Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/LL7ibCevj1Uc9dyjXVlqucHC7yw.roa
File:                     LL7ibCevj1Uc9dyjXVlqucHC7yw.roa (raw, json)
Hash identifier:          6MMlhArGYFl8Fw0VNeE2xw+SZ67xiWVMf//eojedOFw=
Subject key identifier:   2C:BE:E2:6C:27:AF:8F:55:1C:F5:DC:A3:5D:59:6A:B9:C1:C2:EF:2C
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       018F5910B02352CABDC9892B1C4A9E6D0FA5
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/LL7ibCevj1Uc9dyjXVlqucHC7yw.roa
Signing time:             Wed 08 May 2024 16:36:56 +0000
ROA not before:           Wed 08 May 2024 16:36:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        5.104.104.0/21 maxlen: 24
                          5.199.128.0/20 maxlen: 24
                          37.157.248.0/21 maxlen: 24
                          46.20.32.0/20 maxlen: 24
                          46.228.192.0/20 maxlen: 24
                          62.141.32.0/20 maxlen: 24
                          78.31.64.0/21 maxlen: 24
                          80.82.208.0/20 maxlen: 24
                          81.30.144.0/20 maxlen: 24
                          83.136.80.0/21 maxlen: 24
                          85.14.192.0/18 maxlen: 24
                          85.114.128.0/19 maxlen: 24
                          89.163.128.0/17 maxlen: 24
                          91.194.84.0/24 maxlen: 24
                          91.212.153.0/24 maxlen: 24
                          91.212.159.0/24 maxlen: 24
                          91.212.163.0/24 maxlen: 24
                          93.186.192.0/20 maxlen: 24
                          146.0.32.0/20 maxlen: 24
                          146.19.166.0/24 maxlen: 24
                          152.89.92.0/22 maxlen: 24
                          185.15.244.0/22 maxlen: 24
                          185.45.248.0/22 maxlen: 24
                          185.219.208.0/22 maxlen: 24
                          193.111.198.0/23 maxlen: 24
                          194.107.129.0/24 maxlen: 24
                          194.126.198.0/24 maxlen: 24
                          195.93.242.0/23 maxlen: 24
                          213.202.192.0/18 maxlen: 24
                          217.79.176.0/20 maxlen: 24
                          2001:4ba0::/32 maxlen: 32
                          2001:4ba1::/32 maxlen: 32
                          2001:4ba3::/32 maxlen: 32
                          2001:4ba4::/32 maxlen: 32
                          2a01:480::/32 maxlen: 32
                          2a0c:6b00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:59:10:b0:23:52:ca:bd:c9:89:2b:1c:4a:9e:6d:0f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: May  8 16:36:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cbee26c27af8f551cf5dca35d596ab9c1c2ef2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:43:53:22:d3:b5:c7:56:e9:03:c2:39:9e:31:
                    6f:e6:35:f0:b8:38:72:c7:ac:75:45:0f:9b:88:a4:
                    fa:ef:52:93:78:27:31:de:9c:19:ff:60:83:fb:9d:
                    90:e4:56:44:93:a6:45:22:04:66:10:57:8b:78:f2:
                    6a:7b:bb:c8:ff:da:60:7b:1a:b1:68:65:a3:cc:5f:
                    f2:dd:cf:0e:ac:86:28:7c:12:b9:2f:69:c2:2e:28:
                    22:ff:d2:61:74:5b:09:14:c8:29:6e:b8:c0:ce:9f:
                    82:1d:38:b7:e7:2f:59:93:68:e0:b3:d4:ad:a9:53:
                    72:a5:d6:09:fe:21:db:50:1e:d6:32:cc:bf:fa:ee:
                    ec:76:33:04:83:d5:9a:84:a1:a7:a6:25:69:09:41:
                    62:06:ad:75:c0:ac:20:f0:0e:a1:9c:58:cf:99:fb:
                    81:db:a7:c7:fc:63:2d:63:cb:97:d4:02:b1:c3:51:
                    1c:3f:81:47:64:67:b8:19:7b:53:20:7c:1a:97:96:
                    17:6e:47:8a:0a:99:55:23:6d:6d:98:e9:6c:a8:df:
                    95:97:9b:7b:16:02:e4:49:64:a6:8f:4c:f4:50:97:
                    fc:65:01:8f:a5:2c:dc:ab:e8:90:70:ab:4b:00:5d:
                    0f:db:d3:9f:17:a6:82:30:9c:bc:2e:de:ae:a9:98:
                    89:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:BE:E2:6C:27:AF:8F:55:1C:F5:DC:A3:5D:59:6A:B9:C1:C2:EF:2C
