Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/ks7Gv0GevhgQIkHF8geXzgMCF8E.roa
File:                     ks7Gv0GevhgQIkHF8geXzgMCF8E.roa (raw, json)
Hash identifier:          F4mLBEL+n7QH3r325/M+QH1I6r+39DXfTB7LaHLXieM=
Subject key identifier:   92:CE:C6:BF:41:9E:BE:18:10:22:41:C5:F2:07:97:CE:03:02:17:C1
Certificate issuer:       /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial:       0191129A8F0019993A5AC4FE82487FEF533B
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/ks7Gv0GevhgQIkHF8geXzgMCF8E.roa
Signing time:             Fri 02 Aug 2024 10:20:04 +0000
ROA not before:           Fri 02 Aug 2024 10:20:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12663
IP address blocks:        37.25.128.0/17 maxlen: 24
                          46.108.0.0/16 maxlen: 24
                          46.190.128.0/17 maxlen: 24
                          62.213.128.0/19 maxlen: 19
                          85.205.0.0/16 maxlen: 24
                          86.104.216.0/22 maxlen: 22
                          89.32.48.0/21 maxlen: 21
                          92.114.8.0/21 maxlen: 21
                          108.179.64.0/18 maxlen: 19
                          130.195.32.0/20 maxlen: 20
                          130.195.64.0/19 maxlen: 19
                          130.195.96.0/19 maxlen: 19
                          130.195.128.0/18 maxlen: 24
                          130.195.200.0/21 maxlen: 21
                          139.47.160.0/19 maxlen: 24
                          139.47.192.0/18 maxlen: 24
                          145.230.0.0/16 maxlen: 24
                          176.125.0.0/19 maxlen: 24
                          188.240.84.0/22 maxlen: 22
                          192.125.128.0/17 maxlen: 24
                          195.232.128.0/17 maxlen: 24
                          195.233.0.0/16 maxlen: 24
                          208.53.128.0/18 maxlen: 18
                          2a01:818:1000::/44 maxlen: 44
                          2a01:818:1060::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:9a:8f:00:19:99:3a:5a:c4:fe:82:48:7f:ef:53:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
        Validity
            Not Before: Aug  2 10:20:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92cec6bf419ebe18102241c5f20797ce030217c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:68:03:d5:34:24:32:aa:f6:39:87:9b:9a:4c:
                    23:91:fc:02:06:a9:f2:ff:b3:29:9f:d1:e1:c1:e0:
                    79:fa:5e:88:04:37:0d:39:eb:6e:31:13:c8:97:24:
                    d7:0f:71:ab:ab:ea:10:14:f9:0f:86:04:ac:21:5c:
                    bc:d9:9c:c1:a4:be:37:65:5a:27:c5:d9:df:5b:0d:
                    9c:95:ce:bb:bb:0d:3f:1c:62:91:30:8d:df:45:a0:
                    f4:d1:03:10:10:97:72:80:03:6c:ac:42:27:10:01:
                    e4:7b:d0:03:82:95:a8:17:0a:49:d1:e5:7a:16:88:
                    f8:fd:63:ee:fd:8f:2c:52:44:8b:53:95:6b:90:eb:
                    53:30:d4:94:c1:43:ce:4d:22:b0:37:9d:2c:fd:ee:
                    7f:a1:07:b1:dc:23:60:52:88:ce:e4:58:ba:de:42:
                    f3:e2:fb:46:8d:24:bc:4d:d5:ce:6a:4f:3e:e6:f8:
                    b1:0a:1c:5b:11:8c:a9:41:83:6b:a3:ed:ea:d7:94:
                    58:fc:3f:16:b6:60:36:f4:1b:57:54:54:bd:f8:8b:
                    27:f4:e8:bc:f5:5c:eb:a0:a7:5a:d5:cd:c9:4e:a5:
                    8c:fd:c5:53:58:e8:97:5a:84:c2:e9:05:d2:24:c6:
                    e2:1d:e2:c5:fe:6e:7f:40:f7:4f:17:2b:a0:42:53:
                    3c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:CE:C6:BF:41:9E:BE:18:10:22:41:C5:F2:07:97:CE:03:02:17:C1
