26:1e:22:7f:af:b1:
                    10:a0:9b:77:05:e2:ef:34:1b:36:ba:9e:92:9e:53:
                    3e:b3:af:87:e5:8c:04:b0:f7:e2:79:ed:23:16:c3:
                    57:6a:c7:d8:fd:b6:f3:c5:cc:8d:d7:36:ac:a6:13:
                    46:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:4B:A6:92:FC:19:30:8A:10:ED:B0:B8:BA:7A:96:93:4D:39:FD:CB
            X509v3 Authority Key Identifier:
                keyid:40:7C:E7:8F:4A:C3:BA:90:2A:0C:38:DC:01:A0:C5:F2:12:65:19:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHznj0rDupAqDDjcAaDF8hJlGbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a87ea8-c3b6-472d-a96c-a971a334faa4/1/eUumkvwZMIoQ7bC4unqWk005_cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a87ea8-c3b6-472d-a96c-a971a334faa4/1/QHznj0rDupAqDDjcAaDF8hJlGbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.199.0/24
                  185.106.241.0/24
                  185.106.243.0/24
                IPv6:
                  2a06:4101::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:54:b3:95:52:05:fc:5b:69:55:bc:1f:0b:5e:c9:de:05:e5:
         2d:2c:be:71:99:b9:9c:1e:04:ba:84:77:25:37:62:09:54:3a:
         52:c5:dd:98:74:d3:07:85:9b:d7:d8:cc:0b:49:54:e5:64:bf:
         d2:1f:d8:d4:ae:14:a1:92:87:75:ce:c9:cd:f8:6e:bc:04:95:
         a7:42:d2:3b:7e:91:2f:01:bc:66:ea:3c:3e:1b:53:83:e0:4a:
         9d:d2:5d:4b:1c:2f:55:98:d8:78:b6:9b:dc:c6:30:52:36:fc:
         65:e2:6e:ef:12:49:c6:a0:21:96:16:71:f7:3e:28:17:5d:95:
         3c:d8:a0:a2:89:ce:0b:be:2d:13:f3:c7:42:0a:05:40:94:0d:
         ed:b4:46:de:7b:80:9b:e9:6e:4d:3c:d4:98:2e:12:e0:fe:b9:
         9d:08:28:21:97:01:fe:2f:4d:08:80:a4:e6:fa:fe:bf:aa:0d:
         62:18:cd:7f:a7:48:32:fd:03:af:ca:1f:04:f9:dc:f4:93:9e:
         5a:77:cb:e2:86:38:aa:1d:8b:30:1b:68:49:de:9f:85:6e:8c:
         a1:1c:0a:b3:2c:6e:a2:a0:10:02:58:bd:c1:c6:7b:7d:e9:e2:
         10:3d:28:4c:1d:c3:b3:9b:75:21:0f:f7:57:ff:42:d2:57:2f:
         9d:b6:70:72
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzHJbmRe2mQV+OZDqeTky9pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2NlNzhmNGFjM2JhOTAyYTBjMzhkYzAxYTBjNWYyMTI2
NTE5YjAwHhcNMjQwMTAxMjIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTRiYTY5MmZjMTkzMDhhMTBlZGIwYjhiYTdhOTY5MzRkMzlmZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApchP1c/fWVlJiXChhtB85a10XIsb
AOuWmmLk8pa+kmo+O74Ndw69zTNDS38bwIyHxeiT+AMuc0OWh3IzRl42W3Nyujd8
59MFHGPavpUv0XuFJpc6h3MCym6RVwoAdHccLWAK9bXS6S47lV08nrgdKCcQEneN
omnzY5DXkxwqvmnYspiQN0o00+bC0nYsl4VGHU7QGxIU9Nc7s0K25DUehy3GmaTA
k5H3IH2/pEmNO07a9TEDQljPcrAMuUQcgtrvbyJuTvtH3XLcZ8kmHiJ/r7EQoJt3
BeLvNBs2up6SnlM+s6+H5YwEsPfiee0jFsNXasfY/bbzxcyN1zasphNGBwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHlLppL8GTCKEO2wuLp6lpNNOf3LMB8GA1UdIwQY
MBaAFEB8549Kw7qQKgw43AGgxfISZRmwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUh6bmowckR1cEFxRERqY0FhREY4aEpsR2JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hODdlYTgtYzNiNi00NzJkLWE5NmMt
YTk3MWEzMzRmYWE0LzEvZVV1bWt2d1pNSW9RN2JDNHVucVdrMDA1X2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hODdlYTgtYzNiNi00NzJkLWE5NmMtYTk3MWEzMzRmYWE0
LzEvUUh6bmowckR1cEFxRERqY0FhREY4aEpsR2JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAHxnHAwQA
uWrxAwQAuWrzMA0EAgACMAcDBQAqBkEBMA0GCSqGSIb3DQEBCwUAA4IBAQCQVLOV
UgX8W2lVvB8LXsneBeUtLL5xmbmcHgS6hHclN2IJVDpSxd2YdNMHhZvX2MwLSVTl
ZL/SH9jUrhShkod1zsnN+G68BJWnQtI7fpEvAbxm6jw+G1OD4Eqd0l1LHC9VmNh4
tpvcxjBSNvxl4m7vEknGoCGWFnH3PigXXZU82KCiic4Lvi0T88dCCgVAlA3ttEbe
e4Cb6W5NPNSYLhLg/rmdCCghlwH+L00IgKTm+v6/qg1iGM1/p0gy/QOvyh8E+dz0
k55ad8vihjiqHYswG2hJ3p+FboyhHAqzLG6ioBACWL3Bxnt96eIQPShMHcOzm3Uh
D/dX/0LSVy+dtnBy
-----END CERTIFICATE-----
Generated at Sat Jun 15 16:59:06 2024 by rpki-client on console-fra.rpki-client.org