Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/42d6itdweYbOeboduZZUhteIWM4.roa
File:                     42d6itdweYbOeboduZZUhteIWM4.roa (raw, json)
Hash identifier:          Sr+NB3zV1RK5KkJitj4ASpmW70qrWRx7kDP4RJEAbH0=
Subject key identifier:   E3:67:7A:8A:D7:70:79:86:CE:79:BA:1D:B9:96:54:86:D7:88:58:CE
Certificate issuer:       /CN=33e8550bcc9fb3b140260c29d69f789978dcc09a
Certificate serial:       018CC500643AD01A4973CC059476FDFEDA4D
Authority key identifier: 33:E8:55:0B:CC:9F:B3:B1:40:26:0C:29:D6:9F:78:99:78:DC:C0:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M-hVC8yfs7FAJgwp1p94mXjcwJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/42d6itdweYbOeboduZZUhteIWM4.roa
Signing time:             Mon 01 Jan 2024 12:29:46 +0000
ROA not before:           Mon 01 Jan 2024 12:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49265
IP address blocks:        185.91.189.0/24 maxlen: 24
                          185.91.188.0/23 maxlen: 23
                          185.91.188.0/22 maxlen: 22
                          185.91.190.0/24 maxlen: 24
                          185.91.190.0/23 maxlen: 23
                          185.91.191.0/24 maxlen: 24
                          185.91.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/M-hVC8yfs7FAJgwp1p94mXjcwJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/M-hVC8yfs7FAJgwp1p94mXjcwJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M-hVC8yfs7FAJgwp1p94mXjcwJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:64:3a:d0:1a:49:73:cc:05:94:76:fd:fe:da:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33e8550bcc9fb3b140260c29d69f789978dcc09a
        Validity
            Not Before: Jan  1 12:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3677a8ad7707986ce79ba1db9965486d78858ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:7f:f8:0d:e2:d3:73:e5:d8:be:dc:b2:8c:b9:
                    ee:8a:d6:0f:ed:46:f4:43:44:1e:41:c8:1c:71:6e:
                    6f:bc:a0:b7:97:c4:01:7b:ec:1d:62:43:56:49:e0:
                    d6:5a:73:e9:5c:8b:28:91:13:1d:7d:60:4d:4e:cd:
                    82:25:40:5c:6a:39:be:f1:97:09:ac:4e:1b:c2:45:
                    6e:e1:78:eb:02:4d:14:d9:c6:08:a2:33:f6:1a:71:
                    f4:9e:93:5b:e2:5d:8a:2a:34:c2:a8:56:04:a3:e1:
                    ab:e1:11:30:39:e0:c6:6a:7a:9a:4b:e3:59:06:2b:
                    8e:3d:b5:ad:e8:08:32:9c:cd:68:5c:28:14:85:56:
                    79:02:45:c0:a1:40:0c:18:bd:fa:e3:af:e3:20:6b:
                    03:e6:3e:26:33:76:28:97:ee:12:4e:0e:07:05:7a:
                    f2:f8:5a:cf:31:cf:09:8d:01:f1:4b:85:02:ba:9a:
                    0d:fd:9b:0b:fc:7e:7e:35:f2:62:69:f4:1a:fa:b4:
                    77:f5:dd:62:9e:d1:c3:e4:82:c2:4c:32:ce:d1:41:
                    4c:92:a2:4d:3a:73:91:8c:46:f1:1a:82:0e:16:7e:
                    7c:9a:1f:de:ff:a6:dc:b3:73:8f:4b:44:d8:66:76:
                    da:96:61:87:de:c3:e7:8d:60:f2:a6:bc:53:6a:44:
                    5e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:67:7A:8A:D7:70:79:86:CE:79:BA:1D:B9:96:54:86:D7:88:58:CE
