Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4de665-a7e3-440b-93a7-f9b7836f2391/1/dMAhBbP22sckTtx_VXtDnlqNCFk.roa
File:                     dMAhBbP22sckTtx_VXtDnlqNCFk.roa (raw, json)
Hash identifier:          Tz7bf9AeggEio4FP09hzn+ubh5tBbq5Rsm9otGTG8d4=
Subject key identifier:   74:C0:21:05:B3:F6:DA:C7:24:4E:DC:7F:55:7B:43:9E:5A:8D:08:59
Certificate issuer:       /CN=4419e02f046e1bfb5927fe731ff725e469599171
Certificate serial:       018CC6B9141E30F75380DD49ADDC6FD49279
Authority key identifier: 44:19:E0:2F:04:6E:1B:FB:59:27:FE:73:1F:F7:25:E4:69:59:91:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RBngLwRuG_tZJ_5zH_cl5GlZkXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4de665-a7e3-440b-93a7-f9b7836f2391/1/dMAhBbP22sckTtx_VXtDnlqNCFk.roa
Signing time:             Mon 01 Jan 2024 20:31:07 +0000
ROA not before:           Mon 01 Jan 2024 20:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51013
IP address blocks:        185.87.12.0/22 maxlen: 24
                          37.9.168.0/21 maxlen: 24
                          195.210.28.0/23 maxlen: 24
                          45.13.137.0/24 maxlen: 24
                          45.138.185.0/24 maxlen: 24
                          45.138.184.0/24 maxlen: 24
                          2a00:4b40::/32 maxlen: 64
                          2a0e:bb40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4de665-a7e3-440b-93a7-f9b7836f2391/1/RBngLwRuG_tZJ_5zH_cl5GlZkXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4de665-a7e3-440b-93a7-f9b7836f2391/1/RBngLwRuG_tZJ_5zH_cl5GlZkXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RBngLwRuG_tZJ_5zH_cl5GlZkXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:14:1e:30:f7:53:80:dd:49:ad:dc:6f:d4:92:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4419e02f046e1bfb5927fe731ff725e469599171
        Validity
            Not Before: Jan  1 20:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74c02105b3f6dac7244edc7f557b439e5a8d0859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4c:05:22:a8:02:09:e9:d8:45:7f:7c:8f:7b:
                    28:eb:91:80:0a:8c:fd:1f:8f:75:12:b3:55:ef:79:
                    44:84:3e:d9:40:51:02:c2:6e:25:99:82:5e:61:81:
                    a5:3a:cc:43:b9:14:50:54:c9:80:e8:ac:6a:ff:cf:
                    a1:45:d3:dd:0a:49:0b:0f:60:e1:c4:8c:38:83:21:
                    4a:e7:fb:c1:2f:4f:3c:08:01:79:69:98:89:71:b4:
                    09:39:4a:3e:44:a7:77:24:df:86:8d:87:8e:71:36:
                    86:d1:6d:d5:1b:2e:a3:ac:3b:ba:00:fb:1e:4c:33:
                    f0:09:b9:07:5b:11:16:eb:09:78:b4:5e:3a:e4:76:
                    78:48:51:6c:94:2c:c1:31:ac:4f:ee:6e:db:b6:47:
                    53:5f:0e:43:94:fd:4d:5e:9d:69:db:77:cf:75:8d:
                    4e:1f:8b:1d:a8:22:67:99:b3:53:c8:05:f4:a6:ae:
                    cf:ac:4d:67:84:43:79:5e:7f:69:32:bc:2b:f9:10:
                    82:74:12:cd:00:19:d2:54:3b:18:69:d7:45:39:11:
                    ab:e8:19:9d:ee:32:ed:2a:bb:82:ae:c9:c1:bd:59:
                    76:a0:8b:86:99:d2:ff:50:f1:9d:2a:7a:e4:7f:fa:
                    19:0c:8d:0f:c5:21:4f:0b:b6:5f:e8:02:19:e3:c9:
                    48:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:C0:21:05:B3:F6:DA:C7:24:4E:DC:7F:55:7B:43:9E:5A:8D:08:59
            X509v3 Authority Key Identifier:
                keyid:44:19:E0:2F:04:6E:1B:FB:59:27:FE:73:1F:F7:25:E4:69:59:91:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RBngLwRuG_tZJ_5zH_cl5GlZkXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4de665-a7e3-440b-93a7-f9b7836f2391/1/dMAhBbP22sckTtx_VXtDnlqNCFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4de665-a7e3-440b-93a7-f9b7836f2391/1/RBngLwRuG_tZJ_5zH_cl5GlZkXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.9.168.0/21
                  45.13.137.0/24
                  45.138.184.0/23
                  185.87.12.0/22
                  195.210.28.0/23
                IPv6:
                  2a00:4b40::/32
                  2a0e:bb40::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:9a:fb:10:58:92:5d:fc:b2:de:48:4a:31:dd:22:9c:ed:8d:
         bf:7d:4a:ba:e9:b7:7d:d8:69:b2:20:44:89:0a:51:92:05:a5:
         48:60:16:55:f9:00:8c:19:9f:0a:35:4a:f7:e8:c6:d5:b7:81:
         78:8c:c7:6e:6f:e1:c0:db:70:7b:ab:d4:26:fd:5e:27:55:8e:
         d7:0f:4f:cd:db:eb:8a:9a:80:19:31:68:b6:eb:53:0d:66:9c:
         54:4e:82:d9:d7:81:9f:36:c2:0e:65:43:11:f0:d4:66:b1:12:
         82:8b:c6:fb:0e:95:5e:bc:05:1f:c5:39:82:ce:30:a8:c1:d1:
         27:18:55:f5:bc:67:c2:1a:60:be:bd:37:64:a1:40:09:42:29:
         36:08:d7:ff:ae:6d:0d:89:ab:b0:f8:2e:6f:4c:80:cc:2e:7d:
         7a:79:dc:45:ca:ed:d9:18:70:57:19:9b:1c:46:b1:a3:b2:54:
         ae:37:5c:8b:77:48:6f:d4:a5:4f:2e:fd:5d:ad:c8:a6:46:d8:
         bc:42:31:84:13:4c:53:72:6f:3a:ba:43:a7:a6:19:a2:3f:9c:
         08:56:df:26:6f:62:23:b9:17:8e:04:86:92:91:68:69:07:58:
         bc:9c:6a:d8:b1:a9:55:70:df:70:b0:2e:49:67:96:85:48:01:
         73:39:e9:1b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzGuRQeMPdTgN1Jrdxv1JJ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MTllMDJmMDQ2ZTFiZmI1OTI3ZmU3MzFmZjcyNWU0Njk1
OTkxNzEwHhcNMjQwMTAxMjAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGMwMjEwNWIzZjZkYWM3MjQ0ZWRjN2Y1NTdiNDM5ZTVhOGQwODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0wFIqgCCenYRX98j3so65GACoz9
H491ErNV73lEhD7ZQFECwm4lmYJeYYGlOsxDuRRQVMmA6Kxq/8+hRdPdCkkLD2Dh
xIw4gyFK5/vBL088CAF5aZiJcbQJOUo+RKd3JN+GjYeOcTaG0W3VGy6jrDu6APse
TDPwCbkHWxEW6wl4tF465HZ4SFFslCzBMaxP7m7btkdTXw5DlP1NXp1p23fPdY1O
H4sdqCJnmbNTyAX0pq7PrE1nhEN5Xn9pMrwr+RCCdBLNABnSVDsYaddFORGr6Bmd
7jLtKruCrsnBvVl2oIuGmdL/UPGdKnrkf/oZDI0PxSFPC7Zf6AIZ48lICQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFHTAIQWz9trHJE7cf1V7Q55ajQhZMB8GA1UdIwQY
MBaAFEQZ4C8Ebhv7WSf+cx/3JeRpWZFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkJuZ0x3UnVHX3RaSl81ekhfY2w1R2xaa1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZGU2NjUtYTdlMy00NDBiLTkzYTct
ZjliNzgzNmYyMzkxLzEvZE1BaEJiUDIyc2NrVHR4X1ZYdERubHFOQ0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZGU2NjUtYTdlMy00NDBiLTkzYTctZjliNzgzNmYyMzkx
LzEvUkJuZ0x3UnVHX3RaSl81ekhfY2w1R2xaa1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQDJQmoAwQA
LQ2JAwQBLYq4AwQCuVcMAwQBw9IcMBYEAgACMBADBQAqAEtAAwcAKg67QAAAMA0G
CSqGSIb3DQEBCwUAA4IBAQA/mvsQWJJd/LLeSEox3SKc7Y2/fUq66bd92GmyIESJ
ClGSBaVIYBZV+QCMGZ8KNUr36MbVt4F4jMdub+HA23B7q9Qm/V4nVY7XD0/N2+uK
moAZMWi261MNZpxUToLZ14GfNsIOZUMR8NRmsRKCi8b7DpVevAUfxTmCzjCowdEn
GFX1vGfCGmC+vTdkoUAJQik2CNf/rm0Niauw+C5vTIDMLn16edxFyu3ZGHBXGZsc
RrGjslSuN1yLd0hv1KVPLv1drcimRti8QjGEE0xTcm86ukOnphmiP5wIVt8mb2Ij
uReOBIaSkWhpB1i8nGrYsalVcN9wsC5JZ5aFSAFzOekb
-----END CERTIFICATE-----
Generated at Sat Nov 23 12:04:37 2024 by rpki-client on console-fra.rpki-client.org