Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/pZQfa7LZBnHar0epaU622h4x7iA.roa
File:                     pZQfa7LZBnHar0epaU622h4x7iA.roa (raw, json)
Hash identifier:          A/1n5KGghwN80sIHHmoEyN9YAGwA6UClFBft8pI7Tew=
Subject key identifier:   A5:94:1F:6B:B2:D9:06:71:DA:AF:47:A9:69:4E:B6:DA:1E:31:EE:20
Certificate issuer:       /CN=35902c9b640fc6d57c237714ed24da17f2d3e474
Certificate serial:       018CC9BCA6572EF0825AEF7C8E00B002147C
Authority key identifier: 35:90:2C:9B:64:0F:C6:D5:7C:23:77:14:ED:24:DA:17:F2:D3:E4:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZAsm2QPxtV8I3cU7STaF_LT5HQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/pZQfa7LZBnHar0epaU622h4x7iA.roa
Signing time:             Tue 02 Jan 2024 10:33:52 +0000
ROA not before:           Tue 02 Jan 2024 10:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16007
IP address blocks:        217.25.192.0/20 maxlen: 20
                          185.120.132.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/NZAsm2QPxtV8I3cU7STaF_LT5HQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/NZAsm2QPxtV8I3cU7STaF_LT5HQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZAsm2QPxtV8I3cU7STaF_LT5HQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a6:57:2e:f0:82:5a:ef:7c:8e:00:b0:02:14:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35902c9b640fc6d57c237714ed24da17f2d3e474
        Validity
            Not Before: Jan  2 10:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5941f6bb2d90671daaf47a9694eb6da1e31ee20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d6:ec:e8:7b:05:d0:e4:00:63:02:22:f9:f6:
                    f6:47:14:55:f9:d4:f3:db:67:a7:ad:61:fe:0a:2d:
                    b6:2d:a8:7f:45:e9:de:52:3e:a0:7d:e9:29:7a:6d:
                    e7:78:17:93:3f:0b:bb:8f:48:e8:cd:76:44:e1:1b:
                    95:e3:6e:84:fe:41:ae:62:75:30:c3:95:e6:cc:3a:
                    26:f2:23:91:7a:cb:32:8c:74:07:fa:60:77:e8:fa:
                    66:20:4c:b8:46:c2:a6:da:5b:61:a2:38:d1:3e:8e:
                    df:b8:be:f7:f6:2e:ab:99:9e:52:69:45:96:79:64:
                    24:cd:8e:3a:33:64:54:af:ba:7d:35:1a:1a:b2:21:
                    da:c4:31:32:e7:e0:59:d5:78:a0:da:31:7d:bd:14:
                    2f:a0:19:2b:78:18:c6:60:76:32:f6:9a:a3:b2:50:
                    09:ad:af:70:2d:ca:e3:9d:34:06:5f:7f:c6:ac:af:
                    63:04:e0:1c:5a:87:c3:15:e6:ec:c5:4a:5c:74:f0:
                    86:b3:72:fd:47:35:2c:71:f1:4a:3c:98:d9:07:75:
                    b0:49:da:70:a6:8a:df:e6:0f:18:79:47:c6:9b:0a:
                    bd:30:9e:c5:f9:fa:45:7e:2e:d8:45:fb:40:6a:bb:
                    53:a8:29:9f:54:b0:fa:9c:ce:47:1c:0a:c0:07:f5:
                    bd:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:94:1F:6B:B2:D9:06:71:DA:AF:47:A9:69:4E:B6:DA:1E:31:EE:20
            X509v3 Authority Key Identifier:
                keyid:35:90:2C:9B:64:0F:C6:D5:7C:23:77:14:ED:24:DA:17:F2:D3:E4:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZAsm2QPxtV8I3cU7STaF_LT5HQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/pZQfa7LZBnHar0epaU622h4x7iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f96baf-41f3-4986-b93a-417b4fa564ea/1/NZAsm2QPxtV8I3cU7STaF_LT5HQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.132.0/22
                  217.25.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4f:ee:79:1b:89:2e:82:bb:e9:6c:aa:35:63:16:20:f9:fb:2a:
         d0:94:a7:a6:a1:69:19:39:04:63:fb:77:67:b3:90:cc:c7:05:
         06:32:96:7f:10:9c:4c:c2:8c:7f:ed:37:bd:4c:da:06:d7:5f:
         1c:6b:a7:59:97:f9:7f:1f:68:ea:40:7b:5f:c0:fe:9f:2d:06:
         0b:4b:cd:0c:d0:c2:00:1e:31:ab:8c:5a:c7:44:fa:85:c0:c9:
         14:df:87:9c:cf:19:a6:e0:4d:bb:de:6e:b2:fc:44:0b:94:04:
         42:3e:5c:ed:f5:99:86:2d:2f:0f:a0:c0:3b:f6:04:f2:16:dd:
         eb:10:10:ca:ea:52:d1:5e:9f:4d:cb:2c:e1:14:8c:49:b4:11:
         c7:dc:39:8d:d8:20:d7:83:75:2f:00:be:21:cf:14:2d:19:68:
         1d:b8:82:e5:27:90:d4:0f:53:e5:4d:b4:b5:aa:a4:e0:75:65:
         05:82:2e:5f:48:4f:e9:5b:3e:70:1e:80:aa:a3:6a:29:66:22:
         26:82:2c:49:36:2b:28:83:92:2c:07:c1:16:b3:91:c1:e1:0b:
         7c:58:da:c3:7d:1b:86:ec:6b:5e:b6:5b:bd:96:83:20:34:50:
         a9:c7:1e:04:5c:f3:ad:3f:ad:f1:93:e6:b2:5e:fe:c0:60:0e:
         e0:69:89:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvKZXLvCCWu98jgCwAhR8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OTAyYzliNjQwZmM2ZDU3YzIzNzcxNGVkMjRkYTE3ZjJk
M2U0NzQwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTk0MWY2YmIyZDkwNjcxZGFhZjQ3YTk2OTRlYjZkYTFlMzFlZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNbs6HsF0OQAYwIi+fb2RxRV+dTz
22enrWH+Ci22Lah/ReneUj6gfekpem3neBeTPwu7j0jozXZE4RuV426E/kGuYnUw
w5XmzDom8iORessyjHQH+mB36PpmIEy4RsKm2lthojjRPo7fuL739i6rmZ5SaUWW
eWQkzY46M2RUr7p9NRoasiHaxDEy5+BZ1Xig2jF9vRQvoBkreBjGYHYy9pqjslAJ
ra9wLcrjnTQGX3/GrK9jBOAcWofDFebsxUpcdPCGs3L9RzUscfFKPJjZB3WwSdpw
porf5g8YeUfGmwq9MJ7F+fpFfi7YRftAartTqCmfVLD6nM5HHArAB/W9TwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKWUH2uy2QZx2q9HqWlOttoeMe4gMB8GA1UdIwQY
MBaAFDWQLJtkD8bVfCN3FO0k2hfy0+R0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlpBc20yUVB4dFY4STNjVTdTVGFGX0xUNUhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mOTZiYWYtNDFmMy00OTg2LWI5M2Et
NDE3YjRmYTU2NGVhLzEvcFpRZmE3TFpCbkhhcjBlcGFVNjIyaDR4N2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mOTZiYWYtNDFmMy00OTg2LWI5M2EtNDE3YjRmYTU2NGVh
LzEvTlpBc20yUVB4dFY4STNjVTdTVGFGX0xUNUhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuXiEAwQE
2RnAMA0GCSqGSIb3DQEBCwUAA4IBAQBP7nkbiS6Cu+lsqjVjFiD5+yrQlKemoWkZ
OQRj+3dns5DMxwUGMpZ/EJxMwox/7Te9TNoG118ca6dZl/l/H2jqQHtfwP6fLQYL
S80M0MIAHjGrjFrHRPqFwMkU34eczxmm4E273m6y/EQLlARCPlzt9ZmGLS8PoMA7
9gTyFt3rEBDK6lLRXp9NyyzhFIxJtBHH3DmN2CDXg3UvAL4hzxQtGWgduILlJ5DU
D1PlTbS1qqTgdWUFgi5fSE/pWz5wHoCqo2opZiImgixJNisog5IsB8EWs5HB4Qt8
WNrDfRuG7Gtetlu9loMgNFCpxx4EXPOtP63xk+ayXv7AYA7gaYkk
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:53:12 2024 by rpki-client on console-fra.rpki-client.org