Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/u7FqIlCAINWxXXzpugEWtYcs7PM.roa
File:                     u7FqIlCAINWxXXzpugEWtYcs7PM.roa (raw, json)
Hash identifier:          pID3qvumI2k2tsC4pCbSQxo2PbKYj+c3yog3i1zTsDQ=
Subject key identifier:   BB:B1:6A:22:50:80:20:D5:B1:5D:7C:E9:BA:01:16:B5:87:2C:EC:F3
Certificate issuer:       /CN=53153003737d78f722db9a28e22043e35d8d871e
Certificate serial:       018CCA997E5E8D957EEFB5C4428FCCBD8F0A
Authority key identifier: 53:15:30:03:73:7D:78:F7:22:DB:9A:28:E2:20:43:E3:5D:8D:87:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UxUwA3N9ePci25oo4iBD412Nhx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/u7FqIlCAINWxXXzpugEWtYcs7PM.roa
Signing time:             Tue 02 Jan 2024 14:35:06 +0000
ROA not before:           Tue 02 Jan 2024 14:35:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        192.47.244.0/22 maxlen: 22
                          192.47.248.0/23 maxlen: 23
                          134.21.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UxUwA3N9ePci25oo4iBD412Nhx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:7e:5e:8d:95:7e:ef:b5:c4:42:8f:cc:bd:8f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53153003737d78f722db9a28e22043e35d8d871e
        Validity
            Not Before: Jan  2 14:35:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbb16a22508020d5b15d7ce9ba0116b5872cecf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a5:2c:4a:3c:8b:22:6e:16:5f:50:2c:14:46:
                    92:8a:b1:e5:8a:51:b3:69:d1:0c:2d:cf:4b:38:5d:
                    8d:0e:dc:80:d4:a8:42:2b:46:83:dd:22:63:8f:03:
                    1c:1c:d6:41:6b:bc:a7:3f:8c:16:13:90:fb:a5:e0:
                    52:a5:18:71:9f:95:13:d6:59:c9:e7:a0:d4:cc:0d:
                    90:08:ec:b0:87:61:b3:1e:54:c7:52:c1:db:15:05:
                    3e:38:83:59:33:f4:8c:a8:e4:b8:ca:60:d4:98:b1:
                    34:89:ea:bd:10:c2:16:bf:ad:f0:91:84:b9:80:cc:
                    25:57:1b:f5:cf:5b:f0:d6:ba:ff:9e:12:1e:af:be:
                    e4:82:04:1e:41:23:b4:05:73:be:0d:9f:3d:06:5c:
                    61:e3:fb:d8:fc:a1:6c:d8:06:e6:f4:c1:0f:3c:25:
                    07:3b:90:73:58:03:f3:36:9e:56:bd:6e:2c:b1:d3:
                    41:f3:a3:c9:3c:4c:fb:2f:84:47:e3:d6:34:e2:5c:
                    bf:f0:77:2b:58:49:42:09:ba:af:d0:be:7b:01:93:
                    bf:a0:b3:68:bf:df:55:77:f4:7b:73:c0:b4:24:6f:
                    39:4e:72:34:4d:c5:f5:ab:3b:ce:5b:23:71:5e:75:
                    7a:73:c3:44:47:f5:9d:0f:99:60:06:03:f2:d1:cb:
                    4f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B1:6A:22:50:80:20:D5:B1:5D:7C:E9:BA:01:16:B5:87:2C:EC:F3
            X509v3 Authority Key Identifier:
                keyid:53:15:30:03:73:7D:78:F7:22:DB:9A:28:E2:20:43:E3:5D:8D:87:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UxUwA3N9ePci25oo4iBD412Nhx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/u7FqIlCAINWxXXzpugEWtYcs7PM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/8f7148-236d-4088-89e6-665995c62838/1/UxUwA3N9ePci25oo4iBD412Nhx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.21.0.0/16
