Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/NTjbJlwT9RNH6SJwQnCTZPNFzPo.roa
File:                     NTjbJlwT9RNH6SJwQnCTZPNFzPo.roa (raw, json)
Hash identifier:          t0TtVS4YTCci9XxeugjviNt2TRK+eenvVdnWqZ1qtrg=
Subject key identifier:   35:38:DB:26:5C:13:F5:13:47:E9:22:70:42:70:93:64:F3:45:CC:FA
Certificate issuer:       /CN=fdd2b36206439bbce15b363f09eeff1d738cecc7
Certificate serial:       018CC26CFC354DB4FB27BE260435B2ADB0FF
Authority key identifier: FD:D2:B3:62:06:43:9B:BC:E1:5B:36:3F:09:EE:FF:1D:73:8C:EC:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/NTjbJlwT9RNH6SJwQnCTZPNFzPo.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25249
IP address blocks:        94.100.224.0/21 maxlen: 21
                          94.100.224.0/20 maxlen: 20
                          94.100.224.0/24 maxlen: 24
                          94.100.229.0/24 maxlen: 24
                          94.100.231.0/24 maxlen: 24
                          94.100.232.0/21 maxlen: 21
                          94.100.237.0/24 maxlen: 24
                          94.100.238.0/24 maxlen: 24
                          94.100.234.0/24 maxlen: 24
                          94.100.235.0/24 maxlen: 24
                          185.115.4.0/22 maxlen: 22
                          81.95.160.0/20 maxlen: 20
                          81.95.160.0/21 maxlen: 21
                          81.95.160.0/24 maxlen: 24
                          185.115.5.0/24 maxlen: 24
                          185.115.6.0/24 maxlen: 24
                          185.115.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 04:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fc:35:4d:b4:fb:27:be:26:04:35:b2:ad:b0:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd2b36206439bbce15b363f09eeff1d738cecc7
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3538db265c13f51347e9227042709364f345ccfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3c:47:45:1c:bc:a3:2f:86:10:66:67:f1:7d:
                    ec:01:9b:c5:e0:72:f5:76:bd:93:ac:04:c5:b9:fb:
                    6b:d8:62:a0:de:60:2d:05:c5:23:2e:3d:5c:92:c7:
                    d1:30:ff:20:b0:29:cf:37:b4:20:3d:5c:54:37:9b:
                    b8:e5:51:2b:18:d1:cc:85:c0:de:00:8d:92:93:ae:
                    b3:ba:c2:0d:c2:2e:b4:8f:0f:83:64:06:3b:e3:85:
                    6d:68:b4:8d:6a:77:17:e7:29:13:d2:88:f5:4c:ec:
                    5c:06:02:de:89:65:81:cd:d4:cc:71:8b:31:2b:ed:
                    8c:e6:74:52:1f:31:a0:8d:92:75:7f:22:c0:60:6a:
                    32:f0:0f:cb:c9:e7:fd:d6:d0:f1:8b:40:1d:76:e9:
                    9e:89:df:ba:e6:12:68:e1:5d:be:e1:19:41:2b:07:
                    e8:9c:a8:19:d9:2d:97:6b:6f:c2:30:d8:b9:8d:7b:
                    7d:9e:46:f2:0f:db:8c:c2:80:1b:c0:9b:44:8a:36:
                    3a:99:74:4f:a8:57:5e:47:07:6b:b7:27:32:64:d7:
                    fe:ff:ae:65:0c:fa:d3:2a:70:74:e2:7b:02:c8:3e:
                    51:6d:2d:c4:52:1a:dc:dc:34:7b:ac:3c:33:8e:96:
                    0a:30:7f:91:6c:3b:ad:9b:0d:cd:dc:0d:4a:21:00:
                    2b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:38:DB:26:5C:13:F5:13:47:E9:22:70:42:70:93:64:F3:45:CC:FA
