Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/4c9d73-f805-4d72-8a37-b82b0ed2d323/1/p-0uxkBnfZeVHWKEp_SCjAXQMuY.roa
File:                     p-0uxkBnfZeVHWKEp_SCjAXQMuY.roa (raw, json)
Hash identifier:          R+nE25R8WPONukre75bnBCruGHoCVLCokIY581ZQldA=
Subject key identifier:   A7:ED:2E:C6:40:67:7D:97:95:1D:62:84:A7:F4:82:8C:05:D0:32:E6
Certificate issuer:       /CN=62bd6c2bdf61e23eafe23dde016db8b3e1595f76
Certificate serial:       018CC4247550FE963F9725B37551DFA9C6B7
Authority key identifier: 62:BD:6C:2B:DF:61:E2:3E:AF:E2:3D:DE:01:6D:B8:B3:E1:59:5F:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yr1sK99h4j6v4j3eAW24s-FZX3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/4c9d73-f805-4d72-8a37-b82b0ed2d323/1/p-0uxkBnfZeVHWKEp_SCjAXQMuY.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51380
IP address blocks:        195.20.4.0/24 maxlen: 24
                          195.20.4.0/23 maxlen: 23
                          91.218.192.0/23 maxlen: 23
                          91.218.192.0/24 maxlen: 24
                          195.20.6.0/24 maxlen: 24
                          195.20.7.0/24 maxlen: 24
                          91.218.193.0/24 maxlen: 24
                          195.20.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/4c9d73-f805-4d72-8a37-b82b0ed2d323/1/Yr1sK99h4j6v4j3eAW24s-FZX3Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/4c9d73-f805-4d72-8a37-b82b0ed2d323/1/Yr1sK99h4j6v4j3eAW24s-FZX3Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yr1sK99h4j6v4j3eAW24s-FZX3Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:75:50:fe:96:3f:97:25:b3:75:51:df:a9:c6:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62bd6c2bdf61e23eafe23dde016db8b3e1595f76
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7ed2ec640677d97951d6284a7f4828c05d032e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:96:bc:32:59:24:8a:d4:b3:36:3d:1d:ed:c9:
                    b5:ee:23:ff:c1:6a:6e:90:f1:51:2b:eb:4f:30:2d:
                    a7:02:da:0e:5e:dd:fa:6a:4f:cb:29:28:57:45:46:
                    ff:c7:76:5e:18:ae:3c:13:2f:17:9d:bf:f2:5c:31:
                    38:9e:fc:a8:72:a2:db:8f:1b:3b:34:36:28:36:89:
                    42:b1:63:20:b2:d2:07:d5:48:1f:09:3a:25:6f:1f:
                    fd:46:9a:21:6b:17:28:21:7b:3f:0d:46:5c:24:dd:
                    f9:f0:a2:f2:1b:a2:94:ce:3e:d5:9c:85:94:7e:a3:
                    84:24:d8:93:6e:4e:f9:0b:ab:fe:67:8c:2f:06:f1:
                    37:a9:b9:41:ed:72:c9:31:eb:ba:de:f3:29:d5:d4:
                    18:63:b8:e3:e2:ce:8d:0c:7b:c4:36:91:6b:b0:5a:
                    8b:c6:92:d1:dc:2d:ae:eb:a0:12:d0:c7:00:12:df:
                    5b:de:4a:28:30:2b:b7:61:4b:d6:c1:74:9f:68:bf:
                    78:39:48:f5:50:96:0d:c5:af:a7:76:29:78:d0:61:
                    4a:53:5e:f7:68:bd:dd:4b:6f:b6:68:18:c7:ee:5c:
                    56:5f:16:b6:9f:e7:dd:9d:99:ee:fb:d7:59:90:da:
                    26:fc:ec:1e:eb:5f:e1:fa:f3:9a:ed:00:c1:90:01:
                    00:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:ED:2E:C6:40:67:7D:97:95:1D:62:84:A7:F4:82:8C:05:D0:32:E6
            X509v3 Authority Key Identifier:
                keyid:62:BD:6C:2B:DF:61:E2:3E:AF:E2:3D:DE:01:6D:B8:B3:E1:59:5F:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yr1sK99h4j6v4j3eAW24s-FZX3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4c9d73-f805-4d72-8a37-b82b0ed2d323/1/p-0uxkBnfZeVHWKEp_SCjAXQMuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4c9d73-f805-4d72-8a37-b82b0ed2d323/1/Yr1sK99h4j6v4j3eAW24s-FZX3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.192.0/23
                  195.20.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:31:3e:4b:51:6f:0f:d4:36:50:20:48:b7:7b:30:6e:30:9a:
         ff:ee:21:3f:f7:03:89:b5:40:14:09:e1:fb:ab:08:cc:9d:8e:
         6d:8a:1e:4d:f2:6e:45:f2:5c:91:d6:2b:7d:87:77:d5:c5:f4:
         ce:1b:c0:30:d8:f4:4c:ea:3e:1a:a1:9e:10:22:25:18:ea:1d:
         47:82:96:bf:b2:7e:89:22:97:63:56:19:ac:8d:0d:89:45:38:
         ea:1d:44:73:71:9f:21:0b:06:7c:2d:9a:4c:78:78:39:5d:f7:
         0d:6c:ef:11:a1:7b:e9:58:d8:a6:d7:e4:3c:df:d7:4f:b4:7a:
         55:87:fa:fa:5b:6a:e4:6c:31:08:a9:22:92:74:ff:8d:36:03:
         2a:7a:fe:91:8f:5f:39:a6:b0:cf:29:68:74:ef:09:67:5f:7c:
         cf:a9:10:8c:19:f1:a4:28:ac:3f:af:8b:46:8d:42:dd:d9:00:
         73:5a:2f:54:5a:e5:bf:a9:11:13:db:a1:ed:fa:91:85:5b:19:
         fa:83:d8:d2:11:2f:2c:91:68:56:0e:01:33:f4:1f:aa:e9:d1:
         28:64:95:a3:d0:31:49:79:b4:05:53:02:ad:88:42:02:6b:e7:
         2d:06:e3:75:45:54:c8:df:bb:7f:9c:8c:39:8b:8c:30:91:52:
         00:3e:a6:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJHVQ/pY/lyWzdVHfqca3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYmQ2YzJiZGY2MWUyM2VhZmUyM2RkZTAxNmRiOGIzZTE1
OTVmNzYwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2VkMmVjNjQwNjc3ZDk3OTUxZDYyODRhN2Y0ODI4YzA1ZDAzMmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZa8MlkkitSzNj0d7cm17iP/wWpu
kPFRK+tPMC2nAtoOXt36ak/LKShXRUb/x3ZeGK48Ey8Xnb/yXDE4nvyocqLbjxs7
NDYoNolCsWMgstIH1UgfCTolbx/9RpohaxcoIXs/DUZcJN358KLyG6KUzj7VnIWU
fqOEJNiTbk75C6v+Z4wvBvE3qblB7XLJMeu63vMp1dQYY7jj4s6NDHvENpFrsFqL
xpLR3C2u66AS0McAEt9b3kooMCu3YUvWwXSfaL94OUj1UJYNxa+ndil40GFKU173
aL3dS2+2aBjH7lxWXxa2n+fdnZnu+9dZkNom/Owe61/h+vOa7QDBkAEAdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKftLsZAZ32XlR1ihKf0gowF0DLmMB8GA1UdIwQY
MBaAFGK9bCvfYeI+r+I93gFtuLPhWV92MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXIxc0s5OWg0ajZ2NGozZUFXMjRzLUZaWDNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi80YzlkNzMtZjgwNS00ZDcyLThhMzct
YjgyYjBlZDJkMzIzLzEvcC0wdXhrQm5mWmVWSFdLRXBfU0NqQVhRTXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi80YzlkNzMtZjgwNS00ZDcyLThhMzctYjgyYjBlZDJkMzIz
LzEvWXIxc0s5OWg0ajZ2NGozZUFXMjRzLUZaWDNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW9rAAwQC
wxQEMA0GCSqGSIb3DQEBCwUAA4IBAQADMT5LUW8P1DZQIEi3ezBuMJr/7iE/9wOJ
tUAUCeH7qwjMnY5tih5N8m5F8lyR1it9h3fVxfTOG8Aw2PRM6j4aoZ4QIiUY6h1H
gpa/sn6JIpdjVhmsjQ2JRTjqHURzcZ8hCwZ8LZpMeHg5XfcNbO8RoXvpWNim1+Q8
39dPtHpVh/r6W2rkbDEIqSKSdP+NNgMqev6Rj185prDPKWh07wlnX3zPqRCMGfGk
KKw/r4tGjULd2QBzWi9UWuW/qRET26Ht+pGFWxn6g9jSES8skWhWDgEz9B+q6dEo
ZJWj0DFJebQFUwKtiEICa+ctBuN1RVTI37t/nIw5i4wwkVIAPqa3
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:18:30 2024 by rpki-client on console-fra.rpki-client.org