Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/4a79a1-3d19-4de4-be89-8a200691f724/1/_hIbVT3menooV9Owm_I4HyGyFUk.roa
File:                     _hIbVT3menooV9Owm_I4HyGyFUk.roa (raw, json)
Hash identifier:          yr8pnh/IaGhrC9EwQoPSAssKx5KwOCrjx7H3CRJxveo=
Subject key identifier:   FE:12:1B:55:3D:E6:7A:7A:28:57:D3:B0:9B:F2:38:1F:21:B2:15:49
Certificate issuer:       /CN=bbfa427d42023afda888e8415f4edcf7b7df1b05
Certificate serial:       018CC8DF7C3EFFF0599CDBC9DAE008C708D8
Authority key identifier: BB:FA:42:7D:42:02:3A:FD:A8:88:E8:41:5F:4E:DC:F7:B7:DF:1B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_pCfUICOv2oiOhBX07c97ffGwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/4a79a1-3d19-4de4-be89-8a200691f724/1/_hIbVT3menooV9Owm_I4HyGyFUk.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205278
IP address blocks:        195.8.107.0/24 maxlen: 24
                          2a12:e3c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/4a79a1-3d19-4de4-be89-8a200691f724/1/u_pCfUICOv2oiOhBX07c97ffGwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/4a79a1-3d19-4de4-be89-8a200691f724/1/u_pCfUICOv2oiOhBX07c97ffGwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_pCfUICOv2oiOhBX07c97ffGwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7c:3e:ff:f0:59:9c:db:c9:da:e0:08:c7:08:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbfa427d42023afda888e8415f4edcf7b7df1b05
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe121b553de67a7a2857d3b09bf2381f21b21549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0c:64:64:75:bb:e5:ff:27:5a:36:7a:7d:ac:
                    1e:64:54:f3:e3:41:0e:31:aa:b2:79:70:b0:92:99:
                    b5:ea:2f:f8:1c:3b:13:34:e2:60:88:1c:c2:8d:64:
                    5f:cc:e5:ce:76:30:af:5b:d3:e0:e9:3f:a0:37:25:
                    4a:45:23:63:32:21:64:c8:45:e8:9e:46:8e:ad:10:
                    fa:06:ac:5c:35:ba:d9:53:0d:47:de:c3:6d:33:e1:
                    bb:c0:f4:ee:af:ed:d8:83:b8:c0:57:b0:b7:55:e8:
                    77:97:b0:b1:89:c0:f0:1c:63:60:3f:85:e4:d0:28:
                    b7:e6:0f:a1:4f:f7:17:fb:06:d0:f0:e4:f1:25:11:
                    1a:46:7d:fa:20:d6:0c:51:b1:d2:2f:74:07:0c:8b:
                    c8:ff:db:bf:e6:cc:c5:42:d6:aa:25:b6:b9:0f:77:
                    4b:89:50:31:d1:1b:7d:7d:f8:b4:0d:af:63:58:c7:
                    ae:dc:4e:d4:c7:06:cf:2f:e7:9c:9a:de:ab:49:84:
                    3a:39:d5:13:51:5a:69:73:8c:a4:b2:b6:a4:d6:a1:
                    35:b8:c7:94:93:c8:fc:a1:6b:0a:d0:07:d2:02:d0:
                    d0:f1:72:1b:7f:d0:e8:9b:d1:88:36:eb:c2:b6:46:
                    77:f5:64:c6:cf:76:dd:6d:07:c9:7a:a0:df:bf:d7:
                    59:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:12:1B:55:3D:E6:7A:7A:28:57:D3:B0:9B:F2:38:1F:21:B2:15:49
            X509v3 Authority Key Identifier:
