Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/XfxxmkbuReYrJgsmqz-gcyD5nRs.roa
File:                     XfxxmkbuReYrJgsmqz-gcyD5nRs.roa (raw, json)
Hash identifier:          QkP+cipVROTKmggAUodmV6SseyzIeA3uYFvSuhIheAc=
Subject key identifier:   5D:FC:71:9A:46:EE:45:E6:2B:26:0B:26:AB:3F:A0:73:20:F9:9D:1B
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       018CC3B741ABB58BCA55A8986EC01E9F84D7
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/XfxxmkbuReYrJgsmqz-gcyD5nRs.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7393
IP address blocks:        178.22.29.0/24 maxlen: 24
                          62.106.80.0/24 maxlen: 24
                          62.3.51.0/24 maxlen: 24
                          212.18.107.0/24 maxlen: 24
                          91.246.57.0/24 maxlen: 24
                          77.72.82.0/24 maxlen: 24
                          84.246.83.0/24 maxlen: 24
                          193.163.95.0/24 maxlen: 24
                          46.253.136.0/24 maxlen: 24
                          146.19.229.0/24 maxlen: 24
                          46.31.66.0/24 maxlen: 24
                          5.57.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:41:ab:b5:8b:ca:55:a8:98:6e:c0:1e:9f:84:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dfc719a46ee45e62b260b26ab3fa07320f99d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b1:f8:df:72:5e:ea:3e:00:f6:89:16:59:1b:
                    f3:c5:6f:3d:37:d6:15:a6:e3:bf:42:80:02:f2:2d:
                    70:8a:86:fa:f7:f0:ef:bb:99:91:0b:2c:3e:90:b2:
                    ac:b8:60:04:b4:05:e4:c5:fd:a8:80:15:f3:b0:0c:
                    2d:12:b8:04:0d:c5:01:60:28:d7:62:05:c1:49:4e:
                    8e:b3:b4:1c:65:64:14:56:40:33:52:15:42:38:32:
                    c6:92:6e:26:cf:13:fa:41:7a:cc:f4:30:d5:e9:7b:
                    8a:28:03:fd:af:a9:43:66:c3:6c:57:99:70:cd:c7:
                    e6:01:e6:38:97:72:9a:8b:34:ff:e3:85:15:56:33:
                    75:e7:d4:94:d0:21:a1:7f:74:20:25:10:1d:ba:f0:
                    16:45:74:d3:41:cf:d7:32:f2:41:ed:c9:17:12:1c:
                    e1:bc:35:f5:fc:bb:9f:f7:f9:b5:63:a4:33:16:ae:
                    02:f1:88:58:5b:d5:4b:69:f0:75:a6:c3:73:37:43:
                    71:a7:0c:f5:10:60:09:f8:04:7e:52:e8:df:fb:5a:
                    fe:35:1f:65:a1:87:ed:cd:4d:c9:d4:3b:9d:73:f4:
                    65:53:8a:4a:ad:d5:b5:b6:4a:ab:4e:f5:33:9c:a7:
                    36:ef:b9:4e:d1:36:4e:1d:ad:5e:b1:17:4f:89:e1:
                    01:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:FC:71:9A:46:EE:45:E6:2B:26:0B:26:AB:3F:A0:73:20:F9:9D:1B
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/XfxxmkbuReYrJgsmqz-gcyD5nRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.213.0/24
