Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/Hda5fzDtekyqYzvl-Gphd16Qg3I.roa
File:                     Hda5fzDtekyqYzvl-Gphd16Qg3I.roa (raw, json)
Hash identifier:          /jrseR1poUz8GFcuLczVWILtGEo8Ff2jthoFqBO2cyc=
Subject key identifier:   1D:D6:B9:7F:30:ED:7A:4C:AA:63:3B:E5:F8:6A:61:77:5E:90:83:72
Certificate issuer:       /CN=fdd2b36206439bbce15b363f09eeff1d738cecc7
Certificate serial:       018D7D56C6B5B9FD4C476ED3574569BD0CCB
Authority key identifier: FD:D2:B3:62:06:43:9B:BC:E1:5B:36:3F:09:EE:FF:1D:73:8C:EC:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/Hda5fzDtekyqYzvl-Gphd16Qg3I.roa
Signing time:             Tue 06 Feb 2024 07:34:15 +0000
ROA not before:           Tue 06 Feb 2024 07:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16010
IP address blocks:        5.178.128.0/17 maxlen: 24
                          46.49.0.0/17 maxlen: 24
                          62.168.160.0/19 maxlen: 24
                          77.74.40.0/21 maxlen: 21
                          80.241.240.0/22 maxlen: 22
                          80.241.248.0/22 maxlen: 22
                          80.241.253.0/24 maxlen: 24
                          80.241.254.0/23 maxlen: 23
                          82.211.128.0/18 maxlen: 19
                          85.114.224.0/19 maxlen: 24
                          89.232.32.0/19 maxlen: 24
                          93.177.128.0/18 maxlen: 24
                          94.137.160.0/19 maxlen: 24
                          94.240.192.0/18 maxlen: 24
                          95.104.0.0/17 maxlen: 24
                          109.172.128.0/17 maxlen: 24
                          134.19.224.0/19 maxlen: 24
                          185.115.4.0/22 maxlen: 22
                          185.115.4.0/24 maxlen: 24
                          188.121.192.0/19 maxlen: 24
                          188.129.128.0/17 maxlen: 18
                          212.58.96.0/19 maxlen: 24
                          212.72.128.0/23 maxlen: 24
                          212.72.131.0/24 maxlen: 24
                          212.72.132.0/22 maxlen: 22
                          212.72.136.0/21 maxlen: 24
                          212.72.144.0/21 maxlen: 21
                          212.72.152.0/23 maxlen: 23
                          212.72.154.0/24 maxlen: 24
                          212.72.156.0/22 maxlen: 22
                          213.157.192.0/19 maxlen: 24
                          213.200.0.0/19 maxlen: 24
                          2a0b:6200::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:56:c6:b5:b9:fd:4c:47:6e:d3:57:45:69:bd:0c:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd2b36206439bbce15b363f09eeff1d738cecc7
        Validity
            Not Before: Feb  6 07:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dd6b97f30ed7a4caa633be5f86a61775e908372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2b:0d:d9:c9:3a:39:72:30:b6:fd:b1:44:8d:
                    52:ed:72:74:70:c9:c9:40:fd:d1:88:ca:f2:a7:e5:
                    0f:97:c2:30:81:5a:a3:cd:05:b9:82:2c:21:ec:08:
                    2d:d3:3d:09:73:6a:94:07:68:b9:fa:6d:b6:c7:70:
                    e4:4c:90:02:b3:d0:23:dd:01:77:bb:24:55:cd:2d:
                    5d:95:95:10:85:0f:d1:75:df:f3:c1:8c:93:60:89:
                    28:73:ae:e1:dc:de:b8:a3:34:d4:b8:a8:61:92:c5:
                    fe:9f:2b:87:77:ff:a1:29:a1:1e:93:48:9b:be:82:
                    8c:db:87:91:ed:f2:b4:19:f7:85:35:fe:29:fc:8b:
                    15:d8:ec:72:9e:c7:e7:7b:fe:eb:93:2e:39:ff:c4:
                    0a:9c:04:21:76:e4:ea:56:b4:5e:61:44:2d:69:d8:
                    40:f7:ea:52:ea:dd:a9:4b:6e:91:f4:8e:cd:2b:8c:
                    f3:a7:77:e8:97:83:d9:6c:4f:27:d8:6a:c7:ab:e4:
                    a0:bb:ba:7b:ad:01:ae:8d:36:80:82:50:41:54:54:
                    5a:6a:43:1d:e8:ab:15:64:b2:8f:83:6e:1b:6a:9b:
                    8c:1d:15:c7:3d:d8:55:0a:71:87:ac:92:2a:c1:eb:
                    45:2e:d5:2b:d6:f3:19:81:c8:2b:ff:2d:fc:1c:38:
                    76:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D6:B9:7F:30:ED:7A:4C:AA:63:3B:E5:F8:6A:61:77:5E:90:83:72
