Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/1-XzzBE1ue9PBAiO0y3DncE-FqQQ.roa
File:                     1-XzzBE1ue9PBAiO0y3DncE-FqQQ.roa (raw, json)
Hash identifier:          +ubeeYwRsnNgGeOTpVxbhi6xUirKjUN51QlJ/8/KzyA=
Subject key identifier:   F9:7C:F3:04:4D:6E:7B:D3:C1:02:23:B4:CB:70:E7:70:4F:85:A9:04
Certificate issuer:       /CN=7094a425595e923c4b53b9c000aa8f19ad923f20
Certificate serial:       018CC425234E864B3E6A84FF4FC698FD17B1
Authority key identifier: 70:94:A4:25:59:5E:92:3C:4B:53:B9:C0:00:AA:8F:19:AD:92:3F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/1-XzzBE1ue9PBAiO0y3DncE-FqQQ.roa
Signing time:             Mon 01 Jan 2024 08:30:17 +0000
ROA not before:           Mon 01 Jan 2024 08:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3339
IP address blocks:        185.209.120.0/22 maxlen: 22
                          185.255.104.0/22 maxlen: 22
                          192.145.40.0/22 maxlen: 22
                          185.177.168.0/22 maxlen: 22
                          185.233.76.0/22 maxlen: 22
                          185.72.12.0/24 maxlen: 24
                          185.72.12.0/22 maxlen: 22
                          185.95.56.0/22 maxlen: 22
                          185.73.188.0/22 maxlen: 22
                          91.200.244.0/22 maxlen: 22
                          176.97.224.0/22 maxlen: 22
                          2a0a:4280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:23:4e:86:4b:3e:6a:84:ff:4f:c6:98:fd:17:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7094a425595e923c4b53b9c000aa8f19ad923f20
        Validity
            Not Before: Jan  1 08:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f97cf3044d6e7bd3c10223b4cb70e7704f85a904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ac:db:ab:85:c0:2f:9d:63:3b:01:f6:59:50:
                    b9:d1:f4:e8:11:ee:d8:63:9c:8b:79:ab:bc:ed:43:
                    29:d1:ad:f2:66:64:0a:13:33:e4:3f:97:ae:b6:c5:
                    82:12:6d:df:8c:a4:d0:9b:ce:72:b9:4d:77:bf:d3:
                    0e:af:6e:63:cf:e7:9b:5f:57:12:dd:9e:32:80:cf:
                    46:e9:7d:c6:87:1c:30:27:ea:39:b4:d0:96:b1:35:
                    dc:af:bb:f4:15:f0:d7:c7:48:fa:d5:ed:ba:2e:90:
                    14:64:22:c9:33:85:cd:86:d4:c1:82:9f:8c:75:b7:
                    0d:b1:a2:e6:e1:72:36:24:91:3e:29:e1:32:fd:02:
                    e2:75:29:08:3f:8d:c7:1f:57:b1:99:ec:3c:0d:f5:
                    8d:a4:7b:54:8f:28:6e:f1:fd:10:19:d7:44:90:81:
                    fc:e5:d8:66:85:5e:cc:55:d9:00:b2:9d:99:9a:4f:
                    c4:81:db:3a:52:ee:a1:c3:08:d6:b4:0f:e1:26:16:
                    da:d0:3e:4a:6b:38:9a:56:bd:3e:a6:ab:0c:17:9b:
                    fb:43:4f:e9:4d:fc:d7:33:a0:c1:20:78:7e:a1:4d:
                    3a:20:cf:91:14:01:e7:15:6a:79:78:85:e8:46:ea:
                    13:dd:a4:75:ed:c1:52:f5:dc:08:de:3f:e3:3a:26:
                    ac:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:7C:F3:04:4D:6E:7B:D3:C1:02:23:B4:CB:70:E7:70:4F:85:A9:04
            X509v3 Authority Key Identifier:
                keyid:70:94:A4:25:59:5E:92:3C:4B:53:B9:C0:00:AA:8F:19:AD:92:3F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cJSkJVlekjxLU7nAAKqPGa2SPyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/1-XzzBE1ue9PBAiO0y3DncE-FqQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/963170-58be-46bb-a5de-777373e6055e/1/cJSkJVlekjxLU7nAAKqPGa2SPyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.244.0/22
