Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/escC17ZsNmuRzSoID5RDQMy-koI.roa
File:                     escC17ZsNmuRzSoID5RDQMy-koI.roa (raw, json)
Hash identifier:          G4ValWojV5liIpwAGdz2vFU0XM20N9Vc8wrAFuJHpnI=
Subject key identifier:   7A:C7:02:D7:B6:6C:36:6B:91:CD:2A:08:0F:94:43:40:CC:BE:92:82
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B9309408F5477C87906BAA83A51CA1
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/escC17ZsNmuRzSoID5RDQMy-koI.roa
Signing time:             Mon 01 Jan 2024 20:31:14 +0000
ROA not before:           Mon 01 Jan 2024 20:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31654
IP address blocks:        84.44.29.0/24 maxlen: 24
                          84.44.30.0/24 maxlen: 24
                          82.150.71.0/24 maxlen: 24
                          84.44.42.0/24 maxlen: 24
                          84.44.67.0/24 maxlen: 24
                          84.44.68.0/24 maxlen: 24
                          84.44.65.0/24 maxlen: 24
                          84.44.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:30:94:08:f5:47:7c:87:90:6b:aa:83:a5:1c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ac702d7b66c366b91cd2a080f944340ccbe9282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:2b:fc:75:99:f4:47:c9:88:ad:80:7d:0c:4a:
                    63:1e:bc:b8:3a:fd:bb:0d:30:d0:78:d8:30:48:8d:
                    4d:e9:9e:b9:2a:40:2c:1f:31:68:b6:af:80:9a:65:
                    9e:fc:96:0e:fe:05:2b:e2:0d:cd:74:1c:b1:2e:16:
                    7d:f6:0a:5a:de:79:6e:c3:77:29:5b:ee:28:d8:07:
                    f3:cb:3c:56:6d:ee:47:82:42:c6:91:f9:aa:9c:6b:
                    24:97:e7:89:a0:99:e3:0c:f7:33:64:a5:82:0b:5d:
                    f0:ed:8b:4d:2a:77:25:46:a1:b6:b2:21:1a:b1:bf:
                    c0:35:ea:4e:e3:ff:ee:12:71:e2:b6:46:0e:48:2a:
                    cf:fe:29:83:12:08:e6:29:06:86:8b:7b:18:85:e8:
                    0a:bd:02:c1:9a:1e:ce:77:a4:c8:ec:28:f9:fc:88:
                    0e:80:35:70:f1:60:35:08:19:79:de:ea:b5:6d:30:
                    19:a0:3d:27:d0:9a:d4:02:4e:e2:2b:03:81:e0:b8:
                    a5:92:1b:69:1a:e9:75:d0:bb:00:ae:19:97:68:56:
                    1d:90:25:d2:ba:f9:42:69:15:96:6d:b8:71:d4:13:
                    cb:6b:d8:b4:4a:9b:5c:e5:51:51:63:2c:aa:b1:60:
                    b2:35:14:64:0a:74:6c:ba:ec:29:df:98:96:8c:d9:
                    b3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C7:02:D7:B6:6C:36:6B:91:CD:2A:08:0F:94:43:40:CC:BE:92:82
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/escC17ZsNmuRzSoID5RDQMy-koI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.150.71.0/24
                  84.44.29.0-84.44.30.255
                  84.44.42.0/24
                  84.44.65.0-84.44.68.255

    Signature Algorithm: sha256WithRSAEncryption
         6b:53:77:c8:72:e2:89:1c:0c:e7:59:8a:69:82:85:8e:7d:ba:
         a3:92:57:60:53:cc:bd:1c:b7:42:af:35:5f:b3:9f:b7:36:1c:
         fe:be:a2:e5:a6:c3:96:97:c8:3f:a3:79:76:00:af:96:c1:8f:
         9a:9d:78:8b:3a:d1:48:cb:4b:60:23:0c:47:b6:32:ca:92:52:
         8d:f5:ad:9b:64:55:4d:2e:f6:7e:95:e4:f8:59:e9:4d:84:86:
         26:ad:67:44:40:19:c4:33:a4:48:7e:b3:49:28:de:61:ca:af:
         ff:2e:7c:cf:28:9c:30:60:34:81:a6:0a:90:d3:ac:f1:8a:da:
         50:5c:18:66:3b:4c:ab:01:5f:15:f7:09:b3:22:7a:48:ee:a6:
         d8:3b:bb:39:55:d6:29:7c:f8:4e:23:cc:af:13:0f:ce:f3:6b:
         20:f6:b2:70:14:01:62:70:2c:b5:a1:58:af:59:e5:e0:33:5b:
         8c:5e:d1:0a:af:dd:cf:96:5c:92:40:51:8e:19:2f:44:75:45:
         9d:52:e6:6f:68:0e:e8:d0:24:50:01:b7:46:9a:65:c1:79:a4:
         b8:57:29:ec:77:65:14:8b:b5:29:c3:ec:95:a4:0c:68:45:fb:
         3e:57:54:bb:a1:7b:9b:11:f0:54:d2:bf:76:6d:c9:95:d4:53:
         94:16:2c:2f
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzGuTCUCPVHfIeQa6qDpRyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWM3MDJkN2I2NmMzNjZiOTFjZDJhMDgwZjk0NDM0MGNjYmU5MjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yv8dZn0R8mIrYB9DEpjHry4Ov27
DTDQeNgwSI1N6Z65KkAsHzFotq+AmmWe/JYO/gUr4g3NdByxLhZ99gpa3nluw3cp
W+4o2AfzyzxWbe5HgkLGkfmqnGskl+eJoJnjDPczZKWCC13w7YtNKnclRqG2siEa
sb/ANepO4//uEnHitkYOSCrP/imDEgjmKQaGi3sYhegKvQLBmh7Od6TI7Cj5/IgO
gDVw8WA1CBl53uq1bTAZoD0n0JrUAk7iKwOB4LilkhtpGul10LsArhmXaFYdkCXS
uvlCaRWWbbhx1BPLa9i0Sptc5VFRYyyqsWCyNRRkCnRsuuwp35iWjNmzlQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFHrHAte2bDZrkc0qCA+UQ0DMvpKCMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvZXNjQzE3WnNObXVSelNvSUQ1UkRRTXkta29JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQAUpZHMAwD
BABULB0DBABULB4DBABULCowDAMEAFQsQQMEAFQsRDANBgkqhkiG9w0BAQsFAAOC
AQEAa1N3yHLiiRwM51mKaYKFjn26o5JXYFPMvRy3Qq81X7OftzYc/r6i5abDlpfI
P6N5dgCvlsGPmp14izrRSMtLYCMMR7YyypJSjfWtm2RVTS72fpXk+FnpTYSGJq1n
REAZxDOkSH6zSSjeYcqv/y58zyicMGA0gaYKkNOs8YraUFwYZjtMqwFfFfcJsyJ6
SO6m2Du7OVXWKXz4TiPMrxMPzvNrIPaycBQBYnAstaFYr1nl4DNbjF7RCq/dz5Zc
kkBRjhkvRHVFnVLmb2gO6NAkUAG3RpplwXmkuFcp7HdlFIu1KcPslaQMaEX7PldU
u6F7mxHwVNK/dm3JldRTlBYsLw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:38:59 2024 by rpki-client on console-fra.rpki-client.org