Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/mFLzpg2In93kVDweWohB3Z8cDz0.roa
File:                     mFLzpg2In93kVDweWohB3Z8cDz0.roa (raw, json)
Hash identifier:          I/EeoGUI7gJ3metUq/KLvR+HI3txrbaCu+hhssHyHOY=
Subject key identifier:   98:52:F3:A6:0D:88:9F:DD:E4:54:3C:1E:5A:88:41:DD:9F:1C:0F:3D
Certificate issuer:       /CN=815780532ed29a3f80e7ba414efcb379d9ec97c9
Certificate serial:       018CC6B8F89981E26DBC80BC426389856DDE
Authority key identifier: 81:57:80:53:2E:D2:9A:3F:80:E7:BA:41:4E:FC:B3:79:D9:EC:97:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gVeAUy7Smj-A57pBTvyzednsl8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/mFLzpg2In93kVDweWohB3Z8cDz0.roa
Signing time:             Mon 01 Jan 2024 20:31:00 +0000
ROA not before:           Mon 01 Jan 2024 20:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42808
IP address blocks:        77.247.0.0/24 maxlen: 24
                          77.247.13.0/24 maxlen: 24
                          212.11.81.0/24 maxlen: 24
                          185.71.49.0/24 maxlen: 24
                          185.71.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/gVeAUy7Smj-A57pBTvyzednsl8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/gVeAUy7Smj-A57pBTvyzednsl8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gVeAUy7Smj-A57pBTvyzednsl8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f8:99:81:e2:6d:bc:80:bc:42:63:89:85:6d:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=815780532ed29a3f80e7ba414efcb379d9ec97c9
        Validity
            Not Before: Jan  1 20:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9852f3a60d889fdde4543c1e5a8841dd9f1c0f3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bf:d2:77:0d:2a:3d:b6:a3:18:0f:58:ec:13:
                    76:8b:ed:45:b5:8a:0b:95:46:c5:5e:cc:29:95:34:
                    b9:2b:00:c4:5b:95:6b:97:ca:da:4c:9b:5d:64:92:
                    b6:ca:49:0d:cd:ee:89:77:7b:7d:e6:f4:ff:81:fc:
                    5a:d5:54:0b:d8:66:6b:54:f0:a6:61:26:81:a0:de:
                    c5:02:bf:1b:d6:e7:69:7f:cd:fa:3e:e1:7d:71:b3:
                    f3:1c:f4:43:89:da:13:33:c8:e6:dd:a8:23:44:33:
                    0d:24:c1:29:44:b4:8a:42:24:a8:0b:46:07:6c:14:
                    04:8a:97:20:b5:9d:d4:99:59:0a:47:8b:f1:a5:e7:
                    86:74:3c:ac:77:e0:b5:df:69:89:f5:86:72:b5:2e:
                    b6:da:a7:8e:c2:e1:2a:7e:08:96:70:06:8f:a2:8a:
                    30:41:62:42:14:e1:1a:c1:02:32:03:e7:6f:2f:35:
                    0a:73:a8:be:40:21:99:f2:1f:03:a2:77:ec:c7:dd:
                    e9:11:2a:8a:7b:e0:71:60:99:65:80:6f:4a:74:76:
                    ff:62:c2:4c:c1:11:80:41:b5:b7:45:f0:ae:52:7e:
                    a6:06:44:e5:da:8e:a0:de:b9:71:a6:6b:0a:ca:89:
                    ba:aa:4f:a5:be:4c:3c:c1:29:e9:a5:55:89:c4:23:
                    21:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:52:F3:A6:0D:88:9F:DD:E4:54:3C:1E:5A:88:41:DD:9F:1C:0F:3D
            X509v3 Authority Key Identifier:
                keyid:81:57:80:53:2E:D2:9A:3F:80:E7:BA:41:4E:FC:B3:79:D9:EC:97:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gVeAUy7Smj-A57pBTvyzednsl8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/mFLzpg2In93kVDweWohB3Z8cDz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/de31a6-aaa3-409d-8d4f-f61554c6c145/1/gVeAUy7Smj-A57pBTvyzednsl8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.247.0.0/24
                  77.247.13.0/24
                  185.71.49.0/24
                  185.71.51.0/24
                  212.11.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:f9:0a:ef:ee:44:e1:1f:c9:44:3e:45:b2:84:d2:4c:16:3d:
         77:2d:51:ac:b2:15:e6:f1:11:29:5d:92:ed:19:b9:67:40:3f:
         2d:7e:dd:5b:a3:81:a1:4e:a8:62:74:b4:0d:d8:36:38:13:d4:
         0e:63:f4:d5:c8:70:17:6a:0e:11:28:30:5d:67:ca:c6:45:0b:
         e6:91:fe:18:8e:1d:61:05:42:fb:90:36:21:b9:d9:ce:79:dd:
         2e:ad:ab:19:56:41:fd:e0:48:a9:fd:a4:19:66:73:12:56:40:
         1d:e5:a5:8c:1a:09:31:dd:25:62:80:6a:53:df:fa:d3:ea:9e:
         7e:9f:cb:0c:01:02:c7:b9:c2:0c:58:02:66:d6:05:e8:ee:6e:
         17:be:21:44:09:19:53:e8:a1:be:27:12:cc:31:eb:f2:25:c6:
         15:f2:95:c0:b1:a0:a6:fd:05:82:86:1c:9f:47:55:df:26:4b:
         f5:ea:41:9d:88:75:c6:54:7d:44:f4:8f:80:8e:95:a9:ab:6d:
         ca:df:c9:7d:38:77:a6:24:d2:0a:a1:a3:65:36:77:a1:f7:a2:
         70:6c:67:60:41:16:69:60:75:14:38:98:6f:a7:3d:a4:e1:3a:
         fb:1b:a0:87:a9:52:a0:82:7c:64:87:03:63:2b:b6:a6:44:3d:
         bd:52:50:66
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzGuPiZgeJtvIC8QmOJhW3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNTc4MDUzMmVkMjlhM2Y4MGU3YmE0MTRlZmNiMzc5ZDll
Yzk3YzkwHhcNMjQwMTAxMjAzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODUyZjNhNjBkODg5ZmRkZTQ1NDNjMWU1YTg4NDFkZDlmMWMwZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApL/Sdw0qPbajGA9Y7BN2i+1FtYoL
lUbFXswplTS5KwDEW5Vrl8raTJtdZJK2ykkNze6Jd3t95vT/gfxa1VQL2GZrVPCm
YSaBoN7FAr8b1udpf836PuF9cbPzHPRDidoTM8jm3agjRDMNJMEpRLSKQiSoC0YH
bBQEipcgtZ3UmVkKR4vxpeeGdDysd+C132mJ9YZytS622qeOwuEqfgiWcAaPooow
QWJCFOEawQIyA+dvLzUKc6i+QCGZ8h8Donfsx93pESqKe+BxYJllgG9KdHb/YsJM
wRGAQbW3RfCuUn6mBkTl2o6g3rlxpmsKyom6qk+lvkw8wSnppVWJxCMh9wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJhS86YNiJ/d5FQ8HlqIQd2fHA89MB8GA1UdIwQY
MBaAFIFXgFMu0po/gOe6QU78s3nZ7JfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1ZlQVV5N1Ntai1BNTdwQlR2eXplZG5zbDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kZTMxYTYtYWFhMy00MDlkLThkNGYt
ZjYxNTU0YzZjMTQ1LzEvbUZMenBnMkluOTNrVkR3ZVdvaEIzWjhjRHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kZTMxYTYtYWFhMy00MDlkLThkNGYtZjYxNTU0YzZjMTQ1
LzEvZ1ZlQVV5N1Ntai1BNTdwQlR2eXplZG5zbDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQATfcAAwQA
TfcNAwQAuUcxAwQAuUczAwQA1AtRMA0GCSqGSIb3DQEBCwUAA4IBAQBu+Qrv7kTh
H8lEPkWyhNJMFj13LVGsshXm8REpXZLtGblnQD8tft1bo4GhTqhidLQN2DY4E9QO
Y/TVyHAXag4RKDBdZ8rGRQvmkf4Yjh1hBUL7kDYhudnOed0urasZVkH94Eip/aQZ
ZnMSVkAd5aWMGgkx3SVigGpT3/rT6p5+n8sMAQLHucIMWAJm1gXo7m4XviFECRlT
6KG+JxLMMevyJcYV8pXAsaCm/QWChhyfR1XfJkv16kGdiHXGVH1E9I+AjpWpq23K
38l9OHemJNIKoaNlNneh96JwbGdgQRZpYHUUOJhvpz2k4Tr7G6CHqVKggnxkhwNj
K7amRD29UlBm
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:02:01 2024 by rpki-client on console-fra.rpki-client.org