Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/IZpzUvasF158tiFFVRiwVKIK7Bo.roa
File:                     IZpzUvasF158tiFFVRiwVKIK7Bo.roa (raw, json)
Hash identifier:          bizyqTtPxVxi8dxN9daDhEJwgK85KyeGdYdGhWROTkQ=
Subject key identifier:   21:9A:73:52:F6:AC:17:5E:7C:B6:21:45:55:18:B0:54:A2:0A:EC:1A
Certificate issuer:       /CN=e1584910124af776e30e5acf055d6bae1761a536
Certificate serial:       018D1D128E92B4249984B1F252042EA9CA0D
Authority key identifier: E1:58:49:10:12:4A:F7:76:E3:0E:5A:CF:05:5D:6B:AE:17:61:A5:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VhJEBJK93bjDlrPBV1rrhdhpTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/IZpzUvasF158tiFFVRiwVKIK7Bo.roa
Signing time:             Thu 18 Jan 2024 14:56:11 +0000
ROA not before:           Thu 18 Jan 2024 14:56:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51844
IP address blocks:        95.128.158.0/24 maxlen: 24
                          2a13:3c0:101::/48 maxlen: 48
                          2a13:3c0:102::/48 maxlen: 48
                          2a13:3c0:103::/48 maxlen: 48
                          2a13:3c0:104::/48 maxlen: 48
                          2a13:3c0:105::/48 maxlen: 48
                          2a13:3c0:106::/48 maxlen: 48
                          2a13:3c0:107::/48 maxlen: 48
                          2a13:3c0:108::/48 maxlen: 48
                          2a13:3c0:109::/48 maxlen: 48
                          2a13:3c0:110::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/4VhJEBJK93bjDlrPBV1rrhdhpTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/4VhJEBJK93bjDlrPBV1rrhdhpTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VhJEBJK93bjDlrPBV1rrhdhpTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1d:12:8e:92:b4:24:99:84:b1:f2:52:04:2e:a9:ca:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1584910124af776e30e5acf055d6bae1761a536
        Validity
            Not Before: Jan 18 14:56:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=219a7352f6ac175e7cb621455518b054a20aec1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:1a:7d:0b:49:33:11:da:7f:64:37:61:68:49:
                    ed:23:06:e0:42:42:74:61:c4:db:25:cd:3b:3f:50:
                    a9:0d:23:3a:e7:a9:cb:67:d0:e2:c2:10:67:0b:41:
                    97:b4:79:34:ed:40:61:cb:be:f7:e5:7a:8d:7f:3b:
                    46:90:68:81:d2:16:22:03:f1:26:ed:d3:8b:48:07:
                    ff:c8:42:39:f4:a4:6e:57:20:6c:26:9b:d8:fb:85:
                    26:ad:55:4e:ea:fc:06:eb:21:15:c2:c8:76:0e:29:
                    cf:bf:19:c9:de:0c:0d:12:06:13:59:f9:73:65:2d:
                    b8:4d:df:da:b0:93:47:d5:ff:34:69:91:72:56:d5:
                    4b:27:ba:f8:e5:fd:e0:42:bc:23:95:1a:b2:0f:a8:
                    99:da:56:f5:f8:97:23:b7:40:04:11:4c:b9:eb:35:
                    c1:83:09:41:91:ab:4b:27:a0:10:2c:f9:11:8f:be:
                    15:4d:28:fa:e2:7f:c0:7c:03:9b:f0:88:2f:5f:08:
                    03:e3:58:ac:e1:1e:5f:6f:d9:05:b0:a0:5e:87:63:
                    5a:22:88:6e:0c:13:b3:a4:b9:09:66:3f:27:22:6a:
                    76:a8:83:13:8b:ea:66:d3:ac:d1:e6:c3:d8:d6:50:
                    87:3b:7b:a3:f4:ea:e2:d5:e3:a4:24:49:0c:f4:2c:
                    7f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:9A:73:52:F6:AC:17:5E:7C:B6:21:45:55:18:B0:54:A2:0A:EC:1A
