Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/ALyeecU6SJEN6kevwt9YQyFRDj4.roa
File:                     ALyeecU6SJEN6kevwt9YQyFRDj4.roa (raw, json)
Hash identifier:          eokhnItfiXEoqAQPMC76rt9eAsM9T0EwdllA5KUGmB0=
Subject key identifier:   00:BC:9E:79:C5:3A:48:91:0D:EA:47:AF:C2:DF:58:43:21:51:0E:3E
Certificate issuer:       /CN=297c508d23b38315bbf45b726d22050a46127b8c
Certificate serial:       018CC871315E3101F2FA3C496BD3A63CE7E2
Authority key identifier: 29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/ALyeecU6SJEN6kevwt9YQyFRDj4.roa
Signing time:             Tue 02 Jan 2024 04:31:50 +0000
ROA not before:           Tue 02 Jan 2024 04:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57633
IP address blocks:        195.49.132.0/22 maxlen: 22
                          45.9.244.0/22 maxlen: 22
                          185.79.220.0/22 maxlen: 22
                          77.240.192.0/20 maxlen: 20
                          37.25.72.0/21 maxlen: 21
                          46.182.208.0/21 maxlen: 21
                          2a00:1ab0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 23:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:31:5e:31:01:f2:fa:3c:49:6b:d3:a6:3c:e7:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297c508d23b38315bbf45b726d22050a46127b8c
        Validity
            Not Before: Jan  2 04:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00bc9e79c53a48910dea47afc2df584321510e3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ab:6b:cf:d6:d0:d9:dc:02:7a:8b:d3:96:10:
                    52:b3:78:1e:45:5f:ee:17:28:cf:de:d3:b3:4a:1c:
                    8f:db:c3:66:8d:e7:85:ed:26:29:ab:38:d2:e2:72:
                    3c:8f:3a:a1:0d:cf:f4:e1:32:5f:20:d3:cb:c3:4e:
                    49:6b:11:f0:ea:5e:c8:3a:e0:9f:b9:0e:c8:5b:03:
                    37:ae:80:fc:d3:cd:29:49:0f:7e:10:97:bb:0a:11:
                    27:5b:c1:e8:1c:a5:72:ba:3e:f7:e6:ab:43:c3:53:
                    83:df:2e:20:5f:6a:95:a4:95:8d:59:a1:bf:3d:77:
                    af:ef:c4:bd:3b:05:26:a8:0d:73:8d:44:89:f3:4c:
                    45:fe:f7:08:1d:99:90:25:bc:aa:fe:3d:60:2f:87:
                    bb:58:14:ab:42:0f:9c:c8:ec:04:97:d8:e2:aa:ce:
                    43:0c:68:7e:f4:53:eb:d3:51:c4:a1:6a:fb:49:94:
                    dd:f9:f3:c1:b6:eb:46:3a:1f:aa:62:e8:2c:f2:69:
                    fe:0a:c4:15:e2:40:6d:dd:a8:f2:d9:fd:eb:2c:c6:
                    83:68:b3:18:4a:63:16:4e:a2:d3:97:98:97:6e:11:
                    4a:54:e6:cb:0a:74:ec:0d:48:60:35:fc:8e:94:82:
                    4b:a6:aa:07:4f:ed:e8:1b:c4:f7:27:56:cb:4b:7e:
                    90:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:BC:9E:79:C5:3A:48:91:0D:EA:47:AF:C2:DF:58:43:21:51:0E:3E
            X509v3 Authority Key Identifier:
                keyid:29:7C:50:8D:23:B3:83:15:BB:F4:5B:72:6D:22:05:0A:46:12:7B:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXxQjSOzgxW79FtybSIFCkYSe4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/ALyeecU6SJEN6kevwt9YQyFRDj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/8abeed-f53b-4776-a8e2-36e9a79bd950/1/KXxQjSOzgxW79FtybSIFCkYSe4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.25.72.0/21
