Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/888208-c77f-45d4-baee-717a4e00f859/1/Zgja7FrKgu0kcg8xx1mDcSFePI8.roa
File:                     Zgja7FrKgu0kcg8xx1mDcSFePI8.roa (raw, json)
Hash identifier:          Iyya5REQVgs2HbJBf2ezyby/rsaLnBalqBOLiOu9Je8=
Subject key identifier:   66:08:DA:EC:5A:CA:82:ED:24:72:0F:31:C7:59:83:71:21:5E:3C:8F
Certificate issuer:       /CN=2b5dcecf19dba752092bbc3d279ac1cc4f1e3637
Certificate serial:       018CC94E5E3056D59683ECCAEECACD87A500
Authority key identifier: 2B:5D:CE:CF:19:DB:A7:52:09:2B:BC:3D:27:9A:C1:CC:4F:1E:36:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K13Ozxnbp1IJK7w9J5rBzE8eNjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/888208-c77f-45d4-baee-717a4e00f859/1/Zgja7FrKgu0kcg8xx1mDcSFePI8.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50407
IP address blocks:        193.105.17.0/24 maxlen: 24
                          195.191.68.0/23 maxlen: 23
                          2001:67c:2e18::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/888208-c77f-45d4-baee-717a4e00f859/1/K13Ozxnbp1IJK7w9J5rBzE8eNjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/888208-c77f-45d4-baee-717a4e00f859/1/K13Ozxnbp1IJK7w9J5rBzE8eNjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K13Ozxnbp1IJK7w9J5rBzE8eNjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5e:30:56:d5:96:83:ec:ca:ee:ca:cd:87:a5:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b5dcecf19dba752092bbc3d279ac1cc4f1e3637
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6608daec5aca82ed24720f31c7598371215e3c8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:01:ea:bc:26:ef:ef:9b:f0:b8:ef:5c:8a:6d:
                    fd:a4:ea:e4:ae:d4:0f:c2:b9:53:d5:3e:75:d7:3d:
                    44:85:87:89:fa:14:64:e7:bd:25:aa:fc:73:5d:79:
                    b7:f0:7e:fc:43:76:ce:be:ff:4d:1a:36:43:9a:23:
                    64:0d:0b:78:0c:85:c1:6d:a9:42:1a:33:12:dc:2f:
                    75:a8:34:94:96:7f:08:1f:de:dc:8e:84:c2:d1:ee:
                    f9:41:0b:22:fa:4d:f0:77:4c:fd:f6:a0:e9:28:09:
                    08:1c:dc:14:ba:c9:72:2b:f5:c8:5e:45:6c:0d:fd:
                    e6:1e:4f:8b:39:47:9a:74:c5:0d:cd:35:db:b2:ba:
                    28:5b:39:d9:b1:80:bf:ab:b5:3b:84:3c:e4:ea:f5:
                    b1:ac:17:57:c5:78:dc:2f:91:ac:fb:60:80:fb:fd:
                    5f:c4:6a:b6:00:55:7b:14:3b:21:2e:a4:1a:69:b5:
                    b0:84:d3:8a:c6:dd:ca:99:fc:e6:11:0c:ed:a7:d4:
                    97:8d:5d:4b:e7:97:cf:19:96:ad:85:df:1f:50:f8:
                    45:f9:4d:15:09:fe:64:e3:24:19:4f:53:55:23:d3:
                    4d:d9:8f:0f:4f:bd:15:45:b7:5e:52:2e:09:30:dd:
                    e8:14:92:70:ad:cb:f6:3c:0c:f6:cd:90:a8:aa:27:
                    00:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:08:DA:EC:5A:CA:82:ED:24:72:0F:31:C7:59:83:71:21:5E:3C:8F
            X509v3 Authority Key Identifier:
                keyid:2B:5D:CE:CF:19:DB:A7:52:09:2B:BC:3D:27:9A:C1:CC:4F:1E:36:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K13Ozxnbp1IJK7w9J5rBzE8eNjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/888208-c77f-45d4-baee-717a4e00f859/1/Zgja7FrKgu0kcg8xx1mDcSFePI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/888208-c77f-45d4-baee-717a4e00f859/1/K13Ozxnbp1IJK7w9J5rBzE8eNjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.17.0/24
                  195.191.68.0/23
                IPv6:
                  2001:67c:2e18::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:b4:c4:70:6a:1f:03:7c:09:09:57:44:c8:8c:fb:43:fb:bb:
         30:0c:a0:20:54:ba:ea:6b:06:4c:a1:a6:f2:ee:1a:bc:1f:d7:
         5d:be:fe:ca:21:59:bc:09:09:b1:f4:16:24:06:67:4a:07:fc:
         e4:b4:8a:6f:b0:de:fb:15:7c:82:ca:5d:70:5e:89:b0:28:db:
         95:e0:e3:0c:cd:fe:e3:ea:a7:9b:67:0b:9c:9d:84:1f:1f:18:
         dc:cd:50:26:21:b8:46:62:e7:a6:e3:ed:fe:6d:43:a4:82:ca:
         b5:bc:4d:f5:f7:87:06:a1:25:d4:2c:94:ea:eb:2b:6c:27:44:
         cc:46:68:99:ff:6c:33:8a:dd:50:31:85:ae:00:d3:ae:f6:fc:
         b1:31:b4:c9:6d:2e:81:cb:dc:d4:05:e2:bf:0b:4f:7b:4f:47:
         97:de:53:c9:26:70:01:fb:77:ac:d2:fe:78:7b:57:2a:d8:97:
         69:2b:fe:af:c7:cd:ca:49:c7:23:91:9c:0d:69:be:e7:ce:54:
         c9:60:e0:86:9e:73:45:53:1f:b1:71:e0:d6:34:0e:7c:c2:19:
         70:f0:1e:e5:97:86:eb:fa:69:25:07:fa:39:56:85:8a:73:25:
         10:eb:b2:be:73:a5:a0:f2:e3:b7:f0:4b:c2:81:31:e1:3c:3d:
         18:a5:30:0c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJTl4wVtWWg+zK7srNh6UAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNWRjZWNmMTlkYmE3NTIwOTJiYmMzZDI3OWFjMWNjNGYx
ZTM2MzcwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjA4ZGFlYzVhY2E4MmVkMjQ3MjBmMzFjNzU5ODM3MTIxNWUzYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAHqvCbv75vwuO9cim39pOrkrtQP
wrlT1T511z1EhYeJ+hRk570lqvxzXXm38H78Q3bOvv9NGjZDmiNkDQt4DIXBbalC
GjMS3C91qDSUln8IH97cjoTC0e75QQsi+k3wd0z99qDpKAkIHNwUuslyK/XIXkVs
Df3mHk+LOUeadMUNzTXbsrooWznZsYC/q7U7hDzk6vWxrBdXxXjcL5Gs+2CA+/1f
xGq2AFV7FDshLqQaabWwhNOKxt3KmfzmEQztp9SXjV1L55fPGZathd8fUPhF+U0V
Cf5k4yQZT1NVI9NN2Y8PT70VRbdeUi4JMN3oFJJwrcv2PAz2zZCoqicAmQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGYI2uxayoLtJHIPMcdZg3EhXjyPMB8GA1UdIwQY
MBaAFCtdzs8Z26dSCSu8PSeawcxPHjY3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzEzT3p4bmJwMUlKSzd3OUo1ckJ6RThlTmpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy84ODgyMDgtYzc3Zi00NWQ0LWJhZWUt
NzE3YTRlMDBmODU5LzEvWmdqYTdGcktndTBrY2c4eHgxbURjU0ZlUEk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy84ODgyMDgtYzc3Zi00NWQ0LWJhZWUtNzE3YTRlMDBmODU5
LzEvSzEzT3p4bmJwMUlKSzd3OUo1ckJ6RThlTmpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwWkRAwQB
w79EMA8EAgACMAkDBwAgAQZ8LhgwDQYJKoZIhvcNAQELBQADggEBAHu0xHBqHwN8
CQlXRMiM+0P7uzAMoCBUuuprBkyhpvLuGrwf112+/sohWbwJCbH0FiQGZ0oH/OS0
im+w3vsVfILKXXBeibAo25Xg4wzN/uPqp5tnC5ydhB8fGNzNUCYhuEZi56bj7f5t
Q6SCyrW8TfX3hwahJdQslOrrK2wnRMxGaJn/bDOK3VAxha4A0672/LExtMltLoHL
3NQF4r8LT3tPR5feU8kmcAH7d6zS/nh7VyrYl2kr/q/HzcpJxyORnA1pvufOVMlg
4Iaec0VTH7Fx4NY0DnzCGXDwHuWXhuv6aSUH+jlWhYpzJRDrsr5zpaDy47fwS8KB
MeE8PRilMAw=
-----END CERTIFICATE-----
Generated at Sat Jun 15 17:42:33 2024 by rpki-client on console-fra.rpki-client.org