Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/8840f0-271e-4527-a413-6c4719bcf9ee/1/1-_KVwbZv_G8RZ2k6-hNKnrfUl2Q.roa
File:                     1-_KVwbZv_G8RZ2k6-hNKnrfUl2Q.roa (raw, json)
Hash identifier:          TPCasxvNzO6h+m1eSPcTP2RR4bJHtKU5vosaTBro21E=
Subject key identifier:   FB:F2:95:C1:B6:6F:FC:6F:11:67:69:3A:FA:13:4A:9E:B7:D4:97:64
Certificate issuer:       /CN=c818be19c10980f15bcdee076690078491a8aa21
Certificate serial:       018CC348F6E3B26A12028FB66FEE89C98A97
Authority key identifier: C8:18:BE:19:C1:09:80:F1:5B:CD:EE:07:66:90:07:84:91:A8:AA:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yBi-GcEJgPFbze4HZpAHhJGoqiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/8840f0-271e-4527-a413-6c4719bcf9ee/1/1-_KVwbZv_G8RZ2k6-hNKnrfUl2Q.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49911
IP address blocks:        185.76.49.0/24 maxlen: 24
                          185.76.48.0/22 maxlen: 22
                          185.76.48.0/24 maxlen: 24
                          185.76.51.0/24 maxlen: 24
                          2a13:7200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/8840f0-271e-4527-a413-6c4719bcf9ee/1/yBi-GcEJgPFbze4HZpAHhJGoqiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/8840f0-271e-4527-a413-6c4719bcf9ee/1/yBi-GcEJgPFbze4HZpAHhJGoqiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yBi-GcEJgPFbze4HZpAHhJGoqiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 13:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f6:e3:b2:6a:12:02:8f:b6:6f:ee:89:c9:8a:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c818be19c10980f15bcdee076690078491a8aa21
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbf295c1b66ffc6f1167693afa134a9eb7d49764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d2:0a:91:e2:54:09:97:61:b1:0a:85:47:7d:
                    06:68:b9:dc:9b:a9:44:00:42:24:d9:bf:f8:62:91:
                    c9:eb:9f:f2:3b:1d:d3:0b:bb:b5:b7:71:9f:c3:84:
                    94:5e:b0:f8:e7:fe:ee:32:6c:d9:84:4a:e1:44:3e:
                    5b:57:fd:1e:2c:06:13:ba:e9:aa:15:67:66:e5:c9:
                    3e:d5:1f:f7:55:ec:78:b7:5b:ce:4e:f4:e2:d8:da:
                    e1:da:c2:4e:43:eb:60:67:26:80:34:b2:17:c5:c3:
                    ea:93:3a:e0:70:10:8c:2b:c0:44:b5:06:51:4c:21:
                    40:0d:45:78:d5:85:6a:98:82:1a:6f:00:f1:d2:b0:
                    f0:63:ff:4e:4a:17:30:52:d8:92:8b:e5:20:55:ae:
                    69:47:03:65:b6:63:0f:3c:44:4f:ae:15:d9:be:82:
                    0e:c4:74:2f:21:97:7d:12:86:07:a4:dc:c1:5e:13:
                    52:b8:53:d6:1a:6c:ee:01:fb:28:6e:fa:93:4f:b2:
                    8a:02:1f:ef:16:da:70:b8:50:65:46:8d:6e:86:12:
                    94:50:4d:34:8f:1c:f5:5c:d8:52:bb:08:be:33:ed:
                    e1:82:ab:e5:00:90:5e:54:6f:e9:b3:a8:47:af:65:
                    5b:fe:db:35:45:2e:2f:64:52:62:05:4c:59:3d:1b:
                    b8:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:F2:95:C1:B6:6F:FC:6F:11:67:69:3A:FA:13:4A:9E:B7:D4:97:64
            X509v3 Authority Key Identifier:
                keyid:C8:18:BE:19:C1:09:80:F1:5B:CD:EE:07:66:90:07:84:91:A8:AA:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yBi-GcEJgPFbze4HZpAHhJGoqiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/8840f0-271e-4527-a413-6c4719bcf9ee/1/1-_KVwbZv_G8RZ2k6-hNKnrfUl2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/8840f0-271e-4527-a413-6c4719bcf9ee/1/yBi-GcEJgPFbze4HZpAHhJGoqiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.48.0/22
                IPv6:
                  2a13:7200::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:e3:e2:ba:d1:b1:b0:b1:27:3f:f8:18:91:cc:78:5e:f9:db:
         73:77:65:32:5d:aa:bb:c8:a9:d9:17:90:1e:2c:6a:4c:c3:58:
         71:ed:ee:14:29:f9:e4:ad:ea:a1:d1:75:cb:e7:f5:a9:97:5a:
         01:83:e6:f2:32:82:4e:c9:10:61:bd:36:0d:09:20:33:3a:8b:
         50:fb:fe:55:35:7f:30:1b:15:47:69:18:f7:8a:67:e5:7c:9e:
         b6:32:e2:2a:ea:6d:8d:16:bc:8a:ca:e4:12:f9:81:6d:7e:95:
         d3:15:b7:83:56:19:f9:19:4c:1f:9c:7e:c9:25:be:02:b6:15:
         fc:6b:ce:72:70:9f:f3:5a:33:b5:fe:12:2f:e9:d1:60:11:44:
         63:7a:58:ee:ec:0b:e4:a0:f6:51:86:a8:ec:76:87:d2:ab:e6:
         d6:b9:05:fd:c3:a4:46:b2:78:4a:41:d5:b5:f8:68:ba:d8:97:
         3a:f0:00:25:23:56:9d:0c:97:76:0b:bd:91:1c:d7:cc:76:ee:
         73:dc:1d:68:27:6b:0a:67:38:a4:5c:d0:ea:5c:7d:ac:7a:fd:
         8e:eb:6f:60:e0:11:90:f6:11:f9:1d:2f:78:72:7c:fc:27:31:
         4d:4e:47:d2:f3:22:b6:23:2f:cb:50:2e:df:b9:13:6f:51:14:
         c6:5d:b9:26
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzDSPbjsmoSAo+2b+6JyYqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MThiZTE5YzEwOTgwZjE1YmNkZWUwNzY2OTAwNzg0OTFh
OGFhMjEwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmYyOTVjMWI2NmZmYzZmMTE2NzY5M2FmYTEzNGE5ZWI3ZDQ5NzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9IKkeJUCZdhsQqFR30GaLncm6lE
AEIk2b/4YpHJ65/yOx3TC7u1t3Gfw4SUXrD45/7uMmzZhErhRD5bV/0eLAYTuumq
FWdm5ck+1R/3Vex4t1vOTvTi2Nrh2sJOQ+tgZyaANLIXxcPqkzrgcBCMK8BEtQZR
TCFADUV41YVqmIIabwDx0rDwY/9OShcwUtiSi+UgVa5pRwNltmMPPERPrhXZvoIO
xHQvIZd9EoYHpNzBXhNSuFPWGmzuAfsobvqTT7KKAh/vFtpwuFBlRo1uhhKUUE00
jxz1XNhSuwi+M+3hgqvlAJBeVG/ps6hHr2Vb/ts1RS4vZFJiBUxZPRu4XQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPvylcG2b/xvEWdpOvoTSp631JdkMB8GA1UdIwQY
MBaAFMgYvhnBCYDxW83uB2aQB4SRqKohMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUJpLUdjRUpnUEZiemU0SFpwQUhoSkdvcWlFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi84ODQwZjAtMjcxZS00NTI3LWE0MTMt
NmM0NzE5YmNmOWVlLzEvMS1fS1Z3Ylp2X0c4UloyazYtaE5LbnJmVWwyUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDIvODg0MGYwLTI3MWUtNDUyNy1hNDEzLTZjNDcxOWJjZjll
ZS8xL3lCaS1HY0VKZ1BGYnplNEhacEFIaEpHb3FpRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArlMMDAN
BAIAAjAHAwUDKhNyADANBgkqhkiG9w0BAQsFAAOCAQEAW+PiutGxsLEnP/gYkcx4
Xvnbc3dlMl2qu8ip2ReQHixqTMNYce3uFCn55K3qodF1y+f1qZdaAYPm8jKCTskQ
Yb02DQkgMzqLUPv+VTV/MBsVR2kY94pn5XyetjLiKuptjRa8isrkEvmBbX6V0xW3
g1YZ+RlMH5x+ySW+ArYV/GvOcnCf81oztf4SL+nRYBFEY3pY7uwL5KD2UYao7HaH
0qvm1rkF/cOkRrJ4SkHVtfhoutiXOvAAJSNWnQyXdgu9kRzXzHbuc9wdaCdrCmc4
pFzQ6lx9rHr9jutvYOARkPYR+R0veHJ8/CcxTU5H0vMitiMvy1Au37kTb1EUxl25
Jg==
-----END CERTIFICATE-----
Generated at Tue Nov 26 21:28:32 2024 by rpki-client on console-fra.rpki-client.org