Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/CMrckiHBZeQCcTTNJSRUGdsmQuU.roa
File:                     CMrckiHBZeQCcTTNJSRUGdsmQuU.roa (raw, json)
Hash identifier:          qUgJ24CJW0Ikub458wVsppnP5qVtzqMGF3VAIQtVn8k=
Subject key identifier:   08:CA:DC:92:21:C1:65:E4:02:71:34:CD:25:24:54:19:DB:26:42:E5
Certificate issuer:       /CN=13764a52c85e07e33749743d23a5a24d096df147
Certificate serial:       018CC56E66775882C11E74067779C4DCC4E9
Authority key identifier: 13:76:4A:52:C8:5E:07:E3:37:49:74:3D:23:A5:A2:4D:09:6D:F1:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/CMrckiHBZeQCcTTNJSRUGdsmQuU.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49083
IP address blocks:        185.147.148.0/22 maxlen: 22
                          95.131.240.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:66:77:58:82:c1:1e:74:06:77:79:c4:dc:c4:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13764a52c85e07e33749743d23a5a24d096df147
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08cadc9221c165e4027134cd25245419db2642e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:41:36:82:4d:66:90:44:0e:13:57:5f:17:b4:
                    5b:84:e9:6c:5d:17:46:2c:b1:3f:4e:35:bb:5a:15:
                    d2:7c:5c:56:02:03:9d:b7:f7:68:15:c3:ae:4d:78:
                    9c:01:fb:20:8d:61:6c:ee:1d:f4:2d:6b:f3:5d:b5:
                    c9:ed:76:5b:7d:02:df:aa:7f:c0:76:98:c9:dc:e4:
                    20:5e:0e:43:56:fc:26:a4:b1:fd:69:ac:8b:87:30:
                    b8:05:b1:50:83:a3:4f:c2:93:bf:b5:67:56:04:cb:
                    9c:95:0c:e0:c3:71:b7:b1:84:55:8e:f0:fd:f3:2a:
                    ec:10:33:da:a3:90:8f:56:8a:93:c6:e4:76:8f:fe:
                    67:81:06:d6:3c:1a:00:c7:40:a1:1c:11:2a:a3:b1:
                    de:40:f3:1a:0c:1f:dd:ce:67:b6:a4:ca:6a:ae:64:
                    30:0f:3c:61:50:6b:8f:20:86:8d:c7:e0:b4:9b:02:
                    d0:49:61:15:d6:c9:ea:c6:80:69:e1:e2:a3:54:4c:
                    b1:62:51:8c:da:1d:c2:97:8e:03:6f:fa:2d:84:d8:
                    8c:b7:92:6b:24:31:87:fb:98:59:95:25:47:2e:d6:
                    ff:6d:8d:5b:e5:b4:e5:61:df:1e:e5:f5:c4:c3:e5:
                    34:e5:24:02:35:4e:cc:14:8b:5e:89:5b:cc:80:f1:
                    be:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:CA:DC:92:21:C1:65:E4:02:71:34:CD:25:24:54:19:DB:26:42:E5
            X509v3 Authority Key Identifier:
                keyid:13:76:4A:52:C8:5E:07:E3:37:49:74:3D:23:A5:A2:4D:09:6D:F1:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/CMrckiHBZeQCcTTNJSRUGdsmQuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e4e531-6bee-4189-ba7c-203e45616306/1/E3ZKUsheB-M3SXQ9I6WiTQlt8Uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.240.0/21
