Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4C71yDOwhhcYrxHr8_rQRIm0mkg.roa
File:                     4C71yDOwhhcYrxHr8_rQRIm0mkg.roa (raw, json)
Hash identifier:          8rNeBoqXDmev+kSUAbc1iHvMIF1xALOa3RWZy0st5pk=
Subject key identifier:   E0:2E:F5:C8:33:B0:86:17:18:AF:11:EB:F3:FA:D0:44:89:B4:9A:48
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       018CC79341B350AB9FAB9E6EF0CB43A90BFF
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4C71yDOwhhcYrxHr8_rQRIm0mkg.roa
Signing time:             Tue 02 Jan 2024 00:29:25 +0000
ROA not before:           Tue 02 Jan 2024 00:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203020
IP address blocks:        5.183.94.0/24 maxlen: 24
                          185.244.8.0/23 maxlen: 24
                          185.244.11.0/24 maxlen: 24
                          45.82.223.0/24 maxlen: 24
                          193.42.226.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:41:b3:50:ab:9f:ab:9e:6e:f0:cb:43:a9:0b:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 00:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e02ef5c833b0861718af11ebf3fad04489b49a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e7:8a:f9:a1:e2:39:88:73:42:59:29:81:4f:
                    ba:a2:aa:1f:46:80:d5:c9:dc:91:cf:fe:7d:c2:5d:
                    8c:89:86:84:35:d5:77:ea:06:f4:56:cd:93:5d:61:
                    f2:28:1e:4b:84:ce:33:99:9d:72:52:fe:dc:65:c0:
                    f7:e6:8e:51:93:c4:49:19:63:cb:07:2d:06:4b:80:
                    7d:b3:77:c5:4b:d7:92:45:d2:2e:e8:67:10:bf:15:
                    03:f0:0f:5b:dd:3d:1f:a1:46:80:45:9e:8a:14:60:
                    94:7a:62:8e:eb:06:18:78:f1:86:c4:65:de:50:32:
                    e2:2f:4c:2f:72:01:a4:32:97:72:0b:f1:8e:a8:04:
                    54:f2:e6:22:d4:e7:b4:91:f3:77:17:f8:e2:f6:eb:
                    55:f6:22:77:78:09:8f:38:c6:2e:19:41:20:81:10:
                    5e:03:94:bb:9f:aa:7b:c6:a5:81:0f:fa:e4:ab:34:
                    7b:1d:ca:4b:a8:08:b1:d6:62:42:15:ad:7b:da:28:
                    a4:76:75:b2:48:72:d0:8b:12:12:b0:ca:e7:a9:ba:
                    50:af:7e:8d:fe:e4:a0:a4:09:eb:08:45:94:54:dd:
                    f5:43:0e:f2:98:97:ae:a0:98:a5:81:31:0d:4e:2e:
                    47:9b:ce:cd:55:0d:db:43:3b:a7:fb:f1:57:f3:c1:
                    41:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:2E:F5:C8:33:B0:86:17:18:AF:11:EB:F3:FA:D0:44:89:B4:9A:48
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4C71yDOwhhcYrxHr8_rQRIm0mkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.94.0/24
                  45.82.223.0/24
                  185.244.8.0/23
                  185.244.11.0/24
                  193.42.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:01:e2:32:3b:13:4f:0d:fe:42:cc:27:92:a7:d3:7a:f7:90:
         7f:88:c5:46:cd:e6:91:c7:4c:ea:7b:dc:a1:77:50:df:ab:3e:
         42:00:d5:4d:67:a2:eb:27:46:00:b2:14:56:58:41:64:c9:b1:
         b0:fb:b1:5e:b0:e5:03:7d:1d:32:bc:da:d2:22:c2:15:20:79:
         53:02:90:60:20:c7:27:db:44:20:fe:2d:be:76:ae:a6:d1:6a:
         9f:f9:51:c8:47:a5:a5:8c:ea:ec:46:70:f9:b8:c8:af:03:8b:
         5b:4f:e4:c1:60:12:82:ea:4c:dd:37:5c:dd:cc:39:85:23:9a:
         42:81:55:00:11:92:2e:d6:c6:c6:7d:74:57:d4:3e:b8:74:7e:
         84:8f:bb:39:bd:fc:f9:eb:69:db:cb:c3:18:b2:58:24:a7:5a:
         fc:1b:36:4d:24:ff:16:12:45:2c:21:67:09:d8:bf:c6:f1:8c:
         a0:9c:a4:dc:c4:d4:e3:34:cc:f5:d5:c1:90:de:b0:7a:1e:9b:
         d5:98:9a:dc:5f:6c:c9:a5:10:f5:09:7b:7c:41:ff:54:62:1f:
         76:90:30:46:1a:b9:dc:b3:67:80:ec:9a:c1:9e:94:9a:15:b7:
         eb:7f:a7:26:ef:2e:0e:80:5e:ba:8f:83:64:4b:b4:57:62:25:
         52:da:42:b0
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzHk0GzUKufq55u8MtDqQv/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjQwMTAyMDAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDJlZjVjODMzYjA4NjE3MThhZjExZWJmM2ZhZDA0NDg5YjQ5YTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+eK+aHiOYhzQlkpgU+6oqofRoDV
ydyRz/59wl2MiYaENdV36gb0Vs2TXWHyKB5LhM4zmZ1yUv7cZcD35o5Rk8RJGWPL
By0GS4B9s3fFS9eSRdIu6GcQvxUD8A9b3T0foUaARZ6KFGCUemKO6wYYePGGxGXe
UDLiL0wvcgGkMpdyC/GOqARU8uYi1Oe0kfN3F/ji9utV9iJ3eAmPOMYuGUEggRBe
A5S7n6p7xqWBD/rkqzR7HcpLqAix1mJCFa172iikdnWySHLQixISsMrnqbpQr36N
/uSgpAnrCEWUVN31Qw7ymJeuoJilgTENTi5Hm87NVQ3bQzun+/FX88FBMQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFOAu9cgzsIYXGK8R6/P60ESJtJpIMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvNEM3MXlET3doaGNZcnhIcjhfclFSSW0wbWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQABbdeAwQA
LVLfAwQBufQIAwQAufQLAwQBwSriMA0GCSqGSIb3DQEBCwUAA4IBAQAPAeIyOxNP
Df5CzCeSp9N695B/iMVGzeaRx0zqe9yhd1Dfqz5CANVNZ6LrJ0YAshRWWEFkybGw
+7FesOUDfR0yvNrSIsIVIHlTApBgIMcn20Qg/i2+dq6m0Wqf+VHIR6WljOrsRnD5
uMivA4tbT+TBYBKC6kzdN1zdzDmFI5pCgVUAEZIu1sbGfXRX1D64dH6Ej7s5vfz5
62nby8MYslgkp1r8GzZNJP8WEkUsIWcJ2L/G8YygnKTcxNTjNMz11cGQ3rB6HpvV
mJrcX2zJpRD1CXt8Qf9UYh92kDBGGrncs2eA7JrBnpSaFbfrf6cm7y4OgF66j4Nk
S7RXYiVS2kKw
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:57:31 2024 by rpki-client on console-ams.rpki-client.org