Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/G_bonVo3vU5STPF8F3753c312XM.roa
File:                     G_bonVo3vU5STPF8F3753c312XM.roa (raw, json)
Hash identifier:          u+TNvFlGfmf1q4mZ4DcQrDOAQvvVOPMDspXhL6AGla8=
Subject key identifier:   1B:F6:E8:9D:5A:37:BD:4E:52:4C:F1:7C:17:7E:F9:DD:CD:F5:D9:73
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       018CC7952BB696894659BCDB05F41C03DE66
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/G_bonVo3vU5STPF8F3753c312XM.roa
Signing time:             Tue 02 Jan 2024 00:31:31 +0000
ROA not before:           Tue 02 Jan 2024 00:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60150
IP address blocks:        185.96.56.0/22 maxlen: 24
                          194.38.48.0/22 maxlen: 24
                          193.168.200.0/22 maxlen: 24
                          193.160.220.0/22 maxlen: 24
                          185.136.16.0/22 maxlen: 24
                          147.185.196.0/23 maxlen: 24
                          147.185.206.0/23 maxlen: 24
                          207.244.196.0/22 maxlen: 24
                          43.240.148.0/22 maxlen: 24
                          207.244.208.0/22 maxlen: 24
                          45.12.100.0/22 maxlen: 24
                          2a07:5b40::/29 maxlen: 48
                          2a05:ff00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2b:b6:96:89:46:59:bc:db:05:f4:1c:03:de:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  2 00:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bf6e89d5a37bd4e524cf17c177ef9ddcdf5d973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:63:32:34:14:87:76:46:bb:4b:bd:bd:76:9b:
                    bb:3b:a4:f5:3f:e4:dd:17:89:a2:c6:1a:41:2d:2c:
                    88:12:66:78:f2:48:e0:18:8a:d1:4d:37:88:12:43:
                    d9:3d:21:92:0b:7c:b4:fd:3e:32:4c:14:ad:ad:09:
                    9b:f8:14:64:a1:7e:08:77:0d:2c:25:a3:69:2d:06:
                    44:52:7b:30:22:a8:64:27:8f:f7:fa:d0:44:e3:ed:
                    8f:f8:dc:da:c3:a9:48:e5:8f:6a:15:c4:ac:d4:94:
                    5a:9c:e7:c7:6f:40:b8:c4:6c:4e:64:21:10:6b:dc:
                    24:79:0f:4c:43:a5:51:39:26:eb:88:42:de:05:71:
                    d8:94:be:26:14:b7:e8:5a:c3:0e:59:a3:96:dc:82:
                    59:e2:29:c8:5b:b0:a9:64:86:19:0c:89:23:79:35:
                    80:19:7f:af:a1:2e:c5:60:1d:44:1a:c3:f4:3c:d7:
                    db:4d:a1:99:3f:91:71:bc:6e:8a:75:89:6a:16:a5:
                    ea:8c:23:a0:0e:17:b8:76:58:1a:17:99:3d:f6:92:
                    94:de:7a:33:ad:c3:6a:6b:50:1a:09:39:b0:2d:4f:
                    f7:e9:24:00:cb:de:32:35:68:bc:2c:04:df:e6:e4:
                    1f:af:64:97:b2:4b:e5:3f:24:8f:cb:06:e8:c7:7f:
                    1f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:F6:E8:9D:5A:37:BD:4E:52:4C:F1:7C:17:7E:F9:DD:CD:F5:D9:73
