Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/xZJaJtCOk2PyB-FRbQG7i5dMPr8.roa
File:                     xZJaJtCOk2PyB-FRbQG7i5dMPr8.roa (raw, json)
Hash identifier:          zyR4br+MKUAH69BAWYHAz3qmbnc9zNPCkrGrSBRSf2g=
Subject key identifier:   C5:92:5A:26:D0:8E:93:63:F2:07:E1:51:6D:01:BB:8B:97:4C:3E:BF
Certificate issuer:       /CN=3edf7b2d68ba76a0bd1ba7e9d29fac5852316b9c
Certificate serial:       018CC94C01553882A0D4589D64462DCA3521
Authority key identifier: 3E:DF:7B:2D:68:BA:76:A0:BD:1B:A7:E9:D2:9F:AC:58:52:31:6B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pt97LWi6dqC9G6fp0p-sWFIxa5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/xZJaJtCOk2PyB-FRbQG7i5dMPr8.roa
Signing time:             Tue 02 Jan 2024 08:30:50 +0000
ROA not before:           Tue 02 Jan 2024 08:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44489
IP address blocks:        109.164.108.0/22 maxlen: 22
                          109.164.117.0/24 maxlen: 24
                          109.164.118.0/24 maxlen: 24
                          109.164.116.0/24 maxlen: 24
                          178.217.144.0/21 maxlen: 21
                          45.92.236.0/22 maxlen: 22
                          185.15.144.0/22 maxlen: 22
                          91.235.200.0/23 maxlen: 23
                          89.31.40.0/21 maxlen: 21
                          109.164.0.0/17 maxlen: 17
                          185.131.60.0/22 maxlen: 22
                          178.255.172.0/22 maxlen: 22
                          185.173.248.0/22 maxlen: 22
                          178.255.168.0/22 maxlen: 22
                          178.255.168.0/21 maxlen: 21
                          92.62.224.0/20 maxlen: 20
                          2a0b:7f00::/29 maxlen: 29
                          2a03:3a00::/29 maxlen: 29
                          2a02:768::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/Pt97LWi6dqC9G6fp0p-sWFIxa5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/Pt97LWi6dqC9G6fp0p-sWFIxa5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pt97LWi6dqC9G6fp0p-sWFIxa5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:01:55:38:82:a0:d4:58:9d:64:46:2d:ca:35:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3edf7b2d68ba76a0bd1ba7e9d29fac5852316b9c
        Validity
            Not Before: Jan  2 08:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5925a26d08e9363f207e1516d01bb8b974c3ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:61:97:03:04:52:53:e0:a3:e9:dd:a8:3f:8e:
                    de:a7:d7:ba:d1:f0:23:e6:22:c0:a9:24:72:75:8e:
                    f1:87:ca:29:14:87:88:69:9b:de:21:db:56:d3:77:
                    56:5c:4c:f1:a9:82:03:02:c1:cc:e6:fa:75:14:d3:
                    55:9c:1d:3d:1d:2e:19:b7:d8:1c:b0:d9:54:bf:73:
                    90:b7:20:84:72:8c:6f:3a:5e:85:d7:03:48:7c:f1:
                    30:04:75:0a:57:f0:86:e5:db:48:3d:42:35:44:27:
                    a4:2d:2b:09:96:62:16:3a:d0:b9:c5:f6:68:a1:ca:
                    35:30:eb:ec:7f:e7:25:d2:8c:ea:70:83:50:3f:9c:
                    0f:49:01:4e:b9:da:1d:e9:6d:11:e3:ff:d8:a6:13:
                    70:b6:08:83:3a:56:9a:9f:a3:a3:82:95:31:90:a2:
                    c9:d9:8d:c6:b4:c4:38:b9:49:91:23:7d:ca:e8:ee:
                    6d:d7:b1:b5:01:3d:df:31:30:a1:34:bd:43:b3:c0:
                    40:8b:e9:20:83:5f:ac:e4:f2:95:65:f0:7a:51:36:
                    76:19:8d:23:4b:db:fb:4d:54:54:18:1f:88:1b:1a:
                    8c:fa:a7:92:de:84:39:2e:e2:cf:3c:26:37:66:27:
                    33:25:98:a5:4f:44:72:03:f8:f2:a4:a0:c2:6c:22:
                    5a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:92:5A:26:D0:8E:93:63:F2:07:E1:51:6D:01:BB:8B:97:4C:3E:BF
