Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/1d19ad-73f6-450b-b97c-2be25f9d5ed2/1/ZMAwMb7VDQsTeztaVHjSn3g81Sk.roa
File:                     ZMAwMb7VDQsTeztaVHjSn3g81Sk.roa (raw, json)
Hash identifier:          GrTyAz1DcUiUmutPuFy+vnSgtRYCK+PdUzfNRqCdQMg=
Subject key identifier:   64:C0:30:31:BE:D5:0D:0B:13:7B:3B:5A:54:78:D2:9F:78:3C:D5:29
Certificate issuer:       /CN=cd269482ba261b88005608ec50b7b909d3f3fd4e
Certificate serial:       018CC3B694DEA5F1A7999B24A93D4CDFC495
Authority key identifier: CD:26:94:82:BA:26:1B:88:00:56:08:EC:50:B7:B9:09:D3:F3:FD:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zSaUgromG4gAVgjsULe5CdPz_U4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/1d19ad-73f6-450b-b97c-2be25f9d5ed2/1/ZMAwMb7VDQsTeztaVHjSn3g81Sk.roa
Signing time:             Mon 01 Jan 2024 06:29:31 +0000
ROA not before:           Mon 01 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52200
IP address blocks:        194.35.180.0/23 maxlen: 24
                          194.35.80.0/23 maxlen: 24
                          46.226.168.0/21 maxlen: 24
                          2a00:b600::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/1d19ad-73f6-450b-b97c-2be25f9d5ed2/1/zSaUgromG4gAVgjsULe5CdPz_U4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/1d19ad-73f6-450b-b97c-2be25f9d5ed2/1/zSaUgromG4gAVgjsULe5CdPz_U4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zSaUgromG4gAVgjsULe5CdPz_U4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:94:de:a5:f1:a7:99:9b:24:a9:3d:4c:df:c4:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd269482ba261b88005608ec50b7b909d3f3fd4e
        Validity
            Not Before: Jan  1 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64c03031bed50d0b137b3b5a5478d29f783cd529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bf:ac:99:da:8a:f7:98:c4:5e:59:95:99:8a:
                    bd:fd:3f:a5:f8:51:40:bd:bc:ed:88:4f:26:82:5e:
                    19:ae:b2:3b:8d:a0:e4:7e:0b:d9:d3:c2:41:4e:01:
                    c4:a5:be:ca:b2:e8:62:c3:4f:ed:2e:c1:c0:7a:5b:
                    7d:bd:63:68:74:20:75:84:10:fd:2c:48:ba:f3:09:
                    4d:02:c6:74:64:c2:79:1d:3b:af:08:d2:8d:63:a8:
                    fb:0d:9c:6d:9c:03:69:98:ee:e6:28:2c:f6:d4:ad:
                    66:f5:79:d5:01:71:4f:7d:22:b5:d2:88:1b:1f:71:
                    86:8b:e6:b5:b5:e9:66:da:c0:df:ba:ef:1f:ee:3a:
                    13:ac:2b:c5:80:54:a1:11:23:c4:6c:2c:42:d3:15:
                    2a:ec:2b:46:d3:7d:df:3c:60:5d:09:fd:8b:9d:1b:
                    e9:9d:e8:c2:10:06:f4:f4:d0:8e:e4:a0:4d:db:fe:
                    f3:40:72:81:27:27:93:18:87:38:91:8a:18:40:b4:
                    6a:26:94:f7:7d:7d:12:45:a9:e0:4c:bc:8e:97:0d:
                    94:1f:a3:0b:eb:5b:30:41:02:b9:62:6d:d0:e1:80:
                    cf:30:57:a9:dc:b9:e4:d2:ae:98:76:bc:be:bb:55:
                    dd:e9:ba:bc:fe:b3:aa:24:d1:c9:27:fc:1b:48:07:
                    23:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C0:30:31:BE:D5:0D:0B:13:7B:3B:5A:54:78:D2:9F:78:3C:D5:29
            X509v3 Authority Key Identifier:
