Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/ZAzhYy9SH2EZGdtr2B_OltvaESU.roa
File:                     ZAzhYy9SH2EZGdtr2B_OltvaESU.roa (raw, json)
Hash identifier:          aayW18x/pU2CnXQbmCN9rS2pN4e+UJOGmgn1/PpgD30=
Subject key identifier:   64:0C:E1:63:2F:52:1F:61:19:19:DB:6B:D8:1F:CE:96:DB:DA:11:25
Certificate issuer:       /CN=133cd7c1a9c79c82eee5c86a423c17c1d63c3413
Certificate serial:       018CC50014D7C7126C73D2B2430126564D3D
Authority key identifier: 13:3C:D7:C1:A9:C7:9C:82:EE:E5:C8:6A:42:3C:17:C1:D6:3C:34:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EzzXwanHnILu5chqQjwXwdY8NBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/ZAzhYy9SH2EZGdtr2B_OltvaESU.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        185.5.44.0/24 maxlen: 24
                          185.5.46.0/24 maxlen: 24
                          185.5.47.0/24 maxlen: 24
                          2a02:7ac0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/EzzXwanHnILu5chqQjwXwdY8NBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/EzzXwanHnILu5chqQjwXwdY8NBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EzzXwanHnILu5chqQjwXwdY8NBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:14:d7:c7:12:6c:73:d2:b2:43:01:26:56:4d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=133cd7c1a9c79c82eee5c86a423c17c1d63c3413
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=640ce1632f521f611919db6bd81fce96dbda1125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8d:88:f6:6c:80:fb:f8:1e:d1:d8:df:21:35:
                    cd:63:b8:28:91:8f:4e:30:c7:30:a3:3b:ce:d3:cf:
                    15:0f:71:79:7a:ce:90:89:64:5a:25:fa:b8:f4:2d:
                    37:64:d3:bf:fd:57:bc:1d:8a:6d:36:a8:9f:e0:cd:
                    89:f1:ea:14:be:22:87:17:d5:ec:06:cc:e8:61:73:
                    ef:5b:1c:f4:a6:5c:47:2d:67:60:30:a1:24:f5:44:
                    80:9f:d4:b9:6d:ef:1d:ec:de:07:2a:b3:12:8d:50:
                    7b:bd:e4:6e:8f:e5:01:e1:0b:18:49:56:b2:25:f2:
                    d1:e5:2a:3f:b1:68:ab:dd:cc:70:3e:58:8b:00:44:
                    ec:e7:02:50:2e:40:76:87:be:02:34:0c:a4:0d:0c:
                    d2:48:a4:ab:c5:d6:d5:ef:64:45:06:31:53:67:4b:
                    c6:95:6d:91:32:0d:38:62:4f:2f:38:d2:b1:18:59:
                    92:6d:0e:6b:9d:5c:f2:9e:14:9e:c3:96:c7:c2:46:
                    98:aa:2d:e5:67:c7:a2:73:c2:5f:58:14:8f:6b:f9:
                    47:e7:49:36:2a:3c:3a:9a:88:ee:4d:b1:40:8a:42:
                    4c:34:00:b3:d3:02:85:0f:25:0e:dc:bf:32:7b:89:
                    25:64:26:28:8e:ce:ad:4a:79:28:3b:af:8e:0b:96:
                    98:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:0C:E1:63:2F:52:1F:61:19:19:DB:6B:D8:1F:CE:96:DB:DA:11:25
            X509v3 Authority Key Identifier:
                keyid:13:3C:D7:C1:A9:C7:9C:82:EE:E5:C8:6A:42:3C:17:C1:D6:3C:34:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EzzXwanHnILu5chqQjwXwdY8NBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/ZAzhYy9SH2EZGdtr2B_OltvaESU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/EzzXwanHnILu5chqQjwXwdY8NBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.44.0/24
