Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/bMfogDrSVD1yBLAtmON_UhJFjhA.roa
File:                     bMfogDrSVD1yBLAtmON_UhJFjhA.roa (raw, json)
Hash identifier:          jupCxwnAH6EqftIufFS6XjGfS2sbaB1n5JK+h+MqHgI=
Subject key identifier:   6C:C7:E8:80:3A:D2:54:3D:72:04:B0:2D:98:E3:7F:52:12:45:8E:10
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       018CC6B8B0C67C67E94EC58684B1956792AE
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/bMfogDrSVD1yBLAtmON_UhJFjhA.roa
Signing time:             Mon 01 Jan 2024 20:30:41 +0000
ROA not before:           Mon 01 Jan 2024 20:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44267
IP address blocks:        77.243.112.0/24 maxlen: 24
                          77.243.118.0/24 maxlen: 24
                          77.243.116.0/24 maxlen: 24
                          77.243.117.0/24 maxlen: 24
                          77.243.115.0/24 maxlen: 24
                          77.243.113.0/24 maxlen: 24
                          77.243.114.0/24 maxlen: 24
                          77.243.119.0/24 maxlen: 24
                          46.254.246.0/23 maxlen: 23
                          185.14.68.0/24 maxlen: 24
                          185.14.69.0/24 maxlen: 24
                          185.14.70.0/24 maxlen: 24
                          2a02:f560::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b0:c6:7c:67:e9:4e:c5:86:84:b1:95:67:92:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  1 20:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cc7e8803ad2543d7204b02d98e37f5212458e10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7d:86:97:9e:ab:cf:0e:be:06:24:f6:0a:05:
                    43:cf:29:d8:67:c8:e3:c8:4f:69:87:e8:c8:60:2f:
                    f4:13:37:13:92:0b:44:a7:47:95:b5:ed:7e:c9:38:
                    62:80:7e:11:10:87:a1:0d:ce:50:2e:93:6e:13:f9:
                    a4:f0:86:4b:cb:ed:ab:76:11:20:a7:b8:89:fc:13:
                    81:dd:82:c8:eb:d3:43:42:d9:02:38:fc:f2:1e:dc:
                    d3:af:29:cb:e9:09:9d:48:fb:5b:05:2f:35:9c:bf:
                    8c:6f:87:1d:ac:b0:91:48:f7:e1:7d:c0:68:49:16:
                    04:dc:d4:4e:7c:b6:64:a4:90:aa:3e:79:27:ab:03:
                    f9:b9:7e:d9:dc:7b:db:d8:e5:dd:f1:4f:09:38:2c:
                    64:57:62:29:ca:bd:e8:b7:2e:e6:59:8a:90:b8:f3:
                    56:18:e3:28:33:5e:c6:a9:6c:9e:1e:ad:16:d0:e1:
                    2e:e8:5b:02:7b:43:e0:a0:07:6d:f7:e7:81:03:3c:
                    a5:73:02:0d:67:60:dd:aa:1e:38:dc:9a:3a:cc:12:
                    42:3d:0c:89:2b:fb:0c:6b:6f:88:92:a5:af:2b:e5:
                    06:1d:0f:13:88:61:33:0f:e6:cd:e0:48:b2:40:ba:
                    36:17:a2:4c:c3:d8:d4:02:a8:f8:3d:d1:6f:b0:37:
                    19:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:C7:E8:80:3A:D2:54:3D:72:04:B0:2D:98:E3:7F:52:12:45:8E:10
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/bMfogDrSVD1yBLAtmON_UhJFjhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.246.0/23
                  77.243.112.0/21
                  185.14.68.0-185.14.70.255
                IPv6:
                  2a02:f560::/40

    Signature Algorithm: sha256WithRSAEncryption
         27:81:c0:44:ea:a9:be:5b:a8:f2:03:80:2b:78:89:36:3f:ff:
         8b:5f:ed:50:31:b6:8f:8d:4b:8d:97:55:e0:f2:a2:d0:dd:7a:
         c3:42:1e:b6:87:84:bb:90:3c:bc:27:1d:18:0a:98:57:8b:1d:
         96:f0:34:6b:a3:5f:0b:4d:f9:5c:b7:c2:5e:cf:b9:c9:12:13:
         e7:ad:ed:9c:0a:e6:98:0a:ba:9f:4a:05:6b:11:64:d5:e1:2c:
         6a:25:33:47:fc:7f:40:b0:d3:2d:90:14:2e:40:b4:55:e4:1f:
         38:0d:b5:a3:9b:be:1f:d2:58:b4:2d:48:62:12:cc:29:4d:11:
         1f:94:0d:1a:37:e9:47:c6:7b:1b:78:52:ea:66:f7:e4:ae:38:
         f2:43:4e:2d:f1:77:50:c2:cc:4b:a6:59:fe:37:7a:b2:52:a4:
         47:0a:9f:27:e1:12:4e:36:94:98:ee:55:2e:c2:bc:57:23:ff:
         d2:f8:ed:90:bf:65:08:51:5c:1d:51:3b:d6:21:72:49:0e:8f:
         4e:ac:25:5e:15:9d:e7:19:f4:12:a6:52:de:d1:3e:48:c1:ba:
         37:ac:a8:f9:d8:fa:86:63:3e:b5:98:d7:74:0e:18:7a:e4:bb:
         4a:eb:75:6d:6d:fc:64:00:c7:82:2a:90:dd:17:0d:46:7a:be:
         d3:35:eb:a3
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzGuLDGfGfpTsWGhLGVZ5KuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjQwMTAxMjAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2M3ZTg4MDNhZDI1NDNkNzIwNGIwMmQ5OGUzN2Y1MjEyNDU4ZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAin2Gl56rzw6+BiT2CgVDzynYZ8jj
yE9ph+jIYC/0EzcTkgtEp0eVte1+yThigH4REIehDc5QLpNuE/mk8IZLy+2rdhEg
p7iJ/BOB3YLI69NDQtkCOPzyHtzTrynL6QmdSPtbBS81nL+Mb4cdrLCRSPfhfcBo
SRYE3NROfLZkpJCqPnknqwP5uX7Z3Hvb2OXd8U8JOCxkV2Ipyr3oty7mWYqQuPNW
GOMoM17GqWyeHq0W0OEu6FsCe0PgoAdt9+eBAzylcwINZ2Ddqh443Jo6zBJCPQyJ
K/sMa2+IkqWvK+UGHQ8TiGEzD+bN4EiyQLo2F6JMw9jUAqj4PdFvsDcZnQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGzH6IA60lQ9cgSwLZjjf1ISRY4QMB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvYk1mb2dEclNWRDF5QkxBdG1PTl9VaEpGamhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAgBAIAATAaAwQBLv72AwQD
TfNwMAwDBAK5DkQDBAC5DkYwDgQCAAIwCAMGACoC9WAAMA0GCSqGSIb3DQEBCwUA
A4IBAQAngcBE6qm+W6jyA4AreIk2P/+LX+1QMbaPjUuNl1Xg8qLQ3XrDQh62h4S7
kDy8Jx0YCphXix2W8DRro18LTflct8Jez7nJEhPnre2cCuaYCrqfSgVrEWTV4Sxq
JTNH/H9AsNMtkBQuQLRV5B84DbWjm74f0li0LUhiEswpTREflA0aN+lHxnsbeFLq
ZvfkrjjyQ04t8XdQwsxLpln+N3qyUqRHCp8n4RJONpSY7lUuwrxXI//S+O2Qv2UI
UVwdUTvWIXJJDo9OrCVeFZ3nGfQSplLe0T5Iwbo3rKj52PqGYz61mNd0Dhh65LtK
63VtbfxkAMeCKpDdFw1Ger7TNeuj
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:14:47 2024 by rpki-client on console-fra.rpki-client.org