Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/fmIXez5TjXusNSKQqos2u_4kAhY.roa
File:                     fmIXez5TjXusNSKQqos2u_4kAhY.roa (raw, json)
Hash identifier:          oYM1lsb3hPfzOPMEHz/cBW70gwXbfRXmcOJazhfg2K4=
Subject key identifier:   7E:62:17:7B:3E:53:8D:7B:AC:35:22:90:AA:8B:36:BB:FE:24:02:16
Certificate issuer:       /CN=de87d35bdcab123affc1a91d1736867969709a23
Certificate serial:       018CC6B8F13026D0FF07154060B5C109D258
Authority key identifier: DE:87:D3:5B:DC:AB:12:3A:FF:C1:A9:1D:17:36:86:79:69:70:9A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/fmIXez5TjXusNSKQqos2u_4kAhY.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205638
IP address blocks:        185.211.157.0/24 maxlen: 24
                          185.211.159.0/24 maxlen: 24
                          185.211.156.0/24 maxlen: 24
                          185.211.158.0/23 maxlen: 23
                          185.211.156.0/22 maxlen: 22
                          185.211.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f1:30:26:d0:ff:07:15:40:60:b5:c1:09:d2:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de87d35bdcab123affc1a91d1736867969709a23
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e62177b3e538d7bac352290aa8b36bbfe240216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7d:9c:60:22:71:29:e0:e5:1f:7e:35:e9:6b:
                    ec:53:76:96:d1:ac:9d:d8:05:59:d8:0b:a7:8e:d1:
                    bc:02:c4:5c:6a:21:ce:8a:1b:8f:01:c1:35:5b:45:
                    4e:4c:94:7e:30:af:00:87:e0:8f:7f:f8:99:4d:27:
                    65:01:ac:c8:e9:3c:ad:0f:97:a1:8e:b0:f1:98:79:
                    7d:7e:4a:89:ac:82:73:64:fe:86:77:75:26:0e:0e:
                    71:61:70:2f:f5:36:30:63:69:38:0b:e9:d0:80:8a:
                    46:4d:26:f7:b3:2a:5b:93:95:ff:93:d2:22:6d:38:
                    77:1a:dd:fa:e4:ce:04:dd:97:bf:7d:35:b1:4f:bd:
                    cb:1a:0c:55:81:ee:e3:21:51:c4:3c:7c:96:b4:75:
                    d6:ec:3a:18:cf:5c:6b:d3:54:4c:95:15:44:8d:f6:
                    bf:90:a5:da:4d:43:ce:84:64:d1:5f:4f:6c:e7:90:
                    0d:34:8a:dd:a5:97:e5:ac:b3:b5:12:e8:3c:21:3b:
                    bc:c7:97:44:48:e9:cd:17:1a:60:d9:1c:31:db:2b:
                    71:80:d4:dd:64:06:2e:74:88:f4:c3:02:23:4b:25:
                    34:fb:52:7e:30:53:cb:57:c8:73:2e:e0:60:6e:ad:
                    ee:ce:a8:1e:d1:63:73:59:b8:7f:37:06:b1:54:16:
                    61:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:62:17:7B:3E:53:8D:7B:AC:35:22:90:AA:8B:36:BB:FE:24:02:16
            X509v3 Authority Key Identifier:
                keyid:DE:87:D3:5B:DC:AB:12:3A:FF:C1:A9:1D:17:36:86:79:69:70:9A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ofTW9yrEjr_wakdFzaGeWlwmiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/fmIXez5TjXusNSKQqos2u_4kAhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/910716-f266-47f0-9bad-c22390e8d9a6/1/3ofTW9yrEjr_wakdFzaGeWlwmiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:e7:20:c2:5e:0b:07:36:a4:1a:e5:31:4e:c4:90:86:18:d5:
         32:fa:20:dc:a8:77:1a:d7:2a:8f:9d:a1:4e:be:fc:39:71:3d:
         25:98:8d:5d:5a:b1:8b:0c:82:fd:76:8f:ec:b3:30:b4:f0:92:
         83:57:e1:d2:02:f2:2c:1d:50:c8:60:c5:da:cc:71:0c:fc:01:
         f2:75:77:28:bd:fd:c8:9c:5b:73:b5:b8:2f:67:f1:cb:1b:c5:
         7d:ab:d0:5d:2b:6a:e3:ff:7a:a6:26:71:ae:92:fb:c9:4b:de:
         cd:78:ab:d0:0f:6a:2a:92:4c:d1:50:78:39:25:79:ac:2a:d7:
         a7:dc:6e:48:83:14:3b:10:10:dc:49:5f:07:d3:72:44:4b:53:
         8e:5b:05:8a:be:e4:d3:c9:b7:77:45:32:16:c5:56:81:9f:b8:
         8d:a6:e0:02:96:8d:d4:da:5c:06:f1:c5:26:bf:01:13:68:8f:
         a3:74:9a:37:2e:49:13:aa:74:a3:9c:d5:3f:da:aa:b3:c8:50:
         8f:90:d4:e8:d0:65:59:f2:8d:30:5c:5d:16:01:ae:97:f6:80:
         a9:d2:c7:08:97:d9:b9:53:b2:01:79:2d:c0:03:de:32:ca:2d:
         c9:7c:2e:0b:ec:88:a9:c4:27:90:7a:52:a6:38:c8:d2:08:0d:
         3e:39:82:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPEwJtD/BxVAYLXBCdJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlODdkMzViZGNhYjEyM2FmZmMxYTkxZDE3MzY4Njc5Njk3
MDlhMjMwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTYyMTc3YjNlNTM4ZDdiYWMzNTIyOTBhYThiMzZiYmZlMjQwMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlH2cYCJxKeDlH3416WvsU3aW0ayd
2AVZ2AunjtG8AsRcaiHOihuPAcE1W0VOTJR+MK8Ah+CPf/iZTSdlAazI6TytD5eh
jrDxmHl9fkqJrIJzZP6Gd3UmDg5xYXAv9TYwY2k4C+nQgIpGTSb3sypbk5X/k9Ii
bTh3Gt365M4E3Ze/fTWxT73LGgxVge7jIVHEPHyWtHXW7DoYz1xr01RMlRVEjfa/
kKXaTUPOhGTRX09s55ANNIrdpZflrLO1Eug8ITu8x5dESOnNFxpg2Rwx2ytxgNTd
ZAYudIj0wwIjSyU0+1J+MFPLV8hzLuBgbq3uzqge0WNzWbh/NwaxVBZhPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5iF3s+U417rDUikKqLNrv+JAIWMB8GA1UdIwQY
MBaAFN6H01vcqxI6/8GpHRc2hnlpcJojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM29mVFc5eXJFanJfd2FrZEZ6YUdlV2x3bWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85MTA3MTYtZjI2Ni00N2YwLTliYWQt
YzIyMzkwZThkOWE2LzEvZm1JWGV6NVRqWHVzTlNLUXFvczJ1XzRrQWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85MTA3MTYtZjI2Ni00N2YwLTliYWQtYzIyMzkwZThkOWE2
LzEvM29mVFc5eXJFanJfd2FrZEZ6YUdlV2x3bWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudOcMA0G
CSqGSIb3DQEBCwUAA4IBAQCi5yDCXgsHNqQa5TFOxJCGGNUy+iDcqHca1yqPnaFO
vvw5cT0lmI1dWrGLDIL9do/sszC08JKDV+HSAvIsHVDIYMXazHEM/AHydXcovf3I
nFtztbgvZ/HLG8V9q9BdK2rj/3qmJnGukvvJS97NeKvQD2oqkkzRUHg5JXmsKten
3G5IgxQ7EBDcSV8H03JES1OOWwWKvuTTybd3RTIWxVaBn7iNpuAClo3U2lwG8cUm
vwETaI+jdJo3LkkTqnSjnNU/2qqzyFCPkNTo0GVZ8o0wXF0WAa6X9oCp0scIl9m5
U7IBeS3AA94yyi3JfC4L7IipxCeQelKmOMjSCA0+OYJ7
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:41:50 2024 by rpki-client on console-fra.rpki-client.org