            X509v3 Authority Key Identifier:
                keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/ks7Gv0GevhgQIkHF8geXzgMCF8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.25.128.0/17
                  46.108.0.0/16
                  46.190.128.0/17
                  62.213.128.0/19
                  85.205.0.0/16
                  86.104.216.0/22
                  89.32.48.0/21
                  92.114.8.0/21
                  108.179.64.0/18
                  130.195.32.0/20
                  130.195.64.0-130.195.191.255
                  130.195.200.0/21
                  139.47.160.0-139.47.255.255
                  145.230.0.0/16
                  176.125.0.0/19
                  188.240.84.0/22
                  192.125.128.0/17
                  195.232.128.0-195.233.255.255
                  208.53.128.0/18
                IPv6:
                  2a01:818:1000::/44
                  2a01:818:1060::/44

    Signature Algorithm: sha256WithRSAEncryption
         85:c4:71:0f:16:7c:29:a5:60:68:c2:6c:e1:77:92:80:87:d0:
         08:02:ce:7d:a6:16:ff:10:dd:0f:f8:ef:d6:8c:c4:14:3a:ce:
         d4:4a:d6:04:52:b0:b1:13:ef:1c:c5:65:24:ff:9f:74:43:31:
         c5:d4:1d:5a:b2:58:e8:d1:7b:31:7b:8c:20:12:19:bc:ab:92:
         f7:c2:6d:68:f7:7a:72:36:3e:8b:76:e8:13:03:bb:63:95:e4:
         32:da:8d:ce:6d:d5:2f:cb:53:31:06:f6:9d:32:b0:94:0d:0d:
         75:29:21:f4:8c:ff:1c:3a:68:05:58:0c:b5:b6:55:0f:64:b8:
         fe:ab:ea:a2:18:a7:ce:5b:7f:03:90:09:b0:3c:c7:87:3b:70:
         e6:d8:ce:da:fa:27:63:7c:3c:1e:73:a6:30:80:a6:92:80:8f:
         a2:6e:fe:a4:51:67:c4:01:39:8a:5d:c9:74:c5:d5:4d:b2:a5:
         7c:cc:1a:05:ee:7b:f5:5b:58:b8:0f:96:a1:ee:ee:a8:b8:c1:
         32:ed:e3:e0:21:2a:c8:6a:a5:89:58:1a:6f:81:99:e7:c1:e9:
         fd:83:64:f6:02:76:a2:4b:29:f9:51:47:2b:cd:d6:1b:ce:31:
         d4:17:11:7b:a8:9e:50:a7:ad:fc:0b:e8:ac:28:b0:6a:f0:9b:
         27:7c:eb:ba
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgISAZESmo8AGZk6WsT+gkh/71M7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjQwODAyMTAyMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmNlYzZiZjQxOWViZTE4MTAyMjQxYzVmMjA3OTdjZTAzMDIxN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GgD1TQkMqr2OYebmkwjkfwCBqny
/7Mpn9HhweB5+l6IBDcNOetuMRPIlyTXD3Grq+oQFPkPhgSsIVy82ZzBpL43ZVon
xdnfWw2clc67uw0/HGKRMI3fRaD00QMQEJdygANsrEInEAHke9ADgpWoFwpJ0eV6
Foj4/WPu/Y8sUkSLU5VrkOtTMNSUwUPOTSKwN50s/e5/oQex3CNgUojO5Fi63kLz
4vtGjSS8TdXOak8+5vixChxbEYypQYNro+3q15RY/D8WtmA29BtXVFS9+Isn9Oi8
9VzroKda1c3JTqWM/cVTWOiXWoTC6QXSJMbiHeLF/m5/QPdPFyugQlM8XwIDAQAB
o4ICpzCCAqMwHQYDVR0OBBYEFJLOxr9Bnr4YECJBxfIHl84DAhfBMB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEva3M3R3YwR2V2aGdRSWtIRjhnZVh6Z01DRjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG8BggrBgEFBQcBBwEB/wSBrDCBqTCBjAQCAAEwgYUDBAcl
GYADAwAubAMEBy6+gAMEBT7VgAMDAFXNAwQCVmjYAwQDWSAwAwQDXHIIAwQGbLNA
AwQEgsMgMAwDBAaCw0ADBAaCw4ADBAOCw8gwCwMEBYsvoAMDBIsgAwMAkeYDBAWw
fQADBAK88FQDBAfAfYAwCwMEB8PogAMDAcPoAwQG0DWAMBgEAgACMBIDBwQqAQgY
EAADBwQqAQgYEGAwDQYJKoZIhvcNAQELBQADggEBAIXEcQ8WfCmlYGjCbOF3koCH
0AgCzn2mFv8Q3Q/479aMxBQ6ztRK1gRSsLET7xzFZST/n3RDMcXUHVqyWOjRezF7
jCASGbyrkvfCbWj3enI2Pot26BMDu2OV5DLajc5t1S/LUzEG9p0ysJQNDXUpIfSM
/xw6aAVYDLW2VQ9kuP6r6qIYp85bfwOQCbA8x4c7cObYztr6J2N8PB5zpjCAppKA
j6Ju/qRRZ8QBOYpdyXTF1U2ypXzMGgXue/VbWLgPlqHu7qi4wTLt4+AhKshqpYlY
Gm+BmefB6f2DZPYCdqJLKflRRyvN1hvOMdQXEXuonlCnrfwL6KwosGrwmyd867o=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:02:49 2024 by rpki-client on console-ams.rpki-client.org