                keyid:BB:FA:42:7D:42:02:3A:FD:A8:88:E8:41:5F:4E:DC:F7:B7:DF:1B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_pCfUICOv2oiOhBX07c97ffGwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4a79a1-3d19-4de4-be89-8a200691f724/1/_hIbVT3menooV9Owm_I4HyGyFUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/4a79a1-3d19-4de4-be89-8a200691f724/1/u_pCfUICOv2oiOhBX07c97ffGwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.107.0/24
                IPv6:
                  2a12:e3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:af:9a:04:4c:a7:67:59:d5:bc:1e:02:2b:e5:4d:9c:d9:6c:
         b2:bb:17:66:f8:ac:08:df:54:02:f4:d7:b0:4a:a7:09:31:f6:
         82:37:a0:a5:c8:e1:e7:3f:6a:65:44:f4:5a:1b:da:95:2e:8f:
         fd:9b:4f:57:f5:f1:70:02:c2:60:2b:37:86:e9:e3:1b:5a:83:
         47:f0:3c:ce:4e:21:34:2f:0b:39:8c:84:3b:ad:42:7d:df:08:
         55:2e:ca:a7:8e:bb:9e:b0:81:94:a5:6d:e2:08:57:f7:26:c4:
         27:89:ab:5c:23:2c:d7:2d:21:33:e8:53:a7:4a:cc:0e:37:c4:
         33:ae:9a:c2:5f:e7:7e:0c:83:1d:eb:63:7b:0f:b2:76:9d:d9:
         07:32:27:43:42:34:07:2c:38:e6:0d:57:a0:20:16:e5:2b:c4:
         bb:90:66:93:96:9e:97:9e:03:8b:95:0c:ca:7a:3c:8b:cb:5c:
         57:75:c2:be:fe:db:25:70:2b:2a:3a:93:15:d5:5b:28:f5:b1:
         5f:82:99:a5:95:46:7a:5d:cf:f4:a1:48:c9:6c:a1:bd:0b:c2:
         74:5c:5c:b8:6a:84:53:64:11:3e:83:13:b3:c6:1a:f8:8f:01:
         62:fe:2e:18:4b:a0:79:95:06:94:00:97:ad:02:26:08:96:3a:
         7c:c9:7b:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI33w+//BZnNvJ2uAIxwjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZmE0MjdkNDIwMjNhZmRhODg4ZTg0MTVmNGVkY2Y3Yjdk
ZjFiMDUwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTEyMWI1NTNkZTY3YTdhMjg1N2QzYjA5YmYyMzgxZjIxYjIxNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAxkZHW75f8nWjZ6faweZFTz40EO
MaqyeXCwkpm16i/4HDsTNOJgiBzCjWRfzOXOdjCvW9Pg6T+gNyVKRSNjMiFkyEXo
nkaOrRD6BqxcNbrZUw1H3sNtM+G7wPTur+3Yg7jAV7C3Veh3l7CxicDwHGNgP4Xk
0Ci35g+hT/cX+wbQ8OTxJREaRn36INYMUbHSL3QHDIvI/9u/5szFQtaqJba5D3dL
iVAx0Rt9ffi0Da9jWMeu3E7UxwbPL+ecmt6rSYQ6OdUTUVppc4yksrak1qE1uMeU
k8j8oWsK0AfSAtDQ8XIbf9Dom9GINuvCtkZ39WTGz3bdbQfJeqDfv9dZ6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP4SG1U95np6KFfTsJvyOB8hshVJMB8GA1UdIwQY
MBaAFLv6Qn1CAjr9qIjoQV9O3Pe33xsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9wQ2ZVSUNPdjJvaU9oQlgwN2M5N2ZmR3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS80YTc5YTEtM2QxOS00ZGU0LWJlODkt
OGEyMDA2OTFmNzI0LzEvX2hJYlZUM21lbm9vVjlPd21fSTRIeUd5RlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS80YTc5YTEtM2QxOS00ZGU0LWJlODktOGEyMDA2OTFmNzI0
LzEvdV9wQ2ZVSUNPdjJvaU9oQlgwN2M5N2ZmR3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwwhrMA0E
AgACMAcDBQMqEuPAMA0GCSqGSIb3DQEBCwUAA4IBAQCQr5oETKdnWdW8HgIr5U2c
2Wyyuxdm+KwI31QC9NewSqcJMfaCN6ClyOHnP2plRPRaG9qVLo/9m09X9fFwAsJg
KzeG6eMbWoNH8DzOTiE0Lws5jIQ7rUJ93whVLsqnjruesIGUpW3iCFf3JsQniatc
IyzXLSEz6FOnSswON8QzrprCX+d+DIMd62N7D7J2ndkHMidDQjQHLDjmDVegIBbl
K8S7kGaTlp6XngOLlQzKejyLy1xXdcK+/tslcCsqOpMV1Vso9bFfgpmllUZ6Xc/0
oUjJbKG9C8J0XFy4aoRTZBE+gxOzxhr4jwFi/i4YS6B5lQaUAJetAiYIljp8yXti
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:19:12 2024 by rpki-client on console-fra.rpki-client.org