Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/lXSMv5TFzlF7U2Yh0nY5GDwpj-c.roa
File:                     lXSMv5TFzlF7U2Yh0nY5GDwpj-c.roa (raw, json)
Hash identifier:          FKMUlxVgcBTYivayVo/DvcyzO/qRZ0ZmrGpT6jFmeho=
Subject key identifier:   95:74:8C:BF:94:C5:CE:51:7B:53:66:21:D2:76:39:18:3C:29:8F:E7
Certificate issuer:       /CN=854e103aaec432fc191d49819bd1ab71fe1cfa80
Certificate serial:       018CCA98F7F47FC837099055BDE8DCDEEBC4
Authority key identifier: 85:4E:10:3A:AE:C4:32:FC:19:1D:49:81:9B:D1:AB:71:FE:1C:FA:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hU4QOq7EMvwZHUmBm9Grcf4c-oA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/lXSMv5TFzlF7U2Yh0nY5GDwpj-c.roa
Signing time:             Tue 02 Jan 2024 14:34:31 +0000
ROA not before:           Tue 02 Jan 2024 14:34:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50297
IP address blocks:        46.148.16.0/24 maxlen: 24
                          46.148.17.0/24 maxlen: 24
                          46.148.22.0/24 maxlen: 24
                          46.148.19.0/24 maxlen: 24
                          46.148.20.0/24 maxlen: 24
                          46.148.21.0/24 maxlen: 24
                          46.148.18.0/24 maxlen: 24
                          46.148.26.0/24 maxlen: 24
                          46.148.27.0/24 maxlen: 24
                          46.148.28.0/24 maxlen: 24
                          193.106.28.0/22 maxlen: 22
                          2001:67c:28f8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/hU4QOq7EMvwZHUmBm9Grcf4c-oA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/hU4QOq7EMvwZHUmBm9Grcf4c-oA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hU4QOq7EMvwZHUmBm9Grcf4c-oA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:98:f7:f4:7f:c8:37:09:90:55:bd:e8:dc:de:eb:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854e103aaec432fc191d49819bd1ab71fe1cfa80
        Validity
            Not Before: Jan  2 14:34:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95748cbf94c5ce517b536621d27639183c298fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:3a:fb:08:ed:51:b2:96:a7:39:61:47:9f:c8:
                    24:fa:90:a4:33:d7:19:dd:c8:d4:8b:a2:f1:0f:57:
                    b7:10:61:16:14:85:7c:fa:88:ba:a8:0e:e2:06:b3:
                    22:fc:cd:17:5f:68:86:bf:d8:11:27:f2:6d:37:83:
                    2f:ca:81:1b:ad:15:50:97:bb:72:70:03:7b:e8:5f:
                    ea:dc:6a:ca:5f:cf:86:b1:e0:e0:66:86:a8:65:e5:
                    4e:63:a6:35:0e:ac:58:cf:5c:9f:31:d5:b2:8a:fd:
                    b7:69:4f:1a:3e:86:95:04:81:12:1b:b1:8b:25:63:
                    d3:91:cb:f6:fc:ce:03:5f:66:c6:c5:4d:2f:b7:4a:
                    03:93:08:6b:85:de:c9:a6:07:43:db:d9:ce:ca:a8:
                    d2:64:f6:22:9c:17:97:4a:70:cf:a5:74:b0:75:4b:
                    98:6e:a5:a1:a2:1c:46:ee:25:7d:f7:bb:19:6d:6f:
                    d2:4c:e8:24:9a:e6:36:4b:52:e7:5b:c8:e6:27:7d:
                    16:ec:a2:ef:9c:6b:73:f3:ad:21:08:c2:2a:7d:2c:
                    21:e5:9f:20:f3:9c:37:cc:af:f0:d8:5e:be:ae:0f:
                    da:d0:2a:65:5c:70:dc:70:96:2f:36:29:63:4f:12:
                    39:7f:8f:0b:e9:d3:74:23:c7:76:a3:c4:7a:f0:c4:
                    81:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:74:8C:BF:94:C5:CE:51:7B:53:66:21:D2:76:39:18:3C:29:8F:E7
