Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/455f56-1e6f-467d-b711-ebdf38b0095c/1/1-ye7nyuLh1obo3GiIFgKxXVjJ0E.roa
File:                     1-ye7nyuLh1obo3GiIFgKxXVjJ0E.roa (raw, json)
Hash identifier:          Wt34baOmZ+7ea1Cj1xoj9YfPQmpufnTZf/nzlznnQlE=
Subject key identifier:   FB:27:BB:9F:2B:8B:87:5A:1B:A3:71:A2:20:58:0A:C5:75:63:27:41
Certificate issuer:       /CN=f4460d6554d581ebb80e39e45015cd7d36d93f66
Certificate serial:       018CC803034ABDF9E43362D90E68A5AFB873
Authority key identifier: F4:46:0D:65:54:D5:81:EB:B8:0E:39:E4:50:15:CD:7D:36:D9:3F:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EYNZVTVgeu4DjnkUBXNfTbZP2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/455f56-1e6f-467d-b711-ebdf38b0095c/1/1-ye7nyuLh1obo3GiIFgKxXVjJ0E.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15753
IP address blocks:        149.177.228.0/22 maxlen: 22
                          149.177.176.0/21 maxlen: 21
                          149.177.192.0/23 maxlen: 23
                          149.177.194.0/23 maxlen: 23
                          149.177.212.0/23 maxlen: 23
                          149.177.218.0/23 maxlen: 23
                          149.177.214.0/23 maxlen: 23
                          149.177.216.0/23 maxlen: 23
                          149.177.224.0/22 maxlen: 22
                          149.177.128.0/22 maxlen: 22
                          149.177.148.0/22 maxlen: 22
                          149.177.152.0/22 maxlen: 22
                          149.177.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/455f56-1e6f-467d-b711-ebdf38b0095c/1/9EYNZVTVgeu4DjnkUBXNfTbZP2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/455f56-1e6f-467d-b711-ebdf38b0095c/1/9EYNZVTVgeu4DjnkUBXNfTbZP2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EYNZVTVgeu4DjnkUBXNfTbZP2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:03:4a:bd:f9:e4:33:62:d9:0e:68:a5:af:b8:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4460d6554d581ebb80e39e45015cd7d36d93f66
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb27bb9f2b8b875a1ba371a220580ac575632741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:87:94:4b:79:8f:4e:11:89:67:5c:ac:7d:5a:
                    7c:78:07:00:24:4a:41:35:f4:1c:47:48:a9:f3:16:
                    d0:e7:ea:f7:07:5c:55:76:4b:ba:5d:92:52:11:91:
                    f7:7d:2c:b7:ef:54:d3:75:9a:b2:bf:15:f7:80:5c:
                    de:9b:1b:91:fe:04:1c:3b:2d:6b:87:ce:b8:91:af:
                    4e:a7:27:2c:19:93:b7:b6:62:47:d2:88:56:21:09:
                    d6:f3:3d:53:cb:8f:f4:1c:aa:18:8d:83:ec:6f:b8:
                    1e:2f:d8:f3:fc:f2:ca:12:8b:5b:a2:3e:80:c6:3d:
                    bb:3a:ba:55:86:65:15:48:fa:67:f5:6c:f4:46:d2:
                    5d:18:7e:d0:e9:07:3e:10:30:0b:e7:ba:01:16:2c:
                    79:ad:76:9b:eb:9a:79:4e:16:fe:2e:65:8e:1b:37:
                    5f:b3:9e:f8:28:06:64:43:6c:a3:88:94:4f:31:a0:
                    7d:d5:39:41:88:1e:7d:96:82:5d:f1:52:93:70:5e:
                    c2:1d:ea:cc:ee:1c:2e:48:3c:88:83:36:be:ac:f7:
                    e4:ee:82:a6:eb:55:72:bd:c6:a1:54:1a:5c:01:c2:
                    ac:dd:e3:da:a0:b4:9e:ea:f1:a0:18:61:c2:c6:f7:
                    f8:be:e7:5a:fd:07:5e:87:7d:71:76:44:df:e6:a2:
                    7d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:27:BB:9F:2B:8B:87:5A:1B:A3:71:A2:20:58:0A:C5:75:63:27:41
            X509v3 Authority Key Identifier:
                keyid:F4:46:0D:65:54:D5:81:EB:B8:0E:39:E4:50:15:CD:7D:36:D9:3F:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EYNZVTVgeu4DjnkUBXNfTbZP2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/455f56-1e6f-467d-b711-ebdf38b0095c/1/1-ye7nyuLh1obo3GiIFgKxXVjJ0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/455f56-1e6f-467d-b711-ebdf38b0095c/1/9EYNZVTVgeu4DjnkUBXNfTbZP2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.177.128.0/22
                  149.177.148.0-149.177.155.255
                  149.177.164.0/22
                  149.177.176.0/21
                  149.177.192.0/22
                  149.177.212.0-149.177.219.255
                  149.177.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         93:18:c7:c3:b3:46:83:82:ab:5f:28:09:7d:20:77:69:e7:50:
         b1:2a:20:44:0a:5e:98:87:a7:83:ea:0e:f6:21:a7:3c:97:b2:
         70:71:6f:e3:84:9a:d6:cb:39:ac:1f:3d:f7:19:b9:6c:9f:38:
         d0:c8:b3:57:95:f3:6b:be:c0:15:8b:5b:15:83:f3:fb:41:f5:
         99:03:21:22:f6:69:b9:7d:3f:85:84:d5:58:69:46:ad:84:30:
         19:75:83:e9:56:a1:ff:9d:75:17:61:9b:20:a6:82:9f:20:b6:
         26:dc:34:15:b2:0f:32:86:cc:82:4c:86:ae:eb:fd:f2:e1:4c:
         23:69:be:b8:c8:96:22:59:2b:d5:96:03:32:25:ec:4a:67:95:
         d3:3e:c9:d1:8b:4f:cd:62:89:3e:9a:01:d9:04:0b:29:39:51:
         24:82:28:42:73:de:6d:a8:f9:98:ba:a3:c6:6a:0d:dc:f9:54:
         cc:b0:5e:dc:9d:40:01:e1:13:e0:10:4e:61:36:79:c5:87:30:
         f0:ee:7e:41:4e:5e:07:5f:f1:5e:f2:37:93:35:08:1f:1f:a2:
         32:3c:4e:8b:b7:8c:2c:60:b2:4a:93:f7:0c:e0:43:6d:d0:80:
         1a:88:45:8a:21:7d:54:28:6c:ef:78:ad:91:bd:2d:82:39:58:
         a6:af:ef:94
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYzIAwNKvfnkM2LZDmilr7hzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDYwZDY1NTRkNTgxZWJiODBlMzllNDUwMTVjZDdkMzZk
OTNmNjYwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjI3YmI5ZjJiOGI4NzVhMWJhMzcxYTIyMDU4MGFjNTc1NjMyNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYeUS3mPThGJZ1ysfVp8eAcAJEpB
NfQcR0ip8xbQ5+r3B1xVdku6XZJSEZH3fSy371TTdZqyvxX3gFzemxuR/gQcOy1r
h864ka9OpycsGZO3tmJH0ohWIQnW8z1Ty4/0HKoYjYPsb7geL9jz/PLKEotboj6A
xj27OrpVhmUVSPpn9Wz0RtJdGH7Q6Qc+EDAL57oBFix5rXab65p5Thb+LmWOGzdf
s574KAZkQ2yjiJRPMaB91TlBiB59loJd8VKTcF7CHerM7hwuSDyIgza+rPfk7oKm
61VyvcahVBpcAcKs3ePaoLSe6vGgGGHCxvf4vuda/Qdeh31xdkTf5qJ9IQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFPsnu58ri4daG6NxoiBYCsV1YydBMB8GA1UdIwQY
MBaAFPRGDWVU1YHruA455FAVzX022T9mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVZTlpWVFZnZXU0RGpua1VCWE5mVGJaUDJZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi80NTVmNTYtMWU2Zi00NjdkLWI3MTEt
ZWJkZjM4YjAwOTVjLzEvMS15ZTdueXVMaDFvYm8zR2lJRmdLeFhWakowRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWYvNDU1ZjU2LTFlNmYtNDY3ZC1iNzExLWViZGYzOGIwMDk1
Yy8xLzlFWU5aVlRWZ2V1NERqbmtVQlhOZlRiWlAyWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBTBggrBgEFBQcBBwEB/wREMEIwQAQCAAEwOgMEApWxgDAM
AwQClbGUAwQClbGYAwQClbGkAwQDlbGwAwQClbHAMAwDBAKVsdQDBAKVsdgDBAOV
seAwDQYJKoZIhvcNAQELBQADggEBAJMYx8OzRoOCq18oCX0gd2nnULEqIEQKXpiH
p4PqDvYhpzyXsnBxb+OEmtbLOawfPfcZuWyfONDIs1eV82u+wBWLWxWD8/tB9ZkD
ISL2abl9P4WE1VhpRq2EMBl1g+lWof+ddRdhmyCmgp8gtibcNBWyDzKGzIJMhq7r
/fLhTCNpvrjIliJZK9WWAzIl7EpnldM+ydGLT81iiT6aAdkECyk5USSCKEJz3m2o
+Zi6o8ZqDdz5VMywXtydQAHhE+AQTmE2ecWHMPDufkFOXgdf8V7yN5M1CB8fojI8
Tou3jCxgskqT9wzgQ23QgBqIRYohfVQobO94rZG9LYI5WKav75Q=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:53:42 2024 by rpki-client on console-fra.rpki-client.org