Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/1-Nt8kg212gQqDNDcPEOVp5cNj10.roa
File:                     1-Nt8kg212gQqDNDcPEOVp5cNj10.roa (raw, json)
Hash identifier:          TyGECCs5bxm5N9DmczmFmySNePRb6cPX43nViE8V090=
Subject key identifier:   F8:DB:7C:92:0D:B5:DA:04:2A:0C:D0:DC:3C:43:95:A7:97:0D:8F:5D
Certificate issuer:       /CN=4e5ecfec9f54e4ec39c2005ef4e63e70b51faed4
Certificate serial:       018D9E0BF3BF9B69034AE389A16541474C43
Authority key identifier: 4E:5E:CF:EC:9F:54:E4:EC:39:C2:00:5E:F4:E6:3E:70:B5:1F:AE:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/1-Nt8kg212gQqDNDcPEOVp5cNj10.roa
Signing time:             Mon 12 Feb 2024 15:59:59 +0000
ROA not before:           Mon 12 Feb 2024 15:59:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48960
IP address blocks:        95.173.194.0/24 maxlen: 24
                          95.173.195.0/24 maxlen: 24
                          95.173.196.0/24 maxlen: 24
                          95.173.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9e:0b:f3:bf:9b:69:03:4a:e3:89:a1:65:41:47:4c:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5ecfec9f54e4ec39c2005ef4e63e70b51faed4
        Validity
            Not Before: Feb 12 15:59:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8db7c920db5da042a0cd0dc3c4395a7970d8f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:50:f9:0b:15:81:0e:9f:bf:02:da:97:7c:7b:
                    1b:1e:8f:09:e5:08:19:1b:b3:dd:15:ab:c7:9b:f5:
                    ff:a4:94:d1:fd:8f:97:eb:b8:d1:e6:bf:5b:93:7f:
                    2f:a6:db:9a:a2:35:19:00:53:54:ae:35:26:99:3f:
                    68:29:95:99:68:c6:68:59:ab:5b:05:45:64:e6:04:
                    58:3c:fc:34:f1:f7:13:cb:35:1e:1d:2f:dd:3e:e4:
                    a9:c5:4c:b8:0d:4d:2a:35:c8:16:2f:dd:7f:48:68:
                    e7:81:30:0d:c7:e5:b9:31:e9:3b:c9:b1:44:67:ab:
                    4a:b8:12:42:93:8f:fb:72:c6:78:c9:7b:d2:05:b1:
                    68:8d:da:c4:84:3a:42:64:31:a9:45:46:38:03:92:
                    75:3c:23:9c:f6:3f:21:25:73:7d:7e:d7:8d:66:0c:
                    f9:93:59:dc:7e:50:2a:f3:0e:00:a9:f4:49:51:63:
                    8b:cc:7f:4e:19:93:ef:ea:60:79:05:8c:8f:d0:e9:
                    e5:a8:e6:34:a1:b3:41:94:e4:f8:0d:3b:86:9b:d9:
                    79:c1:d5:dc:44:7d:0c:2c:66:2e:31:23:2b:00:8e:
                    6a:61:99:9a:26:75:ce:6e:b6:a1:c9:6e:c5:03:fb:
                    46:07:28:74:ba:fc:e8:f0:20:71:57:30:00:56:02:
                    4c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:DB:7C:92:0D:B5:DA:04:2A:0C:D0:DC:3C:43:95:A7:97:0D:8F:5D
            X509v3 Authority Key Identifier:
                keyid:4E:5E:CF:EC:9F:54:E4:EC:39:C2:00:5E:F4:E6:3E:70:B5:1F:AE:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/1-Nt8kg212gQqDNDcPEOVp5cNj10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.194.0-95.173.196.255
