Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/d5b1a7-466d-471c-a70c-2fb25abfdc53/1/Ydp7EgPJr_5T0wNxdAifTHb866U.roa
File:                     Ydp7EgPJr_5T0wNxdAifTHb866U.roa (raw, json)
Hash identifier:          xMpvjKZtCtg/YPYf5MrgWcPnutjDY6abxv3LDZlRWM0=
Subject key identifier:   61:DA:7B:12:03:C9:AF:FE:53:D3:03:71:74:08:9F:4C:76:FC:EB:A5
Certificate issuer:       /CN=8cdcf26f74860588cac6bae17f99de22dbc49ae6
Certificate serial:       018CC26D5C2E9DDE35CF7B216DE5EE50E593
Authority key identifier: 8C:DC:F2:6F:74:86:05:88:CA:C6:BA:E1:7F:99:DE:22:DB:C4:9A:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNzyb3SGBYjKxrrhf5neItvEmuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/d5b1a7-466d-471c-a70c-2fb25abfdc53/1/Ydp7EgPJr_5T0wNxdAifTHb866U.roa
Signing time:             Mon 01 Jan 2024 00:29:56 +0000
ROA not before:           Mon 01 Jan 2024 00:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41114
IP address blocks:        31.11.40.0/21 maxlen: 24
                          45.151.16.0/22 maxlen: 22
                          147.78.164.0/22 maxlen: 22
                          185.42.112.0/22 maxlen: 22
                          193.148.80.0/22 maxlen: 22
                          45.157.248.0/22 maxlen: 22
                          77.83.228.0/22 maxlen: 22
                          185.98.64.0/22 maxlen: 22
                          62.192.140.0/22 maxlen: 22
                          213.226.72.0/22 maxlen: 22
                          153.92.104.0/21 maxlen: 21
                          2a0a:7980::/32 maxlen: 32
                          2a01:60e0::/32 maxlen: 32
                          2a0d:e6c0::/32 maxlen: 48
                          2a09:4380::/32 maxlen: 32
                          2a09:26c0::/32 maxlen: 32
                          2a00:7aa0::/32 maxlen: 32
                          2a0f:d00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/d5b1a7-466d-471c-a70c-2fb25abfdc53/1/jNzyb3SGBYjKxrrhf5neItvEmuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/d5b1a7-466d-471c-a70c-2fb25abfdc53/1/jNzyb3SGBYjKxrrhf5neItvEmuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNzyb3SGBYjKxrrhf5neItvEmuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:03:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5c:2e:9d:de:35:cf:7b:21:6d:e5:ee:50:e5:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cdcf26f74860588cac6bae17f99de22dbc49ae6
        Validity
            Not Before: Jan  1 00:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61da7b1203c9affe53d3037174089f4c76fceba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ee:d4:1c:6d:c3:ca:db:ef:0a:2f:a6:aa:b9:
                    26:57:38:37:11:04:83:3a:0c:85:b9:c4:25:1e:fa:
                    dc:2e:fb:8a:99:73:25:8f:76:25:bc:bd:83:34:23:
                    4f:24:99:25:fb:bb:f1:a6:10:30:50:7e:43:56:8a:
                    fe:0b:1f:f2:8d:6f:38:e1:d5:10:4c:d5:8a:35:95:
                    a1:b1:71:fa:b1:d6:1f:7c:fc:60:cd:14:8d:44:01:
                    05:db:0e:a2:7d:ee:ee:9d:36:ec:59:17:69:c6:30:
                    2c:88:26:cc:15:d3:ec:52:8f:9d:1c:96:5b:51:1e:
                    63:99:b5:a2:91:a8:24:a7:a9:83:02:05:9c:8d:ce:
                    19:5b:d7:31:20:c4:1d:07:7c:d6:2d:9c:b7:86:2b:
                    df:5e:43:0b:5e:fa:77:d7:b5:4e:4a:11:42:5e:a7:
                    8b:99:df:33:16:85:90:66:cb:b1:66:5a:5c:02:39:
                    88:c3:da:1f:c7:3b:ba:2b:09:e9:35:e7:9d:3b:fa:
                    77:ae:cf:bd:1c:e3:24:b7:b3:78:93:49:ff:ee:eb:
                    a2:ff:bf:c8:bd:7e:4a:d5:f6:1b:6f:93:78:c3:52:
                    d7:f2:83:1a:fb:bf:8a:d4:69:e0:67:76:66:55:98:
                    67:0e:1a:0b:a4:f8:85:99:80:4e:04:b5:c7:cb:d4:
                    54:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:DA:7B:12:03:C9:AF:FE:53:D3:03:71:74:08:9F:4C:76:FC:EB:A5
            X509v3 Authority Key Identifier:
                keyid:8C:DC:F2:6F:74:86:05:88:CA:C6:BA:E1:7F:99:DE:22:DB:C4:9A:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNzyb3SGBYjKxrrhf5neItvEmuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d5b1a7-466d-471c-a70c-2fb25abfdc53/1/Ydp7EgPJr_5T0wNxdAifTHb866U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d5b1a7-466d-471c-a70c-2fb25abfdc53/1/jNzyb3SGBYjKxrrhf5neItvEmuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.11.40.0/21
                  45.151.16.0/22
                  45.157.248.0/22
                  62.192.140.0/22
                  77.83.228.0/22
                  147.78.164.0/22
                  153.92.104.0/21
                  185.42.112.0/22
                  185.98.64.0/22
                  193.148.80.0/22
                  213.226.72.0/22
                IPv6:
                  2a00:7aa0::/32
                  2a01:60e0::/32
                  2a09:26c0::/32
                  2a09:4380::/32
                  2a0a:7980::/32
                  2a0d:e6c0::/32
                  2a0f:d00::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:4c:5b:d4:b4:49:a8:6c:af:12:6d:02:19:c9:b5:d2:20:9a:
         97:b9:53:71:4b:9d:96:5b:87:34:c6:70:17:98:11:f6:f0:eb:
         0a:5b:6f:9b:13:2a:ec:fb:8b:f1:e7:73:8a:c2:d5:69:d6:61:
         db:fb:58:d7:74:5e:f6:50:95:4d:dd:ee:88:7b:b1:75:fe:5f:
         72:89:04:ec:1b:61:86:3e:e6:ed:35:d7:8d:17:99:02:fa:44:
         84:e9:0c:95:68:85:07:8b:7e:5d:43:02:0c:5b:75:9f:dc:88:
         b9:e6:a9:5d:3a:b0:99:03:bd:8b:fc:22:ad:83:cc:7d:e0:4b:
         db:13:0f:24:2f:b7:db:c2:b6:42:34:76:ac:c5:1f:8a:78:a6:
         3e:50:51:ce:0a:ce:89:6e:2d:46:7d:93:7c:28:ce:37:c3:7d:
         ef:4e:84:e1:6a:cf:be:54:ad:0a:71:e7:b7:de:0d:a6:e7:19:
         4c:12:55:14:e4:f9:6d:15:6c:9e:72:4d:82:54:7e:08:6f:18:
         1e:70:f2:d9:2a:40:21:7f:3f:fc:d8:67:a8:6c:85:bb:c1:88:
         12:12:79:4e:e9:a9:10:17:5b:e6:8a:41:bd:50:36:72:67:f3:
         78:0a:04:5f:c5:23:f9:ce:b6:7a:35:35:28:3c:fa:8a:7c:40:
         a0:3b:89:28
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAYzCbVwund41z3shbeXuUOWTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZGNmMjZmNzQ4NjA1ODhjYWM2YmFlMTdmOTlkZTIyZGJj
NDlhZTYwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWRhN2IxMjAzYzlhZmZlNTNkMzAzNzE3NDA4OWY0Yzc2ZmNlYmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO7UHG3DytvvCi+mqrkmVzg3EQSD
OgyFucQlHvrcLvuKmXMlj3YlvL2DNCNPJJkl+7vxphAwUH5DVor+Cx/yjW844dUQ
TNWKNZWhsXH6sdYffPxgzRSNRAEF2w6ife7unTbsWRdpxjAsiCbMFdPsUo+dHJZb
UR5jmbWikagkp6mDAgWcjc4ZW9cxIMQdB3zWLZy3hivfXkMLXvp317VOShFCXqeL
md8zFoWQZsuxZlpcAjmIw9ofxzu6KwnpNeedO/p3rs+9HOMkt7N4k0n/7uui/7/I
vX5K1fYbb5N4w1LX8oMa+7+K1GngZ3ZmVZhnDhoLpPiFmYBOBLXHy9RUkQIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFGHaexIDya/+U9MDcXQIn0x2/OulMB8GA1UdIwQY
MBaAFIzc8m90hgWIysa64X+Z3iLbxJrmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak56eWIzU0dCWWpLeHJyaGY1bmVJdHZFbXVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9kNWIxYTctNDY2ZC00NzFjLWE3MGMt
MmZiMjVhYmZkYzUzLzEvWWRwN0VnUEpyXzVUMHdOeGRBaWZUSGI4NjZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9kNWIxYTctNDY2ZC00NzFjLWE3MGMtMmZiMjVhYmZkYzUz
LzEvak56eWIzU0dCWWpLeHJyaGY1bmVJdHZFbXVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzBIBAIAATBCAwQDHwso
AwQCLZcQAwQCLZ34AwQCPsCMAwQCTVPkAwQCk06kAwQDmVxoAwQCuSpwAwQCuWJA
AwQCwZRQAwQC1eJIMDcEAgACMDEDBQAqAHqgAwUAKgFg4AMFACoJJsADBQAqCUOA
AwUAKgp5gAMFACoN5sADBQAqDw0AMA0GCSqGSIb3DQEBCwUAA4IBAQCWTFvUtEmo
bK8SbQIZybXSIJqXuVNxS52WW4c0xnAXmBH28OsKW2+bEyrs+4vx53OKwtVp1mHb
+1jXdF72UJVN3e6Ie7F1/l9yiQTsG2GGPubtNdeNF5kC+kSE6QyVaIUHi35dQwIM
W3Wf3Ii55qldOrCZA72L/CKtg8x94EvbEw8kL7fbwrZCNHasxR+KeKY+UFHOCs6J
bi1GfZN8KM43w33vToThas++VK0Kcee33g2m5xlMElUU5PltFWyeck2CVH4Ibxge
cPLZKkAhfz/82GeobIW7wYgSEnlO6akQF1vmikG9UDZyZ/N4CgRfxSP5zrZ6NTUo
PPqKfECgO4ko
-----END CERTIFICATE-----
Generated at Sun Jun 16 11:37:07 2024 by rpki-client on console-ams.rpki-client.org