                  45.9.244.0/22
                  46.182.208.0/21
                  77.240.192.0/20
                  185.79.220.0/22
                  195.49.132.0/22
                IPv6:
                  2a00:1ab0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:05:07:f0:d1:88:32:83:78:e3:f6:08:3c:9d:e4:f7:c7:f5:
         33:2a:04:63:20:8f:36:8a:e9:db:f1:7a:0b:4c:b3:d1:06:9d:
         13:d3:68:e3:fd:3a:dd:0f:58:cc:70:f0:42:3a:ed:ee:21:f6:
         0d:bd:7d:44:70:7a:f6:94:4c:52:21:e0:2c:73:10:4a:0f:5e:
         54:9e:71:fc:d8:35:b2:6c:6d:81:f6:d7:2c:72:0c:26:a8:b3:
         d0:6b:75:46:15:c6:5c:b4:f0:48:ff:a8:8a:5d:ad:93:87:fb:
         95:fa:e7:66:16:e2:31:9e:83:44:90:4b:f4:e1:ac:d6:35:1f:
         c4:14:c7:ce:f7:b9:fa:ad:5a:d6:04:7c:e2:5f:5e:a1:3f:6d:
         f7:5a:bc:47:15:be:72:6e:f2:f8:80:26:37:6f:89:73:d2:97:
         55:b9:ac:73:bd:47:0f:68:08:f7:6a:68:28:c4:f3:48:51:ef:
         e0:c1:f5:78:2c:56:d2:79:95:07:87:fe:80:d2:55:45:d3:ae:
         e7:11:02:b9:a3:1d:09:fe:14:bf:81:68:97:15:22:bf:cc:60:
         4c:19:9e:db:c7:7c:4a:ec:ec:4a:11:c2:77:81:0e:e6:ac:82:
         e7:5c:f2:67:85:eb:11:01:13:c5:44:d0:52:ab:11:ad:c1:2f:
         9a:54:d0:27
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzIcTFeMQHy+jxJa9OmPOfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2M1MDhkMjNiMzgzMTViYmY0NWI3MjZkMjIwNTBhNDYx
MjdiOGMwHhcNMjQwMTAyMDQzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGJjOWU3OWM1M2E0ODkxMGRlYTQ3YWZjMmRmNTg0MzIxNTEwZTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qtrz9bQ2dwCeovTlhBSs3geRV/u
FyjP3tOzShyP28NmjeeF7SYpqzjS4nI8jzqhDc/04TJfINPLw05JaxHw6l7IOuCf
uQ7IWwM3roD8080pSQ9+EJe7ChEnW8HoHKVyuj735qtDw1OD3y4gX2qVpJWNWaG/
PXev78S9OwUmqA1zjUSJ80xF/vcIHZmQJbyq/j1gL4e7WBSrQg+cyOwEl9jiqs5D
DGh+9FPr01HEoWr7SZTd+fPBtutGOh+qYugs8mn+CsQV4kBt3ajy2f3rLMaDaLMY
SmMWTqLTl5iXbhFKVObLCnTsDUhgNfyOlIJLpqoHT+3oG8T3J1bLS36QbQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFAC8nnnFOkiRDepHr8LfWEMhUQ4+MB8GA1UdIwQY
MBaAFCl8UI0js4MVu/Rbcm0iBQpGEnuMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTIt
MzZlOWE3OWJkOTUwLzEvQUx5ZWVjVTZTSkVONmtldnd0OVlReUZSRGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC84YWJlZWQtZjUzYi00Nzc2LWE4ZTItMzZlOWE3OWJkOTUw
LzEvS1h4UWpTT3pneFc3OUZ0eWJTSUZDa1lTZTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDJRlIAwQC
LQn0AwQDLrbQAwQETfDAAwQCuU/cAwQCwzGEMA0EAgACMAcDBQAqABqwMA0GCSqG
SIb3DQEBCwUAA4IBAQBdBQfw0Ygyg3jj9gg8neT3x/UzKgRjII82iunb8XoLTLPR
Bp0T02jj/TrdD1jMcPBCOu3uIfYNvX1EcHr2lExSIeAscxBKD15UnnH82DWybG2B
9tcscgwmqLPQa3VGFcZctPBI/6iKXa2Th/uV+udmFuIxnoNEkEv04azWNR/EFMfO
97n6rVrWBHziX16hP233WrxHFb5ybvL4gCY3b4lz0pdVuaxzvUcPaAj3amgoxPNI
Ue/gwfV4LFbSeZUHh/6A0lVF067nEQK5ox0J/hS/gWiXFSK/zGBMGZ7bx3xK7OxK
EcJ3gQ7mrILnXPJnhesRARPFRNBSqxGtwS+aVNAn
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:40:13 2024 by rpki-client on console-fra.rpki-client.org