Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/4tVf-pbHtOo7K6vGI4qqWRNtTTY.roa
File:                     4tVf-pbHtOo7K6vGI4qqWRNtTTY.roa (raw, json)
Hash identifier:          yroYLbF4SWuDmDkJb/Vgghd/3Or9o2fjyrsYCq16pUc=
Subject key identifier:   E2:D5:5F:FA:96:C7:B4:EA:3B:2B:AB:C6:23:8A:AA:59:13:6D:4D:36
Certificate issuer:       /CN=432ffd36796e90f812a1612ec1f464de3d5e2f38
Certificate serial:       018CC9BC7EF8FDA19DEA479951F1EB3BC2E7
Authority key identifier: 43:2F:FD:36:79:6E:90:F8:12:A1:61:2E:C1:F4:64:DE:3D:5E:2F:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qy_9NnlukPgSoWEuwfRk3j1eLzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/4tVf-pbHtOo7K6vGI4qqWRNtTTY.roa
Signing time:             Tue 02 Jan 2024 10:33:42 +0000
ROA not before:           Tue 02 Jan 2024 10:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201452
IP address blocks:        185.136.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/Qy_9NnlukPgSoWEuwfRk3j1eLzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/Qy_9NnlukPgSoWEuwfRk3j1eLzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qy_9NnlukPgSoWEuwfRk3j1eLzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:7e:f8:fd:a1:9d:ea:47:99:51:f1:eb:3b:c2:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=432ffd36796e90f812a1612ec1f464de3d5e2f38
        Validity
            Not Before: Jan  2 10:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2d55ffa96c7b4ea3b2babc6238aaa59136d4d36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b2:41:1c:a8:cc:56:82:ff:a5:c6:1b:23:80:
                    e4:d2:61:da:32:7e:b3:3d:5f:7f:bf:98:a6:4f:37:
                    ca:1d:b4:eb:0e:f4:ff:1d:8e:68:17:2d:6f:31:d4:
                    43:53:dd:04:42:de:40:69:c0:7e:37:80:ad:0a:33:
                    20:65:34:95:37:23:bd:8e:f9:4c:2a:e8:8b:9b:28:
                    35:a3:f1:23:64:ef:0f:de:9a:07:d0:b5:6f:28:ab:
                    be:3d:fe:5d:f8:04:ce:74:84:1c:c1:92:78:50:50:
                    09:d7:ca:b3:ad:61:b9:ae:8e:67:d7:58:2b:53:a0:
                    3e:36:1c:43:d3:5b:46:53:8b:3b:11:86:20:16:ca:
                    38:f8:c6:91:a6:52:95:f1:08:82:f4:73:8c:58:75:
                    46:2e:80:91:d6:cf:02:0e:4f:22:a5:6f:2e:b9:2c:
                    00:57:e4:b6:d4:d5:70:a1:4d:e7:5d:8e:db:ad:9d:
                    7c:33:07:9f:e0:d3:38:09:e7:04:8c:b9:83:13:2b:
                    60:59:be:e4:c7:2e:6c:d4:cf:7c:09:26:40:2f:ef:
                    48:31:4c:2b:08:c5:76:b3:bc:4b:23:d1:28:e7:ed:
                    8d:d9:24:14:89:02:ea:31:f8:24:ad:ca:70:da:06:
                    84:41:2b:12:8d:fb:d0:2a:a9:fd:be:b7:04:78:f5:
                    39:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:D5:5F:FA:96:C7:B4:EA:3B:2B:AB:C6:23:8A:AA:59:13:6D:4D:36
            X509v3 Authority Key Identifier:
                keyid:43:2F:FD:36:79:6E:90:F8:12:A1:61:2E:C1:F4:64:DE:3D:5E:2F:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qy_9NnlukPgSoWEuwfRk3j1eLzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/4tVf-pbHtOo7K6vGI4qqWRNtTTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/Qy_9NnlukPgSoWEuwfRk3j1eLzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:bc:4b:59:84:4f:a8:03:12:8a:8f:cb:dd:37:2d:99:cb:38:
         ef:9e:a2:30:af:a9:37:43:fc:12:8b:8d:34:31:5d:8b:20:e0:
         58:86:a4:cd:28:8b:a9:dc:61:b9:a1:50:6c:c0:4c:3e:31:fd:
         a6:b7:d3:d2:69:b8:d8:b6:1c:e8:cf:ce:b7:27:ae:37:aa:7b:
         b6:d7:f9:0f:d3:46:ec:98:e3:39:5f:77:7d:84:55:a7:44:d8:
         65:3c:f9:2f:9f:2d:e6:08:60:b7:b2:f1:17:e6:b8:63:98:10:
         35:5f:ca:bf:e1:63:b4:1e:1b:f5:18:db:0a:93:0b:88:6e:ae:
         e4:ad:57:49:68:f1:31:cf:3a:ae:35:f8:ae:07:bf:c7:6b:ea:
         9a:06:5e:96:63:08:8e:79:d4:40:07:aa:4e:d7:5b:49:26:ea:
         e8:81:bf:79:c1:c0:b1:96:a2:7d:c4:7d:e1:35:7c:8e:3f:ac:
         64:3e:81:6e:54:14:82:c1:b2:f8:ad:0b:8e:41:a9:b6:03:5f:
         bf:9f:c0:75:3a:bf:48:dc:ff:fe:8e:66:07:bc:a0:27:c6:2b:
         7f:ac:d1:c1:f3:25:ef:8d:78:78:c9:f5:b9:05:9c:c1:56:dd:
         26:97:bb:d8:ff:dc:6e:2d:c3:b8:6b:52:ad:b6:4c:b4:ce:50:
         38:1e:cc:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvH74/aGd6keZUfHrO8LnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMmZmZDM2Nzk2ZTkwZjgxMmExNjEyZWMxZjQ2NGRlM2Q1
ZTJmMzgwHhcNMjQwMTAyMTAzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmQ1NWZmYTk2YzdiNGVhM2IyYmFiYzYyMzhhYWE1OTEzNmQ0ZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorJBHKjMVoL/pcYbI4Dk0mHaMn6z
PV9/v5imTzfKHbTrDvT/HY5oFy1vMdRDU90EQt5AacB+N4CtCjMgZTSVNyO9jvlM
KuiLmyg1o/EjZO8P3poH0LVvKKu+Pf5d+ATOdIQcwZJ4UFAJ18qzrWG5ro5n11gr
U6A+NhxD01tGU4s7EYYgFso4+MaRplKV8QiC9HOMWHVGLoCR1s8CDk8ipW8uuSwA
V+S21NVwoU3nXY7brZ18Mwef4NM4CecEjLmDEytgWb7kxy5s1M98CSZAL+9IMUwr
CMV2s7xLI9Eo5+2N2SQUiQLqMfgkrcpw2gaEQSsSjfvQKqn9vrcEePU5+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLVX/qWx7TqOyurxiOKqlkTbU02MB8GA1UdIwQY
MBaAFEMv/TZ5bpD4EqFhLsH0ZN49Xi84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXlfOU5ubHVrUGdTb1dFdXdmUmszajFlTHpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8xOTZmODktMjQyMS00YmMxLWIzMDUt
OGM2YTVlMGVhMDZlLzEvNHRWZi1wYkh0T283SzZ2R0k0cXFXUk50VFRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8xOTZmODktMjQyMS00YmMxLWIzMDUtOGM2YTVlMGVhMDZl
LzEvUXlfOU5ubHVrUGdTb1dFdXdmUmszajFlTHpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYiFMA0G
CSqGSIb3DQEBCwUAA4IBAQARvEtZhE+oAxKKj8vdNy2ZyzjvnqIwr6k3Q/wSi400
MV2LIOBYhqTNKIup3GG5oVBswEw+Mf2mt9PSabjYthzoz863J643qnu21/kP00bs
mOM5X3d9hFWnRNhlPPkvny3mCGC3svEX5rhjmBA1X8q/4WO0Hhv1GNsKkwuIbq7k
rVdJaPExzzquNfiuB7/Ha+qaBl6WYwiOedRAB6pO11tJJurogb95wcCxlqJ9xH3h
NXyOP6xkPoFuVBSCwbL4rQuOQam2A1+/n8B1Or9I3P/+jmYHvKAnxit/rNHB8yXv
jXh4yfW5BZzBVt0ml7vY/9xuLcO4a1Kttky0zlA4HswN
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:17:07 2024 by rpki-client on console-fra.rpki-client.org