                  176.97.224.0/22
                  185.72.12.0/22
                  185.73.188.0/22
                  185.95.56.0/22
                  185.177.168.0/22
                  185.209.120.0/22
                  185.233.76.0/22
                  185.255.104.0/22
                  192.145.40.0/22
                IPv6:
                  2a0a:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:92:a8:96:ae:97:0e:55:24:fe:f2:56:f5:6c:d1:0f:d0:4f:
         70:ea:ed:97:8f:af:3a:63:83:a6:2b:fd:a7:ea:a2:b9:96:06:
         33:2f:95:0f:6c:48:4f:ad:a2:1d:44:77:6d:22:2a:b6:55:44:
         80:5d:2c:91:69:f3:14:67:0b:75:b5:83:01:0d:79:4e:d6:4d:
         c0:81:74:7e:7e:0b:78:1e:fe:c7:54:91:d8:9a:92:f0:df:45:
         0c:26:2f:3e:1a:ab:83:a3:35:6f:fb:5c:88:ec:6d:17:8f:45:
         71:e3:df:f3:24:1b:68:b9:35:6e:b5:02:58:05:96:e2:6d:1e:
         67:03:17:17:ff:69:8e:39:a5:61:65:4e:8b:06:79:a5:a8:2b:
         18:20:3f:22:e2:aa:5c:74:55:0e:c8:45:34:10:1f:84:eb:30:
         37:a9:64:54:78:8f:ce:06:01:28:a9:4a:44:25:8e:ea:8a:df:
         fc:bb:5d:d3:69:c0:5d:ee:9e:26:41:e2:8f:ea:e7:fa:90:a4:
         c6:86:a3:8b:ce:f4:3c:37:32:71:6b:7b:0e:ed:ae:85:1b:d3:
         4a:a7:96:64:1b:73:58:38:07:80:cc:fe:3f:23:1a:60:93:39:
         1d:ab:96:01:b2:4d:ae:11:15:de:0b:b1:bd:c4:75:7a:bd:c5:
         84:75:df:f3
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYzEJSNOhks+aoT/T8aY/RexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwOTRhNDI1NTk1ZTkyM2M0YjUzYjljMDAwYWE4ZjE5YWQ5
MjNmMjAwHhcNMjQwMTAxMDgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTdjZjMwNDRkNmU3YmQzYzEwMjIzYjRjYjcwZTc3MDRmODVhOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvazbq4XAL51jOwH2WVC50fToEe7Y
Y5yLeau87UMp0a3yZmQKEzPkP5eutsWCEm3fjKTQm85yuU13v9MOr25jz+ebX1cS
3Z4ygM9G6X3GhxwwJ+o5tNCWsTXcr7v0FfDXx0j61e26LpAUZCLJM4XNhtTBgp+M
dbcNsaLm4XI2JJE+KeEy/QLidSkIP43HH1exmew8DfWNpHtUjyhu8f0QGddEkIH8
5dhmhV7MVdkAsp2Zmk/Egds6Uu6hwwjWtA/hJhba0D5KaziaVr0+pqsMF5v7Q0/p
TfzXM6DBIHh+oU06IM+RFAHnFWp5eIXoRuoT3aR17cFS9dwI3j/jOiasdQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFPl88wRNbnvTwQIjtMtw53BPhakEMB8GA1UdIwQY
MBaAFHCUpCVZXpI8S1O5wACqjxmtkj8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0pTa0pWbGVranhMVTduQUFLcVBHYTJTUHlBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS85NjMxNzAtNThiZS00NmJiLWE1ZGUt
Nzc3MzczZTYwNTVlLzEvMS1YenpCRTF1ZTlQQkFpTzB5M0RuY0UtRnFRUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvOTYzMTcwLTU4YmUtNDZiYi1hNWRlLTc3NzM3M2U2MDU1
ZS8xL2NKU2tKVmxla2p4TFU3bkFBS3FQR2EyU1B5QS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBkBggrBgEFBQcBBwEB/wRVMFMwQgQCAAEwPAMEAlvI9AME
ArBh4AMEArlIDAMEArlJvAMEArlfOAMEArmxqAMEArnReAMEArnpTAMEArn/aAME
AsCRKDANBAIAAjAHAwUDKgpCgDANBgkqhkiG9w0BAQsFAAOCAQEAX5Kolq6XDlUk
/vJW9WzRD9BPcOrtl4+vOmODpiv9p+qiuZYGMy+VD2xIT62iHUR3bSIqtlVEgF0s
kWnzFGcLdbWDAQ15TtZNwIF0fn4LeB7+x1SR2JqS8N9FDCYvPhqrg6M1b/tciOxt
F49FcePf8yQbaLk1brUCWAWW4m0eZwMXF/9pjjmlYWVOiwZ5pagrGCA/IuKqXHRV
DshFNBAfhOswN6lkVHiPzgYBKKlKRCWO6orf/Ltd02nAXe6eJkHij+rn+pCkxoaj
i870PDcycWt7Du2uhRvTSqeWZBtzWDgHgMz+PyMaYJM5HauWAbJNrhEV3guxvcR1
er3FhHXf8w==
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:10:56 2024 by rpki-client on console-fra.rpki-client.org