Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/dgHUDX0P7LU7epPxRn49BoZ8gWk.roa
File:                     dgHUDX0P7LU7epPxRn49BoZ8gWk.roa (raw, json)
Hash identifier:          V93hOl9Aw72rwXh6GiJvKTKjgf8ITqgKqTtgrQKvHlY=
Subject key identifier:   76:01:D4:0D:7D:0F:EC:B5:3B:7A:93:F1:46:7E:3D:06:86:7C:81:69
Certificate issuer:       /CN=708612e8703a660889ca0f457cf1b4d8a0d53b4d
Certificate serial:       018CC5DC1DA47D1E5C99F482E336A83B6D11
Authority key identifier: 70:86:12:E8:70:3A:66:08:89:CA:0F:45:7C:F1:B4:D8:A0:D5:3B:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cIYS6HA6ZgiJyg9FfPG02KDVO00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/dgHUDX0P7LU7epPxRn49BoZ8gWk.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8211
IP address blocks:        145.72.108.0/23 maxlen: 23
                          145.72.108.0/22 maxlen: 22
                          145.72.110.0/23 maxlen: 23
                          145.72.120.0/21 maxlen: 21
                          145.72.124.0/22 maxlen: 22
                          145.72.120.0/22 maxlen: 22
                          145.72.94.0/23 maxlen: 23
                          145.72.94.0/24 maxlen: 24
                          145.72.95.0/24 maxlen: 24
                          145.72.96.0/23 maxlen: 23
                          145.72.96.0/22 maxlen: 22
                          145.72.98.0/23 maxlen: 23
                          145.72.100.0/22 maxlen: 22
                          2a02:cc4:2100::/41 maxlen: 41
                          2a02:cc4:2f00::/41 maxlen: 41
                          2a02:cc4:2f00::/42 maxlen: 42
                          2a02:cc4:2f40::/42 maxlen: 42
                          2a02:cc4:2f0::/45 maxlen: 45
                          2a02:cc4:2f0::/44 maxlen: 44
                          2a02:cc4:210::/44 maxlen: 44
                          2a02:cc4:2f8::/45 maxlen: 45

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/cIYS6HA6ZgiJyg9FfPG02KDVO00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/cIYS6HA6ZgiJyg9FfPG02KDVO00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cIYS6HA6ZgiJyg9FfPG02KDVO00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 22:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1d:a4:7d:1e:5c:99:f4:82:e3:36:a8:3b:6d:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=708612e8703a660889ca0f457cf1b4d8a0d53b4d
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7601d40d7d0fecb53b7a93f1467e3d06867c8169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d2:e0:4a:55:63:97:39:2b:59:3c:73:cc:7a:
                    02:42:3a:b0:c7:64:d5:ae:ae:ce:23:e1:b8:d0:fd:
                    92:83:e9:7b:9f:7d:eb:3f:4d:a0:c0:87:3f:e1:b1:
                    f4:99:91:06:86:8c:f8:17:09:b2:66:c9:8f:e5:08:
                    e3:ee:9b:5f:d8:ea:08:f8:1d:90:38:96:78:24:ad:
                    cc:96:10:e1:90:7d:23:82:f5:92:9d:57:bf:64:12:
                    24:77:87:d8:37:2d:d6:24:f8:65:3d:0b:1b:f1:f7:
                    19:d3:01:fe:40:ab:45:ad:79:04:5c:b2:2b:60:54:
                    38:0b:db:8e:f9:83:5a:8b:ca:81:61:8b:f9:2e:73:
                    5d:f0:48:a3:b8:6a:5d:39:2e:5e:c8:95:42:78:c2:
                    35:4c:05:8d:e5:4e:a0:90:30:12:88:02:6c:ac:5d:
                    f2:b3:68:d1:07:04:02:28:5b:48:85:e0:c7:58:80:
                    b6:17:98:0f:e7:e3:70:5c:52:3e:ab:81:ad:67:2a:
                    c8:d7:aa:e5:8d:66:4b:74:f8:ec:40:4d:03:9d:d4:
                    db:ca:b4:e6:4f:e2:29:1d:8c:39:32:f6:af:e6:a4:
                    6f:10:17:bb:37:2b:29:3a:14:3f:69:19:c6:ac:a0:
                    d9:44:8b:91:83:d8:7e:84:40:30:76:c8:6c:71:5c:
                    16:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:01:D4:0D:7D:0F:EC:B5:3B:7A:93:F1:46:7E:3D:06:86:7C:81:69
            X509v3 Authority Key Identifier:
                keyid:70:86:12:E8:70:3A:66:08:89:CA:0F:45:7C:F1:B4:D8:A0:D5:3B:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cIYS6HA6ZgiJyg9FfPG02KDVO00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/dgHUDX0P7LU7epPxRn49BoZ8gWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/22b0fe-9dc8-4bef-a299-30097a246a9c/1/cIYS6HA6ZgiJyg9FfPG02KDVO00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.72.94.0-145.72.103.255
                  145.72.108.0/22
                  145.72.120.0/21
                IPv6:
                  2a02:cc4:210::/44
                  2a02:cc4:2f0::/44
                  2a02:cc4:2100::/41
                  2a02:cc4:2f00::/41

    Signature Algorithm: sha256WithRSAEncryption
         57:a6:6c:1e:f3:11:89:1d:a9:09:c3:25:3b:ed:16:8b:90:12:
         15:77:e5:70:d0:c6:b8:d1:ce:26:d1:8a:1a:af:d0:22:dd:94:
         5e:4d:dd:55:23:3c:cd:f7:de:af:e2:de:73:b4:b7:d9:de:cd:
         50:20:c9:7a:9e:8e:94:cd:f9:83:c4:ff:b4:82:71:b0:d7:eb:
         36:70:ce:d0:83:43:3f:ff:4f:d5:15:c0:b8:6c:ac:62:87:90:
         00:0c:52:5d:6e:14:31:9e:ab:64:a2:04:39:82:d4:92:be:4d:
         6b:ce:d8:03:6d:a1:a1:27:a6:53:41:dc:6d:92:13:e9:3f:be:
         03:57:3a:39:34:44:80:09:6b:6d:ae:71:bd:aa:ed:04:ef:78:
         de:84:3b:33:76:0c:1b:bc:9d:44:17:2e:a4:fe:ac:1e:10:79:
         57:44:b2:bf:07:c4:80:3d:1b:39:3d:e5:b6:e3:91:1f:4c:56:
         e9:cf:02:93:c2:70:65:8d:fa:68:5c:db:2d:bc:0d:bc:e0:a3:
         8f:d5:42:ea:d0:27:91:ab:12:b1:8a:9f:df:53:70:61:d1:3d:
         26:c5:92:5a:62:ff:45:47:20:75:fc:89:54:6f:1d:62:d2:4c:
         93:68:0a:68:01:ed:30:7b:3b:14:83:0b:49:fa:a8:3a:9e:f4:
         31:8d:5d:73
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzF3B2kfR5cmfSC4zaoO20RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwODYxMmU4NzAzYTY2MDg4OWNhMGY0NTdjZjFiNGQ4YTBk
NTNiNGQwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjAxZDQwZDdkMGZlY2I1M2I3YTkzZjE0NjdlM2QwNjg2N2M4MTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdLgSlVjlzkrWTxzzHoCQjqwx2TV
rq7OI+G40P2Sg+l7n33rP02gwIc/4bH0mZEGhoz4FwmyZsmP5Qjj7ptf2OoI+B2Q
OJZ4JK3MlhDhkH0jgvWSnVe/ZBIkd4fYNy3WJPhlPQsb8fcZ0wH+QKtFrXkEXLIr
YFQ4C9uO+YNai8qBYYv5LnNd8EijuGpdOS5eyJVCeMI1TAWN5U6gkDASiAJsrF3y
s2jRBwQCKFtIheDHWIC2F5gP5+NwXFI+q4GtZyrI16rljWZLdPjsQE0DndTbyrTm
T+IpHYw5Mvav5qRvEBe7NyspOhQ/aRnGrKDZRIuRg9h+hEAwdshscVwWYQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHYB1A19D+y1O3qT8UZ+PQaGfIFpMB8GA1UdIwQY
MBaAFHCGEuhwOmYIicoPRXzxtNig1TtNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0lZUzZIQTZaZ2lKeWc5RmZQRzAyS0RWTzAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yMmIwZmUtOWRjOC00YmVmLWEyOTkt
MzAwOTdhMjQ2YTljLzEvZGdIVURYMFA3TFU3ZXBQeFJuNDlCb1o4Z1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yMmIwZmUtOWRjOC00YmVmLWEyOTktMzAwOTdhMjQ2YTlj
LzEvY0lZUzZIQTZaZ2lKeWc5RmZQRzAyS0RWTzAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAgBAIAATAaMAwDBAGRSF4D
BAORSGADBAKRSGwDBAORSHgwKgQCAAIwJAMHBCoCDMQCEAMHBCoCDMQC8AMHByoC
DMQhAAMHByoCDMQvADANBgkqhkiG9w0BAQsFAAOCAQEAV6ZsHvMRiR2pCcMlO+0W
i5ASFXflcNDGuNHOJtGKGq/QIt2UXk3dVSM8zffer+Lec7S32d7NUCDJep6OlM35
g8T/tIJxsNfrNnDO0INDP/9P1RXAuGysYoeQAAxSXW4UMZ6rZKIEOYLUkr5Na87Y
A22hoSemU0HcbZIT6T++A1c6OTREgAlrba5xvartBO943oQ7M3YMG7ydRBcupP6s
HhB5V0SyvwfEgD0bOT3ltuORH0xW6c8Ck8JwZY36aFzbLbwNvOCjj9VC6tAnkasS
sYqf31NwYdE9JsWSWmL/RUcgdfyJVG8dYtJMk2gKaAHtMHs7FIMLSfqoOp70MY1d
cw==
-----END CERTIFICATE-----
Generated at Mon Jun 17 05:58:53 2024 by rpki-client on console-ams.rpki-client.org