                  192.47.244.0-192.47.249.255

    Signature Algorithm: sha256WithRSAEncryption
         5c:e2:c6:95:c7:62:83:4f:82:f1:05:c2:c2:aa:17:24:c6:98:
         54:a6:77:36:c8:c6:6a:30:c8:42:81:17:fc:af:00:36:92:19:
         1a:bc:fd:5d:7e:a0:c8:6d:65:94:16:25:12:4c:2d:c5:59:ba:
         da:65:4f:33:b5:c4:70:a6:30:7c:85:6a:06:ac:a7:70:41:37:
         e2:30:ea:26:1e:a8:d2:b5:4b:17:f9:c1:5a:69:d8:5c:39:19:
         36:8f:ef:48:95:ca:27:ed:f8:09:e8:82:b0:50:dd:56:0a:06:
         95:03:83:f8:a7:fd:3c:8e:90:e4:f5:94:b7:cd:2b:d0:72:85:
         5c:54:dd:98:a3:36:22:ae:b7:79:c1:48:7f:2d:c7:c6:6f:73:
         98:f0:a6:a1:6c:f0:0d:26:5e:77:88:48:e5:b0:9a:5b:55:fb:
         b7:33:bf:47:6c:11:8a:81:81:ed:00:f1:cd:5b:db:64:e1:09:
         f7:c5:cb:fa:60:eb:28:1e:a7:ff:4a:94:5d:ef:18:32:9c:25:
         d8:54:e9:79:e4:4b:74:8c:12:61:01:76:c8:a2:16:ae:7c:38:
         6c:67:d2:53:e0:f1:c8:49:b2:eb:89:f4:f5:3e:67:2e:14:fa:
         e6:6c:21:25:b9:0b:9c:9e:62:c5:f5:dc:5c:f2:fc:04:2d:80:
         fe:b1:a9:ef
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzKmX5ejZV+77XEQo/MvY8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMTUzMDAzNzM3ZDc4ZjcyMmRiOWEyOGUyMjA0M2UzNWQ4
ZDg3MWUwHhcNMjQwMTAyMTQzNTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmIxNmEyMjUwODAyMGQ1YjE1ZDdjZTliYTAxMTZiNTg3MmNlY2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqUsSjyLIm4WX1AsFEaSirHlilGz
adEMLc9LOF2NDtyA1KhCK0aD3SJjjwMcHNZBa7ynP4wWE5D7peBSpRhxn5UT1lnJ
56DUzA2QCOywh2GzHlTHUsHbFQU+OINZM/SMqOS4ymDUmLE0ieq9EMIWv63wkYS5
gMwlVxv1z1vw1rr/nhIer77kggQeQSO0BXO+DZ89Blxh4/vY/KFs2Abm9MEPPCUH
O5BzWAPzNp5WvW4ssdNB86PJPEz7L4RH49Y04ly/8HcrWElCCbqv0L57AZO/oLNo
v99Vd/R7c8C0JG85TnI0TcX1qzvOWyNxXnV6c8NER/WdD5lgBgPy0ctPBQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFLuxaiJQgCDVsV186boBFrWHLOzzMB8GA1UdIwQY
MBaAFFMVMANzfXj3ItuaKOIgQ+NdjYceMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXhVd0EzTjllUGNpMjVvbzRpQkQ0MTJOaHg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS84ZjcxNDgtMjM2ZC00MDg4LTg5ZTYt
NjY1OTk1YzYyODM4LzEvdTdGcUlsQ0FJTld4WFh6cHVnRVd0WWNzN1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS84ZjcxNDgtMjM2ZC00MDg4LTg5ZTYtNjY1OTk1YzYyODM4
LzEvVXhVd0EzTjllUGNpMjVvbzRpQkQ0MTJOaHg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwMAhhUwDAME
AsAv9AMEAcAv+DANBgkqhkiG9w0BAQsFAAOCAQEAXOLGlcdig0+C8QXCwqoXJMaY
VKZ3NsjGajDIQoEX/K8ANpIZGrz9XX6gyG1llBYlEkwtxVm62mVPM7XEcKYwfIVq
BqyncEE34jDqJh6o0rVLF/nBWmnYXDkZNo/vSJXKJ+34CeiCsFDdVgoGlQOD+Kf9
PI6Q5PWUt80r0HKFXFTdmKM2Iq63ecFIfy3Hxm9zmPCmoWzwDSZed4hI5bCaW1X7
tzO/R2wRioGB7QDxzVvbZOEJ98XL+mDrKB6n/0qUXe8YMpwl2FTpeeRLdIwSYQF2
yKIWrnw4bGfSU+DxyEmy64n09T5nLhT65mwhJbkLnJ5ixfXcXPL8BC2A/rGp7w==
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:34:37 2024 by rpki-client on console-fra.rpki-client.org