Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/1-YogfmKwQf9EC6HAxHp7tGdiSfA.roa
File:                     1-YogfmKwQf9EC6HAxHp7tGdiSfA.roa (raw, json)
Hash identifier:          WamJOgH5ha0T3xvIYHAVd5Z7Mqz1LNgGq/WmPK/1P8g=
Subject key identifier:   F9:8A:20:7E:62:B0:41:FF:44:0B:A1:C0:C4:7A:7B:B4:67:62:49:F0
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       018CCA2A9E5DB7AE92AB845D16C0B93BD3E4
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/1-YogfmKwQf9EC6HAxHp7tGdiSfA.roa
Signing time:             Tue 02 Jan 2024 12:33:59 +0000
ROA not before:           Tue 02 Jan 2024 12:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61400
IP address blocks:        217.199.209.0/24 maxlen: 24
                          62.76.24.0/22 maxlen: 24
                          91.107.85.0/24 maxlen: 24
                          91.107.84.0/24 maxlen: 24
                          91.107.86.0/23 maxlen: 24
                          91.107.86.0/24 maxlen: 24
                          185.126.92.0/22 maxlen: 24
                          185.62.103.0/24 maxlen: 24
                          46.21.252.0/22 maxlen: 24
                          62.76.112.0/22 maxlen: 24
                          185.111.216.0/23 maxlen: 24
                          185.111.219.0/24 maxlen: 24
                          185.111.218.0/24 maxlen: 24
                          212.8.232.0/22 maxlen: 24
                          89.248.236.0/24 maxlen: 24
                          185.40.28.0/22 maxlen: 24
                          31.200.248.0/21 maxlen: 24
                          62.76.88.0/22 maxlen: 24
                          91.227.34.0/23 maxlen: 24
                          62.76.100.0/22 maxlen: 24
                          2a03:220::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:9e:5d:b7:ae:92:ab:84:5d:16:c0:b9:3b:d3:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  2 12:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f98a207e62b041ff440ba1c0c47a7bb4676249f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c5:3d:a0:20:e9:e1:a2:59:e9:b1:58:18:86:
                    39:4a:6a:8b:f2:53:3c:7a:9d:f3:27:b8:01:14:f2:
                    1f:a1:c4:8d:bd:94:f2:1d:e1:7b:95:db:1e:8d:b9:
                    4c:13:54:39:a2:55:c9:73:f1:2b:2a:ca:e9:a3:f8:
                    7e:5e:91:3d:bb:6a:d3:7a:29:f5:fc:cc:98:0b:03:
                    9e:45:01:6f:c3:f9:85:a7:a7:c9:39:14:02:48:fe:
                    00:80:05:aa:ac:6b:24:df:ae:ee:ad:51:cf:e5:9a:
                    9a:29:b7:8a:05:d1:58:f1:bd:68:e7:5d:82:77:0f:
                    9c:3f:5a:c5:93:e9:94:2a:0f:6b:12:c4:02:d1:64:
                    02:4d:3d:a3:46:43:a6:28:7e:fd:f6:79:f3:17:33:
                    76:1c:70:49:0b:d7:58:0b:b1:4b:75:31:43:77:7c:
                    ad:61:50:4a:61:1e:8e:e1:56:e1:0d:0a:91:7a:af:
                    ea:65:31:ed:fc:8c:dd:ad:dd:2c:2a:fd:0f:47:87:
                    9e:2b:d4:70:0b:92:9c:bd:7d:d6:fa:46:70:85:89:
                    c6:fe:76:af:d4:c2:82:8d:1b:13:2d:46:68:5d:80:
                    46:76:de:fc:ef:3c:b7:54:4c:c0:52:73:f3:af:99:
                    71:aa:f6:93:d6:ed:48:19:75:66:cb:40:72:8d:2c:
                    80:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:8A:20:7E:62:B0:41:FF:44:0B:A1:C0:C4:7A:7B:B4:67:62:49:F0