                  46.31.66.0/24
                  46.253.136.0/24
                  62.3.51.0/24
                  62.106.80.0/24
                  77.72.82.0/24
                  84.246.83.0/24
                  91.246.57.0/24
                  146.19.229.0/24
                  178.22.29.0/24
                  193.163.95.0/24
                  212.18.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7d:56:15:5b:82:cc:b3:e3:a4:c0:4c:d5:f6:e7:40:bf:b3:
         73:30:62:6c:f5:b6:e3:af:72:20:94:d3:ef:9d:be:9a:7a:b6:
         a4:ab:80:c9:17:36:c9:b5:e3:6b:43:0b:1b:cd:ab:f7:71:91:
         69:fc:30:0a:5c:5e:e1:aa:7d:17:23:45:32:97:14:38:84:ed:
         04:e1:5b:13:07:1a:bb:d3:f5:fa:93:12:c8:7c:00:3c:7b:a7:
         fa:68:44:f9:b6:5e:21:ca:67:aa:ce:90:24:c4:3c:eb:0a:5c:
         db:40:f8:67:f3:0d:63:14:1e:85:32:58:c7:9a:e6:12:cb:2c:
         e4:bc:e0:bf:a6:a7:af:20:10:23:01:f7:2c:8a:3a:46:5a:1f:
         f1:13:9e:a9:65:81:3f:37:8c:e1:a4:2a:d1:36:7d:66:14:93:
         40:94:90:92:51:75:f7:48:cb:1b:b5:3b:9d:aa:eb:e6:ef:0b:
         1a:bd:7d:9c:43:ab:24:a1:1b:53:a8:b5:df:2c:e3:67:c1:52:
         92:73:fc:b6:53:b7:5a:ac:d4:21:bf:88:d7:00:10:79:9c:f6:
         ef:87:8d:45:2d:79:df:1f:2c:c3:ec:dc:b5:52:38:f9:6c:04:
         5e:69:75:fb:10:e8:6b:3a:bd:a5:35:13:11:5b:66:92:9b:2c:
         61:e2:85:75
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYzDt0GrtYvKVaiYbsAen4TXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGZjNzE5YTQ2ZWU0NWU2MmIyNjBiMjZhYjNmYTA3MzIwZjk5ZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrH433Je6j4A9okWWRvzxW89N9YV
puO/QoAC8i1wiob69/Dvu5mRCyw+kLKsuGAEtAXkxf2ogBXzsAwtErgEDcUBYCjX
YgXBSU6Os7QcZWQUVkAzUhVCODLGkm4mzxP6QXrM9DDV6XuKKAP9r6lDZsNsV5lw
zcfmAeY4l3KaizT/44UVVjN159SU0CGhf3QgJRAduvAWRXTTQc/XMvJB7ckXEhzh
vDX1/Luf9/m1Y6QzFq4C8YhYW9VLafB1psNzN0Nxpwz1EGAJ+AR+Uujf+1r+NR9l
oYftzU3J1Dudc/RlU4pKrdW1tkqrTvUznKc277lO0TZOHa1esRdPieEBXQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFF38cZpG7kXmKyYLJqs/oHMg+Z0bMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvWGZ4eG1rYnVSZVlySmdzbXF6LWdjeUQ1blJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQABTnVAwQA
Lh9CAwQALv2IAwQAPgMzAwQAPmpQAwQATUhSAwQAVPZTAwQAW/Y5AwQAkhPlAwQA
shYdAwQAwaNfAwQA1BJrMA0GCSqGSIb3DQEBCwUAA4IBAQB5fVYVW4LMs+OkwEzV
9udAv7NzMGJs9bbjr3IglNPvnb6aerakq4DJFzbJteNrQwsbzav3cZFp/DAKXF7h
qn0XI0UylxQ4hO0E4VsTBxq70/X6kxLIfAA8e6f6aET5tl4hymeqzpAkxDzrClzb
QPhn8w1jFB6FMljHmuYSyyzkvOC/pqevIBAjAfcsijpGWh/xE56pZYE/N4zhpCrR
Nn1mFJNAlJCSUXX3SMsbtTudquvm7wsavX2cQ6skoRtTqLXfLONnwVKSc/y2U7da
rNQhv4jXABB5nPbvh41FLXnfHyzD7Ny1Ujj5bAReaXX7EOhrOr2lNRMRW2aSmyxh
4oV1
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:38:54 2024 by rpki-client on console-fra.rpki-client.org