Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/Z_uOcNVsYYI4KtdO5467b21uykI.roa
File:                     Z_uOcNVsYYI4KtdO5467b21uykI.roa (raw, json)
Hash identifier:          cHk7vKN94MUj/YYcRH3lXsw40gXCk2630NLCO8IJbCA=
Subject key identifier:   67:FB:8E:70:D5:6C:61:82:38:2A:D7:4E:E7:8E:BB:6F:6D:6E:CA:42
Certificate issuer:       /CN=8e52a3954e30e4753e2e00a0ef816966d6d60db6
Certificate serial:       018CC26D2976919A706AB345BA421DF72655
Authority key identifier: 8E:52:A3:95:4E:30:E4:75:3E:2E:00:A0:EF:81:69:66:D6:D6:0D:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jlKjlU4w5HU-LgCg74FpZtbWDbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/Z_uOcNVsYYI4KtdO5467b21uykI.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205697
IP address blocks:        195.216.234.0/24 maxlen: 24
                          195.216.238.0/24 maxlen: 24
                          185.161.98.0/24 maxlen: 24
                          185.161.96.0/22 maxlen: 24
                          185.161.96.0/24 maxlen: 24
                          195.216.245.0/24 maxlen: 24
                          185.161.97.0/24 maxlen: 24
                          195.216.247.0/24 maxlen: 24
                          185.161.99.0/24 maxlen: 24
                          2a0b:ef01::/32 maxlen: 32
                          2a0b:ef04::/32 maxlen: 32
                          2a0b:ef05::/32 maxlen: 32
                          2a0b:ef02::/32 maxlen: 32
                          2a0b:ef00::/29 maxlen: 32
                          2a0b:ef03::/32 maxlen: 32
                          2a0b:ef07::/32 maxlen: 32
                          2a0b:ef00::/32 maxlen: 32
                          2a0b:ef06::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/jlKjlU4w5HU-LgCg74FpZtbWDbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/jlKjlU4w5HU-LgCg74FpZtbWDbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jlKjlU4w5HU-LgCg74FpZtbWDbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:29:76:91:9a:70:6a:b3:45:ba:42:1d:f7:26:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e52a3954e30e4753e2e00a0ef816966d6d60db6
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67fb8e70d56c6182382ad74ee78ebb6f6d6eca42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ac:25:fa:45:b6:3b:3e:12:3e:eb:ff:e2:12:
                    43:f2:0f:df:6f:07:7a:34:c6:31:17:2d:6b:96:06:
                    6e:2d:4c:34:92:c0:ca:58:25:dd:1b:2e:04:3c:34:
                    76:c2:20:69:a3:6d:46:c3:79:11:3f:29:b4:16:dc:
                    d8:8b:ea:2a:47:b8:fa:0c:8e:e5:49:93:57:53:49:
                    d2:c4:fc:7e:a6:83:e8:33:9f:ad:a8:3a:ae:90:29:
                    28:96:d5:07:31:0e:8d:8d:70:36:3f:3a:65:d6:d5:
                    ce:86:bf:c7:a7:e7:72:75:e0:20:4d:da:b6:f6:d2:
                    64:bf:f4:cd:9a:84:73:e1:19:d5:e1:c4:91:02:0b:
                    6f:4f:ca:a3:bd:bd:fd:66:42:3d:93:b4:af:c3:d5:
                    66:bf:a3:32:05:64:16:65:28:1d:fb:7e:a1:e1:ff:
                    4c:b8:cb:0a:98:73:3b:a5:0d:3e:01:e3:a4:73:b8:
                    b3:68:a1:4e:44:be:e4:fa:86:15:8c:e9:ea:95:b8:
                    ea:50:51:36:dc:7b:c1:5c:35:41:02:be:ba:49:df:
                    bf:67:d4:4c:64:a6:54:9c:69:65:40:36:f7:bd:48:
                    b2:21:e5:6c:3f:1c:c9:05:c3:e2:76:28:47:42:ea:
                    32:12:35:ce:44:32:cf:5d:87:0f:57:7d:1b:e9:f3:
                    98:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:FB:8E:70:D5:6C:61:82:38:2A:D7:4E:E7:8E:BB:6F:6D:6E:CA:42
