Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/Vzy-91u750q7yijQJt7IRUrBQOI.roa
File:                     Vzy-91u750q7yijQJt7IRUrBQOI.roa (raw, json)
Hash identifier:          jnw7fotgfP1OhoPeDEauhKBkItBTv9uTphEqgI0GPDc=
Subject key identifier:   57:3C:BE:F7:5B:BB:E7:4A:BB:CA:28:D0:26:DE:C8:45:4A:C1:40:E2
Certificate issuer:       /CN=f1da67135b737ca9d2dfd7b97fe5978b8f300d6b
Certificate serial:       018CC64B6499962C7A5AE061220D828F5C1D
Authority key identifier: F1:DA:67:13:5B:73:7C:A9:D2:DF:D7:B9:7F:E5:97:8B:8F:30:0D:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dpnE1tzfKnS39e5f-WXi48wDWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/Vzy-91u750q7yijQJt7IRUrBQOI.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60486
IP address blocks:        185.29.152.0/22 maxlen: 22
                          185.29.152.0/23 maxlen: 23
                          185.29.154.0/24 maxlen: 24
                          85.184.244.0/24 maxlen: 24
                          85.184.246.0/24 maxlen: 24
                          85.184.245.0/24 maxlen: 24
                          85.184.247.0/24 maxlen: 24
                          83.143.72.0/24 maxlen: 24
                          2a00:a920:700::/40 maxlen: 40
                          2a00:a920:900::/40 maxlen: 40
                          2a00:a920:800::/40 maxlen: 40
                          2a00:a920:400::/40 maxlen: 40
                          2a00:a920:300::/40 maxlen: 40
                          2a00:a920:200::/40 maxlen: 40
                          2a00:a920:100::/40 maxlen: 40
                          2a00:a920::/40 maxlen: 40
                          2a00:a920:c00::/40 maxlen: 40
                          2a00:a920::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/8dpnE1tzfKnS39e5f-WXi48wDWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/8dpnE1tzfKnS39e5f-WXi48wDWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dpnE1tzfKnS39e5f-WXi48wDWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:64:99:96:2c:7a:5a:e0:61:22:0d:82:8f:5c:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1da67135b737ca9d2dfd7b97fe5978b8f300d6b
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=573cbef75bbbe74abbca28d026dec8454ac140e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:ae:39:1f:3d:d8:df:00:4d:90:24:dd:2f:5c:
                    d2:3a:af:cd:59:18:41:83:f4:43:86:93:96:a5:95:
                    7e:08:36:cb:7d:dc:11:0c:a3:65:fc:a4:b9:f0:52:
                    9e:15:71:3c:46:b0:1b:ec:6b:91:3d:21:af:90:be:
                    db:99:f8:86:4c:33:27:1e:04:2a:03:25:88:ba:03:
                    71:f2:86:6b:5a:f7:14:da:fc:01:e0:fe:80:e7:01:
                    70:45:92:1c:65:b1:91:22:7f:3d:8d:fd:35:ed:ea:
                    85:db:cc:62:2e:a8:fa:b3:28:b6:10:7b:c9:e1:86:
                    73:3f:8b:25:85:74:d8:24:33:15:f7:66:3b:58:4f:
                    1a:40:ec:de:df:dc:7d:b0:dd:10:22:16:d5:a0:4e:
                    b1:ea:c8:4a:14:ce:d9:aa:a9:13:81:19:91:78:11:
                    8f:69:92:16:1f:d7:4e:ef:c9:e4:f1:e6:8a:30:6f:
                    58:e6:ed:1f:b3:5f:75:52:d7:5f:c6:62:1e:08:3c:
                    38:d8:49:de:7d:14:06:1c:44:e7:d1:db:fe:b8:9a:
                    23:a4:ca:f5:9a:7c:a2:d4:6e:ac:43:03:95:43:cf:
                    13:94:37:27:71:c9:e5:f9:ef:23:51:d9:30:e3:c1:
                    ea:cb:a3:61:5b:3a:ef:d9:c9:86:94:8c:f6:9e:9c:
                    a3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:3C:BE:F7:5B:BB:E7:4A:BB:CA:28:D0:26:DE:C8:45:4A:C1:40:E2
            X509v3 Authority Key Identifier:
                keyid:F1:DA:67:13:5B:73:7C:A9:D2:DF:D7:B9:7F:E5:97:8B:8F:30:0D:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dpnE1tzfKnS39e5f-WXi48wDWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/Vzy-91u750q7yijQJt7IRUrBQOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/a2ccb1-a728-4f04-9641-fc112ae63ea4/1/8dpnE1tzfKnS39e5f-WXi48wDWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.143.72.0/24
                  85.184.244.0/22
                  185.29.152.0/22
                IPv6:
                  2a00:a920::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:08:70:b4:36:67:9f:55:52:8c:ad:ec:4b:04:03:6f:5f:5b:
         ea:97:f8:98:f4:fd:a0:b4:f4:cc:a2:fa:4a:cf:c9:c6:50:dd:
         dc:b7:21:ff:c3:84:00:ce:f8:64:5e:cc:7e:43:bd:21:8e:d2:
         a1:a2:2d:4c:e3:7a:55:ec:b1:63:92:7d:37:53:cc:85:07:16:
         09:66:32:a6:dd:18:44:fb:e6:f2:17:b5:25:f2:6d:c8:ac:1f:
         63:3c:27:ef:2f:27:1d:f8:eb:90:dd:77:d3:77:14:ca:1a:ab:
         34:89:40:6d:56:16:e5:57:00:56:22:83:56:83:d4:37:3d:47:
         c7:5b:2e:74:88:c4:c4:d1:65:41:fb:19:d0:a8:30:bc:71:6f:
         6a:74:83:ec:00:91:2c:9f:18:1e:7a:d0:16:2e:0b:67:0b:fd:
         06:da:e6:d2:c4:32:2f:15:dc:60:7c:c7:d1:e5:71:e2:4f:33:
         33:62:1d:08:18:5e:c4:79:ba:02:17:6b:c0:71:d2:fc:39:71:
         21:09:52:02:1e:7b:cc:e0:fd:9f:c7:9d:fb:cd:7a:23:c2:b0:
         30:b3:ba:76:af:c9:5b:f0:5d:67:3d:f0:82:cc:a7:ca:5f:81:
         2c:3a:ce:b9:79:38:4b:ee:b7:3e:4d:d7:ed:71:b0:ad:df:67:
         0c:3c:9b:72
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzGS2SZlix6WuBhIg2Cj1wdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZGE2NzEzNWI3MzdjYTlkMmRmZDdiOTdmZTU5NzhiOGYz
MDBkNmIwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzNjYmVmNzViYmJlNzRhYmJjYTI4ZDAyNmRlYzg0NTRhYzE0MGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7K45Hz3Y3wBNkCTdL1zSOq/NWRhB
g/RDhpOWpZV+CDbLfdwRDKNl/KS58FKeFXE8RrAb7GuRPSGvkL7bmfiGTDMnHgQq
AyWIugNx8oZrWvcU2vwB4P6A5wFwRZIcZbGRIn89jf017eqF28xiLqj6syi2EHvJ
4YZzP4slhXTYJDMV92Y7WE8aQOze39x9sN0QIhbVoE6x6shKFM7ZqqkTgRmReBGP
aZIWH9dO78nk8eaKMG9Y5u0fs191UtdfxmIeCDw42EnefRQGHETn0dv+uJojpMr1
mnyi1G6sQwOVQ88TlDcnccnl+e8jUdkw48Hqy6NhWzrv2cmGlIz2npyj8QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFFc8vvdbu+dKu8oo0CbeyEVKwUDiMB8GA1UdIwQY
MBaAFPHaZxNbc3yp0t/XuX/ll4uPMA1rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRwbkUxdHpmS25TMzllNWYtV1hpNDh3RFdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9hMmNjYjEtYTcyOC00ZjA0LTk2NDEt
ZmMxMTJhZTYzZWE0LzEvVnp5LTkxdTc1MHE3eWlqUUp0N0lSVXJCUU9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9hMmNjYjEtYTcyOC00ZjA0LTk2NDEtZmMxMTJhZTYzZWE0
LzEvOGRwbkUxdHpmS25TMzllNWYtV1hpNDh3RFdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAU49IAwQC
Vbj0AwQCuR2YMA0EAgACMAcDBQAqAKkgMA0GCSqGSIb3DQEBCwUAA4IBAQAnCHC0
NmefVVKMrexLBANvX1vql/iY9P2gtPTMovpKz8nGUN3ctyH/w4QAzvhkXsx+Q70h
jtKhoi1M43pV7LFjkn03U8yFBxYJZjKm3RhE++byF7Ul8m3IrB9jPCfvLycd+OuQ
3XfTdxTKGqs0iUBtVhblVwBWIoNWg9Q3PUfHWy50iMTE0WVB+xnQqDC8cW9qdIPs
AJEsnxgeetAWLgtnC/0G2ubSxDIvFdxgfMfR5XHiTzMzYh0IGF7EeboCF2vAcdL8
OXEhCVICHnvM4P2fx537zXojwrAws7p2r8lb8F1nPfCCzKfKX4EsOs65eThL7rc+
TdftcbCt32cMPJty
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:05:29 2024 by rpki-client on console-fra.rpki-client.org