                  95.173.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:32:26:3f:2a:72:06:da:8a:be:7f:70:c7:fb:bf:f8:f1:c2:
         9f:17:13:b7:8a:95:50:90:db:d0:00:23:02:0e:f6:8e:dc:38:
         ee:36:63:62:c9:48:b9:c2:31:ff:56:91:39:e4:dd:0d:85:ba:
         3c:c5:e5:be:65:a6:c2:e1:61:03:c3:96:f4:b6:87:b7:5a:f7:
         ca:54:b7:48:97:73:6b:92:a7:94:37:64:7d:d2:be:4d:12:08:
         04:21:8d:78:e0:bb:33:11:33:2d:70:12:47:ad:63:3c:c2:80:
         63:2a:c0:60:6c:d2:1a:21:cb:82:18:fb:03:ed:53:72:d2:cd:
         4d:cc:18:da:97:23:a7:eb:fe:04:fd:5c:d8:1e:4a:72:b2:ba:
         5e:fa:e1:6c:e1:bb:7f:45:3c:31:b9:e1:e7:ed:ee:99:0d:83:
         5a:db:94:16:46:34:04:6b:5b:4a:ee:2e:da:b5:2f:c0:12:57:
         0b:10:bc:0a:ee:03:b5:f9:a6:45:c7:6f:65:10:76:f5:3a:58:
         8f:31:a1:43:e1:29:2d:97:e1:36:73:06:63:a7:f7:7f:1b:e9:
         30:08:b6:f4:a3:50:cd:d9:21:5a:f5:be:11:a6:44:b4:73:3b:
         a5:7f:35:87:bd:69:92:2c:7f:d7:d6:58:f9:dd:e2:04:e1:fc:
         88:86:13:5d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2eC/O/m2kDSuOJoWVBR0xDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWVjZmVjOWY1NGU0ZWMzOWMyMDA1ZWY0ZTYzZTcwYjUx
ZmFlZDQwHhcNMjQwMjEyMTU1OTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGRiN2M5MjBkYjVkYTA0MmEwY2QwZGMzYzQzOTVhNzk3MGQ4ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1D5CxWBDp+/AtqXfHsbHo8J5QgZ
G7PdFavHm/X/pJTR/Y+X67jR5r9bk38vptuaojUZAFNUrjUmmT9oKZWZaMZoWatb
BUVk5gRYPPw08fcTyzUeHS/dPuSpxUy4DU0qNcgWL91/SGjngTANx+W5Mek7ybFE
Z6tKuBJCk4/7csZ4yXvSBbFojdrEhDpCZDGpRUY4A5J1PCOc9j8hJXN9fteNZgz5
k1ncflAq8w4AqfRJUWOLzH9OGZPv6mB5BYyP0OnlqOY0obNBlOT4DTuGm9l5wdXc
RH0MLGYuMSMrAI5qYZmaJnXObrahyW7FA/tGByh0uvzo8CBxVzAAVgJMWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPjbfJINtdoEKgzQ3DxDlaeXDY9dMB8GA1UdIwQY
MBaAFE5ez+yfVOTsOcIAXvTmPnC1H67UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGw3UDdKOVU1T3c1d2dCZTlPWS1jTFVmcnRRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZjJhMWMtMThhZi00YmE1LWE0OWYt
ZWNhZDNiNzE0OTM4LzEvMS1OdDhrZzIxMmdRcURORGNQRU9WcDVjTmoxMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmQvZmYyYTFjLTE4YWYtNGJhNS1hNDlmLWVjYWQzYjcxNDkz
OC8xL1RsN1A3SjlVNU93NXdnQmU5T1ktY0xVZnJ0US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAtBggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFDAMAwQBX63C
AwQAX63EAwQAX63GMA0GCSqGSIb3DQEBCwUAA4IBAQCNMiY/KnIG2oq+f3DH+7/4
8cKfFxO3ipVQkNvQACMCDvaO3DjuNmNiyUi5wjH/VpE55N0Nhbo8xeW+ZabC4WED
w5b0toe3WvfKVLdIl3NrkqeUN2R90r5NEggEIY144LszETMtcBJHrWM8woBjKsBg
bNIaIcuCGPsD7VNy0s1NzBjalyOn6/4E/VzYHkpysrpe+uFs4bt/RTwxueHn7e6Z
DYNa25QWRjQEa1tK7i7atS/AElcLELwK7gO1+aZFx29lEHb1OliPMaFD4Sktl+E2
cwZjp/d/G+kwCLb0o1DN2SFa9b4RpkS0czulfzWHvWmSLH/X1lj53eIE4fyIhhNd
-----END CERTIFICATE-----
Generated at Sat Nov 23 08:47:02 2024 by rpki-client on console-fra.rpki-client.org