            X509v3 Authority Key Identifier:
                keyid:3E:DF:7B:2D:68:BA:76:A0:BD:1B:A7:E9:D2:9F:AC:58:52:31:6B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pt97LWi6dqC9G6fp0p-sWFIxa5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/xZJaJtCOk2PyB-FRbQG7i5dMPr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/fe9d1d-4ade-4630-8aba-f8f0c7d662e7/1/Pt97LWi6dqC9G6fp0p-sWFIxa5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.236.0/22
                  89.31.40.0/21
                  91.235.200.0/23
                  92.62.224.0/20
                  109.164.0.0/17
                  178.217.144.0/21
                  178.255.168.0/21
                  185.15.144.0/22
                  185.131.60.0/22
                  185.173.248.0/22
                IPv6:
                  2a02:768::/32
                  2a03:3a00::/29
                  2a0b:7f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:c1:c4:4e:88:95:eb:26:87:0d:20:c7:10:01:21:53:a4:be:
         16:24:f2:98:ce:76:83:79:dd:a8:1a:3b:a5:35:b0:1c:a4:a4:
         5f:a7:63:44:37:6d:ae:0c:98:d0:9a:da:70:ee:b6:8d:66:20:
         b4:8b:dd:ad:0c:43:74:f6:37:59:30:4a:8c:8b:fe:6b:b1:dd:
         84:2b:0d:b8:bb:81:0f:18:d9:bc:dc:e4:a8:aa:57:36:0f:bf:
         1a:16:69:58:df:59:44:d5:a2:d2:f2:cd:b0:dd:64:37:a2:9c:
         4d:71:69:f6:6d:b0:92:83:49:0f:74:fd:ed:55:54:f8:16:8f:
         0e:2f:ef:6b:4d:a8:39:26:cd:f7:dd:1f:85:fe:04:31:3b:d4:
         a7:88:d9:32:4f:f6:10:c4:d6:92:f0:9f:09:df:c2:71:ec:10:
         6b:55:12:ab:87:d2:a3:a0:63:8d:93:02:6b:85:ae:7e:24:fc:
         32:90:cc:08:4c:9e:96:bb:a1:8b:71:b0:1b:e7:af:1a:44:5b:
         0f:0b:81:c1:33:9d:8b:8a:0d:ce:ab:a3:a2:c9:19:e2:d3:9a:
         0d:07:a0:ff:36:b8:4f:ae:ed:fb:34:b3:c1:7f:57:05:9e:54:
         8d:e8:d1:a6:99:e2:f8:83:0f:18:ce:5e:84:48:f7:70:99:64:
         4e:5c:22:c6
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYzJTAFVOIKg1FidZEYtyjUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZGY3YjJkNjhiYTc2YTBiZDFiYTdlOWQyOWZhYzU4NTIz
MTZiOWMwHhcNMjQwMTAyMDgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTkyNWEyNmQwOGU5MzYzZjIwN2UxNTE2ZDAxYmI4Yjk3NGMzZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2GXAwRSU+Cj6d2oP47ep9e60fAj
5iLAqSRydY7xh8opFIeIaZveIdtW03dWXEzxqYIDAsHM5vp1FNNVnB09HS4Zt9gc
sNlUv3OQtyCEcoxvOl6F1wNIfPEwBHUKV/CG5dtIPUI1RCekLSsJlmIWOtC5xfZo
oco1MOvsf+cl0ozqcINQP5wPSQFOudod6W0R4//YphNwtgiDOlaan6OjgpUxkKLJ
2Y3GtMQ4uUmRI33K6O5t17G1AT3fMTChNL1Ds8BAi+kgg1+s5PKVZfB6UTZ2GY0j
S9v7TVRUGB+IGxqM+qeS3oQ5LuLPPCY3ZiczJZilT0RyA/jypKDCbCJaIQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFMWSWibQjpNj8gfhUW0Bu4uXTD6/MB8GA1UdIwQY
MBaAFD7fey1ounagvRun6dKfrFhSMWucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHQ5N0xXaTZkcUM5RzZmcDBwLXNXRkl4YTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9mZTlkMWQtNGFkZS00NjMwLThhYmEt
ZjhmMGM3ZDY2MmU3LzEveFpKYUp0Q09rMlB5Qi1GUmJRRzdpNWRNUHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9mZTlkMWQtNGFkZS00NjMwLThhYmEtZjhmMGM3ZDY2MmU3
LzEvUHQ5N0xXaTZkcUM5RzZmcDBwLXNXRkl4YTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBCBAIAATA8AwQCLVzsAwQD
WR8oAwQBW+vIAwQEXD7gAwQHbaQAAwQDstmQAwQDsv+oAwQCuQ+QAwQCuYM8AwQC
ua34MBsEAgACMBUDBQAqAgdoAwUDKgM6AAMFAyoLfwAwDQYJKoZIhvcNAQELBQAD
ggEBAADBxE6Ilesmhw0gxxABIVOkvhYk8pjOdoN53agaO6U1sBykpF+nY0Q3ba4M
mNCa2nDuto1mILSL3a0MQ3T2N1kwSoyL/mux3YQrDbi7gQ8Y2bzc5KiqVzYPvxoW
aVjfWUTVotLyzbDdZDeinE1xafZtsJKDSQ90/e1VVPgWjw4v72tNqDkmzffdH4X+
BDE71KeI2TJP9hDE1pLwnwnfwnHsEGtVEquH0qOgY42TAmuFrn4k/DKQzAhMnpa7
oYtxsBvnrxpEWw8LgcEznYuKDc6ro6LJGeLTmg0HoP82uE+u7fs0s8F/VwWeVI3o
0aaZ4viDDxjOXoRI93CZZE5cIsY=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:29:33 2024 by rpki-client on console-ams.rpki-client.org