Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c09c64-0baf-4b07-8d29-473851709c58/1/jV7hKj2mwJiYMkjowu_Az2iONak.roa
File:                     jV7hKj2mwJiYMkjowu_Az2iONak.roa (raw, json)
Hash identifier:          +OGWq4TXSrAbFA6t7QZIKqlSuPUiSW9C334KAFNO0G4=
Subject key identifier:   8D:5E:E1:2A:3D:A6:C0:98:98:32:48:E8:C2:EF:C0:CF:68:8E:35:A9
Certificate issuer:       /CN=72eadc7a7ece477d5f4d777243b60f2bbbb75603
Certificate serial:       018CC5DC503BD664EE0EC7589B219F4E36D5
Authority key identifier: 72:EA:DC:7A:7E:CE:47:7D:5F:4D:77:72:43:B6:0F:2B:BB:B7:56:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/curcen7OR31fTXdyQ7YPK7u3VgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c09c64-0baf-4b07-8d29-473851709c58/1/jV7hKj2mwJiYMkjowu_Az2iONak.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34968
IP address blocks:        89.207.24.0/21 maxlen: 24
                          95.155.184.0/21 maxlen: 24
                          46.38.192.0/19 maxlen: 24
                          193.238.240.0/22 maxlen: 24
                          2a01:710::/32 maxlen: 64
                          2a0f:4880::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c09c64-0baf-4b07-8d29-473851709c58/1/curcen7OR31fTXdyQ7YPK7u3VgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c09c64-0baf-4b07-8d29-473851709c58/1/curcen7OR31fTXdyQ7YPK7u3VgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/curcen7OR31fTXdyQ7YPK7u3VgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:50:3b:d6:64:ee:0e:c7:58:9b:21:9f:4e:36:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72eadc7a7ece477d5f4d777243b60f2bbbb75603
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d5ee12a3da6c098983248e8c2efc0cf688e35a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9d:90:b9:55:09:4b:60:00:52:9b:40:a0:31:
                    03:7c:27:5b:90:02:c1:ee:60:64:16:64:63:74:9b:
                    21:a6:b6:cc:ea:64:2a:f6:db:58:40:09:a7:2f:eb:
                    a2:00:ee:6b:1b:44:15:01:05:3b:56:3a:d8:ca:e3:
                    93:8c:30:d8:b8:00:f3:00:8e:48:3e:35:c7:a0:90:
                    9c:6b:49:47:50:82:6a:38:cd:8c:ea:79:f3:2c:e1:
                    0f:6c:65:5e:7a:38:d6:60:dd:cb:8b:fe:d9:7f:3c:
                    4b:c3:56:ce:33:d2:f5:f6:c2:9f:c9:a5:ac:a5:2a:
                    9e:dd:e4:1c:ca:80:c9:d2:d9:2b:2e:17:16:3b:36:
                    97:7d:cf:d8:f2:7b:8e:ee:4f:b3:b3:9c:c3:4a:1f:
                    49:b5:99:ca:ef:76:41:dd:4b:f8:0f:ef:1f:7a:cf:
                    db:b6:0d:d0:32:03:b3:6e:67:60:ed:0f:fd:13:3c:
                    99:33:98:a4:d0:ea:ff:6f:7f:aa:a7:8b:5f:1d:a4:
                    37:5e:c3:75:d2:8d:b2:39:c6:67:84:97:07:b1:4c:
                    35:87:f1:22:b5:42:1c:67:c9:bb:ba:d3:f2:35:37:
                    c8:78:16:2f:7a:ea:72:1d:6c:f9:ba:dc:5b:cf:e6:
                    6e:0f:85:76:07:1b:e3:c3:fc:09:e3:94:cd:75:a5:
                    c9:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:5E:E1:2A:3D:A6:C0:98:98:32:48:E8:C2:EF:C0:CF:68:8E:35:A9
            X509v3 Authority Key Identifier:
                keyid:72:EA:DC:7A:7E:CE:47:7D:5F:4D:77:72:43:B6:0F:2B:BB:B7:56:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/curcen7OR31fTXdyQ7YPK7u3VgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c09c64-0baf-4b07-8d29-473851709c58/1/jV7hKj2mwJiYMkjowu_Az2iONak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c09c64-0baf-4b07-8d29-473851709c58/1/curcen7OR31fTXdyQ7YPK7u3VgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.192.0/19
                  89.207.24.0/21
                  95.155.184.0/21
                  193.238.240.0/22
                IPv6:
                  2a01:710::/32
                  2a0f:4880::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:32:2c:bf:8d:86:9e:09:6c:35:8a:f9:d1:7f:26:57:6a:dd:
         02:3f:80:17:cb:0d:a1:31:e3:e6:88:6b:08:b3:31:6d:da:11:
         6f:65:bc:1a:3a:ab:1c:50:1a:05:08:92:29:de:0b:cf:f6:98:
         d0:87:25:6b:a1:71:ae:1d:26:30:fb:0e:7b:2e:1b:d9:b3:d7:
         2e:59:25:a8:7f:5b:d3:f8:31:d7:b8:47:28:8c:4d:43:97:43:
         f4:72:87:49:f1:d0:52:b7:84:ca:d5:59:e6:43:6c:50:e6:3d:
         fc:2e:a9:e6:46:38:04:e1:55:ad:50:bd:3a:e4:7c:44:ee:bf:
         ed:ff:bf:d6:20:49:91:c9:c6:70:70:99:d6:0d:92:c0:3e:ba:
         7a:11:a9:d5:0d:95:53:9a:aa:72:db:3d:99:f6:79:9e:6d:55:
         3e:58:8c:a4:71:0a:c2:93:b5:78:12:1f:92:57:ea:58:a6:d7:
         8d:ce:fe:c4:50:ca:cc:0a:32:77:3c:09:42:9a:12:7d:59:2d:
         d3:b8:f9:b5:bd:2f:1c:fa:28:2e:0e:97:5e:5b:44:b5:e4:91:
         88:5c:4c:79:cc:82:01:9c:d3:3a:2d:66:50:70:85:eb:0b:2f:
         c5:55:3b:c0:42:7a:c1:0a:23:69:ec:ae:de:fb:fd:9d:f5:d6:
         a8:88:18:14
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzF3FA71mTuDsdYmyGfTjbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWFkYzdhN2VjZTQ3N2Q1ZjRkNzc3MjQzYjYwZjJiYmJi
NzU2MDMwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDVlZTEyYTNkYTZjMDk4OTgzMjQ4ZThjMmVmYzBjZjY4OGUzNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu52QuVUJS2AAUptAoDEDfCdbkALB
7mBkFmRjdJshprbM6mQq9ttYQAmnL+uiAO5rG0QVAQU7VjrYyuOTjDDYuADzAI5I
PjXHoJCca0lHUIJqOM2M6nnzLOEPbGVeejjWYN3Li/7ZfzxLw1bOM9L19sKfyaWs
pSqe3eQcyoDJ0tkrLhcWOzaXfc/Y8nuO7k+zs5zDSh9JtZnK73ZB3Uv4D+8fes/b
tg3QMgOzbmdg7Q/9EzyZM5ik0Or/b3+qp4tfHaQ3XsN10o2yOcZnhJcHsUw1h/Ei
tUIcZ8m7utPyNTfIeBYveupyHWz5utxbz+ZuD4V2Bxvjw/wJ45TNdaXJXwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFI1e4So9psCYmDJI6MLvwM9ojjWpMB8GA1UdIwQY
MBaAFHLq3Hp+zkd9X013ckO2Dyu7t1YDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VyY2VuN09SMzFmVFhkeVE3WVBLN3UzVmdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jMDljNjQtMGJhZi00YjA3LThkMjkt
NDczODUxNzA5YzU4LzEvalY3aEtqMm13SmlZTWtqb3d1X0F6MmlPTmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jMDljNjQtMGJhZi00YjA3LThkMjktNDczODUxNzA5YzU4
LzEvY3VyY2VuN09SMzFmVFhkeVE3WVBLN3UzVmdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQFLibAAwQD
Wc8YAwQDX5u4AwQCwe7wMBQEAgACMA4DBQAqAQcQAwUDKg9IgDANBgkqhkiG9w0B
AQsFAAOCAQEAdjIsv42GnglsNYr50X8mV2rdAj+AF8sNoTHj5ohrCLMxbdoRb2W8
GjqrHFAaBQiSKd4Lz/aY0Icla6Fxrh0mMPsOey4b2bPXLlklqH9b0/gx17hHKIxN
Q5dD9HKHSfHQUreEytVZ5kNsUOY9/C6p5kY4BOFVrVC9OuR8RO6/7f+/1iBJkcnG
cHCZ1g2SwD66ehGp1Q2VU5qqcts9mfZ5nm1VPliMpHEKwpO1eBIfklfqWKbXjc7+
xFDKzAoydzwJQpoSfVkt07j5tb0vHPooLg6XXltEteSRiFxMecyCAZzTOi1mUHCF
6wsvxVU7wEJ6wQojaeyu3vv9nfXWqIgYFA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:59:31 2024 by rpki-client on console-ams.rpki-client.org