Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/47cifHe4Tv4LsjBU5fG1bUYr5bg.roa
File:                     47cifHe4Tv4LsjBU5fG1bUYr5bg.roa (raw, json)
Hash identifier:          w2ZjN5sDl4wrNrqvGfS9CgtWV3YSg0eNsZvJWaxsnvg=
Subject key identifier:   E3:B7:22:7C:77:B8:4E:FE:0B:B2:30:54:E5:F1:B5:6D:46:2B:E5:B8
Certificate issuer:       /CN=677b43f538f0ae720e527b2a6c0b8a876d96c947
Certificate serial:       018CC86F3CB7A3F56FB5ED3D688597FA3037
Authority key identifier: 67:7B:43:F5:38:F0:AE:72:0E:52:7B:2A:6C:0B:8A:87:6D:96:C9:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z3tD9TjwrnIOUnsqbAuKh22WyUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/47cifHe4Tv4LsjBU5fG1bUYr5bg.roa
Signing time:             Tue 02 Jan 2024 04:29:42 +0000
ROA not before:           Tue 02 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205235
IP address blocks:        185.38.175.0/24 maxlen: 24
                          2a01:4262:1ab::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/Z3tD9TjwrnIOUnsqbAuKh22WyUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/Z3tD9TjwrnIOUnsqbAuKh22WyUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z3tD9TjwrnIOUnsqbAuKh22WyUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3c:b7:a3:f5:6f:b5:ed:3d:68:85:97:fa:30:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=677b43f538f0ae720e527b2a6c0b8a876d96c947
        Validity
            Not Before: Jan  2 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3b7227c77b84efe0bb23054e5f1b56d462be5b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ac:62:a5:3d:dc:78:36:76:e6:a9:20:ff:57:
                    36:c6:8e:85:16:ed:10:82:3f:cc:9a:57:57:49:ac:
                    61:a7:a9:e0:1a:da:1b:a9:a5:f5:e9:51:57:a1:93:
                    0e:78:d9:52:cc:34:26:1f:60:9c:5a:8b:b2:53:6b:
                    1e:e2:48:af:45:a7:bf:27:3d:37:c9:75:cf:30:23:
                    b5:59:ec:4a:72:c7:f0:c4:cb:76:a3:e7:16:f3:3a:
                    c8:d8:e7:dd:2d:6f:fa:53:04:9a:4f:50:ef:a8:c8:
                    f9:20:64:1f:9c:3c:1b:3c:80:01:29:1e:8f:3b:dd:
                    62:e0:19:4a:7c:70:be:14:4f:18:c9:ad:4e:c9:f3:
                    4f:52:b1:0e:7c:73:3c:0f:c0:cd:df:ff:0f:02:37:
                    3a:a9:ff:63:28:f3:69:74:91:36:bf:21:1f:95:29:
                    f4:d3:21:8c:ac:2b:79:89:76:b0:82:55:64:31:e2:
                    29:96:ea:00:10:8c:b6:bc:e0:89:84:66:b2:ad:01:
                    59:d2:60:f4:2b:6e:f1:6e:48:6f:a1:2e:ef:ba:7b:
                    1c:fc:29:e0:b8:4b:1b:9b:da:fc:09:78:d5:09:82:
                    c5:46:bb:55:71:f7:c9:05:e3:d5:ab:b2:13:8d:d3:
                    5a:90:01:2d:a7:7b:d9:8d:ba:5b:8d:09:fc:64:40:
                    51:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B7:22:7C:77:B8:4E:FE:0B:B2:30:54:E5:F1:B5:6D:46:2B:E5:B8
            X509v3 Authority Key Identifier:
                keyid:67:7B:43:F5:38:F0:AE:72:0E:52:7B:2A:6C:0B:8A:87:6D:96:C9:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z3tD9TjwrnIOUnsqbAuKh22WyUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/47cifHe4Tv4LsjBU5fG1bUYr5bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/Z3tD9TjwrnIOUnsqbAuKh22WyUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.175.0/24
                IPv6:
                  2a01:4262:1ab::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:3f:f9:b0:1c:85:9e:b4:ed:ec:df:48:f2:2d:06:62:ab:7b:
         2f:a8:23:2b:2b:42:7a:45:ee:a7:79:af:5b:10:4e:c5:dd:29:
         e8:0d:2e:f6:25:b5:e2:28:ef:85:7e:c0:3e:9c:8e:91:58:ea:
         d6:1f:84:3e:82:a4:6c:e3:52:53:15:f2:f6:79:97:60:bf:fa:
         c5:d0:91:a1:90:bc:7d:71:24:69:bd:6b:04:51:7d:08:c7:d6:
         89:a3:38:5f:ac:42:40:c2:f0:fd:8b:6a:c8:b4:5e:89:47:23:
         12:a8:94:bf:2b:95:4b:a2:cc:a7:aa:92:2a:59:4f:2f:72:9f:
         dd:57:93:87:bb:3c:fb:ad:59:e9:60:72:88:32:b5:32:1a:1a:
         0f:ef:57:eb:8e:93:c7:9a:e4:1c:ea:7e:27:2b:1f:4b:0b:2d:
         3e:c2:b8:c6:18:bb:9e:29:b8:70:50:9c:fc:20:83:e7:2d:5c:
         97:9b:70:7e:e9:e7:52:f2:51:71:50:2e:61:38:2e:0c:94:e8:
         fd:b0:20:1e:e7:a4:b8:93:76:4f:20:5f:78:c3:16:9d:9a:ea:
         81:f8:bb:1e:c0:c2:df:99:73:a2:aa:5d:6d:12:47:ab:27:22:
         b2:b2:71:77:25:12:a4:95:4d:63:f2:df:cf:25:37:93:e2:de:
         8b:16:38:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIbzy3o/Vvte09aIWX+jA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3N2I0M2Y1MzhmMGFlNzIwZTUyN2IyYTZjMGI4YTg3NmQ5
NmM5NDcwHhcNMjQwMTAyMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2I3MjI3Yzc3Yjg0ZWZlMGJiMjMwNTRlNWYxYjU2ZDQ2MmJlNWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5KxipT3ceDZ25qkg/1c2xo6FFu0Q
gj/MmldXSaxhp6ngGtobqaX16VFXoZMOeNlSzDQmH2CcWouyU2se4kivRae/Jz03
yXXPMCO1WexKcsfwxMt2o+cW8zrI2OfdLW/6UwSaT1DvqMj5IGQfnDwbPIABKR6P
O91i4BlKfHC+FE8Yya1OyfNPUrEOfHM8D8DN3/8PAjc6qf9jKPNpdJE2vyEflSn0
0yGMrCt5iXawglVkMeIpluoAEIy2vOCJhGayrQFZ0mD0K27xbkhvoS7vunsc/Cng
uEsbm9r8CXjVCYLFRrtVcffJBePVq7ITjdNakAEtp3vZjbpbjQn8ZEBRDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOO3Inx3uE7+C7IwVOXxtW1GK+W4MB8GA1UdIwQY
MBaAFGd7Q/U48K5yDlJ7KmwLiodtlslHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjN0RDlUandybklPVW5zcWJBdUtoMjJXeVVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81YTZlZWUtYTA5YS00NGUxLTg4ZGIt
Mjg3ODIwM2EwMDlkLzEvNDdjaWZIZTRUdjRMc2pCVTVmRzFiVVlyNWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81YTZlZWUtYTA5YS00NGUxLTg4ZGItMjg3ODIwM2EwMDlk
LzEvWjN0RDlUandybklPVW5zcWJBdUtoMjJXeVVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuSavMA8E
AgACMAkDBwAqAUJiAaswDQYJKoZIhvcNAQELBQADggEBAFw/+bAchZ607ezfSPIt
BmKrey+oIysrQnpF7qd5r1sQTsXdKegNLvYlteIo74V+wD6cjpFY6tYfhD6CpGzj
UlMV8vZ5l2C/+sXQkaGQvH1xJGm9awRRfQjH1omjOF+sQkDC8P2Lasi0XolHIxKo
lL8rlUuizKeqkipZTy9yn91Xk4e7PPutWelgcogytTIaGg/vV+uOk8ea5Bzqficr
H0sLLT7CuMYYu54puHBQnPwgg+ctXJebcH7p51LyUXFQLmE4LgyU6P2wIB7npLiT
dk8gX3jDFp2a6oH4ux7Awt+Zc6KqXW0SR6snIrKycXclEqSVTWPy388lN5Pi3osW
OIU=
-----END CERTIFICATE-----
Generated at Sat Jun 15 20:33:16 2024 by rpki-client on console-fra.rpki-client.org