            X509v3 Authority Key Identifier:
                keyid:85:4E:10:3A:AE:C4:32:FC:19:1D:49:81:9B:D1:AB:71:FE:1C:FA:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hU4QOq7EMvwZHUmBm9Grcf4c-oA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/lXSMv5TFzlF7U2Yh0nY5GDwpj-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/65f4a2-5f69-465b-8891-9c01df7b9e66/1/hU4QOq7EMvwZHUmBm9Grcf4c-oA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.16.0-46.148.22.255
                  46.148.26.0-46.148.28.255
                  193.106.28.0/22
                IPv6:
                  2001:67c:28f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:b1:92:f8:04:1b:84:49:bf:33:4c:7b:51:73:7e:0d:09:ec:
         cf:29:85:a3:f7:07:e2:a7:65:54:14:61:8a:fc:ad:b7:6e:82:
         0c:2d:4a:d9:b8:90:d8:74:5d:5a:a1:c5:50:a8:17:ca:0e:ce:
         95:13:a8:52:c0:e8:c7:fa:2e:ea:5c:eb:c5:91:c0:0a:72:92:
         e6:a2:a8:a1:0b:28:00:0b:c6:82:77:0c:8d:62:3f:69:f9:cd:
         0b:f5:df:a3:2d:0a:92:9c:d7:61:e3:cc:db:f7:b9:5f:c3:ff:
         12:f7:f7:9b:0d:26:73:d8:7e:6b:1d:bb:36:75:88:cb:b1:66:
         70:bb:65:ad:72:8b:78:88:a4:50:12:e6:8c:ed:13:1c:62:dd:
         ec:f4:d0:a2:5e:b1:56:a3:eb:70:2f:d8:aa:ab:16:c3:2b:1f:
         6c:6c:fe:b0:bf:08:43:c4:fc:9e:b0:d9:43:61:df:1a:f7:26:
         62:e7:c7:41:1c:03:20:df:85:48:2e:ad:67:19:7c:09:43:0b:
         f7:12:0b:61:d8:63:d0:4b:ec:de:aa:c4:54:22:3f:8d:86:dc:
         23:1b:7c:62:db:e5:d4:d2:d0:92:56:e9:34:7b:b8:d0:90:9f:
         6d:3a:bc:8d:1c:73:05:d7:f4:aa:33:2b:a4:8c:9b:79:aa:58:
         4d:90:77:f6
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzKmPf0f8g3CZBVvejc3uvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGUxMDNhYWVjNDMyZmMxOTFkNDk4MTliZDFhYjcxZmUx
Y2ZhODAwHhcNMjQwMTAyMTQzNDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTc0OGNiZjk0YzVjZTUxN2I1MzY2MjFkMjc2MzkxODNjMjk4ZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizr7CO1RspanOWFHn8gk+pCkM9cZ
3cjUi6LxD1e3EGEWFIV8+oi6qA7iBrMi/M0XX2iGv9gRJ/JtN4MvyoEbrRVQl7ty
cAN76F/q3GrKX8+GseDgZoaoZeVOY6Y1DqxYz1yfMdWyiv23aU8aPoaVBIESG7GL
JWPTkcv2/M4DX2bGxU0vt0oDkwhrhd7JpgdD29nOyqjSZPYinBeXSnDPpXSwdUuY
bqWhohxG7iV997sZbW/STOgkmuY2S1LnW8jmJ30W7KLvnGtz860hCMIqfSwh5Z8g
85w3zK/w2F6+rg/a0CplXHDccJYvNiljTxI5f48L6dN0I8d2o8R68MSBkQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFJV0jL+Uxc5Re1NmIdJ2ORg8KY/nMB8GA1UdIwQY
MBaAFIVOEDquxDL8GR1JgZvRq3H+HPqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFU0UU9xN0VNdndaSFVtQm05R3JjZjRjLW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82NWY0YTItNWY2OS00NjViLTg4OTEt
OWMwMWRmN2I5ZTY2LzEvbFhTTXY1VEZ6bEY3VTJZaDBuWTVHRHdwai1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82NWY0YTItNWY2OS00NjViLTg4OTEtOWMwMWRmN2I5ZTY2
LzEvaFU0UU9xN0VNdndaSFVtQm05R3JjZjRjLW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAoBAIAATAiMAwDBAQulBAD
BAAulBYwDAMEAS6UGgMEAC6UHAMEAsFqHDAPBAIAAjAJAwcAIAEGfCj4MA0GCSqG
SIb3DQEBCwUAA4IBAQAZsZL4BBuESb8zTHtRc34NCezPKYWj9wfip2VUFGGK/K23
boIMLUrZuJDYdF1aocVQqBfKDs6VE6hSwOjH+i7qXOvFkcAKcpLmoqihCygAC8aC
dwyNYj9p+c0L9d+jLQqSnNdh48zb97lfw/8S9/ebDSZz2H5rHbs2dYjLsWZwu2Wt
cot4iKRQEuaM7RMcYt3s9NCiXrFWo+twL9iqqxbDKx9sbP6wvwhDxPyesNlDYd8a
9yZi58dBHAMg34VILq1nGXwJQwv3Egth2GPQS+zeqsRUIj+NhtwjG3xi2+XU0tCS
Vuk0e7jQkJ9tOryNHHMF1/SqMyukjJt5qlhNkHf2
-----END CERTIFICATE-----
Generated at Sat Nov 23 12:04:41 2024 by rpki-client on console-fra.rpki-client.org