Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/4olGylfgClyFfKS5MSyS46IHgcQ.roa
File:                     4olGylfgClyFfKS5MSyS46IHgcQ.roa (raw, json)
Hash identifier:          La1fX0ez9hLCEyGs5dfiRGT1prxZULnFPfeEzzi5ejU=
Subject key identifier:   E2:89:46:CA:57:E0:0A:5C:85:7C:A4:B9:31:2C:92:E3:A2:07:81:C4
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       018CC6B90E90E87454CAFB59019A10BAF13C
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/4olGylfgClyFfKS5MSyS46IHgcQ.roa
Signing time:             Mon 01 Jan 2024 20:31:05 +0000
ROA not before:           Mon 01 Jan 2024 20:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42147
IP address blocks:        193.148.130.0/24 maxlen: 24
                          193.148.129.0/24 maxlen: 24
                          193.148.138.0/24 maxlen: 24
                          193.148.139.0/24 maxlen: 24
                          193.148.144.0/24 maxlen: 24
                          193.148.145.0/24 maxlen: 24
                          193.148.140.0/24 maxlen: 24
                          193.148.141.0/24 maxlen: 24
                          193.148.142.0/24 maxlen: 24
                          193.148.143.0/24 maxlen: 24
                          193.148.147.0/24 maxlen: 24
                          193.148.150.0/24 maxlen: 24
                          193.148.158.0/24 maxlen: 24
                          193.148.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:0e:90:e8:74:54:ca:fb:59:01:9a:10:ba:f1:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jan  1 20:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e28946ca57e00a5c857ca4b9312c92e3a20781c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0a:f4:3d:96:96:fc:55:5a:96:26:6f:fa:b5:
                    e0:6e:47:13:65:ef:67:3f:fd:8a:1e:87:99:c6:51:
                    66:12:5a:57:35:ae:dd:3a:0b:fa:5b:16:2c:0c:19:
                    d3:8f:30:62:73:54:64:09:8c:bd:8c:12:44:23:14:
                    68:bb:52:61:01:72:1a:0f:a1:95:e6:f4:54:d3:c8:
                    8e:a7:ad:c0:54:8c:fb:6e:2c:14:aa:d5:86:36:50:
                    4d:3c:e7:ec:71:b3:cd:60:92:9b:e7:a8:61:a2:ac:
                    c2:e4:17:fc:d0:51:7e:93:4b:24:f9:c2:07:25:49:
                    32:63:19:79:f5:4e:3f:da:e1:f3:5f:7e:e8:c4:c1:
                    16:72:e7:7f:47:95:3b:fd:9a:e0:30:6c:8a:c7:ed:
                    54:51:47:0a:c9:02:c6:78:b0:40:52:cc:40:76:2d:
                    74:0f:6b:0a:f8:35:05:d8:56:3a:1c:8d:2c:05:be:
                    65:74:0d:70:93:c5:1f:d1:5a:68:10:29:08:9b:7a:
                    25:49:2f:6d:f2:d1:46:1e:c9:bb:23:6a:1d:68:a2:
                    c6:8e:f8:80:6c:e1:95:9e:51:ce:e2:44:39:cd:09:
                    f1:3e:23:c5:5c:6d:ec:c5:e8:0b:d9:76:93:11:8b:
                    0a:1a:40:a7:3e:1b:1a:ca:79:05:a9:87:e7:85:46:
                    9d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:89:46:CA:57:E0:0A:5C:85:7C:A4:B9:31:2C:92:E3:A2:07:81:C4
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/4olGylfgClyFfKS5MSyS46IHgcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.129.0-193.148.130.255
                  193.148.138.0-193.148.145.255
                  193.148.147.0/24
                  193.148.150.0/24
                  193.148.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:6c:8b:0d:31:39:3d:cd:f4:9e:e7:5a:a7:e1:5c:16:5b:74:
         2a:d8:a1:c5:05:46:ba:27:81:b7:bf:d3:20:9e:0f:a1:b1:13:
         85:33:e3:4f:08:6a:2b:3b:15:8c:21:df:14:45:4e:4d:d0:84:
         80:b4:a8:23:b8:4e:7a:c7:93:44:ee:e8:ff:56:e3:86:c8:43:
         7d:88:7f:1e:32:d4:e4:b8:ba:e1:b6:8e:a1:e4:ae:f8:66:33:
         6f:83:a8:aa:41:32:34:4c:19:ce:6d:23:bf:e7:95:82:38:f9:
         2d:3d:0e:55:43:50:49:4e:fe:d4:dd:cf:0b:20:ee:c6:61:38:
         fa:af:ff:eb:5e:c8:ab:03:6a:85:cc:7a:47:67:1b:16:c5:f5:
         17:c9:40:52:11:e6:5d:2e:0a:f2:6e:c1:af:5d:d0:1b:ff:da:
         02:23:f2:9a:a2:aa:4a:99:81:ad:eb:1d:84:f9:c6:eb:6d:aa:
         1e:28:c7:07:c5:ca:6c:c4:35:82:6d:de:5a:b9:65:e6:b6:cd:
         ad:da:02:a8:ad:42:a7:21:17:a2:83:b7:76:f6:ce:ad:9f:03:
         18:cc:30:55:99:21:5f:3b:35:53:1a:0e:16:f3:ba:6c:09:d2:
         ab:06:c1:2e:fe:5b:77:a3:29:ad:26:c2:2f:30:18:ce:18:ee:
         5c:bd:06:32
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzGuQ6Q6HRUyvtZAZoQuvE8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjQwMTAxMjAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjg5NDZjYTU3ZTAwYTVjODU3Y2E0YjkzMTJjOTJlM2EyMDc4MWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwr0PZaW/FValiZv+rXgbkcTZe9n
P/2KHoeZxlFmElpXNa7dOgv6WxYsDBnTjzBic1RkCYy9jBJEIxRou1JhAXIaD6GV
5vRU08iOp63AVIz7biwUqtWGNlBNPOfscbPNYJKb56hhoqzC5Bf80FF+k0sk+cIH
JUkyYxl59U4/2uHzX37oxMEWcud/R5U7/ZrgMGyKx+1UUUcKyQLGeLBAUsxAdi10
D2sK+DUF2FY6HI0sBb5ldA1wk8Uf0VpoECkIm3olSS9t8tFGHsm7I2odaKLGjviA
bOGVnlHO4kQ5zQnxPiPFXG3sxegL2XaTEYsKGkCnPhsaynkFqYfnhUadYQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFOKJRspX4ApchXykuTEskuOiB4HEMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvNG9sR3lsZmdDbHlGZktTNU1TeVM0NklIZ2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBADBlIED
BADBlIIwDAMEAcGUigMEAcGUkAMEAMGUkwMEAMGUlgMEAcGUnjANBgkqhkiG9w0B
AQsFAAOCAQEAZmyLDTE5Pc30nudap+FcFlt0KtihxQVGuieBt7/TIJ4PobEThTPj
TwhqKzsVjCHfFEVOTdCEgLSoI7hOeseTRO7o/1bjhshDfYh/HjLU5Li64baOoeSu
+GYzb4OoqkEyNEwZzm0jv+eVgjj5LT0OVUNQSU7+1N3PCyDuxmE4+q//617IqwNq
hcx6R2cbFsX1F8lAUhHmXS4K8m7Br13QG//aAiPymqKqSpmBresdhPnG622qHijH
B8XKbMQ1gm3eWrll5rbNrdoCqK1CpyEXooO3dvbOrZ8DGMwwVZkhXzs1UxoOFvO6
bAnSqwbBLv5bd6MprSbCLzAYzhjuXL0GMg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:06:21 2024 by rpki-client on console-ams.rpki-client.org