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/G_bonVo3vU5STPF8F3753c312XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/22
                  45.12.100.0/22
                  147.185.196.0/23
                  147.185.206.0/23
                  185.96.56.0/22
                  185.136.16.0/22
                  193.160.220.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                  207.244.196.0/22
                  207.244.208.0/22
                IPv6:
                  2a05:ff00::/29
                  2a07:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:45:6c:2e:c8:92:dd:74:82:63:94:8d:23:95:d7:3a:8c:e9:
         ba:a0:17:01:b7:42:24:0c:07:ed:e8:40:03:65:ee:c2:63:04:
         bd:16:7e:84:fd:45:07:10:98:29:91:83:85:a5:38:71:17:06:
         47:b4:ed:65:03:ee:74:10:69:8b:9e:1d:be:f4:5d:7f:7c:80:
         e4:b8:35:b7:92:f2:9c:d8:eb:89:7d:36:90:1c:f5:8a:ee:a0:
         44:3d:df:e9:78:ef:9a:57:11:5e:62:1e:6b:9b:09:67:98:83:
         8f:88:b2:50:66:f9:e5:f9:f2:13:56:c9:01:36:77:17:17:59:
         db:65:bd:69:37:97:55:d0:32:bf:9b:69:df:77:5d:28:58:f4:
         98:d8:90:5c:37:70:8e:f9:5b:f2:c8:9f:2b:16:a9:69:2c:46:
         0a:9f:5f:f4:c9:f0:f4:76:c3:72:d6:e1:c8:c1:b1:50:1b:a1:
         e3:c3:ca:01:3e:3e:a9:f0:c0:70:df:4b:e1:fd:5d:ab:a6:a0:
         df:04:a3:31:6a:cd:40:4e:3c:c2:b1:7f:89:0b:3b:9c:49:6f:
         d4:82:3d:4e:eb:c3:fa:34:e6:ad:8a:b9:b7:93:8c:b8:bd:5e:
         4f:ce:fd:3b:45:f0:d3:51:53:96:1c:5a:3a:c3:f8:87:ec:0e:
         5c:3d:5d:92
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYzHlSu2lolGWbzbBfQcA95mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQwMTAyMDAzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmY2ZTg5ZDVhMzdiZDRlNTI0Y2YxN2MxNzdlZjlkZGNkZjVkOTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWMyNBSHdka7S729dpu7O6T1P+Td
F4mixhpBLSyIEmZ48kjgGIrRTTeIEkPZPSGSC3y0/T4yTBStrQmb+BRkoX4Idw0s
JaNpLQZEUnswIqhkJ4/3+tBE4+2P+Nzaw6lI5Y9qFcSs1JRanOfHb0C4xGxOZCEQ
a9wkeQ9MQ6VROSbriELeBXHYlL4mFLfoWsMOWaOW3IJZ4inIW7CpZIYZDIkjeTWA
GX+voS7FYB1EGsP0PNfbTaGZP5FxvG6KdYlqFqXqjCOgDhe4dlgaF5k99pKU3noz
rcNqa1AaCTmwLU/36SQAy94yNWi8LATf5uQfr2SXskvlPySPywbox38fYQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFBv26J1aN71OUkzxfBd++d3N9dlzMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvR19ib25WbzN2VTVTVFBGOEYzNzUzYzMxMlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQCK/CUAwQC
LQxkAwQBk7nEAwQBk7nOAwQCuWA4AwQCuYgQAwQCwaDcAwQCwajIAwQCwiYwAwQC
z/TEAwQCz/TQMBQEAgACMA4DBQMqBf8AAwUDKgdbQDANBgkqhkiG9w0BAQsFAAOC
AQEAM0VsLsiS3XSCY5SNI5XXOozpuqAXAbdCJAwH7ehAA2XuwmMEvRZ+hP1FBxCY
KZGDhaU4cRcGR7TtZQPudBBpi54dvvRdf3yA5Lg1t5LynNjriX02kBz1iu6gRD3f
6XjvmlcRXmIea5sJZ5iDj4iyUGb55fnyE1bJATZ3FxdZ22W9aTeXVdAyv5tp33dd
KFj0mNiQXDdwjvlb8sifKxapaSxGCp9f9Mnw9HbDctbhyMGxUBuh48PKAT4+qfDA
cN9L4f1dq6ag3wSjMWrNQE48wrF/iQs7nElv1II9TuvD+jTmrYq5t5OMuL1eT879
O0Xw01FTlhxaOsP4h+wOXD1dkg==
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:46:36 2024 by rpki-client on console-fra.rpki-client.org