            X509v3 Authority Key Identifier:
                keyid:33:E8:55:0B:CC:9F:B3:B1:40:26:0C:29:D6:9F:78:99:78:DC:C0:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M-hVC8yfs7FAJgwp1p94mXjcwJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/42d6itdweYbOeboduZZUhteIWM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/4116b6-f1c9-49ad-8b0f-ad2497f284f5/1/M-hVC8yfs7FAJgwp1p94mXjcwJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:f8:0a:de:0a:6f:df:85:8d:86:86:d8:3e:b5:62:15:6d:87:
         52:ba:44:17:3a:f4:7a:cd:5a:aa:e6:42:0d:4b:dd:3e:20:90:
         36:9d:a6:4b:c2:7f:a7:57:9b:8e:36:34:5b:51:e5:a5:a5:2b:
         c2:18:53:d3:8c:76:c0:99:48:38:4a:e9:5a:d7:06:9c:a7:2c:
         ee:49:50:67:5d:bb:68:c6:8e:67:cf:f7:c7:82:25:b0:8e:b5:
         39:7a:1c:f8:37:70:cd:3e:24:91:b6:66:07:5a:ac:d2:42:19:
         f7:a9:88:50:6a:82:6c:43:18:61:c1:76:3a:82:f6:41:f4:c4:
         7d:d3:bc:7e:e4:75:55:58:78:29:d8:f3:49:b1:1f:a5:64:e6:
         d0:52:3d:3d:ba:0d:ef:a0:5a:43:a4:92:59:a6:6c:a4:e7:0e:
         fe:9d:a8:b4:c0:41:c8:0f:a3:17:10:72:72:6f:e9:e9:4e:e1:
         d0:ea:53:06:3b:df:dc:bb:7d:03:78:12:b4:f0:94:53:f6:02:
         5d:cf:cd:0e:5e:14:42:6c:74:f3:e4:9b:51:ff:1e:7f:ad:02:
         54:a1:e1:4e:12:92:bb:1f:e7:a6:06:1f:f9:b5:d6:b2:fd:3b:
         8f:ca:9c:10:27:b7:ae:48:85:46:d6:0a:6b:b6:cd:7a:b1:da:
         56:37:63:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAGQ60BpJc8wFlHb9/tpNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZTg1NTBiY2M5ZmIzYjE0MDI2MGMyOWQ2OWY3ODk5Nzhk
Y2MwOWEwHhcNMjQwMTAxMTIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzY3N2E4YWQ3NzA3OTg2Y2U3OWJhMWRiOTk2NTQ4NmQ3ODg1OGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjX/4DeLTc+XYvtyyjLnuitYP7Ub0
Q0QeQcgccW5vvKC3l8QBe+wdYkNWSeDWWnPpXIsokRMdfWBNTs2CJUBcajm+8ZcJ
rE4bwkVu4XjrAk0U2cYIojP2GnH0npNb4l2KKjTCqFYEo+Gr4REwOeDGanqaS+NZ
BiuOPbWt6AgynM1oXCgUhVZ5AkXAoUAMGL3646/jIGsD5j4mM3Yol+4STg4HBXry
+FrPMc8JjQHxS4UCupoN/ZsL/H5+NfJiafQa+rR39d1intHD5ILCTDLO0UFMkqJN
OnORjEbxGoIOFn58mh/e/6bcs3OPS0TYZnbalmGH3sPnjWDyprxTakReXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONneorXcHmGznm6HbmWVIbXiFjOMB8GA1UdIwQY
MBaAFDPoVQvMn7OxQCYMKdafeJl43MCaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTS1oVkM4eWZzN0ZBSmd3cDFwOTRtWGpjd0pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi80MTE2YjYtZjFjOS00OWFkLThiMGYt
YWQyNDk3ZjI4NGY1LzEvNDJkNml0ZHdlWWJPZWJvZHVaWlVodGVJV000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi80MTE2YjYtZjFjOS00OWFkLThiMGYtYWQyNDk3ZjI4NGY1
LzEvTS1oVkM4eWZzN0ZBSmd3cDFwOTRtWGpjd0pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVu8MA0G
CSqGSIb3DQEBCwUAA4IBAQAM+AreCm/fhY2Ghtg+tWIVbYdSukQXOvR6zVqq5kIN
S90+IJA2naZLwn+nV5uONjRbUeWlpSvCGFPTjHbAmUg4Sula1wacpyzuSVBnXbto
xo5nz/fHgiWwjrU5ehz4N3DNPiSRtmYHWqzSQhn3qYhQaoJsQxhhwXY6gvZB9MR9
07x+5HVVWHgp2PNJsR+lZObQUj09ug3voFpDpJJZpmyk5w7+nai0wEHID6MXEHJy
b+npTuHQ6lMGO9/cu30DeBK08JRT9gJdz80OXhRCbHTz5JtR/x5/rQJUoeFOEpK7
H+emBh/5tday/TuPypwQJ7euSIVG1gprts16sdpWN2PK
-----END CERTIFICATE-----
Generated at Wed Nov 27 07:19:32 2024 by rpki-client on console-fra.rpki-client.org