                  185.147.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:c1:8d:27:d9:49:c0:17:5e:23:20:84:e9:59:d4:df:73:53:
         36:6c:20:9f:38:0d:ee:82:00:d8:ac:e5:55:48:de:5b:4f:85:
         fa:97:b3:8a:88:ac:af:cb:c3:ac:73:b0:10:48:78:94:f2:9a:
         6a:6b:fc:b9:ab:8a:3c:b8:c3:bc:e4:08:6b:38:03:d0:47:8b:
         06:b9:98:ca:19:4f:6f:2a:0d:a5:9e:c9:35:bc:cf:f7:14:6b:
         2b:d8:0b:96:b8:19:ba:49:23:a8:ad:0e:a0:a6:37:ae:6a:c9:
         3d:c4:b6:c0:0c:35:78:37:59:20:11:d8:ee:be:f1:45:c9:d8:
         31:67:cd:92:65:12:43:99:71:1c:26:71:de:9d:5b:20:54:93:
         cd:be:87:ba:ff:64:09:67:7c:76:f9:09:43:63:53:fe:f4:17:
         75:f3:09:7b:db:3b:a7:25:42:2c:87:19:23:f8:8f:4c:fa:60:
         5b:75:62:f3:0c:ea:f2:44:3f:c4:f6:8a:1a:21:19:d6:15:26:
         0b:6c:d3:03:ef:c0:db:13:47:70:19:6d:ca:4c:5a:f7:7f:53:
         07:b0:cb:1b:37:12:0d:5e:4e:8c:83:2d:1e:57:3d:aa:0a:75:
         9b:68:85:ec:a8:68:e8:17:30:24:5c:0a:15:07:a3:8d:bc:22:
         7d:98:9c:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbmZ3WILBHnQGd3nE3MTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNzY0YTUyYzg1ZTA3ZTMzNzQ5NzQzZDIzYTVhMjRkMDk2
ZGYxNDcwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGNhZGM5MjIxYzE2NWU0MDI3MTM0Y2QyNTI0NTQxOWRiMjY0MmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0E2gk1mkEQOE1dfF7RbhOlsXRdG
LLE/TjW7WhXSfFxWAgOdt/doFcOuTXicAfsgjWFs7h30LWvzXbXJ7XZbfQLfqn/A
dpjJ3OQgXg5DVvwmpLH9aayLhzC4BbFQg6NPwpO/tWdWBMuclQzgw3G3sYRVjvD9
8yrsEDPao5CPVoqTxuR2j/5ngQbWPBoAx0ChHBEqo7HeQPMaDB/dzme2pMpqrmQw
DzxhUGuPIIaNx+C0mwLQSWEV1snqxoBp4eKjVEyxYlGM2h3Cl44Db/othNiMt5Jr
JDGH+5hZlSVHLtb/bY1b5bTlYd8e5fXEw+U05SQCNU7MFIteiVvMgPG+4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAjK3JIhwWXkAnE0zSUkVBnbJkLlMB8GA1UdIwQY
MBaAFBN2SlLIXgfjN0l0PSOlok0JbfFHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTNaS1VzaGVCLU0zU1hROUk2V2lUUWx0OFVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9lNGU1MzEtNmJlZS00MTg5LWJhN2Mt
MjAzZTQ1NjE2MzA2LzEvQ01yY2tpSEJaZVFDY1RUTkpTUlVHZHNtUXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9lNGU1MzEtNmJlZS00MTg5LWJhN2MtMjAzZTQ1NjE2MzA2
LzEvRTNaS1VzaGVCLU0zU1hROUk2V2lUUWx0OFVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX4PwAwQC
uZOUMA0GCSqGSIb3DQEBCwUAA4IBAQBEwY0n2UnAF14jIITpWdTfc1M2bCCfOA3u
ggDYrOVVSN5bT4X6l7OKiKyvy8Osc7AQSHiU8ppqa/y5q4o8uMO85AhrOAPQR4sG
uZjKGU9vKg2lnsk1vM/3FGsr2AuWuBm6SSOorQ6gpjeuask9xLbADDV4N1kgEdju
vvFFydgxZ82SZRJDmXEcJnHenVsgVJPNvoe6/2QJZ3x2+QlDY1P+9Bd18wl72zun
JUIshxkj+I9M+mBbdWLzDOryRD/E9ooaIRnWFSYLbNMD78DbE0dwGW3KTFr3f1MH
sMsbNxINXk6Mgy0eVz2qCnWbaIXsqGjoFzAkXAoVB6ONvCJ9mJwt
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:06:47 2024 by rpki-client on console-fra.rpki-client.org