Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/vuV9DiImVcwNO9BkopRgsMOroHE.roa
File:                     vuV9DiImVcwNO9BkopRgsMOroHE.roa (raw, json)
Hash identifier:          hvkJVrZHtE0uuiYkx/97uOMf1Yr0q6axxQGfWe9B3pk=
Subject key identifier:   BE:E5:7D:0E:22:26:55:CC:0D:3B:D0:64:A2:94:60:B0:C3:AB:A0:71
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018F1B36301CE514E6F0434CA27AF647C7C0
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/vuV9DiImVcwNO9BkopRgsMOroHE.roa
Signing time:             Fri 26 Apr 2024 16:21:26 +0000
ROA not before:           Fri 26 Apr 2024 16:21:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        85.8.160.0/22 maxlen: 22
                          92.249.60.0/22 maxlen: 22
                          188.119.68.0/22 maxlen: 22
                          193.32.186.0/23 maxlen: 23
                          194.93.60.0/22 maxlen: 22
                          212.87.196.0/22 maxlen: 22
                          212.107.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1b:36:30:1c:e5:14:e6:f0:43:4c:a2:7a:f6:47:c7:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Apr 26 16:21:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bee57d0e222655cc0d3bd064a29460b0c3aba071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:80:5c:5f:5a:e6:43:96:6b:dc:af:ce:c1:2b:
                    88:3d:1f:19:d5:ff:cf:d8:29:44:34:f0:9b:6e:92:
                    7f:d8:fe:1e:ed:66:86:f3:a6:56:f5:7c:dc:e6:be:
                    39:8e:d9:3a:b7:10:c7:b0:35:48:bb:94:19:61:fe:
                    6f:57:4e:7a:40:7e:7b:bf:49:ce:6e:81:0a:fd:ef:
                    ac:c7:26:e5:64:74:dc:16:d7:32:41:ac:65:81:20:
                    e0:a3:6a:0a:b5:e6:78:a4:f6:74:72:0d:4b:55:a3:
                    1c:3d:a5:dd:d1:c2:33:7a:84:29:2b:ab:23:f5:d6:
                    3f:87:99:59:86:80:5e:06:b8:68:d7:e7:64:22:4a:
                    4b:5e:3a:c7:2e:82:be:43:27:f3:82:39:57:a6:a7:
                    77:b3:a3:da:d5:3a:00:10:fd:8b:55:da:1b:b8:63:
                    f9:ed:73:e3:75:07:22:36:d3:69:2b:9d:1e:cb:f7:
                    c5:74:b4:25:10:68:ae:91:a7:b5:1b:b8:d5:01:8c:
                    05:9a:42:d7:ae:d3:47:71:c9:f6:56:64:ca:e6:0c:
                    ea:99:f3:b8:28:a5:0e:36:13:32:5c:94:c0:72:fe:
                    dc:87:8c:42:0c:77:8a:bf:79:23:33:60:94:a4:08:
                    4d:68:88:14:2c:64:0a:33:92:b2:eb:3c:66:cf:32:
                    63:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:E5:7D:0E:22:26:55:CC:0D:3B:D0:64:A2:94:60:B0:C3:AB:A0:71
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/vuV9DiImVcwNO9BkopRgsMOroHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.8.160.0/22
                  92.249.60.0/22
                  188.119.68.0/22
                  193.32.186.0/23
                  194.93.60.0/22
                  212.87.196.0/22
                  212.107.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:b0:88:88:f2:dd:fe:77:dd:44:2d:26:6a:f9:29:5c:b3:98:
         36:d3:19:d1:94:73:f1:a4:a8:84:b6:bd:21:a1:c0:6f:3b:e1:
         77:0b:d0:7a:72:0a:9e:26:01:12:37:e2:6c:db:99:fb:a4:ad:
         13:59:2e:b6:81:f2:6f:9f:3c:18:08:aa:db:4d:af:f1:3c:4c:
         c5:42:e2:56:eb:64:e3:7c:08:ef:73:14:02:fd:3a:6e:83:01:
         10:e2:31:30:00:a6:b5:a0:ad:de:1e:ad:96:b0:2f:52:09:3d:
         c8:08:62:9a:ca:18:39:bb:ba:6b:74:43:27:58:8f:56:04:f3:
         20:cf:c3:18:36:9e:74:6c:a7:33:c8:80:be:d4:6e:a7:e0:94:
         b3:55:dc:e1:bd:4a:18:93:76:e3:42:cf:cc:23:8f:c1:a2:52:
         a4:04:f1:67:fa:19:b6:f4:48:32:40:a2:fb:22:f4:77:23:c3:
         57:67:64:4b:fb:06:bf:07:a9:72:94:93:41:c2:f1:65:7f:58:
         e2:dc:8c:5b:5f:d9:c3:96:cc:b6:2f:9b:f2:2c:06:c0:7b:9e:
         50:6e:c9:91:47:00:1d:03:dd:0c:2a:6f:95:3d:83:c4:0e:a4:
         d2:5b:05:d2:ba:05:4a:18:71:c6:e4:37:2e:13:43:2a:9b:9a:
         ee:fa:6e:6a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY8bNjAc5RTm8ENMonr2R8fAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwNDI2MTYyMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWU1N2QwZTIyMjY1NWNjMGQzYmQwNjRhMjk0NjBiMGMzYWJhMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIBcX1rmQ5Zr3K/OwSuIPR8Z1f/P
2ClENPCbbpJ/2P4e7WaG86ZW9Xzc5r45jtk6txDHsDVIu5QZYf5vV056QH57v0nO
boEK/e+sxyblZHTcFtcyQaxlgSDgo2oKteZ4pPZ0cg1LVaMcPaXd0cIzeoQpK6sj
9dY/h5lZhoBeBrho1+dkIkpLXjrHLoK+QyfzgjlXpqd3s6Pa1ToAEP2LVdobuGP5
7XPjdQciNtNpK50ey/fFdLQlEGiukae1G7jVAYwFmkLXrtNHccn2VmTK5gzqmfO4
KKUONhMyXJTAcv7ch4xCDHeKv3kjM2CUpAhNaIgULGQKM5Ky6zxmzzJj4QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFL7lfQ4iJlXMDTvQZKKUYLDDq6BxMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvdnVWOURpSW1WY3dOTzlCa29wUmdzTU9yb0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCVQigAwQC
XPk8AwQCvHdEAwQBwSC6AwQCwl08AwQC1FfEAwQC1GsEMA0GCSqGSIb3DQEBCwUA
A4IBAQBCsIiI8t3+d91ELSZq+Slcs5g20xnRlHPxpKiEtr0hocBvO+F3C9B6cgqe
JgESN+Js25n7pK0TWS62gfJvnzwYCKrbTa/xPEzFQuJW62TjfAjvcxQC/TpugwEQ
4jEwAKa1oK3eHq2WsC9SCT3ICGKayhg5u7prdEMnWI9WBPMgz8MYNp50bKczyIC+
1G6n4JSzVdzhvUoYk3bjQs/MI4/BolKkBPFn+hm29EgyQKL7IvR3I8NXZ2RL+wa/
B6lylJNBwvFlf1ji3IxbX9nDlsy2L5vyLAbAe55QbsmRRwAdA90MKm+VPYPEDqTS
WwXSugVKGHHG5DcuE0Mqm5ru+m5q
-----END CERTIFICATE-----
Generated at Sat Jun 15 09:04:37 2024 by rpki-client on console-fra.rpki-client.org