Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/63a845-8c09-4d69-a771-48a607bbe25e/1/e8o5LWUIpxXQK0WFCwxpzXz8n_w.roa
File:                     e8o5LWUIpxXQK0WFCwxpzXz8n_w.roa (raw, json)
Hash identifier:          J+UI0TzvlWssykkSbDqLTiFuy5C4JgClnPmYFkJ4TZs=
Subject key identifier:   7B:CA:39:2D:65:08:A7:15:D0:2B:45:85:0B:0C:69:CD:7C:FC:9F:FC
Certificate issuer:       /CN=d24adecd84bb1748bd35b99ecea46772e01ec935
Certificate serial:       018CC72712E44799585575DBE771F17309EF
Authority key identifier: D2:4A:DE:CD:84:BB:17:48:BD:35:B9:9E:CE:A4:67:72:E0:1E:C9:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0krezYS7F0i9NbmezqRncuAeyTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/63a845-8c09-4d69-a771-48a607bbe25e/1/e8o5LWUIpxXQK0WFCwxpzXz8n_w.roa
Signing time:             Mon 01 Jan 2024 22:31:15 +0000
ROA not before:           Mon 01 Jan 2024 22:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8244
IP address blocks:        195.230.192.0/22 maxlen: 22
                          195.230.200.0/21 maxlen: 21
                          2a01:ac40:2000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/63a845-8c09-4d69-a771-48a607bbe25e/1/0krezYS7F0i9NbmezqRncuAeyTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/63a845-8c09-4d69-a771-48a607bbe25e/1/0krezYS7F0i9NbmezqRncuAeyTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0krezYS7F0i9NbmezqRncuAeyTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 13:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:12:e4:47:99:58:55:75:db:e7:71:f1:73:09:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d24adecd84bb1748bd35b99ecea46772e01ec935
        Validity
            Not Before: Jan  1 22:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bca392d6508a715d02b45850b0c69cd7cfc9ffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:aa:dc:f2:29:32:32:c9:c4:25:60:bb:5e:42:
                    a8:f7:c0:fd:63:09:85:15:14:fa:8a:e7:ac:db:70:
                    18:f6:66:18:f2:2a:19:19:77:61:41:63:21:4c:10:
                    3f:15:6f:85:2b:89:10:7c:ad:5e:ef:55:46:f6:b6:
                    15:29:5f:00:04:e9:bd:a2:4d:0f:67:82:ab:48:c4:
                    82:c5:1a:7f:1f:5a:3e:87:a7:de:d5:2a:49:11:2d:
                    d8:23:27:84:ff:2b:52:e8:17:79:40:5a:5b:34:6b:
                    df:fe:69:e7:3f:dc:4b:6d:f4:d8:19:a4:89:50:e6:
                    93:6b:a9:77:f2:16:f2:6d:bd:7d:d7:fa:f9:3f:0b:
                    64:33:6c:99:b3:2d:8a:87:11:9c:63:38:1a:62:1f:
                    6a:c6:e2:4d:d0:b5:e5:98:24:99:c3:c2:d0:11:b4:
                    e2:45:69:83:08:13:24:86:11:70:2c:0f:2a:ff:87:
                    22:b6:55:36:21:c1:0b:b4:a7:f5:27:0a:91:ed:fe:
                    02:ea:a4:c9:ba:3f:1a:17:6a:1c:68:58:e6:6e:a5:
                    1d:8d:be:ba:90:0d:ce:df:ee:f6:40:d0:d7:32:5a:
                    fc:3a:0e:7c:99:e3:ff:10:7a:23:e9:e7:d9:b3:6c:
                    6e:86:dd:fc:23:02:a4:70:be:b5:a5:77:11:ca:2a:
                    be:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:CA:39:2D:65:08:A7:15:D0:2B:45:85:0B:0C:69:CD:7C:FC:9F:FC
            X509v3 Authority Key Identifier:
                keyid:D2:4A:DE:CD:84:BB:17:48:BD:35:B9:9E:CE:A4:67:72:E0:1E:C9:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0krezYS7F0i9NbmezqRncuAeyTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/63a845-8c09-4d69-a771-48a607bbe25e/1/e8o5LWUIpxXQK0WFCwxpzXz8n_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/63a845-8c09-4d69-a771-48a607bbe25e/1/0krezYS7F0i9NbmezqRncuAeyTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.192.0/22
                  195.230.200.0/21
                IPv6:
                  2a01:ac40:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         80:84:15:a1:7d:42:8c:a1:d4:63:6c:6c:54:21:c5:98:3a:89:
         b4:02:87:5d:49:3b:a7:a7:f1:e2:23:9c:31:16:93:a2:62:75:
         47:06:fc:2c:f0:0f:01:94:ef:0b:ac:3f:0b:bd:86:7a:aa:5b:
         54:20:41:b7:b8:36:11:3f:90:91:28:d1:b1:da:a2:dd:a3:dc:
         b4:33:fc:40:8e:7c:09:5d:fc:36:25:a1:af:89:24:6d:72:ce:
         44:e6:1d:e1:70:67:ab:b0:d6:b5:ef:c8:c2:0f:32:80:cf:7e:
         fa:17:ab:ba:88:0d:60:75:55:1b:67:ad:bb:9c:90:7b:f9:e8:
         1a:15:18:ef:f4:6a:04:23:fc:71:2e:ab:ba:5b:d7:0c:0d:34:
         6e:8e:0e:ec:a6:fe:f2:77:51:52:79:04:01:76:75:e4:ac:6c:
         e7:7a:20:9e:11:57:36:6e:51:83:df:62:3f:81:cc:57:e7:36:
         c4:ea:88:60:36:37:64:69:7d:3f:79:b3:fc:23:3d:9c:4b:5c:
         03:56:86:0b:88:17:66:2e:60:1a:07:c9:4b:23:ba:0a:69:52:
         36:14:a6:25:f9:89:60:cb:ac:28:a5:40:64:48:83:d0:38:35:
         d2:1d:3d:56:95:bd:6b:2f:bf:3b:a1:f6:80:52:b3:9c:32:5b:
         ff:91:e6:70
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzHJxLkR5lYVXXb53HxcwnvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNGFkZWNkODRiYjE3NDhiZDM1Yjk5ZWNlYTQ2NzcyZTAx
ZWM5MzUwHhcNMjQwMTAxMjIzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmNhMzkyZDY1MDhhNzE1ZDAyYjQ1ODUwYjBjNjljZDdjZmM5ZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvarc8ikyMsnEJWC7XkKo98D9YwmF
FRT6iues23AY9mYY8ioZGXdhQWMhTBA/FW+FK4kQfK1e71VG9rYVKV8ABOm9ok0P
Z4KrSMSCxRp/H1o+h6fe1SpJES3YIyeE/ytS6Bd5QFpbNGvf/mnnP9xLbfTYGaSJ
UOaTa6l38hbybb191/r5PwtkM2yZsy2KhxGcYzgaYh9qxuJN0LXlmCSZw8LQEbTi
RWmDCBMkhhFwLA8q/4citlU2IcELtKf1JwqR7f4C6qTJuj8aF2ocaFjmbqUdjb66
kA3O3+72QNDXMlr8Og58meP/EHoj6efZs2xuht38IwKkcL61pXcRyiq+RwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFHvKOS1lCKcV0CtFhQsMac18/J/8MB8GA1UdIwQY
MBaAFNJK3s2EuxdIvTW5ns6kZ3LgHsk1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGtyZXpZUzdGMGk5TmJtZXpxUm5jdUFleVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS82M2E4NDUtOGMwOS00ZDY5LWE3NzEt
NDhhNjA3YmJlMjVlLzEvZThvNUxXVUlweFhRSzBXRkN3eHB6WHo4bl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS82M2E4NDUtOGMwOS00ZDY5LWE3NzEtNDhhNjA3YmJlMjVl
LzEvMGtyZXpZUzdGMGk5TmJtZXpxUm5jdUFleVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQCw+bAAwQD
w+bIMA4EAgACMAgDBgQqAaxAIDANBgkqhkiG9w0BAQsFAAOCAQEAgIQVoX1CjKHU
Y2xsVCHFmDqJtAKHXUk7p6fx4iOcMRaTomJ1Rwb8LPAPAZTvC6w/C72GeqpbVCBB
t7g2ET+QkSjRsdqi3aPctDP8QI58CV38NiWhr4kkbXLOROYd4XBnq7DWte/Iwg8y
gM9++heruogNYHVVG2etu5yQe/noGhUY7/RqBCP8cS6rulvXDA00bo4O7Kb+8ndR
UnkEAXZ15Kxs53ognhFXNm5Rg99iP4HMV+c2xOqIYDY3ZGl9P3mz/CM9nEtcA1aG
C4gXZi5gGgfJSyO6CmlSNhSmJfmJYMusKKVAZEiD0Dg10h09VpW9ay+/O6H2gFKz
nDJb/5HmcA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 19:22:33 2024 by rpki-client on console-fra.rpki-client.org