Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/UOaogj34cmZGe8Y0_eCCF00NfBQ.roa
File:                     UOaogj34cmZGe8Y0_eCCF00NfBQ.roa (raw, json)
Hash identifier:          g6xRVJRa2Cc/f3C1Krl5SKQG40ohwUHFnEz8v4ULSbA=
Subject key identifier:   50:E6:A8:82:3D:F8:72:66:46:7B:C6:34:FD:E0:82:17:4D:0D:7C:14
Certificate issuer:       /CN=1d0672c99f87f05cd83f0b627d31871fe80be01f
Certificate serial:       018CC6B916D401D650B7282E5FEEA16FFB8B
Authority key identifier: 1D:06:72:C9:9F:87:F0:5C:D8:3F:0B:62:7D:31:87:1F:E8:0B:E0:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQZyyZ-H8FzYPwtifTGHH-gL4B8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/UOaogj34cmZGe8Y0_eCCF00NfBQ.roa
Signing time:             Mon 01 Jan 2024 20:31:07 +0000
ROA not before:           Mon 01 Jan 2024 20:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28919
IP address blocks:        94.24.56.0/21 maxlen: 24
                          185.164.112.0/22 maxlen: 24
                          89.41.128.0/21 maxlen: 24
                          77.223.0.0/22 maxlen: 24
                          86.111.56.0/22 maxlen: 24
                          185.66.48.0/22 maxlen: 24
                          80.93.32.0/20 maxlen: 24
                          213.182.224.0/19 maxlen: 24
                          185.163.144.0/22 maxlen: 24
                          2a03:c680::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/HQZyyZ-H8FzYPwtifTGHH-gL4B8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/HQZyyZ-H8FzYPwtifTGHH-gL4B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQZyyZ-H8FzYPwtifTGHH-gL4B8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:16:d4:01:d6:50:b7:28:2e:5f:ee:a1:6f:fb:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0672c99f87f05cd83f0b627d31871fe80be01f
        Validity
            Not Before: Jan  1 20:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50e6a8823df87266467bc634fde082174d0d7c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:11:b6:9a:6d:d4:7a:e9:86:47:73:3b:9c:81:
                    5c:b4:2f:05:93:e5:c5:e1:2f:4a:03:3b:a2:89:38:
                    2c:54:4b:09:16:e5:f6:e8:35:ae:05:43:5c:e4:91:
                    fd:a3:fa:a2:5d:04:87:d1:fd:d3:41:77:2c:4c:ae:
                    b7:89:b5:b6:18:a8:38:cb:08:40:e9:6c:f2:34:9c:
                    67:c0:98:e3:1f:32:dd:8f:c1:f5:e0:d1:bf:a0:d7:
                    86:9d:88:43:58:eb:99:37:f2:05:93:b6:98:55:de:
                    f3:66:71:b8:08:8d:b1:1d:14:05:2f:f4:1b:07:d5:
                    8b:83:d8:b0:4f:d2:52:08:39:d7:5d:77:8f:b5:bb:
                    76:2e:55:ce:82:5f:f4:56:53:a3:87:19:12:0a:d7:
                    42:f4:a1:06:0d:9a:26:e3:72:30:be:92:3c:8b:2c:
                    b4:f0:03:c3:5e:30:39:63:a9:15:9f:31:87:84:91:
                    41:98:c6:ef:ae:c3:6a:86:22:c8:1e:4f:bb:98:e5:
                    08:08:69:3c:f3:4c:62:36:43:f6:0b:d4:b9:fb:60:
                    8c:8e:56:db:65:b8:0d:a7:ca:3a:8e:f0:d9:fa:83:
                    a8:57:f9:5b:bb:c4:bf:f2:22:24:ea:10:4e:da:fe:
                    8b:30:8f:c2:0c:0e:c7:52:75:ce:55:de:5c:80:e4:
                    55:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E6:A8:82:3D:F8:72:66:46:7B:C6:34:FD:E0:82:17:4D:0D:7C:14
            X509v3 Authority Key Identifier:
                keyid:1D:06:72:C9:9F:87:F0:5C:D8:3F:0B:62:7D:31:87:1F:E8:0B:E0:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQZyyZ-H8FzYPwtifTGHH-gL4B8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/UOaogj34cmZGe8Y0_eCCF00NfBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/HQZyyZ-H8FzYPwtifTGHH-gL4B8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.223.0.0/22
                  80.93.32.0/20
                  86.111.56.0/22
                  89.41.128.0/21
                  94.24.56.0/21
                  185.66.48.0/22
                  185.163.144.0/22
                  185.164.112.0/22
                  213.182.224.0/19
                IPv6:
                  2a03:c680::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:d9:ca:ca:4c:a9:7b:ea:d6:48:2a:3c:4c:f7:77:3f:f0:c7:
         c8:ea:8e:9e:1f:bc:34:3c:4b:a2:bc:a8:03:13:ac:37:10:ce:
         af:31:3f:67:48:3f:f8:e5:79:fa:6d:0f:a1:01:52:85:7b:f7:
         c9:59:0c:07:ab:fa:50:a7:66:fd:b2:f0:84:ba:91:28:a6:07:
         00:4e:a0:28:be:b1:88:33:83:9b:f4:0b:27:9e:67:d6:e5:c9:
         01:af:0a:49:89:78:32:cd:ac:93:0e:46:fb:80:8a:97:9e:2b:
         f6:b4:d5:2c:29:30:95:b8:5c:e8:f2:c9:af:be:38:a4:1c:e2:
         c6:70:73:a4:81:13:f8:15:3a:7f:4c:a3:b2:98:31:fa:9d:80:
         64:79:bf:f5:8f:3c:e6:fb:55:cc:4a:7b:88:37:85:31:6e:25:
         fc:f5:5c:d4:a7:3a:67:b6:0e:f4:13:8a:ae:4e:81:da:96:34:
         52:c1:db:5c:45:34:0c:d2:81:66:b9:1c:34:33:b7:33:ed:88:
         bb:ca:5e:f8:e7:28:c7:01:ff:70:b6:d2:b2:ad:67:c8:ab:de:
         47:ef:75:5e:2a:35:2d:14:8a:4a:6d:aa:8d:41:ec:63:48:1f:
         06:53:0d:45:89:87:89:60:94:d5:0d:9a:03:12:a8:4a:d2:04:
         0b:4a:8e:d0
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzGuRbUAdZQtyguX+6hb/uLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDY3MmM5OWY4N2YwNWNkODNmMGI2MjdkMzE4NzFmZTgw
YmUwMWYwHhcNMjQwMTAxMjAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGU2YTg4MjNkZjg3MjY2NDY3YmM2MzRmZGUwODIxNzRkMGQ3YzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBG2mm3UeumGR3M7nIFctC8Fk+XF
4S9KAzuiiTgsVEsJFuX26DWuBUNc5JH9o/qiXQSH0f3TQXcsTK63ibW2GKg4ywhA
6WzyNJxnwJjjHzLdj8H14NG/oNeGnYhDWOuZN/IFk7aYVd7zZnG4CI2xHRQFL/Qb
B9WLg9iwT9JSCDnXXXePtbt2LlXOgl/0VlOjhxkSCtdC9KEGDZom43IwvpI8iyy0
8APDXjA5Y6kVnzGHhJFBmMbvrsNqhiLIHk+7mOUICGk880xiNkP2C9S5+2CMjlbb
ZbgNp8o6jvDZ+oOoV/lbu8S/8iIk6hBO2v6LMI/CDA7HUnXOVd5cgORVdwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFFDmqII9+HJmRnvGNP3gghdNDXwUMB8GA1UdIwQY
MBaAFB0Gcsmfh/Bc2D8LYn0xhx/oC+AfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFaeXlaLUg4RnpZUHd0aWZUR0hILWdMNEI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83ZTRmMDgtNjczMC00MDUxLTk3OTIt
NDk0ZjRjNGRhNDI2LzEvVU9hb2dqMzRjbVpHZThZMF9lQ0NGMDBOZkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83ZTRmMDgtNjczMC00MDUxLTk3OTItNDk0ZjRjNGRhNDI2
LzEvSFFaeXlaLUg4RnpZUHd0aWZUR0hILWdMNEI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCTd8AAwQE
UF0gAwQCVm84AwQDWSmAAwQDXhg4AwQCuUIwAwQCuaOQAwQCuaRwAwQF1bbgMA0E
AgACMAcDBQMqA8aAMA0GCSqGSIb3DQEBCwUAA4IBAQCQ2crKTKl76tZIKjxM93c/
8MfI6o6eH7w0PEuivKgDE6w3EM6vMT9nSD/45Xn6bQ+hAVKFe/fJWQwHq/pQp2b9
svCEupEopgcATqAovrGIM4Ob9AsnnmfW5ckBrwpJiXgyzayTDkb7gIqXniv2tNUs
KTCVuFzo8smvvjikHOLGcHOkgRP4FTp/TKOymDH6nYBkeb/1jzzm+1XMSnuIN4Ux
biX89VzUpzpntg70E4quToHaljRSwdtcRTQM0oFmuRw0M7cz7Yi7yl745yjHAf9w
ttKyrWfIq95H73VeKjUtFIpKbaqNQexjSB8GUw1FiYeJYJTVDZoDEqhK0gQLSo7Q
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:04:17 2024 by rpki-client on console-fra.rpki-client.org