            X509v3 Authority Key Identifier:
                keyid:FD:D2:B3:62:06:43:9B:BC:E1:5B:36:3F:09:EE:FF:1D:73:8C:EC:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/NTjbJlwT9RNH6SJwQnCTZPNFzPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/62b909-1e3e-4a1b-9e24-b01e0297b070/1/_dKzYgZDm7zhWzY_Ce7_HXOM7Mc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.95.160.0/20
                  94.100.224.0/20
                  185.115.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:72:46:ac:8f:4b:f0:73:dd:1b:41:52:ca:b5:eb:9b:2c:2d:
         3d:a3:62:ec:16:69:21:08:8a:03:a1:56:82:80:8c:3a:63:a8:
         16:8d:36:c0:58:bd:0e:b6:f5:41:3a:e5:1f:bf:5f:04:85:95:
         f1:e6:25:7a:b8:8f:f0:4f:3c:73:6a:4a:ff:d8:68:21:58:76:
         54:e2:14:00:73:49:e1:59:14:ca:e2:8d:88:ba:09:67:d1:08:
         db:b4:1c:b5:6d:47:8e:42:60:18:de:68:1d:4f:30:1f:69:0a:
         e1:37:e6:5f:16:35:4e:c3:f5:27:13:3b:1a:a5:96:3e:23:ab:
         75:c4:7c:80:5f:e5:8b:f4:67:59:fd:53:d5:4e:43:b8:2b:ef:
         1b:ec:48:d2:b0:36:df:69:05:8e:4a:10:a0:60:24:65:ab:37:
         3d:d9:76:13:a1:e2:cb:c3:1a:12:d8:91:7b:09:cd:3a:35:c7:
         6d:36:8a:83:c5:bb:3f:af:9c:c1:95:6f:fc:ef:84:20:2a:91:
         f2:dd:ca:58:19:4d:7b:34:9b:ef:99:33:92:db:77:2c:ff:bf:
         76:53:2a:8a:7f:83:55:6b:4b:d2:13:ab:41:f2:90:44:3d:f7:
         97:37:21:64:3e:eb:b9:ff:2e:e7:a3:59:41:0e:b2:b2:ba:5f:
         62:0a:e7:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbPw1TbT7J74mBDWyrbD/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDJiMzYyMDY0MzliYmNlMTViMzYzZjA5ZWVmZjFkNzM4
Y2VjYzcwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTM4ZGIyNjVjMTNmNTEzNDdlOTIyNzA0MjcwOTM2NGYzNDVjY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDxHRRy8oy+GEGZn8X3sAZvF4HL1
dr2TrATFuftr2GKg3mAtBcUjLj1cksfRMP8gsCnPN7QgPVxUN5u45VErGNHMhcDe
AI2Sk66zusINwi60jw+DZAY744VtaLSNancX5ykT0oj1TOxcBgLeiWWBzdTMcYsx
K+2M5nRSHzGgjZJ1fyLAYGoy8A/Lyef91tDxi0Addumeid+65hJo4V2+4RlBKwfo
nKgZ2S2Xa2/CMNi5jXt9nkbyD9uMwoAbwJtEijY6mXRPqFdeRwdrtycyZNf+/65l
DPrTKnB04nsCyD5RbS3EUhrc3DR7rDwzjpYKMH+RbDutmw3N3A1KIQArpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDU42yZcE/UTR+kicEJwk2TzRcz6MB8GA1UdIwQY
MBaAFP3Ss2IGQ5u84Vs2Pwnu/x1zjOzHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RLellnWkRtN3poV3pZX0NlN19IWE9NN01jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS82MmI5MDktMWUzZS00YTFiLTllMjQt
YjAxZTAyOTdiMDcwLzEvTlRqYkpsd1Q5Uk5INlNKd1FuQ1RaUE5GelBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS82MmI5MDktMWUzZS00YTFiLTllMjQtYjAxZTAyOTdiMDcw
LzEvX2RLellnWkRtN3poV3pZX0NlN19IWE9NN01jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEUV+gAwQE
XmTgAwQCuXMEMA0GCSqGSIb3DQEBCwUAA4IBAQASckasj0vwc90bQVLKteubLC09
o2LsFmkhCIoDoVaCgIw6Y6gWjTbAWL0OtvVBOuUfv18EhZXx5iV6uI/wTzxzakr/
2GghWHZU4hQAc0nhWRTK4o2Iugln0QjbtBy1bUeOQmAY3mgdTzAfaQrhN+ZfFjVO
w/UnEzsapZY+I6t1xHyAX+WL9GdZ/VPVTkO4K+8b7EjSsDbfaQWOShCgYCRlqzc9
2XYToeLLwxoS2JF7Cc06NcdtNoqDxbs/r5zBlW/874QgKpHy3cpYGU17NJvvmTOS
23cs/792UyqKf4NVa0vSE6tB8pBEPfeXNyFkPuu5/y7no1lBDrKyul9iCucc
-----END CERTIFICATE-----
Generated at Sun Jun 16 10:59:38 2024 by rpki-client on console-fra.rpki-client.org