Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/UR1Mfe_ZK9RHn5nxGvdQ1uXzu-I.roa
File:                     UR1Mfe_ZK9RHn5nxGvdQ1uXzu-I.roa (raw, json)
Hash identifier:          qIiAjOzG7nWr9ViW6YQ1j0CJ4QUOS6WIhzy11ufv4ZE=
Subject key identifier:   51:1D:4C:7D:EF:D9:2B:D4:47:9F:99:F1:1A:F7:50:D6:E5:F3:BB:E2
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802DB1DB18D4242A047E4041D6C183E
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/UR1Mfe_ZK9RHn5nxGvdQ1uXzu-I.roa
Signing time:             Tue 02 Jan 2024 02:31:19 +0000
ROA not before:           Tue 02 Jan 2024 02:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.235.44.0/24 maxlen: 24
                          193.235.45.0/24 maxlen: 24
                          193.183.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:db:1d:b1:8d:42:42:a0:47:e4:04:1d:6c:18:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=511d4c7defd92bd4479f99f11af750d6e5f3bbe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7a:07:9e:e9:ba:fa:63:48:18:6c:55:2d:5b:
                    00:57:39:af:dd:3a:b5:05:e9:ec:ed:51:40:c4:a2:
                    a6:f0:80:c7:72:5a:78:0c:bd:9e:3b:ae:92:06:c2:
                    24:83:dc:fb:36:8c:bc:7d:1e:1c:04:72:f1:ce:36:
                    4a:1b:58:85:18:59:5d:c4:73:7b:57:5b:37:78:a2:
                    06:b7:f1:fb:d3:02:48:a9:12:16:dd:ca:ed:51:f6:
                    b0:ea:90:03:7a:07:65:f0:38:a6:0a:3c:e6:d6:35:
                    52:0e:92:c6:4e:b8:8e:f9:10:32:1b:09:12:9d:af:
                    1b:7f:9e:b7:5c:cf:9d:13:29:93:56:db:ab:8d:69:
                    a6:bb:d0:a3:de:92:4d:75:8d:87:ee:df:01:74:db:
                    3a:73:a3:12:72:4c:f6:5f:a1:41:f5:80:1f:be:5e:
                    99:06:bc:4f:4e:60:4f:20:0e:5c:38:a4:de:be:2a:
                    08:d4:3e:16:ad:8b:22:fc:41:bd:9c:ee:93:d5:69:
                    b7:9d:46:4f:74:ce:0f:32:e8:54:d5:5d:19:58:48:
                    30:ef:d8:bd:57:f4:b4:61:4c:54:02:bd:32:41:05:
                    88:d9:8a:6e:5e:7d:c6:b6:60:cb:2c:4f:2f:95:0e:
                    7c:d3:05:62:15:ea:60:f9:3d:73:1b:89:fa:1f:e5:
                    01:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:1D:4C:7D:EF:D9:2B:D4:47:9F:99:F1:1A:F7:50:D6:E5:F3:BB:E2
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/UR1Mfe_ZK9RHn5nxGvdQ1uXzu-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.183.185.0/24
                  193.235.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:05:3c:09:e8:d4:1f:28:52:d5:8a:a3:77:df:cb:aa:e8:ff:
         40:c7:60:5e:c8:56:08:4e:43:9e:6a:1b:2e:52:0a:d7:5e:d3:
         6e:ba:56:21:79:8f:e3:87:5e:da:8f:5f:57:fb:f8:45:aa:bd:
         43:12:d0:50:89:f8:8a:0b:95:a5:71:26:72:5f:ab:85:fb:82:
         e8:40:8e:b3:0c:1b:72:76:65:9f:08:5d:a9:e5:00:60:2b:4f:
         fc:b9:fd:90:8f:11:c3:a9:90:fb:f2:06:dc:71:0e:1e:5d:ee:
         dc:78:45:23:2d:ad:86:5c:e8:c5:ac:11:2d:88:11:6b:5c:60:
         92:cf:91:06:b1:ae:09:5c:62:b9:b5:ab:25:52:b8:14:95:79:
         46:a9:92:f2:ef:b5:12:29:07:33:ae:ed:9b:cb:0a:50:f3:63:
         98:02:74:c4:c0:e3:cf:84:35:46:e1:f4:ca:d6:8a:e1:24:91:
         be:6e:5a:40:d1:01:d5:dd:ce:8f:85:ca:45:7d:8e:63:0a:64:
         30:a5:2e:ac:ab:a0:74:cc:50:74:91:3e:d7:c9:21:0c:bc:be:
         bd:7a:d1:7f:e3:36:54:b0:6f:bf:0e:ee:6a:a9:2d:e5:a1:95:
         84:c5:23:13:f3:6a:7d:f3:1b:78:de:7f:0c:9c:f9:a5:b6:9d:
         e7:ce:2e:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAtsdsY1CQqBH5AQdbBg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTFkNGM3ZGVmZDkyYmQ0NDc5Zjk5ZjExYWY3NTBkNmU1ZjNiYmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHoHnum6+mNIGGxVLVsAVzmv3Tq1
Bens7VFAxKKm8IDHclp4DL2eO66SBsIkg9z7Noy8fR4cBHLxzjZKG1iFGFldxHN7
V1s3eKIGt/H70wJIqRIW3crtUfaw6pADegdl8DimCjzm1jVSDpLGTriO+RAyGwkS
na8bf563XM+dEymTVturjWmmu9Cj3pJNdY2H7t8BdNs6c6MSckz2X6FB9YAfvl6Z
BrxPTmBPIA5cOKTevioI1D4WrYsi/EG9nO6T1Wm3nUZPdM4PMuhU1V0ZWEgw79i9
V/S0YUxUAr0yQQWI2YpuXn3GtmDLLE8vlQ580wViFepg+T1zG4n6H+UBHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFEdTH3v2SvUR5+Z8Rr3UNbl87viMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvVVIxTWZlX1pLOVJIbjVueEd2ZFExdVh6dS1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwbe5AwQB
wessMA0GCSqGSIb3DQEBCwUAA4IBAQCzBTwJ6NQfKFLViqN338uq6P9Ax2BeyFYI
TkOeahsuUgrXXtNuulYheY/jh17aj19X+/hFqr1DEtBQifiKC5WlcSZyX6uF+4Lo
QI6zDBtydmWfCF2p5QBgK0/8uf2QjxHDqZD78gbccQ4eXe7ceEUjLa2GXOjFrBEt
iBFrXGCSz5EGsa4JXGK5taslUrgUlXlGqZLy77USKQczru2bywpQ82OYAnTEwOPP
hDVG4fTK1orhJJG+blpA0QHV3c6PhcpFfY5jCmQwpS6sq6B0zFB0kT7XySEMvL69
etF/4zZUsG+/Du5qqS3loZWExSMT82p98xt43n8MnPmltp3nzi4s
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:31:19 2024 by rpki-client on console-fra.rpki-client.org