Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/9CI8AnDx7ie_z6U00qU_2dX-n8U.roa
File:                     9CI8AnDx7ie_z6U00qU_2dX-n8U.roa (raw, json)
Hash identifier:          S3ifE9TnVAPwkf8cKymvvf81QQqwVfpE4El3cauqFm4=
Subject key identifier:   F4:22:3C:02:70:F1:EE:27:BF:CF:A5:34:D2:A5:3F:D9:D5:FE:9F:C5
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018F8FD09DB52D238554B7719FD963B92ACD
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/9CI8AnDx7ie_z6U00qU_2dX-n8U.roa
Signing time:             Sun 19 May 2024 07:46:04 +0000
ROA not before:           Sun 19 May 2024 07:46:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208161
IP address blocks:        87.248.130.0/24 maxlen: 24
                          87.248.131.0/24 maxlen: 24
                          87.248.133.0/24 maxlen: 24
                          87.248.137.0/24 maxlen: 24
                          87.248.138.0/24 maxlen: 24
                          87.248.139.0/24 maxlen: 24
                          87.248.145.0/24 maxlen: 24
                          87.248.150.0/24 maxlen: 24
                          87.248.151.0/24 maxlen: 24
                          87.248.152.0/23 maxlen: 24
                          87.248.155.0/24 maxlen: 24
                          87.248.156.0/24 maxlen: 24
                          194.60.230.0/24 maxlen: 24
                          194.60.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8f:d0:9d:b5:2d:23:85:54:b7:71:9f:d9:63:b9:2a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: May 19 07:46:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4223c0270f1ee27bfcfa534d2a53fd9d5fe9fc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:29:5f:e1:3c:b9:0f:4d:b7:26:0b:7f:84:f1:
                    40:26:58:3d:3c:8b:82:5b:11:f3:fa:65:7a:b5:75:
                    bc:ba:05:64:eb:b8:7c:f4:5e:7c:dd:4d:bd:dc:a4:
                    61:fd:8b:5a:8f:e8:dd:6a:41:c6:b2:e8:2c:23:20:
                    92:26:04:6b:1e:61:78:ca:74:89:54:52:c7:12:d4:
                    bb:e4:f4:1f:7c:b6:8b:6b:04:be:68:8c:a2:9b:7e:
                    06:41:37:ec:a4:a1:6a:96:04:ec:c3:3b:be:7f:a7:
                    5e:15:85:45:0f:88:c0:01:98:4e:eb:bd:02:8a:df:
                    25:e9:6a:0b:3e:82:98:c5:e4:df:d5:85:3c:77:89:
                    48:56:41:f0:06:94:59:5c:0e:de:6d:c9:7f:47:7b:
                    a2:68:b3:0f:80:40:13:19:63:a9:3d:ca:ae:a4:10:
                    88:de:8e:09:58:eb:c7:48:ea:6f:03:64:a3:16:5d:
                    8c:ac:70:21:c4:44:c2:8c:96:a1:c3:cf:93:01:ed:
                    79:ec:8a:6c:97:1e:b8:13:2a:35:fb:30:1b:2e:96:
                    2c:93:58:fd:cb:19:ea:03:10:85:be:70:50:ff:26:
                    fd:37:89:af:14:23:f9:9b:5f:f0:32:b0:3a:42:a2:
                    a5:87:14:98:1b:0d:99:fd:11:2b:d8:bb:3e:ee:81:
                    18:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:22:3C:02:70:F1:EE:27:BF:CF:A5:34:D2:A5:3F:D9:D5:FE:9F:C5
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/9CI8AnDx7ie_z6U00qU_2dX-n8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.130.0/23
                  87.248.133.0/24
                  87.248.137.0-87.248.139.255
                  87.248.145.0/24
                  87.248.150.0-87.248.153.255
                  87.248.155.0-87.248.156.255
                  194.60.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:33:28:59:cc:6d:d7:23:9d:30:63:29:e3:bc:59:c9:2e:73:
         07:1c:77:0f:99:69:de:a5:ab:9a:50:02:e4:4c:fa:cd:7a:8a:
         11:d3:b6:50:98:82:1d:3a:43:93:57:46:b4:7d:69:ca:7a:e0:
         37:5d:9c:36:50:ff:5c:c6:1a:4f:18:d1:17:25:ec:01:d3:fc:
         1a:50:dc:be:52:6a:1c:cc:ec:ba:ab:a8:20:e2:d1:e0:5c:96:
         f0:05:9f:94:d9:91:0a:62:97:b2:67:06:1b:eb:4a:56:a5:eb:
         e5:bd:cf:32:15:f2:18:cd:f3:2a:58:ab:c4:cf:8d:93:d2:5c:
         5a:62:ea:05:7f:e3:b4:81:19:66:df:fd:80:c8:4e:24:ec:8e:
         3c:c3:3e:70:52:a8:c2:55:ff:9b:f0:4c:dd:b6:c4:11:2c:ea:
         06:b6:f2:2a:88:19:78:af:56:af:ee:cd:ac:f4:28:c6:02:9d:
         de:1f:b9:82:ae:5b:1c:53:f9:da:f3:54:4a:86:20:e7:d3:26:
         6b:e6:1b:85:64:19:20:16:80:6c:db:c9:7e:93:b4:1c:bc:23:
         fc:fb:1d:f5:75:15:cc:97:b1:87:46:b9:11:fb:56:22:7f:cd:
         45:2a:03:57:77:22:aa:f2:9c:8f:ab:2c:ab:2b:8b:a4:0b:3a:
         f1:a6:18:e8
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY+P0J21LSOFVLdxn9ljuSrNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwNTE5MDc0NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDIyM2MwMjcwZjFlZTI3YmZjZmE1MzRkMmE1M2ZkOWQ1ZmU5ZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnilf4Ty5D023Jgt/hPFAJlg9PIuC
WxHz+mV6tXW8ugVk67h89F583U293KRh/Ytaj+jdakHGsugsIyCSJgRrHmF4ynSJ
VFLHEtS75PQffLaLawS+aIyim34GQTfspKFqlgTswzu+f6deFYVFD4jAAZhO670C
it8l6WoLPoKYxeTf1YU8d4lIVkHwBpRZXA7ebcl/R3uiaLMPgEATGWOpPcqupBCI
3o4JWOvHSOpvA2SjFl2MrHAhxETCjJahw8+TAe157Ipslx64Eyo1+zAbLpYsk1j9
yxnqAxCFvnBQ/yb9N4mvFCP5m1/wMrA6QqKlhxSYGw2Z/REr2Ls+7oEYFQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFPQiPAJw8e4nv8+lNNKlP9nV/p/FMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvOUNJOEFuRHg3aWVfejZVMDBxVV8yZFgtbjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQBV/iCAwQA
V/iFMAwDBABX+IkDBAJX+IgDBABX+JEwDAMEAVf4lgMEAVf4mDAMAwQAV/ibAwQA
V/icAwQBwjzmMA0GCSqGSIb3DQEBCwUAA4IBAQAUMyhZzG3XI50wYynjvFnJLnMH
HHcPmWnepauaUALkTPrNeooR07ZQmIIdOkOTV0a0fWnKeuA3XZw2UP9cxhpPGNEX
JewB0/waUNy+UmoczOy6q6gg4tHgXJbwBZ+U2ZEKYpeyZwYb60pWpevlvc8yFfIY
zfMqWKvEz42T0lxaYuoFf+O0gRlm3/2AyE4k7I48wz5wUqjCVf+b8EzdtsQRLOoG
tvIqiBl4r1av7s2s9CjGAp3eH7mCrlscU/na81RKhiDn0yZr5huFZBkgFoBs28l+
k7QcvCP8+x31dRXMl7GHRrkR+1Yif81FKgNXdyKq8pyPqyyrK4ukCzrxphjo
-----END CERTIFICATE-----
Generated at Sat Jun 15 16:56:29 2024 by rpki-client on console-fra.rpki-client.org