Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/nE4RAyUyUQcYAJ2aLCwDxd6PG94.roa
File:                     nE4RAyUyUQcYAJ2aLCwDxd6PG94.roa (raw, json)
Hash identifier:          4hvD8fr8xTv+jvZ/OQm8Af1dQ7aZhEMvn3MegEga9VI=
Subject key identifier:   9C:4E:11:03:25:32:51:07:18:00:9D:9A:2C:2C:03:C5:DE:8F:1B:DE
Certificate issuer:       /CN=c9ed64c93ddfdf2f49b7ea1c23eaad0870249a33
Certificate serial:       018E52118B31225C5499248B6048CCC30614
Authority key identifier: C9:ED:64:C9:3D:DF:DF:2F:49:B7:EA:1C:23:EA:AD:08:70:24:9A:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/nE4RAyUyUQcYAJ2aLCwDxd6PG94.roa
Signing time:             Mon 18 Mar 2024 14:57:45 +0000
ROA not before:           Mon 18 Mar 2024 14:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29283
IP address blocks:        85.184.64.0/19 maxlen: 19
                          85.184.78.0/24 maxlen: 24
                          89.33.144.0/21 maxlen: 21
                          94.199.120.0/21 maxlen: 21
                          149.232.176.0/21 maxlen: 21
                          185.6.60.0/22 maxlen: 22
                          185.6.60.0/24 maxlen: 24
                          185.6.61.0/24 maxlen: 24
                          185.6.62.0/24 maxlen: 24
                          213.174.96.0/19 maxlen: 19
                          213.174.127.0/24 maxlen: 24
                          2a02:6c40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:52:11:8b:31:22:5c:54:99:24:8b:60:48:cc:c3:06:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9ed64c93ddfdf2f49b7ea1c23eaad0870249a33
        Validity
            Not Before: Mar 18 14:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c4e11032532510718009d9a2c2c03c5de8f1bde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f8:a6:58:68:2c:1f:ac:21:8f:33:22:91:94:
                    fa:fc:7f:07:51:66:7f:8e:8b:a6:14:cd:0b:f3:18:
                    6b:d7:c6:8c:24:09:63:f5:45:09:c6:29:de:3a:f5:
                    71:49:83:e4:6d:c3:3b:ea:b9:c1:34:93:f6:70:6b:
                    63:61:87:87:2e:0e:be:cd:3f:be:59:c7:80:b2:cc:
                    40:3d:55:fe:02:5e:73:2f:9c:43:fa:c5:3b:cd:6c:
                    01:ad:f6:6f:10:cd:94:f1:56:83:60:e0:4c:c2:05:
                    b5:b1:7c:94:4f:73:4e:96:8f:18:33:a8:9a:c4:77:
                    39:4b:16:9b:0b:e3:c9:bc:68:74:d0:92:4d:53:47:
                    2a:2e:7a:f0:ac:da:1f:84:73:5d:59:41:07:4c:d4:
                    0f:c0:ed:fe:1c:9d:e5:6b:f7:9e:a9:16:fa:38:12:
                    79:fd:89:6f:a6:33:65:e7:f0:c2:67:d8:43:31:47:
                    58:67:6a:bb:c4:c0:73:3e:d7:0d:7d:e3:68:46:cb:
                    c8:78:3c:db:11:f9:5a:86:f9:8d:3d:2d:0b:37:2d:
                    30:f1:48:fc:bc:ff:e4:5a:19:d4:1e:93:f2:ce:d1:
                    19:f8:1c:7d:7d:04:55:a3:7f:3c:25:a1:31:4a:c1:
                    f8:f1:3a:a6:b2:23:2c:7d:6e:13:88:6e:8e:7c:82:
                    5c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4E:11:03:25:32:51:07:18:00:9D:9A:2C:2C:03:C5:DE:8F:1B:DE
            X509v3 Authority Key Identifier:
                keyid:C9:ED:64:C9:3D:DF:DF:2F:49:B7:EA:1C:23:EA:AD:08:70:24:9A:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/nE4RAyUyUQcYAJ2aLCwDxd6PG94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.184.64.0/19
                  89.33.144.0/21
                  94.199.120.0/21
                  149.232.176.0/21
                  185.6.60.0/22
                  213.174.96.0/19
                IPv6:
                  2a02:6c40::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:d9:99:be:84:cb:b2:51:bd:af:d1:3d:02:a6:d4:38:9b:32:
         bc:bb:c8:bb:c6:26:db:85:f7:98:d2:0c:d3:df:d1:4a:28:23:
         c7:fa:7b:4d:3b:fa:72:ad:89:76:de:70:92:35:2b:1e:93:03:
         ee:aa:75:e8:96:f1:18:be:b2:5a:79:08:07:d1:e3:5c:c1:07:
         53:e8:07:0c:a5:94:b9:22:d9:88:83:d3:a2:fb:1f:c4:2a:b4:
         ec:01:56:16:68:cb:ed:35:58:72:1f:18:e0:69:f7:33:d6:0b:
         0b:2d:8f:ee:93:6a:0c:1e:83:40:15:ea:d8:61:4b:c2:af:ce:
         b3:03:a9:37:26:f7:69:d9:1e:46:35:90:ee:1d:8d:13:43:e7:
         d0:d2:d2:c0:ea:9d:4f:a5:bc:c9:60:af:b1:cb:6c:6b:9b:b7:
         22:2c:07:73:04:00:21:30:d7:a6:37:e7:f6:7b:e4:a0:dd:7b:
         d7:cb:7c:45:88:9d:8b:c1:f4:48:21:64:0a:f1:28:84:e4:7b:
         63:86:e7:bf:3c:08:24:74:79:df:88:ab:33:40:e7:2f:b7:ab:
         73:9f:c7:6b:28:47:1f:87:c9:bc:e1:69:73:1f:6b:14:c4:a4:
         62:28:5a:a1:86:62:29:10:da:08:63:c4:e2:30:d8:6e:ec:13:
         a8:b3:2d:bd
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAY5SEYsxIlxUmSSLYEjMwwYUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZWQ2NGM5M2RkZmRmMmY0OWI3ZWExYzIzZWFhZDA4NzAy
NDlhMzMwHhcNMjQwMzE4MTQ1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRlMTEwMzI1MzI1MTA3MTgwMDlkOWEyYzJjMDNjNWRlOGYxYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifimWGgsH6whjzMikZT6/H8HUWZ/
joumFM0L8xhr18aMJAlj9UUJxineOvVxSYPkbcM76rnBNJP2cGtjYYeHLg6+zT++
WceAssxAPVX+Al5zL5xD+sU7zWwBrfZvEM2U8VaDYOBMwgW1sXyUT3NOlo8YM6ia
xHc5SxabC+PJvGh00JJNU0cqLnrwrNofhHNdWUEHTNQPwO3+HJ3la/eeqRb6OBJ5
/YlvpjNl5/DCZ9hDMUdYZ2q7xMBzPtcNfeNoRsvIeDzbEflahvmNPS0LNy0w8Uj8
vP/kWhnUHpPyztEZ+Bx9fQRVo388JaExSsH48TqmsiMsfW4TiG6OfIJcVwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFJxOEQMlMlEHGACdmiwsA8XejxveMB8GA1UdIwQY
MBaAFMntZMk9398vSbfqHCPqrQhwJJozMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWUxa3lUM2YzeTlKdC1vY0ktcXRDSEFrbWpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yYTJhYjItMzA5OC00YTBmLTgwOWMt
MzVlZDViNTNkYTA1LzEvbkU0UkF5VXlVUWNZQUoyYUxDd0R4ZDZQRzk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yYTJhYjItMzA5OC00YTBmLTgwOWMtMzVlZDViNTNkYTA1
LzEveWUxa3lUM2YzeTlKdC1vY0ktcXRDSEFrbWpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFVbhAAwQD
WSGQAwQDXsd4AwQDleiwAwQCuQY8AwQF1a5gMA0EAgACMAcDBQAqAmxAMA0GCSqG
SIb3DQEBCwUAA4IBAQA72Zm+hMuyUb2v0T0CptQ4mzK8u8i7xibbhfeY0gzT39FK
KCPH+ntNO/pyrYl23nCSNSsekwPuqnXolvEYvrJaeQgH0eNcwQdT6AcMpZS5ItmI
g9Oi+x/EKrTsAVYWaMvtNVhyHxjgafcz1gsLLY/uk2oMHoNAFerYYUvCr86zA6k3
Jvdp2R5GNZDuHY0TQ+fQ0tLA6p1PpbzJYK+xy2xrm7ciLAdzBAAhMNemN+f2e+Sg
3XvXy3xFiJ2LwfRIIWQK8SiE5Htjhue/PAgkdHnfiKszQOcvt6tzn8drKEcfh8m8
4WlzH2sUxKRiKFqhhmIpENoIY8TiMNhu7BOosy29
-----END CERTIFICATE-----
Generated at Sun Jun 16 05:30:48 2024 by rpki-client on console-fra.rpki-client.org