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/LL7ibCevj1Uc9dyjXVlqucHC7yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.104.0/21
                  5.199.128.0/20
                  37.157.248.0/21
                  46.20.32.0/20
                  46.228.192.0/20
                  62.141.32.0/20
                  78.31.64.0/21
                  80.82.208.0/20
                  81.30.144.0/20
                  83.136.80.0/21
                  85.14.192.0/18
                  85.114.128.0/19
                  89.163.128.0/17
                  91.194.84.0/24
                  91.212.153.0/24
                  91.212.159.0/24
                  91.212.163.0/24
                  93.186.192.0/20
                  146.0.32.0/20
                  146.19.166.0/24
                  152.89.92.0/22
                  185.15.244.0/22
                  185.45.248.0/22
                  185.219.208.0/22
                  193.111.198.0/23
                  194.107.129.0/24
                  194.126.198.0/24
                  195.93.242.0/23
                  213.202.192.0/18
                  217.79.176.0/20
                IPv6:
                  2001:4ba0::/31
                  2001:4ba3::-2001:4ba4:ffff:ffff:ffff:ffff:ffff:ffff
                  2a01:480::/32
                  2a0c:6b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:6d:e0:5f:fc:79:2d:aa:54:4f:5e:fe:8f:fb:59:63:17:b5:
         3c:d8:d7:b1:2f:dd:31:02:eb:6a:a5:68:fa:8b:1a:00:15:91:
         c6:eb:a3:58:9b:0c:b3:de:e5:aa:fd:9a:6d:f3:b7:d9:ad:40:
         fc:0d:7a:af:90:e0:df:05:6d:04:8b:ba:cd:45:2e:7b:be:e3:
         64:94:4f:71:70:d6:32:b3:eb:ea:39:ce:db:20:59:93:7a:01:
         4e:46:ea:57:45:74:07:e1:a7:4c:4a:c1:18:36:5b:2a:1f:0a:
         73:ff:06:31:0b:4c:e2:2b:a4:ff:62:ae:21:3f:e4:c2:03:9d:
         ed:07:c0:6c:7d:be:82:80:f5:5e:c3:39:6e:a9:c3:80:f2:ac:
         19:ed:ac:9a:f1:06:d1:80:26:54:8f:eb:30:af:3f:41:52:5f:
         e1:f0:0d:7f:59:e2:11:09:84:51:5f:0c:a8:f9:93:5e:a1:9f:
         9c:ea:01:1f:bd:d5:c9:c6:44:0a:fb:15:9e:d9:ca:e6:38:fa:
         d3:de:c4:3b:b4:bd:c6:83:1c:6e:8f:d9:95:9c:b2:78:35:4f:
         99:bc:7d:29:3b:08:56:61:95:39:68:17:00:ab:3a:21:e6:79:
         20:cf:9a:fe:4a:59:d6:15:d7:4c:92:20:e1:44:d4:a1:f7:21:
         77:7b:97:df
-----BEGIN CERTIFICATE-----
MIIF3TCCBMWgAwIBAgISAY9ZELAjUsq9yYkrHEqebQ+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjQwNTA4MTYzNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2JlZTI2YzI3YWY4ZjU1MWNmNWRjYTM1ZDU5NmFiOWMxYzJlZjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20NTItO1x1bpA8I5njFv5jXwuDhy
x6x1RQ+biKT671KTeCcx3pwZ/2CD+52Q5FZEk6ZFIgRmEFeLePJqe7vI/9pgexqx
aGWjzF/y3c8OrIYofBK5L2nCLigi/9JhdFsJFMgpbrjAzp+CHTi35y9Zk2jgs9St
qVNypdYJ/iHbUB7WMsy/+u7sdjMEg9WahKGnpiVpCUFiBq11wKwg8A6hnFjPmfuB
26fH/GMtY8uX1AKxw1EcP4FHZGe4GXtTIHwal5YXbkeKCplVI21tmOlsqN+Vl5t7
FgLkSWSmj0z0UJf8ZQGPpSzcq+iQcKtLAF0P29OfF6aCMJy8Lt6uqZiJbwIDAQAB
o4IC6TCCAuUwHQYDVR0OBBYEFCy+4mwnr49VHPXco11ZarnBwu8sMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvTEw3aWJDZXZqMVVjOWR5alhWbHF1Y0hDN3l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH+BggrBgEFBQcBBwEB/wSB7jCB6zCBuwQCAAEwgbQDBAMF
aGgDBAQFx4ADBAMlnfgDBAQuFCADBAQu5MADBAQ+jSADBANOH0ADBARQUtADBARR
HpADBANTiFADBAZVDsADBAVVcoADBAdZo4ADBABbwlQDBABb1JkDBABb1J8DBABb
1KMDBARdusADBASSACADBACSE6YDBAKYWVwDBAK5D/QDBAK5LfgDBAK529ADBAHB
b8YDBADCa4EDBADCfsYDBAHDXfIDBAbVysADBATZT7AwKwQCAAIwJQMFASABS6Aw
DgMFACABS6MDBQAgAUukAwUAKgEEgAMFACoMawAwDQYJKoZIhvcNAQELBQADggEB
AEZt4F/8eS2qVE9e/o/7WWMXtTzY17Ev3TEC62qlaPqLGgAVkcbro1ibDLPe5ar9
mm3zt9mtQPwNeq+Q4N8FbQSLus1FLnu+42SUT3Fw1jKz6+o5ztsgWZN6AU5G6ldF
dAfhp0xKwRg2WyofCnP/BjELTOIrpP9iriE/5MIDne0HwGx9voKA9V7DOW6pw4Dy
rBntrJrxBtGAJlSP6zCvP0FSX+HwDX9Z4hEJhFFfDKj5k16hn5zqAR+91cnGRAr7
FZ7ZyuY4+tPexDu0vcaDHG6P2ZWcsng1T5m8fSk7CFZhlTloFwCrOiHmeSDPmv5K
WdYV10ySIOFE1KH3IXd7l98=
-----END CERTIFICATE-----
Generated at Sat Jun 15 23:36:13 2024 by rpki-client on console-ams.rpki-client.org