Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/GeQFwwE4I-D3o9pCZjHiMsiIzwE.roa
File:                     GeQFwwE4I-D3o9pCZjHiMsiIzwE.roa (raw, json)
Hash identifier:          wFeiHk0WR5zGrwhCjUZFkrb7KUYm8e1xADAIuLqMA6g=
Subject key identifier:   19:E4:05:C3:01:38:23:E0:F7:A3:DA:42:66:31:E2:32:C8:88:CF:01
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       018CC6B92A50E3EC483B4D3B330BE871F0D6
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/GeQFwwE4I-D3o9pCZjHiMsiIzwE.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210539
IP address blocks:        185.196.221.0/24 maxlen: 24
                          185.162.90.0/24 maxlen: 24
                          185.170.130.0/24 maxlen: 24
                          185.170.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2a:50:e3:ec:48:3b:4d:3b:33:0b:e8:71:f0:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19e405c3013823e0f7a3da426631e232c888cf01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b5:7b:33:5c:e1:9e:ab:db:7f:a7:7a:eb:93:
                    1b:8f:7f:a9:2a:85:fd:07:ea:d1:4e:01:f0:a2:00:
                    0f:a1:ef:95:05:80:0f:dc:ca:2e:c0:0d:c5:50:54:
                    19:1b:67:aa:15:8b:bb:c2:46:2c:74:1b:f1:10:b7:
                    41:c6:7c:30:a8:be:fc:16:02:8b:8b:53:9c:50:19:
                    4a:0f:e0:f6:36:ae:80:11:4f:50:b3:1d:67:d5:09:
                    08:0d:2a:e7:b7:15:7f:ca:76:8f:78:ef:53:fe:e0:
                    52:5a:e0:55:e4:49:f7:30:d6:ec:11:2d:d9:99:da:
                    35:94:4d:97:bf:1d:95:02:22:90:d0:11:df:a4:3e:
                    4a:be:50:ac:42:e3:87:ac:2e:40:e8:07:3b:4d:78:
                    f5:ef:d4:a4:3d:47:51:9a:ab:85:8d:2b:a4:8f:2d:
                    bc:4d:0e:47:c7:8c:da:1c:ff:14:e5:9d:bc:d5:02:
                    cf:3e:2a:f1:6c:8c:01:20:d5:0d:e7:0f:ee:03:4a:
                    5d:74:ca:04:62:8e:ef:78:29:56:e4:8c:a4:11:59:
                    b0:97:8e:58:c9:b3:d2:64:4a:d3:c9:89:71:02:1f:
                    fc:d7:d1:bc:e5:fb:59:df:06:c5:d2:9b:26:1b:8a:
                    02:84:8b:ae:39:53:7d:f6:e6:19:d3:84:b3:02:85:
                    47:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E4:05:C3:01:38:23:E0:F7:A3:DA:42:66:31:E2:32:C8:88:CF:01
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/GeQFwwE4I-D3o9pCZjHiMsiIzwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.90.0/24
                  185.170.128.0/24
                  185.170.130.0/24
                  185.196.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:32:b3:9f:28:bc:3c:c2:00:0d:35:4b:c7:04:04:e4:03:dd:
         e3:89:f8:56:54:ab:bd:b2:ea:58:c7:69:b2:7c:69:e8:0a:80:
         81:ba:be:91:63:2f:ed:b7:24:a9:96:5a:cd:30:9e:ea:24:14:
         da:2d:f1:f8:2c:69:d5:2f:85:78:61:ad:dc:b6:a1:d6:f0:12:
         d9:19:68:86:87:49:18:69:29:e1:12:20:0c:b0:1b:41:bf:6f:
         ae:30:2e:74:a8:36:60:b9:aa:67:c1:47:22:c3:c0:3e:d2:67:
         29:a4:b8:b9:8e:2d:a9:a8:ca:f5:76:8c:ef:c9:52:22:61:49:
         6f:5b:f6:bc:65:b5:63:53:4c:20:90:c3:81:44:15:5f:00:72:
         7d:69:77:c3:8d:74:bd:42:0a:bb:93:c1:71:81:49:c2:93:16:
         00:b5:3c:30:c8:1b:14:6d:b3:59:8d:e5:18:2a:64:ac:16:79:
         40:9f:02:db:6b:ba:5f:71:98:69:5c:c6:fa:b6:7d:6b:11:b4:
         b0:46:86:c5:d6:62:d0:9c:d1:24:59:8e:4d:07:aa:1f:cd:f4:
         d9:08:36:9a:18:dc:d5:a9:08:b1:07:45:2c:57:dd:0c:8c:83:
         37:e1:ef:f9:b2:43:80:d9:c5:14:54:03:72:9b:fa:4f:2d:9f:
         55:b6:63:47
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGuSpQ4+xIO007MwvocfDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWU0MDVjMzAxMzgyM2UwZjdhM2RhNDI2NjMxZTIzMmM4ODhjZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLV7M1zhnqvbf6d665Mbj3+pKoX9
B+rRTgHwogAPoe+VBYAP3MouwA3FUFQZG2eqFYu7wkYsdBvxELdBxnwwqL78FgKL
i1OcUBlKD+D2Nq6AEU9Qsx1n1QkIDSrntxV/ynaPeO9T/uBSWuBV5En3MNbsES3Z
mdo1lE2Xvx2VAiKQ0BHfpD5KvlCsQuOHrC5A6Ac7TXj179SkPUdRmquFjSukjy28
TQ5Hx4zaHP8U5Z281QLPPirxbIwBINUN5w/uA0pddMoEYo7veClW5IykEVmwl45Y
ybPSZErTyYlxAh/819G85ftZ3wbF0psmG4oChIuuOVN99uYZ04SzAoVH1QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBnkBcMBOCPg96PaQmYx4jLIiM8BMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvR2VRRnd3RTRJLUQzbzlwQ1pqSGlNc2lJendFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuaJaAwQA
uaqAAwQAuaqCAwQAucTdMA0GCSqGSIb3DQEBCwUAA4IBAQBTMrOfKLw8wgANNUvH
BATkA93jifhWVKu9supYx2myfGnoCoCBur6RYy/ttySpllrNMJ7qJBTaLfH4LGnV
L4V4Ya3ctqHW8BLZGWiGh0kYaSnhEiAMsBtBv2+uMC50qDZguapnwUciw8A+0mcp
pLi5ji2pqMr1dozvyVIiYUlvW/a8ZbVjU0wgkMOBRBVfAHJ9aXfDjXS9Qgq7k8Fx
gUnCkxYAtTwwyBsUbbNZjeUYKmSsFnlAnwLba7pfcZhpXMb6tn1rEbSwRobF1mLQ
nNEkWY5NB6ofzfTZCDaaGNzVqQixB0UsV90MjIM34e/5skOA2cUUVANym/pPLZ9V
tmNH
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:28:04 2024 by rpki-client on console-fra.rpki-client.org