                keyid:CD:26:94:82:BA:26:1B:88:00:56:08:EC:50:B7:B9:09:D3:F3:FD:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zSaUgromG4gAVgjsULe5CdPz_U4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1d19ad-73f6-450b-b97c-2be25f9d5ed2/1/ZMAwMb7VDQsTeztaVHjSn3g81Sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1d19ad-73f6-450b-b97c-2be25f9d5ed2/1/zSaUgromG4gAVgjsULe5CdPz_U4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.168.0/21
                  194.35.80.0/23
                  194.35.180.0/23
                IPv6:
                  2a00:b600::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:ce:13:8f:b0:c8:a5:c2:f7:b8:5f:6c:4a:f0:f4:f4:86:57:
         cb:c4:e7:39:c5:5d:e9:9d:b3:43:4b:7f:81:95:56:20:f9:fa:
         97:65:13:50:38:6c:25:ab:2f:3f:d1:30:e5:d5:ef:d7:7f:11:
         4a:4a:c8:4a:f3:6d:6c:8d:29:5e:6a:e5:bb:7b:d8:4f:6e:c3:
         ed:b6:97:27:33:1d:cb:fd:e4:39:95:72:01:6c:f7:a5:72:09:
         18:1f:5f:90:a1:29:30:45:4f:17:7e:77:61:71:d6:fb:6b:10:
         a6:bf:f6:85:b7:e0:17:85:41:02:ca:28:0b:bf:28:6e:1d:f2:
         d1:ad:6a:58:42:9c:5e:4c:d9:cc:bf:86:2e:19:73:2c:80:ae:
         a3:8d:1b:87:65:bb:ea:f6:d6:7f:82:2c:35:20:c9:ad:67:00:
         7d:0a:87:fd:4d:01:ad:3a:dc:ea:90:0c:7d:2a:5a:05:80:af:
         49:ec:9e:b2:8d:91:06:d2:2b:b4:41:e4:3f:a8:5d:ce:fb:6b:
         0c:aa:ed:1b:37:e7:fe:1d:02:23:c3:d6:e0:9b:48:44:70:12:
         30:be:50:e9:96:41:2d:20:bb:04:a9:3d:fc:8f:8a:48:a4:71:
         60:e5:0c:4a:07:97:48:53:d0:56:1b:69:8f:03:9a:3e:42:61:
         b1:67:47:6d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzDtpTepfGnmZskqT1M38SVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMjY5NDgyYmEyNjFiODgwMDU2MDhlYzUwYjdiOTA5ZDNm
M2ZkNGUwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGMwMzAzMWJlZDUwZDBiMTM3YjNiNWE1NDc4ZDI5Zjc4M2NkNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsL+smdqK95jEXlmVmYq9/T+l+FFA
vbztiE8mgl4ZrrI7jaDkfgvZ08JBTgHEpb7Ksuhiw0/tLsHAelt9vWNodCB1hBD9
LEi68wlNAsZ0ZMJ5HTuvCNKNY6j7DZxtnANpmO7mKCz21K1m9XnVAXFPfSK10ogb
H3GGi+a1telm2sDfuu8f7joTrCvFgFShESPEbCxC0xUq7CtG033fPGBdCf2LnRvp
nejCEAb09NCO5KBN2/7zQHKBJyeTGIc4kYoYQLRqJpT3fX0SRangTLyOlw2UH6ML
61swQQK5Ym3Q4YDPMFep3Lnk0q6Ydry+u1Xd6bq8/rOqJNHJJ/wbSAcjSwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGTAMDG+1Q0LE3s7WlR40p94PNUpMB8GA1UdIwQY
MBaAFM0mlIK6JhuIAFYI7FC3uQnT8/1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelNhVWdyb21HNGdBVmdqc1VMZTVDZFB6X1U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xZDE5YWQtNzNmNi00NTBiLWI5N2Mt
MmJlMjVmOWQ1ZWQyLzEvWk1Bd01iN1ZEUXNUZXp0YVZIalNuM2c4MVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xZDE5YWQtNzNmNi00NTBiLWI5N2MtMmJlMjVmOWQ1ZWQy
LzEvelNhVWdyb21HNGdBVmdqc1VMZTVDZFB6X1U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLuKoAwQB
wiNQAwQBwiO0MA0EAgACMAcDBQMqALYAMA0GCSqGSIb3DQEBCwUAA4IBAQCfzhOP
sMilwve4X2xK8PT0hlfLxOc5xV3pnbNDS3+BlVYg+fqXZRNQOGwlqy8/0TDl1e/X
fxFKSshK821sjSleauW7e9hPbsPttpcnMx3L/eQ5lXIBbPelcgkYH1+QoSkwRU8X
fndhcdb7axCmv/aFt+AXhUECyigLvyhuHfLRrWpYQpxeTNnMv4YuGXMsgK6jjRuH
Zbvq9tZ/giw1IMmtZwB9Cof9TQGtOtzqkAx9KloFgK9J7J6yjZEG0iu0QeQ/qF3O
+2sMqu0bN+f+HQIjw9bgm0hEcBIwvlDplkEtILsEqT38j4pIpHFg5QxKB5dIU9BW
G2mPA5o+QmGxZ0dt
-----END CERTIFICATE-----
Generated at Tue Nov 26 20:13:28 2024 by rpki-client on console-ams.rpki-client.org