Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/F6CrUESClOR3BlJsZUeMWX91JoU.roa
File:                     F6CrUESClOR3BlJsZUeMWX91JoU.roa (raw, json)
Hash identifier:          jyMSWabY6yZvManiLm/qO5TdR7O7sQM2mzy7zSAuGVk=
Subject key identifier:   17:A0:AB:50:44:82:94:E4:77:06:52:6C:65:47:8C:59:7F:75:26:85
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01909C2D52BEEA15ED8C20F2318FB5D0B871
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/F6CrUESClOR3BlJsZUeMWX91JoU.roa
Signing time:             Wed 10 Jul 2024 10:25:34 +0000
ROA not before:           Wed 10 Jul 2024 10:25:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214576
IP address blocks:        185.40.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:2d:52:be:ea:15:ed:8c:20:f2:31:8f:b5:d0:b8:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 10 10:25:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17a0ab50448294e47706526c65478c597f752685
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a3:26:6e:db:d8:b1:65:b4:60:46:46:15:06:
                    ba:0b:6f:89:0a:76:76:77:40:1f:e0:57:c8:4d:be:
                    9b:ae:df:1d:c8:d9:9b:8c:a0:d9:11:d9:db:06:c1:
                    3a:f4:6a:10:a2:ce:49:94:b9:51:9c:de:cc:95:48:
                    66:73:ad:f8:c7:fb:f6:44:e8:d0:7e:ff:2e:56:3d:
                    97:7a:9f:63:74:9f:cf:38:cb:85:34:5b:e6:c1:d9:
                    34:34:11:42:cf:88:71:88:96:93:f0:76:50:ae:11:
                    40:c5:75:08:ec:38:62:18:6e:35:94:96:d9:81:54:
                    90:cc:b3:c4:50:22:a1:a1:71:33:8c:14:4a:b3:04:
                    c5:b9:18:78:7c:14:6f:4f:bd:fe:8d:63:b8:e1:89:
                    db:de:58:6f:96:7f:2f:2b:24:f2:82:ce:84:52:34:
                    c2:86:15:a6:1e:a6:05:4f:8a:f9:88:87:1b:4e:c1:
                    f7:63:8d:07:ba:df:1f:81:1a:37:10:4d:d4:a4:d1:
                    ef:fd:8d:43:73:6d:2e:ac:41:ac:09:6c:76:be:8d:
                    ca:fb:24:e3:f1:84:99:6f:79:4f:d5:4f:34:e5:71:
                    2e:9b:b3:28:ca:6b:c0:78:2f:76:11:20:55:df:2a:
                    46:d4:e8:31:15:5f:bb:c9:f6:10:f2:73:9a:5c:77:
                    b9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:A0:AB:50:44:82:94:E4:77:06:52:6C:65:47:8C:59:7F:75:26:85
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/F6CrUESClOR3BlJsZUeMWX91JoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:28:0b:13:18:a1:a1:7a:0f:c0:1d:1c:ec:af:a2:a2:ed:71:
         05:32:fd:95:ac:27:d8:b4:44:94:11:7b:9e:9f:95:57:50:3a:
         b6:7d:d6:75:cf:72:96:b4:59:87:1e:a6:f3:a1:2a:e3:ba:44:
         50:69:81:ab:a1:1f:73:05:4a:fd:3f:b0:31:62:40:30:84:c6:
         ca:83:0f:43:6f:ec:a2:a5:d8:66:d8:73:61:ed:12:d9:24:84:
         f5:05:b3:b6:1d:b9:f8:e4:25:f0:7d:4c:90:5b:5d:c1:2f:4d:
         aa:08:94:4f:12:f8:ca:7b:3a:33:50:53:bc:f0:dd:40:c3:57:
         8f:0c:77:a8:a5:d3:d2:91:31:20:b5:ec:7e:ce:b2:08:18:39:
         f2:30:a7:35:14:17:d4:f5:b0:33:4a:2b:67:01:2c:bf:82:0b:
         7d:c0:d5:b5:d9:42:b3:f2:0b:ff:65:35:45:40:c1:3c:29:ee:
         f0:80:28:81:8a:6e:cb:6e:c8:bc:11:0c:37:3f:92:c8:0f:d7:
         69:3e:e4:b3:28:31:c7:ee:b7:ea:af:6e:52:f7:0c:68:79:9d:
         62:c5:f4:77:08:39:d8:d8:7b:bf:08:f4:ba:45:55:3e:fb:07:
         ef:be:19:ee:9c:a9:94:70:8b:00:ae:4e:62:3a:28:72:26:07:
         24:da:df:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCcLVK+6hXtjCDyMY+10LhxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwNzEwMTAyNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2EwYWI1MDQ0ODI5NGU0NzcwNjUyNmM2NTQ3OGM1OTdmNzUyNjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6MmbtvYsWW0YEZGFQa6C2+JCnZ2
d0Af4FfITb6brt8dyNmbjKDZEdnbBsE69GoQos5JlLlRnN7MlUhmc634x/v2ROjQ
fv8uVj2Xep9jdJ/POMuFNFvmwdk0NBFCz4hxiJaT8HZQrhFAxXUI7DhiGG41lJbZ
gVSQzLPEUCKhoXEzjBRKswTFuRh4fBRvT73+jWO44Ynb3lhvln8vKyTygs6EUjTC
hhWmHqYFT4r5iIcbTsH3Y40Hut8fgRo3EE3UpNHv/Y1Dc20urEGsCWx2vo3K+yTj
8YSZb3lP1U805XEum7MoymvAeC92ESBV3ypG1OgxFV+7yfYQ8nOaXHe5TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBegq1BEgpTkdwZSbGVHjFl/dSaFMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvRjZDclVFU0NsT1IzQmxKc1pVZU1XWDkxSm9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSgEMA0G
CSqGSIb3DQEBCwUAA4IBAQA7KAsTGKGheg/AHRzsr6Ki7XEFMv2VrCfYtESUEXue
n5VXUDq2fdZ1z3KWtFmHHqbzoSrjukRQaYGroR9zBUr9P7AxYkAwhMbKgw9Db+yi
pdhm2HNh7RLZJIT1BbO2Hbn45CXwfUyQW13BL02qCJRPEvjKezozUFO88N1Aw1eP
DHeopdPSkTEgtex+zrIIGDnyMKc1FBfU9bAzSitnASy/ggt9wNW12UKz8gv/ZTVF
QME8Ke7wgCiBim7Lbsi8EQw3P5LID9dpPuSzKDHH7rfqr25S9wxoeZ1ixfR3CDnY
2Hu/CPS6RVU++wfvvhnunKmUcIsArk5iOihyJgck2t/7
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:08:52 2024 by rpki-client on console-fra.rpki-client.org