                  185.5.46.0/23
                IPv6:
                  2a02:7ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:42:53:2b:48:56:8a:a6:25:2b:a0:13:1e:12:f5:79:a1:42:
         3f:ab:66:d9:f1:5c:40:e0:c1:b6:df:2a:15:00:da:c1:4a:a3:
         de:58:d9:df:ee:1e:88:24:8a:22:61:93:65:45:19:f6:ea:90:
         5f:c9:79:69:9e:d1:8e:21:5b:f4:39:e7:b7:0c:db:d7:b4:23:
         87:31:bb:49:a9:87:88:2b:7f:f5:c4:19:84:6c:f3:51:86:c5:
         24:f2:11:ad:d1:49:5c:2a:fb:7b:b5:f8:e7:da:3c:26:1a:de:
         39:b9:f1:f4:0f:74:e0:d5:e2:55:ed:ba:71:31:75:58:6d:a6:
         eb:b6:dc:aa:3f:47:54:06:c7:96:61:28:d0:79:12:fb:b8:12:
         9c:e8:f2:0b:ed:1f:33:a1:a8:3b:45:a3:80:1c:38:e2:66:b4:
         cf:a9:f3:2b:fb:28:b4:5b:c6:36:3e:73:91:43:f2:48:ab:53:
         6e:1d:fa:fa:0e:6b:5c:39:77:d1:34:9f:f6:fe:5e:02:5b:92:
         4b:ae:ff:3b:4d:e2:e4:9b:52:53:f4:e8:55:c8:ba:79:5d:13:
         8b:f6:3c:be:77:87:82:6e:b3:aa:ed:66:3b:72:ae:36:3a:55:
         8e:9b:7d:32:b2:5c:2a:bb:73:57:73:4a:21:64:3e:fd:19:fe:
         93:07:e4:29
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFABTXxxJsc9KyQwEmVk09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzM2NkN2MxYTljNzljODJlZWU1Yzg2YTQyM2MxN2MxZDYz
YzM0MTMwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDBjZTE2MzJmNTIxZjYxMTkxOWRiNmJkODFmY2U5NmRiZGExMTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY2I9myA+/ge0djfITXNY7gokY9O
MMcwozvO088VD3F5es6QiWRaJfq49C03ZNO//Ve8HYptNqif4M2J8eoUviKHF9Xs
BszoYXPvWxz0plxHLWdgMKEk9USAn9S5be8d7N4HKrMSjVB7veRuj+UB4QsYSVay
JfLR5So/sWir3cxwPliLAETs5wJQLkB2h74CNAykDQzSSKSrxdbV72RFBjFTZ0vG
lW2RMg04Yk8vONKxGFmSbQ5rnVzynhSew5bHwkaYqi3lZ8eic8JfWBSPa/lH50k2
Kjw6mojuTbFAikJMNACz0wKFDyUO3L8ye4klZCYojs6tSnkoO6+OC5aYrwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGQM4WMvUh9hGRnba9gfzpbb2hElMB8GA1UdIwQY
MBaAFBM818Gpx5yC7uXIakI8F8HWPDQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXp6WHdhbkhuSUx1NWNocVFqd1h3ZFk4TkJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC84MmMwYTItODA0Yi00NDZkLWFiMjQt
NGYzOGM2NTZiMjU2LzEvWkF6aFl5OVNIMkVaR2R0cjJCX09sdHZhRVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC84MmMwYTItODA0Yi00NDZkLWFiMjQtNGYzOGM2NTZiMjU2
LzEvRXp6WHdhbkhuSUx1NWNocVFqd1h3ZFk4TkJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuQUsAwQB
uQUuMA0EAgACMAcDBQAqAnrAMA0GCSqGSIb3DQEBCwUAA4IBAQBRQlMrSFaKpiUr
oBMeEvV5oUI/q2bZ8VxA4MG23yoVANrBSqPeWNnf7h6IJIoiYZNlRRn26pBfyXlp
ntGOIVv0Oee3DNvXtCOHMbtJqYeIK3/1xBmEbPNRhsUk8hGt0UlcKvt7tfjn2jwm
Gt45ufH0D3Tg1eJV7bpxMXVYbabrttyqP0dUBseWYSjQeRL7uBKc6PIL7R8zoag7
RaOAHDjiZrTPqfMr+yi0W8Y2PnORQ/JIq1NuHfr6DmtcOXfRNJ/2/l4CW5JLrv87
TeLkm1JT9OhVyLp5XROL9jy+d4eCbrOq7WY7cq42OlWOm30yslwqu3NXc0ohZD79
Gf6TB+Qp
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:33:35 2024 by rpki-client on console-fra.rpki-client.org