Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/xsJlEyaPNs8DBIsR2PCWkq8hmok.roa
File:                     xsJlEyaPNs8DBIsR2PCWkq8hmok.roa (raw, json)
Hash identifier:          E0hSFc6oR2RJfUFtGNwEU2SBNDV/z/OssT73GpbZax4=
Subject key identifier:   C6:C2:65:13:26:8F:36:CF:03:04:8B:11:D8:F0:96:92:AF:21:9A:89
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649EC3C6FCDFE9B86F628053FB50322
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/xsJlEyaPNs8DBIsR2PCWkq8hmok.roa
Signing time:             Mon 01 Jan 2024 18:29:42 +0000
ROA not before:           Mon 01 Jan 2024 18:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202209
IP address blocks:        82.103.93.0/24 maxlen: 24
                          62.204.129.0/24 maxlen: 24
                          212.91.177.0/24 maxlen: 24
                          217.79.33.0/24 maxlen: 24
                          85.118.85.0/24 maxlen: 24
                          85.118.86.0/24 maxlen: 24
                          82.103.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ec:3c:6f:cd:fe:9b:86:f6:28:05:3f:b5:03:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6c26513268f36cf03048b11d8f09692af219a89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ce:ca:27:0a:f5:99:e2:35:21:6d:44:6d:bf:
                    58:ef:a6:4c:ce:04:7f:1a:1e:32:27:8c:ad:e0:bf:
                    7f:f8:a6:00:46:3e:1c:37:15:0d:d5:da:62:fe:dd:
                    dc:35:02:5d:fb:77:af:53:bd:37:7e:69:21:12:cc:
                    59:e5:f9:28:9f:08:ef:56:4f:3c:a3:da:77:e8:e8:
                    ed:82:c6:c0:bf:ae:7d:d6:4f:09:9a:88:78:39:fb:
                    9f:4b:5e:f6:44:92:a3:1b:19:b8:43:c3:75:e3:f5:
                    22:fc:a7:e1:71:60:b1:be:19:89:92:05:f5:41:6b:
                    5f:35:61:fe:cd:55:0b:e0:29:45:06:c1:04:47:b7:
                    64:b5:68:97:d5:4f:03:7a:ff:8d:8f:2f:98:15:44:
                    02:04:7f:96:6d:c5:78:45:be:42:03:1a:09:c1:c5:
                    54:97:2d:25:71:9f:3c:c2:24:a3:9c:58:67:14:7d:
                    d9:87:80:77:ce:c7:e0:0b:16:96:0d:99:03:61:fc:
                    0b:cf:ac:fb:c6:d3:2f:37:6e:0e:06:c7:f8:90:43:
                    2b:e8:82:5a:6d:fa:7a:b1:40:13:83:88:00:4c:8f:
                    d9:07:a0:6b:11:63:d0:98:9a:d8:03:5f:00:f7:63:
                    7e:a3:45:1a:78:9d:30:d0:ee:33:28:77:a2:d2:39:
                    df:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:C2:65:13:26:8F:36:CF:03:04:8B:11:D8:F0:96:92:AF:21:9A:89
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/xsJlEyaPNs8DBIsR2PCWkq8hmok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.129.0/24
                  82.103.82.0/24
                  82.103.93.0/24
                  85.118.85.0-85.118.86.255
                  212.91.177.0/24
                  217.79.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:a8:f1:ef:8e:cc:00:f1:0a:f4:c2:f1:cb:26:82:cc:cb:d1:
         ab:db:cf:5b:20:b2:c0:9c:02:09:66:4f:3a:53:84:93:68:05:
         48:3c:ae:f7:cc:fc:6e:31:0b:70:7e:63:74:10:db:55:50:9b:
         8f:6e:20:86:08:7e:65:ad:e3:84:a9:90:6c:73:82:b9:11:89:
         a0:1a:7c:ab:19:39:b4:93:c8:00:b6:68:7c:a6:6b:1b:41:74:
         56:e1:ec:55:5c:9f:d2:65:59:8e:d0:0a:1a:f4:e7:0b:1c:ed:
         ad:70:d9:1b:5c:e5:37:e8:2f:27:54:f5:3b:5c:d4:f6:e4:3c:
         71:f4:0e:31:e9:f9:2b:e7:3f:05:28:c2:f4:3f:71:90:58:3c:
         24:a3:65:c9:76:d6:a9:13:8b:74:e3:36:47:5b:24:48:c0:c7:
         e2:d0:e1:56:f6:69:2f:12:c4:de:9c:4d:7e:98:45:b4:52:70:
         1c:7f:29:d2:5d:84:24:b7:15:eb:43:92:9c:bd:f3:80:4b:c7:
         c9:18:be:1c:f2:c3:93:84:00:96:78:90:09:53:8e:6c:39:ff:
         f7:bd:79:f9:2b:a2:88:09:54:45:68:90:6a:85:40:f9:46:81:
         d1:10:63:ee:df:33:44:d9:ec:cf:07:53:5e:27:1b:c7:9a:a2:
         3f:de:86:1f
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYzGSew8b83+m4b2KAU/tQMiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmMyNjUxMzI2OGYzNmNmMDMwNDhiMTFkOGYwOTY5MmFmMjE5YTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqs7KJwr1meI1IW1Ebb9Y76ZMzgR/
Gh4yJ4yt4L9/+KYARj4cNxUN1dpi/t3cNQJd+3evU703fmkhEsxZ5fkonwjvVk88
o9p36OjtgsbAv6591k8Jmoh4OfufS172RJKjGxm4Q8N14/Ui/KfhcWCxvhmJkgX1
QWtfNWH+zVUL4ClFBsEER7dktWiX1U8Dev+Njy+YFUQCBH+WbcV4Rb5CAxoJwcVU
ly0lcZ88wiSjnFhnFH3Zh4B3zsfgCxaWDZkDYfwLz6z7xtMvN24OBsf4kEMr6IJa
bfp6sUATg4gATI/ZB6BrEWPQmJrYA18A92N+o0UaeJ0w0O4zKHei0jnf9wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFMbCZRMmjzbPAwSLEdjwlpKvIZqJMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEveHNKbEV5YVBOczhEQklzUjJQQ1drcThobW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAPsyBAwQA
UmdSAwQAUmddMAwDBABVdlUDBABVdlYDBADUW7EDBADZTyEwDQYJKoZIhvcNAQEL
BQADggEBAHGo8e+OzADxCvTC8csmgszL0avbz1sgssCcAglmTzpThJNoBUg8rvfM
/G4xC3B+Y3QQ21VQm49uIIYIfmWt44SpkGxzgrkRiaAafKsZObSTyAC2aHymaxtB
dFbh7FVcn9JlWY7QChr05wsc7a1w2Rtc5TfoLydU9Ttc1PbkPHH0DjHp+SvnPwUo
wvQ/cZBYPCSjZcl21qkTi3TjNkdbJEjAx+LQ4Vb2aS8SxN6cTX6YRbRScBx/KdJd
hCS3FetDkpy984BLx8kYvhzyw5OEAJZ4kAlTjmw5//e9efkroogJVEVokGqFQPlG
gdEQY+7fM0TZ7M8HU14nG8eaoj/ehh8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:39:05 2024 by rpki-client on console-fra.rpki-client.org