Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/7SxqI2ZodyCORmw4qPdx2QU_IPk.roa
File:                     7SxqI2ZodyCORmw4qPdx2QU_IPk.roa (raw, json)
Hash identifier:          qgvQeCzoXx/DRJm6mdlCbShl5jCFr2A62dXJP+PjINA=
Subject key identifier:   ED:2C:6A:23:66:68:77:20:8E:46:6C:38:A8:F7:71:D9:05:3F:20:F9
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       0191E1DBDEB2E1F6DDBB30B749BD8BC69ED6
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/7SxqI2ZodyCORmw4qPdx2QU_IPk.roa
Signing time:             Wed 11 Sep 2024 16:12:48 +0000
ROA not before:           Wed 11 Sep 2024 16:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        146.19.50.0/24 maxlen: 24
                          185.253.3.0/24 maxlen: 24
                          194.26.218.0/24 maxlen: 24
                          213.134.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:21:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:db:de:b2:e1:f6:dd:bb:30:b7:49:bd:8b:c6:9e:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Sep 11 16:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed2c6a23666877208e466c38a8f771d9053f20f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ad:a5:0b:8d:29:cd:4f:82:af:69:50:da:a8:
                    17:76:dd:1b:e7:d6:e4:d9:f6:f2:02:08:dd:c6:b1:
                    ea:10:d1:ee:c8:9d:b9:80:4d:74:d1:47:71:32:3a:
                    17:ec:1c:b1:6a:db:43:7b:11:72:8b:b6:bd:a1:2a:
                    22:50:66:f1:b3:f0:28:63:24:87:ae:7d:f4:be:2b:
                    15:fc:13:cb:90:87:0b:99:93:b4:c4:74:ac:ba:b0:
                    86:3c:e6:95:d8:b6:15:79:a0:f6:3c:f1:05:b6:b1:
                    23:50:97:2d:46:1b:72:85:68:68:fe:32:84:c1:ad:
                    55:5f:4b:58:a3:58:98:be:3f:96:7b:34:ea:17:e9:
                    30:67:c2:bd:7e:64:f6:fc:73:24:3b:89:15:3c:58:
                    6c:48:30:57:cb:ae:ac:01:a6:c1:fe:73:02:aa:f0:
                    3c:c0:9d:63:ce:f1:71:87:1a:53:45:fa:0a:89:46:
                    f0:86:ba:9b:84:8d:87:f0:71:77:92:b8:53:d2:7e:
                    e5:df:1e:83:9c:d2:e2:2a:9b:7f:6c:d2:90:06:c2:
                    77:62:da:50:78:1c:15:bf:7d:5a:db:4c:7c:a5:20:
                    e1:38:31:39:2b:73:b5:fd:ce:af:d9:c9:64:08:12:
                    19:42:2e:08:64:8e:f6:0f:a6:92:b4:03:64:13:03:
                    9f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:2C:6A:23:66:68:77:20:8E:46:6C:38:A8:F7:71:D9:05:3F:20:F9
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/7SxqI2ZodyCORmw4qPdx2QU_IPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.50.0/24
                  185.253.3.0/24
                  194.26.218.0/24
                  213.134.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:77:fc:4d:c4:64:9e:cd:15:06:20:b6:d9:74:00:3a:4a:5e:
         60:89:f0:4e:28:91:97:84:f1:76:18:2d:d0:e9:16:4c:15:cd:
         1a:df:33:fe:a4:9a:47:f8:da:bf:03:ff:a9:cd:04:3a:6b:57:
         5f:e0:86:10:34:f4:03:a4:83:62:d8:c9:0d:3c:e9:f3:92:9f:
         22:65:6d:b4:f3:8c:54:2f:b6:11:46:7c:c8:c3:2b:77:7a:10:
         d9:98:5e:bf:08:80:82:76:cb:ed:bd:1c:48:28:be:4f:08:59:
         64:7e:b9:b0:59:6e:87:1a:81:0a:bb:b7:8d:5f:69:77:17:bb:
         39:a7:ad:fc:73:a2:b2:49:18:3f:23:ee:52:f8:e7:66:62:8b:
         06:8d:7e:99:94:e6:dd:e1:09:27:9c:9f:d0:a8:39:6b:46:a4:
         6d:9c:6e:81:90:45:88:25:21:75:64:1b:13:54:e4:ad:e6:e6:
         91:eb:f9:af:5f:5f:f2:4f:87:d0:d0:d2:24:34:c4:2a:10:6d:
         01:c8:bb:d8:4e:09:ca:6f:7e:d5:da:10:d0:fc:23:5f:fa:69:
         2c:63:c6:9a:3b:b3:70:99:c2:06:ba:c8:ac:86:19:89:33:33:
         58:4d:ba:ba:a4:35:a9:16:0f:0f:c9:da:c5:dd:90:6b:62:2d:
         c2:8a:1f:08
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZHh296y4fbduzC3Sb2Lxp7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjQwOTExMTYxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDJjNmEyMzY2Njg3NzIwOGU0NjZjMzhhOGY3NzFkOTA1M2YyMGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwK2lC40pzU+Cr2lQ2qgXdt0b59bk
2fbyAgjdxrHqENHuyJ25gE100UdxMjoX7ByxattDexFyi7a9oSoiUGbxs/AoYySH
rn30visV/BPLkIcLmZO0xHSsurCGPOaV2LYVeaD2PPEFtrEjUJctRhtyhWho/jKE
wa1VX0tYo1iYvj+WezTqF+kwZ8K9fmT2/HMkO4kVPFhsSDBXy66sAabB/nMCqvA8
wJ1jzvFxhxpTRfoKiUbwhrqbhI2H8HF3krhT0n7l3x6DnNLiKpt/bNKQBsJ3YtpQ
eBwVv31a20x8pSDhODE5K3O1/c6v2clkCBIZQi4IZI72D6aStANkEwOfgwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFO0saiNmaHcgjkZsOKj3cdkFPyD5MB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvN1N4cUkyWm9keUNPUm13NHFQZHgyUVVfSVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAkhMyAwQA
uf0DAwQAwhraAwQA1YYZMA0GCSqGSIb3DQEBCwUAA4IBAQCvd/xNxGSezRUGILbZ
dAA6Sl5gifBOKJGXhPF2GC3Q6RZMFc0a3zP+pJpH+Nq/A/+pzQQ6a1df4IYQNPQD
pINi2MkNPOnzkp8iZW2084xUL7YRRnzIwyt3ehDZmF6/CICCdsvtvRxIKL5PCFlk
frmwWW6HGoEKu7eNX2l3F7s5p638c6KySRg/I+5S+OdmYosGjX6ZlObd4QknnJ/Q
qDlrRqRtnG6BkEWIJSF1ZBsTVOSt5uaR6/mvX1/yT4fQ0NIkNMQqEG0ByLvYTgnK
b37V2hDQ/CNf+mksY8aaO7NwmcIGusishhmJMzNYTbq6pDWpFg8PydrF3ZBrYi3C
ih8I
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:07:39 2024 by rpki-client on console-ams.rpki-client.org