Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/atfuluyqUY9HZIGDHmIMsXQqDAU.roa
File:                     atfuluyqUY9HZIGDHmIMsXQqDAU.roa (raw, json)
Hash identifier:          iKM9tWdM/bpTmVGkpgEGCy4DqUM/WsevrZg7R6PIERo=
Subject key identifier:   6A:D7:EE:96:EC:AA:51:8F:47:64:81:83:1E:62:0C:B1:74:2A:0C:05
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       018CC424D4D12B9300FAE5BA3CA63AE51E11
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/atfuluyqUY9HZIGDHmIMsXQqDAU.roa
Signing time:             Mon 01 Jan 2024 08:29:57 +0000
ROA not before:           Mon 01 Jan 2024 08:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16376
IP address blocks:        185.68.0.0/22 maxlen: 24
                          185.122.216.0/22 maxlen: 24
                          185.71.24.0/22 maxlen: 24
                          37.35.88.0/21 maxlen: 24
                          94.199.184.0/21 maxlen: 24
                          2a0a:fd80::/29 maxlen: 36
                          2a03:25e0::/32 maxlen: 40
                          2a01:b280::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d4:d1:2b:93:00:fa:e5:ba:3c:a6:3a:e5:1e:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  1 08:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad7ee96ecaa518f476481831e620cb1742a0c05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ac:2f:94:b8:42:07:63:a1:d6:6a:8b:78:70:
                    53:af:10:7e:86:be:71:c3:b1:75:e9:cb:60:65:45:
                    2a:fa:ec:c6:31:ad:a8:04:f4:2b:71:2d:7b:d1:96:
                    ca:90:40:09:d6:97:c6:5f:e9:b2:67:6f:97:de:7c:
                    3e:78:95:4e:6d:f2:10:52:73:d3:0c:ca:50:c3:4d:
                    e6:2a:a5:ec:9c:c1:2c:86:15:5c:80:90:14:81:7c:
                    ce:41:48:89:24:1c:bc:06:5e:63:d0:6e:1b:c6:f3:
                    d3:6e:b1:49:1b:95:27:b2:45:05:48:b6:c9:87:01:
                    06:9e:c4:cc:30:93:21:e3:6d:ba:39:51:c7:22:1e:
                    41:c5:14:72:c6:09:6a:53:e2:44:71:f2:60:8d:e6:
                    7a:d0:5d:82:05:c0:b1:ef:17:2a:9e:5b:a3:7f:68:
                    08:0f:d8:38:58:77:e3:f9:da:cc:6a:08:46:1e:a4:
                    5f:27:41:67:0a:e9:11:e6:ce:63:08:5a:5d:4d:6c:
                    2a:58:b3:51:2d:ca:28:f5:5f:6d:15:15:86:eb:95:
                    cc:ff:a1:d7:8e:55:99:44:5c:ce:fb:af:e1:9c:6b:
                    11:65:1b:64:6d:11:c2:8b:5d:82:40:79:46:e8:ad:
                    7f:3b:7c:ed:7c:ff:2b:e2:9a:13:98:07:ec:37:ac:
                    f3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D7:EE:96:EC:AA:51:8F:47:64:81:83:1E:62:0C:B1:74:2A:0C:05
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/atfuluyqUY9HZIGDHmIMsXQqDAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.35.88.0/21
                  94.199.184.0/21
                  185.68.0.0/22
                  185.71.24.0/22
                  185.122.216.0/22
                IPv6:
                  2a01:b280::/29
                  2a03:25e0::/32
                  2a0a:fd80::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:b0:79:a6:e8:02:36:3a:6d:80:31:10:72:22:2e:f2:ee:14:
         fb:55:63:84:0a:3f:02:1f:3d:fa:98:aa:fc:20:5d:56:62:1e:
         75:41:7c:5f:88:96:b7:5e:f6:eb:b1:44:d6:95:8b:f7:35:5e:
         25:4d:9f:e8:22:e1:0b:07:fa:6d:16:87:23:0e:d4:16:4a:04:
         de:2a:b6:51:3a:12:86:71:5e:b6:51:b2:7f:c3:e1:ca:47:ee:
         ec:65:24:62:83:6d:9b:a1:69:cb:06:bb:35:b6:8e:5b:44:6c:
         3c:fb:4f:92:c4:54:92:3a:16:5f:36:72:ed:0d:41:13:cd:0a:
         fc:4c:14:d7:1d:dc:7b:2d:08:71:5f:3a:47:85:3c:0c:b5:9a:
         fa:d4:a1:36:16:c0:71:13:f2:e4:51:aa:a8:1e:52:e1:5f:57:
         94:62:9d:a7:82:93:4c:56:68:af:9c:15:8d:95:ea:d3:ab:9b:
         d3:a7:2f:29:3e:5d:d7:75:de:c7:b1:b7:26:39:03:8d:78:ec:
         f2:27:43:75:2a:0b:4c:61:d7:60:7a:a0:d8:8f:57:ce:6f:14:
         29:24:86:ca:0f:e8:b9:41:8c:12:d8:60:47:f9:a9:74:ba:3d:
         1f:ae:ca:d6:0d:1e:3e:94:6b:f1:1f:62:13:6e:02:8a:4a:6c:
         24:ea:71:21
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYzEJNTRK5MA+uW6PKY65R4RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjQwMTAxMDgyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ3ZWU5NmVjYWE1MThmNDc2NDgxODMxZTYyMGNiMTc0MmEwYzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArawvlLhCB2Oh1mqLeHBTrxB+hr5x
w7F16ctgZUUq+uzGMa2oBPQrcS170ZbKkEAJ1pfGX+myZ2+X3nw+eJVObfIQUnPT
DMpQw03mKqXsnMEshhVcgJAUgXzOQUiJJBy8Bl5j0G4bxvPTbrFJG5UnskUFSLbJ
hwEGnsTMMJMh4226OVHHIh5BxRRyxglqU+JEcfJgjeZ60F2CBcCx7xcqnlujf2gI
D9g4WHfj+drMaghGHqRfJ0FnCukR5s5jCFpdTWwqWLNRLcoo9V9tFRWG65XM/6HX
jlWZRFzO+6/hnGsRZRtkbRHCi12CQHlG6K1/O3ztfP8r4poTmAfsN6zzQwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFGrX7pbsqlGPR2SBgx5iDLF0KgwFMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvYXRmdWx1eXFVWTlIWklHREhtSU1zWFFxREFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAkBAIAATAeAwQDJSNYAwQD
Xse4AwQCuUQAAwQCuUcYAwQCuXrYMBsEAgACMBUDBQMqAbKAAwUAKgMl4AMFAyoK
/YAwDQYJKoZIhvcNAQELBQADggEBABWweaboAjY6bYAxEHIiLvLuFPtVY4QKPwIf
PfqYqvwgXVZiHnVBfF+Ilrde9uuxRNaVi/c1XiVNn+gi4QsH+m0WhyMO1BZKBN4q
tlE6EoZxXrZRsn/D4cpH7uxlJGKDbZuhacsGuzW2jltEbDz7T5LEVJI6Fl82cu0N
QRPNCvxMFNcd3HstCHFfOkeFPAy1mvrUoTYWwHET8uRRqqgeUuFfV5RinaeCk0xW
aK+cFY2V6tOrm9OnLyk+Xdd13sextyY5A4147PInQ3UqC0xh12B6oNiPV85vFCkk
hsoP6LlBjBLYYEf5qXS6PR+uytYNHj6Ua/EfYhNuAopKbCTqcSE=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:08:26 2024 by rpki-client on console-fra.rpki-client.org