Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/xIvbIFq2GTRibPM3JvC73t-Jv84.roa
File:                     xIvbIFq2GTRibPM3JvC73t-Jv84.roa (raw, json)
Hash identifier:          S9PZ1tpiYt2eK0ybZNEtLZwz2erbqD7AXoSAUQWy9gs=
Subject key identifier:   C4:8B:DB:20:5A:B6:19:34:62:6C:F3:37:26:F0:BB:DE:DF:89:BF:CE
Certificate issuer:       /CN=85dc9c55e1597e88564daf567e5a4665978c7b85
Certificate serial:       018CC8DEB9B0E9B159A0198412FE8DDD8A00
Authority key identifier: 85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/xIvbIFq2GTRibPM3JvC73t-Jv84.roa
Signing time:             Tue 02 Jan 2024 06:31:28 +0000
ROA not before:           Tue 02 Jan 2024 06:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213354
IP address blocks:        194.62.246.0/23 maxlen: 23
                          194.62.244.0/23 maxlen: 23
                          194.15.112.0/24 maxlen: 24
                          194.15.113.0/24 maxlen: 24
                          185.248.192.0/23 maxlen: 23
                          185.248.194.0/23 maxlen: 23
                          194.26.18.0/24 maxlen: 24
                          91.228.68.0/22 maxlen: 22
                          2a11:9c00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:b9:b0:e9:b1:59:a0:19:84:12:fe:8d:dd:8a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85dc9c55e1597e88564daf567e5a4665978c7b85
        Validity
            Not Before: Jan  2 06:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c48bdb205ab61934626cf33726f0bbdedf89bfce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:27:74:5d:83:aa:46:7b:61:15:b9:63:47:76:
                    7d:f4:ad:43:fc:f5:2d:52:d5:fc:31:45:95:5b:3b:
                    03:74:78:a0:4e:19:bb:04:97:d9:a4:db:83:eb:8e:
                    9e:4e:14:95:bb:8f:54:45:85:5c:7e:60:05:a6:46:
                    0c:35:c8:67:12:0c:8f:0e:50:b0:bc:9a:f3:ed:fc:
                    e5:3c:90:28:7a:79:d5:e8:8a:29:43:af:52:a2:40:
                    97:2e:92:ae:cf:27:9f:3f:06:48:1a:3b:b1:3d:d2:
                    38:f2:ae:b9:51:d8:84:15:91:19:2b:6f:e3:af:27:
                    f2:1e:f4:41:d0:9c:81:25:86:30:b6:77:bf:ad:12:
                    94:e7:fa:3a:a7:15:20:7b:72:da:d8:98:d6:82:9f:
                    26:09:be:16:c3:ba:89:1e:95:43:e3:e7:88:e6:7f:
                    70:1b:44:c5:e9:dd:09:1c:4a:1c:14:c1:1b:fc:29:
                    17:a3:37:6d:5b:8e:96:a5:0e:94:60:c9:03:4e:5a:
                    5e:bf:f7:12:cc:b5:57:39:8f:a5:3d:e9:a3:c4:22:
                    76:03:01:c5:72:a9:ed:84:80:c1:e0:6f:b0:5e:ae:
                    58:1b:52:44:90:89:c5:99:3e:18:9b:d7:98:e4:8d:
                    3c:d7:be:fa:a1:7f:90:8f:1f:44:b2:b6:bd:a5:b6:
                    08:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8B:DB:20:5A:B6:19:34:62:6C:F3:37:26:F0:BB:DE:DF:89:BF:CE
            X509v3 Authority Key Identifier:
                keyid:85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/xIvbIFq2GTRibPM3JvC73t-Jv84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.68.0/22
                  185.248.192.0/22
                  194.15.112.0/23
                  194.26.18.0/24
                  194.62.244.0/22
                IPv6:
                  2a11:9c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         59:86:bf:4e:d9:b7:07:f3:06:51:5a:62:77:d9:10:ea:c4:49:
         7a:e1:2c:c5:36:cf:d3:33:a7:9a:be:5c:49:eb:2d:8d:17:e8:
         43:af:d0:83:78:78:7c:d5:d5:9e:02:d6:49:25:28:de:04:41:
         17:f0:1c:f6:b4:f1:fc:33:98:ed:c2:0a:8c:b4:6a:5e:c4:87:
         93:67:3d:7b:fb:b7:86:64:be:dd:b9:68:29:46:9a:ac:cf:cc:
         72:e9:0a:d8:ab:a6:a3:a7:07:9f:2d:32:df:34:aa:a1:05:0a:
         13:aa:2e:c3:b3:32:ac:8e:01:83:b4:ea:94:10:50:70:83:31:
         e4:09:18:d7:6f:11:36:55:ee:6e:99:48:c7:1d:19:e7:bd:c0:
         d0:f6:e8:be:14:b5:86:71:dd:c8:fa:f3:50:75:bb:31:ca:16:
         9e:7f:35:27:0b:29:99:f5:eb:a9:9c:4a:7e:13:2d:a4:79:48:
         06:ef:c1:d6:23:7c:20:8f:a1:a6:72:39:6c:ea:79:05:45:44:
         da:8d:1e:a0:63:ba:62:62:7c:c6:ac:78:eb:a9:52:ad:a7:45:
         ad:90:f0:7b:57:9a:25:6c:88:cc:c9:30:c6:b6:42:77:aa:5f:
         34:c1:8c:7e:13:9e:86:da:9f:64:2c:a6:7b:4c:51:d8:f6:95:
         07:b7:3e:d1
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzI3rmw6bFZoBmEEv6N3YoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZGM5YzU1ZTE1OTdlODg1NjRkYWY1NjdlNWE0NjY1OTc4
YzdiODUwHhcNMjQwMTAyMDYzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDhiZGIyMDVhYjYxOTM0NjI2Y2YzMzcyNmYwYmJkZWRmODliZmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCd0XYOqRnthFbljR3Z99K1D/PUt
UtX8MUWVWzsDdHigThm7BJfZpNuD646eThSVu49URYVcfmAFpkYMNchnEgyPDlCw
vJrz7fzlPJAoennV6IopQ69SokCXLpKuzyefPwZIGjuxPdI48q65UdiEFZEZK2/j
ryfyHvRB0JyBJYYwtne/rRKU5/o6pxUge3La2JjWgp8mCb4Ww7qJHpVD4+eI5n9w
G0TF6d0JHEocFMEb/CkXozdtW46WpQ6UYMkDTlpev/cSzLVXOY+lPemjxCJ2AwHF
cqnthIDB4G+wXq5YG1JEkInFmT4Ym9eY5I081776oX+Qjx9Esra9pbYICwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFMSL2yBathk0YmzzNybwu97fib/OMB8GA1UdIwQY
MBaAFIXcnFXhWX6IVk2vVn5aRmWXjHuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0Mjkt
ODZlYTE5ZDI5MTYzLzEveEl2YklGcTJHVFJpYlBNM0p2QzczdC1Kdjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0MjktODZlYTE5ZDI5MTYz
LzEvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAkBAIAATAeAwQCW+REAwQC
ufjAAwQBwg9wAwQAwhoSAwQCwj70MA4EAgACMAgDBgAqEZwAADANBgkqhkiG9w0B
AQsFAAOCAQEAWYa/Ttm3B/MGUVpid9kQ6sRJeuEsxTbP0zOnmr5cSestjRfoQ6/Q
g3h4fNXVngLWSSUo3gRBF/Ac9rTx/DOY7cIKjLRqXsSHk2c9e/u3hmS+3bloKUaa
rM/McukK2Kumo6cHny0y3zSqoQUKE6ouw7MyrI4Bg7TqlBBQcIMx5AkY128RNlXu
bplIxx0Z573A0PbovhS1hnHdyPrzUHW7McoWnn81JwspmfXrqZxKfhMtpHlIBu/B
1iN8II+hpnI5bOp5BUVE2o0eoGO6YmJ8xqx466lSradFrZDwe1eaJWyIzMkwxrZC
d6pfNMGMfhOehtqfZCyme0xR2PaVB7c+0Q==
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:18:08 2024 by rpki-client on console-ams.rpki-client.org