            X509v3 Authority Key Identifier:
                keyid:FD:D2:B3:62:06:43:9B:BC:E1:5B:36:3F:09:EE:FF:1D:73:8C:EC:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/Hda5fzDtekyqYzvl-Gphd16Qg3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.128.0/17
                  46.49.0.0/17
                  62.168.160.0/19
                  77.74.40.0/21
                  80.241.240.0/22
                  80.241.248.0/22
                  80.241.253.0-80.241.255.255
                  82.211.128.0/18
                  85.114.224.0/19
                  89.232.32.0/19
                  93.177.128.0/18
                  94.137.160.0/19
                  94.240.192.0/18
                  95.104.0.0/17
                  109.172.128.0/17
                  134.19.224.0/19
                  185.115.4.0/22
                  188.121.192.0/19
                  188.129.128.0/17
                  212.58.96.0/19
                  212.72.128.0/23
                  212.72.131.0-212.72.154.255
                  212.72.156.0/22
                  213.157.192.0/19
                  213.200.0.0/19
                IPv6:
                  2a0b:6200::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:3c:91:08:3b:29:13:af:12:46:c4:c0:86:08:ef:81:1c:18:
         69:1d:9f:94:9e:cb:29:35:81:6c:d2:f3:48:d3:7f:8b:dc:c6:
         b1:d3:c5:a6:2a:c8:13:2a:db:e2:39:58:f1:e6:fc:68:d2:af:
         51:63:da:24:a0:5f:17:c1:f1:5e:9f:d3:f5:a3:d8:27:2d:bd:
         ff:7f:3d:58:cb:3c:4e:88:07:84:ee:2c:48:20:9e:90:d7:5e:
         24:a3:fa:5a:3d:d0:f0:8d:74:cf:90:f3:bd:fc:23:3e:6e:7c:
         74:04:19:ad:e0:51:12:89:8e:86:67:d6:2d:d5:d4:0c:ed:0d:
         ea:6e:f0:05:b5:12:b9:b5:c9:60:c6:6e:cd:e8:4d:67:11:a2:
         1d:71:57:93:e8:bc:76:4e:66:6a:03:ed:be:55:9e:3a:1c:77:
         04:4c:6e:18:cf:6a:08:80:a8:27:27:5c:44:b4:f2:7d:d8:08:
         f9:a5:9a:67:84:58:29:db:98:ac:0d:09:69:73:93:af:c0:a6:
         6f:6e:a2:bc:93:ab:12:63:ce:ab:62:dc:f9:8a:d4:a9:1b:32:
         7e:70:f2:27:f0:ae:c8:4f:95:89:e0:f9:35:2d:e5:bc:31:84:
         bc:9b:ed:14:bd:06:5c:af:eb:34:71:68:93:9c:3d:2a:29:3e:
         ee:e7:84:58
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgISAY19Vsa1uf1MR27TV0VpvQzLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDJiMzYyMDY0MzliYmNlMTViMzYzZjA5ZWVmZjFkNzM4
Y2VjYzcwHhcNMjQwMjA2MDczNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQ2Yjk3ZjMwZWQ3YTRjYWE2MzNiZTVmODZhNjE3NzVlOTA4MzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoysN2ck6OXIwtv2xRI1S7XJ0cMnJ
QP3RiMryp+UPl8IwgVqjzQW5giwh7Agt0z0Jc2qUB2i5+m22x3DkTJACs9Aj3QF3
uyRVzS1dlZUQhQ/Rdd/zwYyTYIkoc67h3N64ozTUuKhhksX+nyuHd/+hKaEek0ib
voKM24eR7fK0GfeFNf4p/IsV2Oxynsfne/7rky45/8QKnAQhduTqVrReYUQtadhA
9+pS6t2pS26R9I7NK4zzp3fol4PZbE8n2GrHq+Sgu7p7rQGujTaAglBBVFRaakMd
6KsVZLKPg24bapuMHRXHPdhVCnGHrJIqwetFLtUr1vMZgcgr/y38HDh21wIDAQAB
o4ICvDCCArgwHQYDVR0OBBYEFB3WuX8w7XpMqmM75fhqYXdekINyMB8GA1UdIwQY
MBaAFP3Ss2IGQ5u84Vs2Pwnu/x1zjOzHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RLellnWkRtN3poV3pZX0NlN19IWE9NN01jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS82MmI5MDktMWUzZS00YTFiLTllMjQt
YjAxZTAyOTdiMDcwLzEvSGRhNWZ6RHRla3lxWXp2bC1HcGhkMTZRZzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS82MmI5MDktMWUzZS00YTFiLTllMjQtYjAxZTAyOTdiMDcw
LzEvX2RLellnWkRtN3poV3pZX0NlN19IWE9NN01jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHRBggrBgEFBQcBBwEB/wSBwTCBvjCBrAQCAAEwgaUDBAcF
soADBAcuMQADBAU+qKADBANNSigDBAJQ8fADBAJQ8fgwCwMEAFDx/QMDAVDwAwQG
UtOAAwQFVXLgAwQFWeggAwQGXbGAAwQFXomgAwQGXvDAAwQHX2gAAwQHbayAAwQF
hhPgAwQCuXMEAwQFvHnAAwQHvIGAAwQF1DpgAwQB1EiAMAwDBADUSIMDBADUSJoD
BALUSJwDBAXVncADBAXVyAAwDQQCAAIwBwMFAyoLYgAwDQYJKoZIhvcNAQELBQAD
ggEBAIo8kQg7KROvEkbEwIYI74EcGGkdn5Seyyk1gWzS80jTf4vcxrHTxaYqyBMq
2+I5WPHm/GjSr1Fj2iSgXxfB8V6f0/Wj2Cctvf9/PVjLPE6IB4TuLEggnpDXXiSj
+lo90PCNdM+Q8738Iz5ufHQEGa3gURKJjoZn1i3V1AztDepu8AW1Erm1yWDGbs3o
TWcRoh1xV5PovHZOZmoD7b5VnjocdwRMbhjPagiAqCcnXES08n3YCPmlmmeEWCnb
mKwNCWlzk6/Apm9uoryTqxJjzqti3PmK1KkbMn5w8ifwrshPlYng+TUt5bwxhLyb
7RS9Blyv6zRxaJOcPSopPu7nhFg=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:51:34 2024 by rpki-client on console-fra.rpki-client.org