Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/NEuislGAKi4oJI1bfUJVtXiI9pk.roa
File:                     NEuislGAKi4oJI1bfUJVtXiI9pk.roa (raw, json)
Hash identifier:          6nW62TOpldPpDkBJK3AsPgx5YBZ+z+x9J6QoUPScX2o=
Subject key identifier:   34:4B:A2:B2:51:80:2A:2E:28:24:8D:5B:7D:42:55:B5:78:88:F6:99
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       018F2E6C90A8924C4085A986562E3033D17A
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/NEuislGAKi4oJI1bfUJVtXiI9pk.roa
Signing time:             Tue 30 Apr 2024 09:53:37 +0000
ROA not before:           Tue 30 Apr 2024 09:53:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57152
IP address blocks:        104.247.170.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          104.247.181.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.184.0/24 maxlen: 24
                          104.247.185.0/24 maxlen: 24
                          104.247.186.0/24 maxlen: 24
                          104.247.187.0/24 maxlen: 24
                          104.247.188.0/24 maxlen: 24
                          104.247.189.0/24 maxlen: 24
                          104.247.190.0/24 maxlen: 24
                          185.73.128.0/22 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2e:6c:90:a8:92:4c:40:85:a9:86:56:2e:30:33:d1:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Apr 30 09:53:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=344ba2b251802a2e28248d5b7d4255b57888f699
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:02:bf:86:f8:a7:de:a6:51:e1:70:55:fc:da:
                    f4:6c:39:20:d4:6b:42:2c:0b:75:6c:c4:9a:b1:79:
                    28:a4:31:00:b2:b3:e6:47:11:70:41:da:0c:8a:93:
                    6d:b4:79:95:4d:46:41:32:78:08:1a:92:a1:79:37:
                    30:c1:1d:20:e3:dc:95:64:be:23:91:b1:5e:d2:fe:
                    5f:1c:39:74:5b:6f:f9:b7:76:bd:b9:ab:91:35:f8:
                    3b:92:c5:d6:e1:95:b9:f4:e1:18:9f:d6:e3:c2:b6:
                    b7:05:45:88:01:50:37:3f:fa:ac:02:9f:fd:b9:35:
                    1f:79:16:d8:81:7b:42:37:6a:e1:08:7b:dd:fa:33:
                    82:13:55:8f:15:d0:6d:0e:88:11:9b:4e:f2:85:0e:
                    3a:8b:86:ec:5e:57:0b:cc:24:b5:39:59:a5:ca:b4:
                    09:6f:11:0c:12:03:7f:62:24:9f:51:1d:d0:8b:3b:
                    02:f9:c7:ba:09:ba:f2:0a:09:a7:6d:9b:e6:7a:79:
                    46:f5:31:3c:3f:87:21:c9:9f:cc:05:ac:65:81:e6:
                    e3:10:a5:53:32:08:20:58:3e:32:07:c4:cc:17:27:
                    eb:76:01:ef:a6:02:1b:a4:28:92:bb:26:89:c3:8a:
                    4c:43:49:bb:74:b9:bf:c5:e2:53:d1:ea:60:b8:3d:
                    9b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:4B:A2:B2:51:80:2A:2E:28:24:8D:5B:7D:42:55:B5:78:88:F6:99
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/NEuislGAKi4oJI1bfUJVtXiI9pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.172.255
                  104.247.174.0-104.247.182.255
                  104.247.184.0-104.247.190.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:01:0e:e1:9e:b9:ed:66:fc:d1:e7:81:9a:ee:16:9b:54:e0:
         e6:11:6b:51:1d:df:25:6c:a7:12:87:fd:5a:2f:01:7b:41:26:
         b8:29:fa:92:c7:85:9a:99:b9:f8:04:9a:1c:b6:39:7d:cb:cf:
         22:24:e8:a8:08:88:7a:e9:a5:92:34:64:c0:c0:93:32:18:4b:
         f0:e4:f1:cd:3c:f0:16:08:dc:2b:34:a1:85:ad:7b:f2:74:8d:
         bb:ca:c2:7b:b3:51:aa:e5:02:51:1f:84:52:06:9e:1d:bf:37:
         84:27:b7:20:71:e3:cf:24:49:5c:79:ed:ad:08:22:a4:03:18:
         df:f6:81:d6:4f:8d:40:8d:41:4d:af:bf:cc:69:a5:91:f4:f8:
         5d:df:35:02:22:72:8d:3e:19:16:1c:b6:8b:02:cb:fc:54:9b:
         3f:79:4e:ee:47:19:e8:a3:b1:c7:29:be:4e:f1:1a:49:bc:da:
         4d:cb:e2:56:d8:e7:27:45:ea:fd:c9:68:9d:29:3d:02:ba:af:
         43:98:c3:ca:16:91:f6:0b:93:36:cc:1c:07:1a:36:31:17:ac:
         89:81:b6:4c:4a:15:09:fe:b4:b3:1d:4e:fd:9e:40:50:79:42:
         6a:91:39:f9:49:b4:75:be:d9:e8:83:25:29:54:27:2c:47:86:
         82:e1:26:db
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAY8ubJCokkxAhamGVi4wM9F6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjQwNDMwMDk1MzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDRiYTJiMjUxODAyYTJlMjgyNDhkNWI3ZDQyNTViNTc4ODhmNjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQK/hvin3qZR4XBV/Nr0bDkg1GtC
LAt1bMSasXkopDEAsrPmRxFwQdoMipNttHmVTUZBMngIGpKheTcwwR0g49yVZL4j
kbFe0v5fHDl0W2/5t3a9uauRNfg7ksXW4ZW59OEYn9bjwra3BUWIAVA3P/qsAp/9
uTUfeRbYgXtCN2rhCHvd+jOCE1WPFdBtDogRm07yhQ46i4bsXlcLzCS1OVmlyrQJ
bxEMEgN/YiSfUR3QizsC+ce6CbryCgmnbZvmenlG9TE8P4chyZ/MBaxlgebjEKVT
MgggWD4yB8TMFyfrdgHvpgIbpCiSuyaJw4pMQ0m7dLm/xeJT0epguD2bKwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDRLorJRgCouKCSNW31CVbV4iPaZMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvTkV1aXNsR0FLaTRvSkkxYmZVSlZ0WGlJOXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2MAwDBAFo96oD
BABo96wwDAMEAWj3rgMEAGj3tjAMAwQDaPe4AwQAaPe+AwQCuUmAAwQAuYnXMA0E
AgACMAcDBQAqA6WgMA0GCSqGSIb3DQEBCwUAA4IBAQBDAQ7hnrntZvzR54Ga7hab
VODmEWtRHd8lbKcSh/1aLwF7QSa4KfqSx4Wambn4BJoctjl9y88iJOioCIh66aWS
NGTAwJMyGEvw5PHNPPAWCNwrNKGFrXvydI27ysJ7s1Gq5QJRH4RSBp4dvzeEJ7cg
cePPJElcee2tCCKkAxjf9oHWT41AjUFNr7/MaaWR9Phd3zUCInKNPhkWHLaLAsv8
VJs/eU7uRxnoo7HHKb5O8RpJvNpNy+JW2OcnRer9yWidKT0Cuq9DmMPKFpH2C5M2
zBwHGjYxF6yJgbZMShUJ/rSzHU79nkBQeUJqkTn5SbR1vtnogyUpVCcsR4aC4Sbb
-----END CERTIFICATE-----
Generated at Sun Jun 16 03:36:22 2024 by rpki-client on console-ams.rpki-client.org