Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/ElpSrJbzZk-aTNdoW8yP8n9tF6g.roa
File:                     ElpSrJbzZk-aTNdoW8yP8n9tF6g.roa (raw, json)
Hash identifier:          QHwL+7Qbu5Jq37868IBoGwLVpE7ZKhSr7Q8qcyeuhrA=
Subject key identifier:   12:5A:52:AC:96:F3:66:4F:9A:4C:D7:68:5B:CC:8F:F2:7F:6D:17:A8
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DCA04C328A99A8161BC7FD6D171206
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/ElpSrJbzZk-aTNdoW8yP8n9tF6g.roa
Signing time:             Mon 01 Jan 2024 16:30:19 +0000
ROA not before:           Mon 01 Jan 2024 16:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213373
IP address blocks:        164.215.98.0/24 maxlen: 24
                          164.215.103.0/24 maxlen: 24
                          46.23.109.0/24 maxlen: 24
                          5.178.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a0:4c:32:8a:99:a8:16:1b:c7:fd:6d:17:12:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=125a52ac96f3664f9a4cd7685bcc8ff27f6d17a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:86:e8:9f:86:fe:33:ef:3e:a7:52:49:57:ee:
                    04:3f:84:66:ee:9b:d1:75:88:92:e1:ec:24:23:3f:
                    4f:4d:8a:48:be:59:32:4d:09:9f:14:06:6d:83:7b:
                    76:e4:e8:6c:98:f2:bd:5a:f6:cb:82:20:22:d1:e8:
                    d3:27:e7:98:28:61:a7:4b:44:5c:37:3d:08:d4:93:
                    f6:fa:ae:35:f2:19:3e:0d:15:1f:86:13:23:e7:e0:
                    77:fa:79:5e:65:4d:90:b8:2c:5c:a9:98:94:d4:45:
                    83:09:c5:f7:b5:dc:bd:9b:fb:2c:0e:e8:76:27:d9:
                    0b:53:46:2e:a3:05:66:44:a0:31:bf:40:77:4d:bf:
                    b3:fb:31:68:0c:93:d4:4e:c2:1e:d1:c5:b8:17:05:
                    9c:a5:ce:d7:e2:51:07:47:4d:91:bb:a5:27:74:1e:
                    aa:bd:43:69:97:2d:52:6f:0a:8e:c6:76:d2:71:a4:
                    e6:e9:58:57:ab:f6:66:33:a7:5f:a6:f0:c4:e7:51:
                    71:09:43:52:43:6b:12:c7:3a:4c:08:eb:d3:fa:c2:
                    c9:73:9b:60:91:62:ef:3b:85:48:7b:48:72:6d:bc:
                    1e:fa:78:f5:f2:57:63:46:2b:22:0e:3b:d2:94:f5:
                    4e:3e:9d:5c:be:47:9d:b8:93:eb:7f:5c:f8:9e:1e:
                    e3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:5A:52:AC:96:F3:66:4F:9A:4C:D7:68:5B:CC:8F:F2:7F:6D:17:A8
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/ElpSrJbzZk-aTNdoW8yP8n9tF6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.0.0/24
                  46.23.109.0/24
                  164.215.98.0/24
                  164.215.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:4a:3e:f5:bf:73:b2:f2:01:03:88:84:3a:9e:1d:89:a1:5c:
         0f:80:fb:5f:c9:09:78:e9:e3:b9:56:b2:33:7d:79:f1:a2:f9:
         2e:1f:b9:96:d7:bf:aa:f6:62:af:11:8b:8c:ee:55:3d:3b:ee:
         48:02:6c:6d:d6:2a:f6:dc:b8:df:ad:f7:88:77:de:70:27:a0:
         8b:15:2f:7e:cf:47:e0:e4:a4:b1:4d:1a:59:ac:68:97:bd:97:
         94:58:3d:ff:72:2f:3f:f2:d5:a1:9f:a3:7d:38:0a:1e:84:a6:
         a2:2f:4f:a9:27:c3:56:ce:a5:4b:e6:8d:c4:7e:67:47:97:47:
         9a:9c:b6:d7:cf:d6:2b:60:be:2a:4f:d4:d1:e6:ce:b4:c2:76:
         47:cc:5d:ca:b9:8a:93:61:a0:e4:c5:3f:33:99:87:94:70:a3:
         87:d9:07:44:03:73:b4:e3:11:4a:b6:10:1b:6b:78:fe:e6:4b:
         93:e1:c6:6b:6f:b7:0e:2e:84:22:19:ae:e3:f2:fe:55:4f:d5:
         99:2c:b2:07:e5:a9:c1:67:aa:68:21:1d:f0:c6:ad:ff:3f:1f:
         1f:38:32:6d:57:55:67:aa:73:8a:6d:c3:34:7a:98:a2:fd:1b:
         a6:00:43:07:a8:30:74:bf:30:7f:de:7f:86:a2:66:91:7d:89:
         16:9d:19:04
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzF3KBMMoqZqBYbx/1tFxIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjVhNTJhYzk2ZjM2NjRmOWE0Y2Q3Njg1YmNjOGZmMjdmNmQxN2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYbon4b+M+8+p1JJV+4EP4Rm7pvR
dYiS4ewkIz9PTYpIvlkyTQmfFAZtg3t25OhsmPK9WvbLgiAi0ejTJ+eYKGGnS0Rc
Nz0I1JP2+q418hk+DRUfhhMj5+B3+nleZU2QuCxcqZiU1EWDCcX3tdy9m/ssDuh2
J9kLU0YuowVmRKAxv0B3Tb+z+zFoDJPUTsIe0cW4FwWcpc7X4lEHR02Ru6UndB6q
vUNply1SbwqOxnbScaTm6VhXq/ZmM6dfpvDE51FxCUNSQ2sSxzpMCOvT+sLJc5tg
kWLvO4VIe0hybbwe+nj18ldjRisiDjvSlPVOPp1cvkeduJPrf1z4nh7jewIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBJaUqyW82ZPmkzXaFvMj/J/bReoMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvRWxwU3JKYnpaay1hVE5kb1c4eVA4bjl0RjZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQABbIAAwQA
LhdtAwQApNdiAwQApNdnMA0GCSqGSIb3DQEBCwUAA4IBAQCRSj71v3Oy8gEDiIQ6
nh2JoVwPgPtfyQl46eO5VrIzfXnxovkuH7mW17+q9mKvEYuM7lU9O+5IAmxt1ir2
3LjfrfeId95wJ6CLFS9+z0fg5KSxTRpZrGiXvZeUWD3/ci8/8tWhn6N9OAoehKai
L0+pJ8NWzqVL5o3EfmdHl0eanLbXz9YrYL4qT9TR5s60wnZHzF3KuYqTYaDkxT8z
mYeUcKOH2QdEA3O04xFKthAba3j+5kuT4cZrb7cOLoQiGa7j8v5VT9WZLLIH5anB
Z6poIR3wxq3/Px8fODJtV1VnqnOKbcM0epii/RumAEMHqDB0vzB/3n+GomaRfYkW
nRkE
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:47:13 2024 by rpki-client on console-fra.rpki-client.org