Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/YFJcjlbXYRc0ju_DrP_IIdd1PBc.roa
File:                     YFJcjlbXYRc0ju_DrP_IIdd1PBc.roa (raw, json)
Hash identifier:          Fqc5Fh6HIuVC9sEA9LPVl/ApB8yQd3irxKsoX7gOBY4=
Subject key identifier:   60:52:5C:8E:56:D7:61:17:34:8E:EF:C3:AC:FF:C8:21:D7:75:3C:17
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A8209707F397BEAE2ABF37D996BFA
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/YFJcjlbXYRc0ju_DrP_IIdd1PBc.roa
Signing time:             Mon 01 Jan 2024 18:30:20 +0000
ROA not before:           Mon 01 Jan 2024 18:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201411
IP address blocks:        37.18.96.0/22 maxlen: 24
                          178.170.156.0/22 maxlen: 24
                          37.18.62.0/24 maxlen: 24
                          37.18.63.0/24 maxlen: 24
                          188.120.36.0/22 maxlen: 24
                          188.120.40.0/22 maxlen: 24
                          178.170.182.0/23 maxlen: 24
                          178.170.184.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:82:09:70:7f:39:7b:ea:e2:ab:f3:7d:99:6b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60525c8e56d76117348eefc3acffc821d7753c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e9:7c:f0:4f:e8:3e:0a:d6:db:e9:b7:ae:25:
                    d9:d7:6c:e7:64:84:db:98:24:22:9f:5f:51:6c:5f:
                    84:a0:78:2c:ad:84:21:0d:7d:eb:1b:db:86:f6:d3:
                    c9:fa:7d:d4:02:c2:f5:ab:71:f2:1e:80:48:9b:bd:
                    ac:f0:cc:90:f2:1c:64:ad:5e:9a:a6:6d:c7:8b:ba:
                    82:36:02:19:3c:00:f1:e7:9b:fb:79:12:48:2c:28:
                    cc:9e:34:3f:74:8e:f6:16:8c:31:85:13:7f:e8:11:
                    36:fe:fe:a7:32:2f:83:56:82:b7:96:d1:e5:db:17:
                    80:3f:c0:49:37:38:c7:a9:f4:4b:27:94:95:c5:e7:
                    51:f4:04:57:f5:5a:f0:98:65:93:f8:43:c3:98:bc:
                    ed:2f:2a:19:c4:31:83:ca:d2:c1:40:2e:33:e1:1c:
                    8b:5d:76:4f:21:89:19:78:89:2f:30:d7:f4:d0:5c:
                    ed:8e:72:a8:c4:6f:1f:10:69:85:b4:28:42:fb:ba:
                    31:1e:de:17:99:ec:b4:a1:a9:47:8a:3d:0a:02:28:
                    4a:f8:37:d9:d8:8d:b4:b3:38:a9:97:79:67:4b:7b:
                    33:5b:cf:34:a3:82:d7:99:68:f9:b7:fa:b4:45:01:
                    89:02:f9:d8:91:42:59:ba:ae:72:d4:65:ce:3c:28:
                    3b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:52:5C:8E:56:D7:61:17:34:8E:EF:C3:AC:FF:C8:21:D7:75:3C:17
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/YFJcjlbXYRc0ju_DrP_IIdd1PBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.62.0/23
                  37.18.96.0/22
                  178.170.156.0/22
                  178.170.182.0-178.170.185.255
                  188.120.36.0-188.120.43.255

    Signature Algorithm: sha256WithRSAEncryption
         21:64:87:10:79:9b:85:91:f7:44:61:85:76:47:7f:6b:a0:8b:
         06:95:bd:a9:ad:66:e0:9e:c7:65:2c:df:90:9b:76:48:9f:16:
         25:26:55:4d:78:9f:3a:f9:40:54:87:3c:44:be:1e:3a:52:3b:
         76:8b:22:e6:c0:8e:36:6a:70:5c:46:12:84:a6:83:97:dc:f8:
         ae:62:db:dd:c3:da:24:09:27:55:e5:12:60:8d:25:77:fa:29:
         cc:be:e2:eb:b6:17:3d:7d:6c:7d:54:79:2b:a0:cf:fb:6e:29:
         4b:0b:fa:dd:83:0a:b5:65:a6:cb:7c:bf:4b:67:35:40:5a:e5:
         1c:5b:60:4e:a3:99:95:5d:88:9b:5d:5c:ab:06:60:93:da:ab:
         8a:7d:25:80:e8:5f:b8:07:82:32:46:fc:ae:a3:c8:7d:c8:a3:
         5c:cb:ac:a7:84:21:71:47:5c:9a:5d:c5:e6:f0:1f:b5:8e:90:
         e4:a7:29:c5:f0:6d:35:10:f6:10:c0:16:67:bf:44:91:22:28:
         4e:f5:b1:f7:bb:ba:7c:eb:46:33:87:d7:cd:2f:b0:e0:8a:b0:
         b6:1b:e4:f4:c8:e6:b2:1e:dc:7e:05:ff:7f:a7:38:4b:ed:96:
         ea:87:bf:b2:be:92:f7:73:73:12:4a:14:24:39:51:3e:61:66:
         97:af:f9:3d
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzGSoIJcH85e+riq/N9mWv6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDUyNWM4ZTU2ZDc2MTE3MzQ4ZWVmYzNhY2ZmYzgyMWQ3NzUzYzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmul88E/oPgrW2+m3riXZ12znZITb
mCQin19RbF+EoHgsrYQhDX3rG9uG9tPJ+n3UAsL1q3HyHoBIm72s8MyQ8hxkrV6a
pm3Hi7qCNgIZPADx55v7eRJILCjMnjQ/dI72FowxhRN/6BE2/v6nMi+DVoK3ltHl
2xeAP8BJNzjHqfRLJ5SVxedR9ARX9VrwmGWT+EPDmLztLyoZxDGDytLBQC4z4RyL
XXZPIYkZeIkvMNf00FztjnKoxG8fEGmFtChC+7oxHt4Xmey0oalHij0KAihK+DfZ
2I20szipl3lnS3szW880o4LXmWj5t/q0RQGJAvnYkUJZuq5y1GXOPCg7nQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFGBSXI5W12EXNI7vw6z/yCHXdTwXMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvWUZKY2psYlhZUmMwanVfRHJQX0lJZGQxUEJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQBJRI+AwQC
JRJgAwQCsqqcMAwDBAGyqrYDBAGyqrgwDAMEArx4JAMEArx4KDANBgkqhkiG9w0B
AQsFAAOCAQEAIWSHEHmbhZH3RGGFdkd/a6CLBpW9qa1m4J7HZSzfkJt2SJ8WJSZV
TXifOvlAVIc8RL4eOlI7dosi5sCONmpwXEYShKaDl9z4rmLb3cPaJAknVeUSYI0l
d/opzL7i67YXPX1sfVR5K6DP+24pSwv63YMKtWWmy3y/S2c1QFrlHFtgTqOZlV2I
m11cqwZgk9qrin0lgOhfuAeCMkb8rqPIfcijXMusp4QhcUdcml3F5vAftY6Q5Kcp
xfBtNRD2EMAWZ79EkSIoTvWx97u6fOtGM4fXzS+w4Iqwthvk9Mjmsh7cfgX/f6c4
S+2W6oe/sr6S93NzEkoUJDlRPmFml6/5PQ==
-----END CERTIFICATE-----
Generated at Mon Jun 17 14:20:30 2024 by rpki-client on console-fra.rpki-client.org