Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/ccaa1a-9daa-44b8-9e26-87f341888560/1/vL7sgOo_tCyPmZO0rLYLZVChUZg.roa
File:                     vL7sgOo_tCyPmZO0rLYLZVChUZg.roa (raw, json)
Hash identifier:          CRrAJsjLt/Y5GhpRgUJA9xcGbVWv0/R7BK5vbyE82jw=
Subject key identifier:   BC:BE:EC:80:EA:3F:B4:2C:8F:99:93:B4:AC:B6:0B:65:50:A1:51:98
Certificate issuer:       /CN=b321cb828908f430749ee3a5f2a62de5f822f7d1
Certificate serial:       018CC8012457D3AFD092B1FE748669961958
Authority key identifier: B3:21:CB:82:89:08:F4:30:74:9E:E3:A5:F2:A6:2D:E5:F8:22:F7:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syHLgokI9DB0nuOl8qYt5fgi99E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/ccaa1a-9daa-44b8-9e26-87f341888560/1/vL7sgOo_tCyPmZO0rLYLZVChUZg.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41789
IP address blocks:        91.142.145.0/24 maxlen: 24
                          91.142.144.0/24 maxlen: 24
                          91.142.150.0/24 maxlen: 24
                          91.142.149.0/24 maxlen: 24
                          91.142.148.0/24 maxlen: 24
                          91.142.147.0/24 maxlen: 24
                          91.142.152.0/21 maxlen: 21
                          91.142.151.0/24 maxlen: 24
                          91.142.146.0/24 maxlen: 24
                          91.142.158.0/24 maxlen: 24
                          46.16.11.0/24 maxlen: 24
                          46.16.10.0/24 maxlen: 24
                          46.16.9.0/24 maxlen: 24
                          46.16.8.0/24 maxlen: 24
                          46.227.24.0/24 maxlen: 24
                          46.227.31.0/24 maxlen: 24
                          46.227.30.0/24 maxlen: 24
                          46.227.29.0/24 maxlen: 24
                          46.227.28.0/24 maxlen: 24
                          46.227.27.0/24 maxlen: 24
                          46.227.26.0/24 maxlen: 24
                          46.227.25.0/24 maxlen: 24
                          159.255.0.0/20 maxlen: 20
                          159.255.16.0/24 maxlen: 24
                          159.255.17.0/24 maxlen: 24
                          159.255.23.0/24 maxlen: 24
                          159.255.19.0/24 maxlen: 24
                          159.255.18.0/24 maxlen: 24
                          159.255.22.0/24 maxlen: 24
                          159.255.21.0/24 maxlen: 24
                          159.255.20.0/24 maxlen: 24
                          159.255.29.0/24 maxlen: 24
                          159.255.28.0/24 maxlen: 24
                          159.255.31.0/24 maxlen: 24
                          159.255.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/ccaa1a-9daa-44b8-9e26-87f341888560/1/syHLgokI9DB0nuOl8qYt5fgi99E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/ccaa1a-9daa-44b8-9e26-87f341888560/1/syHLgokI9DB0nuOl8qYt5fgi99E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/syHLgokI9DB0nuOl8qYt5fgi99E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:24:57:d3:af:d0:92:b1:fe:74:86:69:96:19:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b321cb828908f430749ee3a5f2a62de5f822f7d1
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcbeec80ea3fb42c8f9993b4acb60b6550a15198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ed:90:54:5a:38:55:d1:b7:04:1b:d6:89:37:
                    fd:94:b9:8c:30:7a:76:b3:44:b0:85:80:d9:6c:83:
                    b0:e4:43:50:83:7f:dd:f6:82:c7:13:ae:12:8b:13:
                    69:88:7b:ca:65:4d:43:0e:00:02:fc:f4:ab:86:ca:
                    b1:c2:77:e7:ec:c3:38:c7:3a:df:9c:79:1f:a4:71:
                    43:4b:14:e1:84:9c:ab:0d:08:40:f3:e2:5a:92:75:
                    c2:e8:33:d0:47:59:5e:36:f6:55:5d:07:dd:5b:d0:
                    e7:c9:c2:48:e8:1a:98:5e:4f:c4:56:2a:29:32:8a:
                    e6:26:2a:00:60:ee:c9:94:78:76:e8:e6:0c:8d:a8:
                    88:d7:ce:38:85:46:83:0f:31:c7:fc:b6:05:fa:27:
                    62:08:34:fb:86:e0:3f:8a:8a:97:d4:19:3f:99:0c:
                    82:3a:c0:3c:99:19:24:e6:b6:23:02:78:57:85:62:
                    79:1a:00:84:a5:f1:83:49:e9:0d:a6:38:4a:84:4a:
                    57:2b:62:fa:13:8f:06:28:ff:23:25:45:36:a7:04:
                    1d:a7:69:0f:c5:0c:92:dc:0d:1c:68:1a:e4:ce:ff:
                    9f:55:49:13:34:65:1c:6c:fb:6f:20:4a:53:fc:a0:
                    ae:37:77:e9:b4:2e:7b:c5:2c:2b:95:21:55:68:2a:
                    0a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:BE:EC:80:EA:3F:B4:2C:8F:99:93:B4:AC:B6:0B:65:50:A1:51:98
            X509v3 Authority Key Identifier:
                keyid:B3:21:CB:82:89:08:F4:30:74:9E:E3:A5:F2:A6:2D:E5:F8:22:F7:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syHLgokI9DB0nuOl8qYt5fgi99E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/ccaa1a-9daa-44b8-9e26-87f341888560/1/vL7sgOo_tCyPmZO0rLYLZVChUZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/ccaa1a-9daa-44b8-9e26-87f341888560/1/syHLgokI9DB0nuOl8qYt5fgi99E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.8.0/22
                  46.227.24.0/21
                  91.142.144.0/20
                  159.255.0.0-159.255.23.255
                  159.255.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:c4:1b:8d:6a:5b:8c:5d:cb:74:bd:c0:cc:a8:81:0f:64:ca:
         7c:46:7b:1e:42:56:97:c2:67:0c:4a:9f:67:fc:93:f1:5a:82:
         76:ed:00:4d:07:00:0b:4c:7c:89:3d:b9:49:56:31:33:9c:a4:
         f7:15:61:32:68:bc:17:f4:d0:66:f6:f2:ad:08:98:ed:59:19:
         f6:a8:3d:ec:4d:48:a6:90:83:9e:78:4a:56:9d:96:6e:b3:bb:
         31:49:64:5c:3f:8a:dd:1e:d0:73:98:3c:82:8a:cb:f0:9e:44:
         8f:5f:17:e5:54:19:53:5d:08:20:21:fb:6f:19:1c:cd:c6:80:
         4c:d5:a7:ab:6e:6a:02:f9:39:bf:62:85:d2:6e:80:5a:e2:44:
         01:74:77:ed:bc:bb:9c:82:ad:fa:d2:52:de:d1:d2:2a:ae:88:
         37:86:4e:a2:cb:5a:54:ab:a0:92:8d:90:7b:33:81:59:5a:bc:
         ae:ce:e5:a4:6e:40:dc:64:ba:b3:af:f1:ab:ed:7c:c7:cd:1b:
         7b:47:97:65:d8:08:88:ef:83:b1:19:c6:14:3a:13:b7:33:b0:
         1a:2c:4f:bd:2b:46:81:fe:f0:15:fb:e7:3c:17:df:d2:22:17:
         55:9b:1f:5c:2c:59:c1:db:c7:d2:7b:07:d8:53:5c:70:5a:73:
         69:92:1b:12
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYzIASRX06/QkrH+dIZplhlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMjFjYjgyODkwOGY0MzA3NDllZTNhNWYyYTYyZGU1Zjgy
MmY3ZDEwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2JlZWM4MGVhM2ZiNDJjOGY5OTkzYjRhY2I2MGI2NTUwYTE1MTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAie2QVFo4VdG3BBvWiTf9lLmMMHp2
s0SwhYDZbIOw5ENQg3/d9oLHE64SixNpiHvKZU1DDgAC/PSrhsqxwnfn7MM4xzrf
nHkfpHFDSxThhJyrDQhA8+JaknXC6DPQR1leNvZVXQfdW9DnycJI6BqYXk/EViop
MormJioAYO7JlHh26OYMjaiI1844hUaDDzHH/LYF+idiCDT7huA/ioqX1Bk/mQyC
OsA8mRkk5rYjAnhXhWJ5GgCEpfGDSekNpjhKhEpXK2L6E48GKP8jJUU2pwQdp2kP
xQyS3A0caBrkzv+fVUkTNGUcbPtvIEpT/KCuN3fptC57xSwrlSFVaCoKhQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFLy+7IDqP7Qsj5mTtKy2C2VQoVGYMB8GA1UdIwQY
MBaAFLMhy4KJCPQwdJ7jpfKmLeX4IvfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3lITGdva0k5REIwbnVPbDhxWXQ1ZmdpOTlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jY2FhMWEtOWRhYS00NGI4LTllMjYt
ODdmMzQxODg4NTYwLzEvdkw3c2dPb190Q3lQbVpPMHJMWUxaVkNoVVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jY2FhMWEtOWRhYS00NGI4LTllMjYtODdmMzQxODg4NTYw
LzEvc3lITGdva0k5REIwbnVPbDhxWXQ1ZmdpOTlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAATAlAwQCLhAIAwQD
LuMYAwQEW46QMAsDAwCf/wMEA5//EAMEAp//HDANBgkqhkiG9w0BAQsFAAOCAQEA
T8QbjWpbjF3LdL3AzKiBD2TKfEZ7HkJWl8JnDEqfZ/yT8VqCdu0ATQcAC0x8iT25
SVYxM5yk9xVhMmi8F/TQZvbyrQiY7VkZ9qg97E1IppCDnnhKVp2WbrO7MUlkXD+K
3R7Qc5g8gorL8J5Ej18X5VQZU10IICH7bxkczcaATNWnq25qAvk5v2KF0m6AWuJE
AXR37by7nIKt+tJS3tHSKq6IN4ZOostaVKugko2QezOBWVq8rs7lpG5A3GS6s6/x
q+18x80be0eXZdgIiO+DsRnGFDoTtzOwGixPvStGgf7wFfvnPBff0iIXVZsfXCxZ
wdvH0nsH2FNccFpzaZIbEg==
-----END CERTIFICATE-----
Generated at Sun Jun 16 03:47:57 2024 by rpki-client on console-ams.rpki-client.org