Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/fjbcMp49Y7ZlAJj4J60KyxmkO-g.roa
File:                     fjbcMp49Y7ZlAJj4J60KyxmkO-g.roa (raw, json)
Hash identifier:          2XqL9pbL/fdiaLWQkz9h1oV5QYuRFT/WFyOwbczqJuA=
Subject key identifier:   7E:36:DC:32:9E:3D:63:B6:65:00:98:F8:27:AD:0A:CB:19:A4:3B:E8
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       018CC50060DAD2AF060A579396B1C3981640
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/fjbcMp49Y7ZlAJj4J60KyxmkO-g.roa
Signing time:             Mon 01 Jan 2024 12:29:45 +0000
ROA not before:           Mon 01 Jan 2024 12:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48359
IP address blocks:        185.129.228.0/24 maxlen: 24
                          185.129.229.0/24 maxlen: 24
                          185.129.185.0/24 maxlen: 24
                          185.129.184.0/24 maxlen: 24
                          185.129.186.0/24 maxlen: 24
                          185.129.187.0/24 maxlen: 24
                          185.129.198.0/24 maxlen: 24
                          185.129.201.0/24 maxlen: 24
                          185.129.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:60:da:d2:af:06:0a:57:93:96:b1:c3:98:16:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Jan  1 12:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e36dc329e3d63b6650098f827ad0acb19a43be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:42:e4:d5:46:24:bb:3b:43:20:2f:c1:90:08:
                    2c:36:e0:87:17:1c:d3:ff:f7:0f:21:1d:1b:61:4c:
                    62:8e:5b:47:a4:9e:39:e9:0b:f0:35:24:55:7c:a8:
                    c8:ee:36:80:26:5f:8e:c6:af:94:48:57:6c:e6:80:
                    85:19:31:07:8a:ae:a0:e2:fd:24:85:df:87:23:46:
                    5f:63:1b:2f:88:c7:72:ca:4b:54:e9:35:86:1a:bd:
                    b9:c6:07:7d:b1:82:3e:7d:55:bf:e2:db:79:db:82:
                    a2:c8:6b:ee:51:58:5f:46:19:d3:95:02:32:67:8c:
                    63:17:13:72:db:03:8c:1d:6e:6c:e0:e9:25:35:b3:
                    3e:c6:3b:0c:9c:2d:01:4e:90:bd:cf:ce:d7:43:04:
                    fd:06:08:5f:3f:11:ce:d7:0e:c7:c4:bf:30:12:61:
                    cd:df:40:df:27:b8:6d:60:4b:96:4c:7e:3b:78:78:
                    a0:9d:f0:34:76:1e:e8:0d:83:89:4b:b9:76:01:25:
                    91:3f:73:27:c4:c9:95:b0:52:d4:15:17:d2:90:4d:
                    fd:75:f0:b0:dd:62:b6:97:8b:4d:d1:b5:4e:ef:86:
                    a9:83:49:5c:53:f2:40:78:9c:6c:b4:71:42:88:c5:
                    fe:fc:39:31:02:97:0a:0d:be:9b:7a:65:fc:0c:48:
                    f1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:36:DC:32:9E:3D:63:B6:65:00:98:F8:27:AD:0A:CB:19:A4:3B:E8
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/fjbcMp49Y7ZlAJj4J60KyxmkO-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.184.0/22
                  185.129.198.0/24
                  185.129.201.0/24
                  185.129.212.0/24
                  185.129.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:0f:33:62:b0:cc:62:c5:77:b0:da:a1:bf:d4:b8:a1:f8:29:
         d0:3b:b6:8d:58:6a:2a:fc:c2:c7:0d:45:5c:6b:8e:cd:c3:a3:
         5f:a2:0f:d1:b6:f9:fd:14:8b:83:d8:59:50:12:2e:ce:6e:d2:
         e0:a1:c9:a3:85:8a:86:fb:55:e4:7c:c7:45:6e:b6:0a:32:b5:
         67:98:ec:3d:15:b7:a4:64:54:79:5d:d0:35:6b:ea:6e:eb:23:
         9f:58:80:9d:09:c4:a1:35:75:fc:fa:1e:51:b5:57:bf:d9:6f:
         fe:31:ad:96:a3:74:d5:56:09:1d:e5:17:20:cd:8c:3d:25:87:
         fa:61:1b:8e:1d:b7:37:ec:90:0e:6c:96:06:ed:dd:35:b4:c5:
         d6:e0:47:fe:da:2b:f0:cf:96:9b:bc:2d:da:d9:40:ea:b2:1b:
         6b:e7:e1:bf:46:05:e7:bc:c3:38:9d:75:33:c9:e6:fd:ec:96:
         9a:36:ba:b8:41:5c:2a:2c:c5:6b:55:11:4d:e3:5d:72:b0:59:
         1e:64:5e:8a:92:ac:c7:e8:a8:0a:a6:52:34:df:86:89:b1:b2:
         5d:2a:74:85:66:ab:45:88:77:20:df:9a:a9:b9:76:eb:96:4e:
         4e:f0:f1:b9:1f:86:7b:3a:60:32:1f:be:9d:e0:bc:51:2e:e5:
         bc:09:49:fc
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzFAGDa0q8GCleTlrHDmBZAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjQwMTAxMTIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTM2ZGMzMjllM2Q2M2I2NjUwMDk4ZjgyN2FkMGFjYjE5YTQzYmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiULk1UYkuztDIC/BkAgsNuCHFxzT
//cPIR0bYUxijltHpJ456QvwNSRVfKjI7jaAJl+Oxq+USFds5oCFGTEHiq6g4v0k
hd+HI0ZfYxsviMdyyktU6TWGGr25xgd9sYI+fVW/4tt524KiyGvuUVhfRhnTlQIy
Z4xjFxNy2wOMHW5s4OklNbM+xjsMnC0BTpC9z87XQwT9BghfPxHO1w7HxL8wEmHN
30DfJ7htYEuWTH47eHignfA0dh7oDYOJS7l2ASWRP3MnxMmVsFLUFRfSkE39dfCw
3WK2l4tN0bVO74apg0lcU/JAeJxstHFCiMX+/DkxApcKDb6bemX8DEjxVQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFH423DKePWO2ZQCY+CetCssZpDvoMB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEvZmpiY01wNDlZN1psQUpqNEo2MEt5eG1rTy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCuYG4AwQA
uYHGAwQAuYHJAwQAuYHUAwQBuYHkMA0GCSqGSIb3DQEBCwUAA4IBAQCpDzNisMxi
xXew2qG/1Lih+CnQO7aNWGoq/MLHDUVca47Nw6Nfog/Rtvn9FIuD2FlQEi7ObtLg
ocmjhYqG+1XkfMdFbrYKMrVnmOw9FbekZFR5XdA1a+pu6yOfWICdCcShNXX8+h5R
tVe/2W/+Ma2Wo3TVVgkd5RcgzYw9JYf6YRuOHbc37JAObJYG7d01tMXW4Ef+2ivw
z5abvC3a2UDqshtr5+G/RgXnvMM4nXUzyeb97JaaNrq4QVwqLMVrVRFN411ysFke
ZF6KkqzH6KgKplI034aJsbJdKnSFZqtFiHcg35qpuXbrlk5O8PG5H4Z7OmAyH76d
4LxRLuW8CUn8
-----END CERTIFICATE-----
Generated at Mon Jun 17 14:57:53 2024 by rpki-client on console-fra.rpki-client.org