Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/9L1yA4Pa8rd2I_sY154LwZLdaH8.roa
File:                     9L1yA4Pa8rd2I_sY154LwZLdaH8.roa (raw, json)
Hash identifier:          b7i13dmpDTrwUL6rE3xY/6HFTuWwYbVuKLWvmp8TA4c=
Subject key identifier:   F4:BD:72:03:83:DA:F2:B7:76:23:FB:18:D7:9E:0B:C1:92:DD:68:7F
Certificate issuer:       /CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
Certificate serial:       018DB25094BBDDC7E077C4EC9EED7FA55F5D
Authority key identifier: 58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/9L1yA4Pa8rd2I_sY154LwZLdaH8.roa
Signing time:             Fri 16 Feb 2024 14:27:21 +0000
ROA not before:           Fri 16 Feb 2024 14:27:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35228
IP address blocks:        82.132.138.0/23 maxlen: 24
                          82.132.160.0/23 maxlen: 24
                          82.132.162.0/23 maxlen: 24
                          82.132.164.0/23 maxlen: 24
                          82.132.166.0/23 maxlen: 24
                          82.132.168.0/23 maxlen: 24
                          82.132.170.0/23 maxlen: 24
                          82.132.172.0/23 maxlen: 24
                          82.132.174.0/23 maxlen: 24
                          82.132.176.0/23 maxlen: 24
                          82.132.180.0/23 maxlen: 24
                          82.132.182.0/23 maxlen: 24
                          82.132.184.0/22 maxlen: 24
                          82.132.198.0/23 maxlen: 24
                          82.132.199.0/24 maxlen: 24
                          82.132.210.0/23 maxlen: 24
                          82.132.212.0/22 maxlen: 24
                          82.132.216.0/22 maxlen: 24
                          82.132.220.0/22 maxlen: 24
                          82.132.224.0/22 maxlen: 24
                          82.132.228.0/22 maxlen: 24
                          82.132.232.0/22 maxlen: 24
                          82.132.236.0/22 maxlen: 24
                          82.132.240.0/22 maxlen: 24
                          82.132.244.0/22 maxlen: 24
                          82.132.248.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:50:94:bb:dd:c7:e0:77:c4:ec:9e:ed:7f:a5:5f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b29e7b8a0ddb9c36c6e0e3f49577817b0ea3a6
        Validity
            Not Before: Feb 16 14:27:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4bd720383daf2b77623fb18d79e0bc192dd687f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c0:a1:ea:d5:bb:4a:a7:c4:f6:3a:b8:7d:67:
                    47:7e:78:37:95:4a:8c:eb:4e:8a:11:b1:d9:b9:38:
                    f0:1e:b1:d1:ae:e7:6a:ac:c3:f1:0e:cd:83:96:e3:
                    8d:c3:87:ea:f3:62:1f:fb:91:9d:80:58:08:6f:b0:
                    be:0b:e9:1b:fc:2a:21:1f:29:81:1a:e8:9b:0a:a9:
                    e2:5c:3b:01:00:cf:d0:92:ee:82:7e:60:63:a8:cf:
                    5b:bc:ae:d9:60:1e:a7:10:70:0b:d5:2c:0c:56:9f:
                    60:33:07:5a:38:2e:86:c8:38:85:0e:74:85:55:41:
                    cc:4d:30:40:c0:aa:35:89:a0:95:25:fd:ad:13:8e:
                    29:cc:6a:cb:2d:f4:25:72:16:f8:46:e3:90:9d:ea:
                    ef:54:5a:b8:d3:0e:51:17:de:2f:7c:cc:b4:33:86:
                    98:e0:82:e0:c0:13:98:ae:7d:9c:5d:81:de:84:4e:
                    d7:b4:3e:27:b0:a8:a7:77:0f:3a:b8:12:ad:8d:e7:
                    71:d9:73:65:35:ef:84:8c:7e:d4:72:b7:8f:95:0a:
                    ab:50:eb:4a:3a:9e:00:f2:d9:e8:e2:6c:4f:b4:e0:
                    95:13:41:ca:c4:97:ea:8e:6e:36:73:bb:b8:a0:db:
                    cc:19:7f:44:f0:25:17:f6:14:4e:61:f6:d3:82:51:
                    ad:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:BD:72:03:83:DA:F2:B7:76:23:FB:18:D7:9E:0B:C1:92:DD:68:7F
            X509v3 Authority Key Identifier:
                keyid:58:B2:9E:7B:8A:0D:DB:9C:36:C6:E0:E3:F4:95:77:81:7B:0E:A3:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLKee4oN25w2xuDj9JV3gXsOo6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/9L1yA4Pa8rd2I_sY154LwZLdaH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2cb3bb-0ed1-4ecf-8af5-ee73fe21ed23/1/WLKee4oN25w2xuDj9JV3gXsOo6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.132.138.0/23
                  82.132.160.0-82.132.177.255
                  82.132.180.0-82.132.187.255
                  82.132.198.0/23
                  82.132.210.0-82.132.249.255

    Signature Algorithm: sha256WithRSAEncryption
         23:5c:d8:78:bd:91:49:85:48:66:6a:a1:dd:2b:a2:47:e9:b9:
         25:9b:ad:85:f7:a3:6d:ae:22:fb:ac:e6:f7:49:d4:0e:49:f1:
         e7:f4:7b:4e:cc:3d:67:91:eb:02:48:0c:b2:c5:cc:ae:b6:ab:
         e4:b9:04:d4:6c:4d:f3:9a:ac:0c:fc:3c:58:b2:f1:24:3b:cc:
         8a:a2:86:9c:c5:d8:d6:89:cc:f2:6f:0b:fd:0e:11:65:59:6f:
         1b:04:01:6d:ea:f6:16:78:1e:6a:70:9b:5a:35:f1:25:5e:1c:
         13:61:81:79:63:a0:bf:45:25:83:23:9b:72:50:ed:68:ae:68:
         92:a5:b2:78:d0:dd:fb:71:4b:77:b2:c4:47:a1:40:89:86:f2:
         9f:67:4c:1a:a7:8a:95:96:a9:de:cf:bb:c2:7c:3f:fd:a3:78:
         fb:86:24:f3:c1:e8:e5:cb:d5:56:8a:c1:93:08:c9:3e:eb:e6:
         75:a3:db:a4:38:22:8f:68:fb:00:4f:ab:14:0f:fe:a2:2e:aa:
         50:34:dd:b7:da:0a:f9:0f:f4:88:9f:32:82:f1:d3:5b:6a:61:
         68:37:92:9e:d5:29:5f:2f:f9:0c:fd:d4:fe:12:78:78:ff:d1:
         13:2c:95:ae:5b:26:78:ce:59:b0:08:87:66:19:ce:f1:d5:1b:
         b3:66:1b:89
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY2yUJS73cfgd8Tsnu1/pV9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjI5ZTdiOGEwZGRiOWMzNmM2ZTBlM2Y0OTU3NzgxN2Iw
ZWEzYTYwHhcNMjQwMjE2MTQyNzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGJkNzIwMzgzZGFmMmI3NzYyM2ZiMThkNzllMGJjMTkyZGQ2ODdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcCh6tW7SqfE9jq4fWdHfng3lUqM
606KEbHZuTjwHrHRrudqrMPxDs2DluONw4fq82If+5GdgFgIb7C+C+kb/CohHymB
GuibCqniXDsBAM/Qku6CfmBjqM9bvK7ZYB6nEHAL1SwMVp9gMwdaOC6GyDiFDnSF
VUHMTTBAwKo1iaCVJf2tE44pzGrLLfQlchb4RuOQnervVFq40w5RF94vfMy0M4aY
4ILgwBOYrn2cXYHehE7XtD4nsKindw86uBKtjedx2XNlNe+EjH7UcrePlQqrUOtK
Op4A8tno4mxPtOCVE0HKxJfqjm42c7u4oNvMGX9E8CUX9hROYfbTglGtXQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPS9cgOD2vK3diP7GNeeC8GS3Wh/MB8GA1UdIwQY
MBaAFFiynnuKDducNsbg4/SVd4F7DqOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUt
ZWU3M2ZlMjFlZDIzLzEvOUwxeUE0UGE4cmQySV9zWTE1NEx3WkxkYUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yY2IzYmItMGVkMS00ZWNmLThhZjUtZWU3M2ZlMjFlZDIz
LzEvV0xLZWU0b04yNXcyeHVEajlKVjNnWHNPbzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBUoSKMAwD
BAVShKADBAFShLAwDAMEAlKEtAMEAlKEuAMEAVKExjAMAwQBUoTSAwQBUoT4MA0G
CSqGSIb3DQEBCwUAA4IBAQAjXNh4vZFJhUhmaqHdK6JH6bklm62F96NtriL7rOb3
SdQOSfHn9HtOzD1nkesCSAyyxcyutqvkuQTUbE3zmqwM/DxYsvEkO8yKooacxdjW
iczybwv9DhFlWW8bBAFt6vYWeB5qcJtaNfElXhwTYYF5Y6C/RSWDI5tyUO1ormiS
pbJ40N37cUt3ssRHoUCJhvKfZ0wap4qVlqnez7vCfD/9o3j7hiTzwejly9VWisGT
CMk+6+Z1o9ukOCKPaPsAT6sUD/6iLqpQNN232gr5D/SInzKC8dNbamFoN5Ke1Slf
L/kM/dT+Enh4/9ETLJWuWyZ4zlmwCIdmGc7x1RuzZhuJ
-----END CERTIFICATE-----
Generated at Tue Jun 18 14:34:42 2024 by rpki-client on console-ams.rpki-client.org