            X509v3 Authority Key Identifier:
                keyid:8E:52:A3:95:4E:30:E4:75:3E:2E:00:A0:EF:81:69:66:D6:D6:0D:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jlKjlU4w5HU-LgCg74FpZtbWDbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/Z_uOcNVsYYI4KtdO5467b21uykI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/1177a2-219c-4b60-b901-b856db33c6c6/1/jlKjlU4w5HU-LgCg74FpZtbWDbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.96.0/22
                  195.216.234.0/24
                  195.216.238.0/24
                  195.216.245.0/24
                  195.216.247.0/24
                IPv6:
                  2a0b:ef00::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:df:58:55:84:bb:fd:b5:26:cf:be:f7:a6:b0:f5:03:c0:f1:
         70:0e:8c:72:22:8b:63:d5:6a:e6:ca:c9:7b:28:1c:98:1d:05:
         f5:0d:2a:d3:3d:97:98:56:81:fa:04:18:9f:81:f5:9a:cb:ae:
         5b:cd:20:54:42:7b:46:a3:8d:3e:89:a7:6d:bf:58:37:71:e6:
         b0:ba:dc:e7:00:87:e1:4e:75:29:11:65:28:1d:38:09:05:ed:
         f1:e3:c2:60:5c:97:e2:88:37:35:fb:22:55:52:45:af:52:55:
         b1:1b:a5:94:7a:7f:73:f4:a0:68:b1:aa:bb:16:e1:41:63:b9:
         ab:35:41:76:8f:c2:85:22:15:c4:7b:8a:63:b4:12:f7:f3:b7:
         55:04:d4:6c:19:d3:d4:50:95:7a:c7:1c:1c:18:66:96:29:72:
         2e:0d:7c:60:9f:18:20:3a:90:dc:69:40:1a:f4:61:07:de:b2:
         a8:50:06:ce:57:e6:54:3b:6a:9b:46:d4:c8:21:bb:2a:18:7a:
         05:64:a9:22:1a:3a:6b:91:91:c6:66:83:2f:03:6b:b0:9f:8f:
         30:78:83:ea:cc:6f:6e:d0:bc:7d:dc:c4:02:36:e8:a6:23:e9:
         1d:2b:aa:7a:8f:19:ec:6e:cc:9e:22:68:a7:66:73:73:46:82:
         9b:d9:27:bc
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzCbSl2kZpwarNFukId9yZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNTJhMzk1NGUzMGU0NzUzZTJlMDBhMGVmODE2OTY2ZDZk
NjBkYjYwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2ZiOGU3MGQ1NmM2MTgyMzgyYWQ3NGVlNzhlYmI2ZjZkNmVjYTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6wl+kW2Oz4SPuv/4hJD8g/fbwd6
NMYxFy1rlgZuLUw0ksDKWCXdGy4EPDR2wiBpo21Gw3kRPym0FtzYi+oqR7j6DI7l
SZNXU0nSxPx+poPoM5+tqDqukCkoltUHMQ6NjXA2Pzpl1tXOhr/Hp+dydeAgTdq2
9tJkv/TNmoRz4RnV4cSRAgtvT8qjvb39ZkI9k7Svw9Vmv6MyBWQWZSgd+36h4f9M
uMsKmHM7pQ0+AeOkc7izaKFORL7k+oYVjOnqlbjqUFE23HvBXDVBAr66Sd+/Z9RM
ZKZUnGllQDb3vUiyIeVsPxzJBcPidihHQuoyEjXORDLPXYcPV30b6fOYJwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFGf7jnDVbGGCOCrXTueOu29tbspCMB8GA1UdIwQY
MBaAFI5So5VOMOR1Pi4AoO+BaWbW1g22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamxLamxVNHc1SFUtTGdDZzc0RnBadGJXRGJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMTc3YTItMjE5Yy00YjYwLWI5MDEt
Yjg1NmRiMzNjNmM2LzEvWl91T2NOVnNZWUk0S3RkTzU0NjdiMjF1eWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMTc3YTItMjE5Yy00YjYwLWI5MDEtYjg1NmRiMzNjNmM2
LzEvamxLamxVNHc1SFUtTGdDZzc0RnBadGJXRGJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuaFgAwQA
w9jqAwQAw9juAwQAw9j1AwQAw9j3MA0EAgACMAcDBQMqC+8AMA0GCSqGSIb3DQEB
CwUAA4IBAQDA31hVhLv9tSbPvvemsPUDwPFwDoxyIotj1Wrmysl7KByYHQX1DSrT
PZeYVoH6BBifgfWay65bzSBUQntGo40+iadtv1g3ceawutznAIfhTnUpEWUoHTgJ
Be3x48JgXJfiiDc1+yJVUkWvUlWxG6WUen9z9KBosaq7FuFBY7mrNUF2j8KFIhXE
e4pjtBL387dVBNRsGdPUUJV6xxwcGGaWKXIuDXxgnxggOpDcaUAa9GEH3rKoUAbO
V+ZUO2qbRtTIIbsqGHoFZKkiGjprkZHGZoMvA2uwn48weIPqzG9u0Lx93MQCNuim
I+kdK6p6jxnsbsyeIminZnNzRoKb2Se8
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:18:37 2024 by rpki-client on console-fra.rpki-client.org