            X509v3 Authority Key Identifier:
                keyid:E1:58:49:10:12:4A:F7:76:E3:0E:5A:CF:05:5D:6B:AE:17:61:A5:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VhJEBJK93bjDlrPBV1rrhdhpTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/IZpzUvasF158tiFFVRiwVKIK7Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/7215e0-9ab8-4a13-a605-31ab32ff7c68/1/4VhJEBJK93bjDlrPBV1rrhdhpTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.158.0/24
                IPv6:
                  2a13:3c0:101::-2a13:3c0:109:ffff:ffff:ffff:ffff:ffff
                  2a13:3c0:110::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:7f:ee:f2:4f:d2:c7:5a:60:0e:56:af:78:57:f3:ac:eb:1e:
         95:e4:b9:3c:93:f0:61:be:f2:d4:45:ba:c4:6f:1f:3d:0e:ec:
         e2:5b:79:19:5b:49:ed:f7:65:d7:26:03:6c:20:58:88:ee:78:
         89:0f:49:ae:b4:9a:db:57:29:50:59:26:93:15:4c:35:b0:55:
         c3:e1:2c:2a:60:2a:a4:15:97:2a:73:64:25:7b:b8:21:d5:37:
         07:b9:ab:6b:de:71:0e:34:4f:e4:c4:58:d3:da:98:ba:9f:11:
         98:01:08:fd:17:fc:e8:58:b3:e1:1d:46:56:b0:35:e1:c6:cd:
         9e:c6:b7:b9:e3:2e:51:ac:74:7e:38:e9:0a:f9:fe:3f:38:f9:
         a1:94:9e:3e:ce:e0:b8:48:a7:35:99:f2:06:23:fd:3e:b4:fc:
         35:2d:87:8f:17:ee:c3:70:53:3e:1e:73:b3:95:e9:16:4c:3f:
         32:11:be:7a:22:2a:8c:f6:58:72:22:39:5c:b0:e2:68:15:66:
         dd:7b:ce:72:60:64:ff:8b:c6:a4:7e:e2:39:9b:44:c5:9e:36:
         57:f8:47:4e:87:01:f4:2e:d6:ee:ad:c8:0b:6a:ea:84:86:1d:
         00:fb:f6:a3:81:3a:20:50:7c:20:76:78:46:cd:f4:67:c4:f4:
         7c:57:4f:46
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAY0dEo6StCSZhLHyUgQuqcoNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTg0OTEwMTI0YWY3NzZlMzBlNWFjZjA1NWQ2YmFlMTc2
MWE1MzYwHhcNMjQwMTE4MTQ1NjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTlhNzM1MmY2YWMxNzVlN2NiNjIxNDU1NTE4YjA1NGEyMGFlYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBp9C0kzEdp/ZDdhaEntIwbgQkJ0
YcTbJc07P1CpDSM656nLZ9DiwhBnC0GXtHk07UBhy7735XqNfztGkGiB0hYiA/Em
7dOLSAf/yEI59KRuVyBsJpvY+4UmrVVO6vwG6yEVwsh2DinPvxnJ3gwNEgYTWflz
ZS24Td/asJNH1f80aZFyVtVLJ7r45f3gQrwjlRqyD6iZ2lb1+Jcjt0AEEUy56zXB
gwlBkatLJ6AQLPkRj74VTSj64n/AfAOb8IgvXwgD41is4R5fb9kFsKBeh2NaIohu
DBOzpLkJZj8nImp2qIMTi+pm06zR5sPY1lCHO3uj9Ori1eOkJEkM9Cx/xwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFCGac1L2rBdefLYhRVUYsFSiCuwaMB8GA1UdIwQY
MBaAFOFYSRASSvd24w5azwVda64XYaU2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZoSkVCSks5M2JqRGxyUEJWMXJyaGRocFRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83MjE1ZTAtOWFiOC00YTEzLWE2MDUt
MzFhYjMyZmY3YzY4LzEvSVpwelV2YXNGMTU4dGlGRlZSaXdWS0lLN0JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83MjE1ZTAtOWFiOC00YTEzLWE2MDUtMzFhYjMyZmY3YzY4
LzEvNFZoSkVCSks5M2JqRGxyUEJWMXJyaGRocFRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAMBAIAATAGAwQAX4CeMCME
AgACMB0wEgMHACoTA8ABAQMHASoTA8ABCAMHACoTA8ABEDANBgkqhkiG9w0BAQsF
AAOCAQEAIX/u8k/Sx1pgDlaveFfzrOseleS5PJPwYb7y1EW6xG8fPQ7s4lt5GVtJ
7fdl1yYDbCBYiO54iQ9JrrSa21cpUFkmkxVMNbBVw+EsKmAqpBWXKnNkJXu4IdU3
B7mra95xDjRP5MRY09qYup8RmAEI/Rf86Fiz4R1GVrA14cbNnsa3ueMuUax0fjjp
Cvn+Pzj5oZSePs7guEinNZnyBiP9PrT8NS2Hjxfuw3BTPh5zs5XpFkw/MhG+eiIq
jPZYciI5XLDiaBVm3XvOcmBk/4vGpH7iOZtExZ42V/hHTocB9C7W7q3IC2rqhIYd
APv2o4E6IFB8IHZ4Rs30Z8T0fFdPRg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:07:15 2024 by rpki-client on console-fra.rpki-client.org