Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/r0IByZQNfrLrBv390ZWL_pjbczg.roa
File:                     r0IByZQNfrLrBv390ZWL_pjbczg.roa (raw, json)
Hash identifier:          lx9asTPWxscarYNMaWaP4gDXjewm9dnPwOyAfTNMevM=
Subject key identifier:   AF:42:01:C9:94:0D:7E:B2:EB:06:FD:FD:D1:95:8B:FE:98:DB:73:38
Certificate issuer:       /CN=49b2444644c43348d7c50f4e50e74356e9896dbf
Certificate serial:       018CC6B8DDE2AF98D08F3D9F56EC140114CC
Authority key identifier: 49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/r0IByZQNfrLrBv390ZWL_pjbczg.roa
Signing time:             Mon 01 Jan 2024 20:30:53 +0000
ROA not before:           Mon 01 Jan 2024 20:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        185.85.233.0/24 maxlen: 24
                          185.85.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:dd:e2:af:98:d0:8f:3d:9f:56:ec:14:01:14:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49b2444644c43348d7c50f4e50e74356e9896dbf
        Validity
            Not Before: Jan  1 20:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af4201c9940d7eb2eb06fdfdd1958bfe98db7338
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d3:32:c2:3d:aa:e4:83:a1:58:7d:2f:2e:3c:
                    b5:e3:35:c9:d0:7a:90:2c:6d:a4:79:1a:c8:72:8e:
                    0f:da:fb:15:98:1d:cf:cd:9f:98:b3:c7:f9:bd:32:
                    98:42:8d:08:7f:8b:aa:4c:ea:c4:76:18:49:c9:95:
                    3b:9b:63:a2:d4:cc:20:50:a1:04:b2:d5:1e:e2:fb:
                    35:0b:7c:77:61:08:f1:e4:54:95:6e:e2:6d:76:06:
                    7c:25:88:75:d4:3c:ea:5f:f8:b2:49:09:75:10:8e:
                    7e:13:0a:1a:94:66:7f:ab:0c:00:ab:75:b8:98:51:
                    94:ab:ac:7f:12:8e:af:90:0f:09:01:6d:b3:f9:64:
                    15:86:0c:16:61:30:8c:0e:c9:c6:11:e3:3d:5d:27:
                    3f:e4:4e:82:b7:03:f1:a4:11:11:9b:74:3e:8b:d5:
                    db:78:17:8b:3f:1e:60:74:f2:41:66:26:a6:16:e1:
                    64:90:40:f7:e3:dd:9f:56:1e:62:8f:66:b1:c9:67:
                    4c:6e:61:f7:c7:de:f2:32:1b:7d:55:4a:0d:da:bc:
                    55:23:73:2a:e7:85:dc:20:bb:d3:1e:67:43:c9:f3:
                    ce:35:2a:32:e9:e0:62:38:90:35:c2:9c:af:ea:97:
                    dd:70:f3:e4:9a:07:cc:e9:42:70:9f:1d:14:04:bc:
                    d7:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:42:01:C9:94:0D:7E:B2:EB:06:FD:FD:D1:95:8B:FE:98:DB:73:38
            X509v3 Authority Key Identifier:
                keyid:49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/r0IByZQNfrLrBv390ZWL_pjbczg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.233.0/24
                  185.85.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:96:6f:1c:4e:5d:34:10:bd:e6:07:73:22:ef:9a:d0:37:f8:
         5e:77:dd:55:6a:59:46:5f:03:76:f2:c6:3d:d0:28:4d:ad:0c:
         63:1c:9e:55:b6:65:d2:40:dd:ca:d7:0c:2a:fc:4d:92:d5:a8:
         e6:d9:a7:09:35:f7:14:4e:0b:b6:db:65:d0:84:cc:bf:85:70:
         a4:d9:12:c5:67:c2:3e:df:4a:d2:d7:0a:b8:d2:65:20:a8:36:
         54:94:bb:c3:08:e7:96:d6:70:8c:9c:09:18:b9:f7:20:1a:ef:
         e6:7f:b3:c6:aa:84:e4:bf:a3:40:31:de:70:01:ae:5e:63:73:
         1e:a6:ef:a3:9c:ed:8d:9c:83:47:38:e9:f2:6e:1c:35:55:11:
         c0:c7:70:f7:10:f2:11:49:31:de:19:c3:9f:90:30:0e:ad:ab:
         3c:66:64:df:e1:9b:b0:a5:83:d2:9c:61:61:cb:c5:38:8e:63:
         b3:12:6a:98:79:03:1e:c6:89:fa:91:80:38:19:9a:41:43:79:
         c9:97:5a:b2:6c:b5:8d:71:52:6c:9f:6f:3f:e8:48:b5:64:c9:
         86:97:fc:09:a5:01:bf:4d:a2:2a:63:86:d0:86:0a:5f:51:79:
         ee:35:5d:35:43:31:94:f7:00:c7:21:15:94:f9:2d:f1:64:9e:
         18:17:0d:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuN3ir5jQjz2fVuwUARTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YjI0NDQ2NDRjNDMzNDhkN2M1MGY0ZTUwZTc0MzU2ZTk4
OTZkYmYwHhcNMjQwMTAxMjAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQyMDFjOTk0MGQ3ZWIyZWIwNmZkZmRkMTk1OGJmZTk4ZGI3MzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdMywj2q5IOhWH0vLjy14zXJ0HqQ
LG2keRrIco4P2vsVmB3PzZ+Ys8f5vTKYQo0If4uqTOrEdhhJyZU7m2Oi1MwgUKEE
stUe4vs1C3x3YQjx5FSVbuJtdgZ8JYh11DzqX/iySQl1EI5+EwoalGZ/qwwAq3W4
mFGUq6x/Eo6vkA8JAW2z+WQVhgwWYTCMDsnGEeM9XSc/5E6CtwPxpBERm3Q+i9Xb
eBeLPx5gdPJBZiamFuFkkED3492fVh5ij2axyWdMbmH3x97yMht9VUoN2rxVI3Mq
54XcILvTHmdDyfPONSoy6eBiOJA1wpyv6pfdcPPkmgfM6UJwnx0UBLzXfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK9CAcmUDX6y6wb9/dGVi/6Y23M4MB8GA1UdIwQY
MBaAFEmyREZExDNI18UPTlDnQ1bpiW2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzkt
NzUzZDk2OWEwNzAyLzEvcjBJQnlaUU5mckxyQnYzOTBaV0xfcGpiY3pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzktNzUzZDk2OWEwNzAy
LzEvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVXpAwQA
uVXrMA0GCSqGSIb3DQEBCwUAA4IBAQAGlm8cTl00EL3mB3Mi75rQN/hed91VallG
XwN28sY90ChNrQxjHJ5VtmXSQN3K1wwq/E2S1ajm2acJNfcUTgu222XQhMy/hXCk
2RLFZ8I+30rS1wq40mUgqDZUlLvDCOeW1nCMnAkYufcgGu/mf7PGqoTkv6NAMd5w
Aa5eY3Mepu+jnO2NnINHOOnybhw1VRHAx3D3EPIRSTHeGcOfkDAOras8ZmTf4Zuw
pYPSnGFhy8U4jmOzEmqYeQMexon6kYA4GZpBQ3nJl1qybLWNcVJsn28/6Ei1ZMmG
l/wJpQG/TaIqY4bQhgpfUXnuNV01QzGU9wDHIRWU+S3xZJ4YFw21
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:37:45 2024 by rpki-client on console-fra.rpki-client.org