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/1-YogfmKwQf9EC6HAxHp7tGdiSfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.200.248.0/21
                  46.21.252.0/22
                  62.76.24.0/22
                  62.76.88.0/22
                  62.76.100.0/22
                  62.76.112.0/22
                  89.248.236.0/24
                  91.107.84.0/22
                  91.227.34.0/23
                  185.40.28.0/22
                  185.62.103.0/24
                  185.111.216.0/22
                  185.126.92.0/22
                  212.8.232.0/22
                  217.199.209.0/24
                IPv6:
                  2a03:220::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:e9:9d:22:bd:9b:71:31:88:db:f8:84:4f:b2:5c:5d:a7:1d:
         45:19:f0:cc:30:ce:8e:7c:5e:26:64:f1:38:0f:3f:fc:c8:31:
         d1:ca:de:aa:5c:29:17:9c:ec:82:43:72:e3:f4:ac:cd:7c:22:
         23:2b:53:49:e6:2d:51:06:d8:43:9a:37:44:85:ea:ec:65:6d:
         94:ed:95:90:b4:9e:9c:eb:de:21:5a:40:f9:fc:63:29:1e:a2:
         0a:a1:b1:c6:8b:6b:38:7f:e3:73:fe:70:b8:96:1b:69:44:d9:
         f0:d4:8c:04:bc:bd:c7:36:c3:43:45:a7:cd:e3:9b:30:94:8f:
         3d:5e:2e:e9:65:1b:39:19:cb:f4:13:74:f1:e8:04:57:90:10:
         df:9c:1a:cd:0a:4f:36:e3:c3:f1:c5:8f:76:93:34:c5:1d:02:
         c7:7a:94:2b:94:3b:3a:b6:72:c5:11:ac:07:d9:a8:2c:82:f9:
         a9:a6:d6:20:1d:d9:df:f7:4e:7a:b2:8f:d9:b4:d3:8a:e4:f7:
         fd:6d:6a:9b:81:f0:4b:01:ea:e4:27:cf:bc:93:dc:8b:3f:8f:
         c8:34:95:14:c6:00:7e:bc:3e:7a:e7:c1:60:b0:b2:ea:98:17:
         0e:4c:0a:7b:5b:a0:21:87:66:02:bc:90:3d:a1:04:d8:6e:c5:
         d6:a6:07:4d
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYzKKp5dt66Sq4RdFsC5O9PkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjQwMTAyMTIzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOThhMjA3ZTYyYjA0MWZmNDQwYmExYzBjNDdhN2JiNDY3NjI0OWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8U9oCDp4aJZ6bFYGIY5SmqL8lM8
ep3zJ7gBFPIfocSNvZTyHeF7ldsejblME1Q5olXJc/ErKsrpo/h+XpE9u2rTein1
/MyYCwOeRQFvw/mFp6fJORQCSP4AgAWqrGsk367urVHP5ZqaKbeKBdFY8b1o512C
dw+cP1rFk+mUKg9rEsQC0WQCTT2jRkOmKH799nnzFzN2HHBJC9dYC7FLdTFDd3yt
YVBKYR6O4VbhDQqReq/qZTHt/Izdrd0sKv0PR4eeK9RwC5KcvX3W+kZwhYnG/nav
1MKCjRsTLUZoXYBGdt787zy3VEzAUnPzr5lxqvaT1u1IGXVmy0ByjSyACQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFPmKIH5isEH/RAuhwMR6e7RnYknwMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvMS1Zb2dmbUt3UWY5RUM2SEF4SHA3dEdkaVNmQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOWU4NDdmLTQxNDYtNDU2Ni04YzNlLTFiYTU0M2VlYWVk
Ny8xL1hhUXlwT3c3Q3NUS1RrN093T24wMUd0SmV2QS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBggYIKwYBBQUHAQcBAf8EczBxMGAEAgABMFoDBAMfyPgD
BAIuFfwDBAI+TBgDBAI+TFgDBAI+TGQDBAI+THADBABZ+OwDBAJba1QDBAFb4yID
BAK5KBwDBAC5PmcDBAK5b9gDBAK5flwDBALUCOgDBADZx9EwDQQCAAIwBwMFACoD
AiAwDQYJKoZIhvcNAQELBQADggEBABLpnSK9m3ExiNv4hE+yXF2nHUUZ8Mwwzo58
XiZk8TgPP/zIMdHK3qpcKRec7IJDcuP0rM18IiMrU0nmLVEG2EOaN0SF6uxlbZTt
lZC0npzr3iFaQPn8YykeogqhscaLazh/43P+cLiWG2lE2fDUjAS8vcc2w0NFp83j
mzCUjz1eLullGzkZy/QTdPHoBFeQEN+cGs0KTzbjw/HFj3aTNMUdAsd6lCuUOzq2
csURrAfZqCyC+amm1iAd2d/3Tnqyj9m004rk9/1tapuB8EsB6uQnz7yT3Is/j8g0
lRTGAH68PnrnwWCwsuqYFw5MCntboCGHZgK8kD2hBNhuxdamB00=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:12:23 2024 by rpki-client on console-ams.rpki-client.org