Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/cA9mJsPVRNkqyg1LO25OAPbzoOg.roa
File:                     cA9mJsPVRNkqyg1LO25OAPbzoOg.roa (raw, json)
Hash identifier:          /pqwLCQuS9dt0IFys/lIx5/l5sl8A5mq1xp0BL6pBd4=
Subject key identifier:   70:0F:66:26:C3:D5:44:D9:2A:CA:0D:4B:3B:6E:4E:00:F6:F3:A0:E8
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       018D2F4696BD2601D58E51890853BC047191
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/cA9mJsPVRNkqyg1LO25OAPbzoOg.roa
Signing time:             Mon 22 Jan 2024 03:46:11 +0000
ROA not before:           Mon 22 Jan 2024 03:46:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200532
IP address blocks:        31.14.27.0/24 maxlen: 24
                          89.33.41.0/24 maxlen: 24
                          89.35.124.0/24 maxlen: 24
                          89.35.125.0/24 maxlen: 24
                          89.46.33.0/24 maxlen: 24
                          185.98.4.0/24 maxlen: 24
                          185.98.5.0/24 maxlen: 24
                          185.98.6.0/24 maxlen: 24
                          185.98.7.0/24 maxlen: 24
                          185.100.64.0/24 maxlen: 24
                          185.100.65.0/24 maxlen: 24
                          185.100.66.0/24 maxlen: 24
                          185.100.67.0/24 maxlen: 24
                          185.111.104.0/22 maxlen: 22
                          185.111.104.0/24 maxlen: 24
                          185.111.105.0/24 maxlen: 24
                          185.111.106.0/24 maxlen: 24
                          185.111.107.0/24 maxlen: 24
                          185.113.132.0/22 maxlen: 22
                          185.113.132.0/24 maxlen: 24
                          185.113.133.0/24 maxlen: 24
                          185.113.134.0/24 maxlen: 24
                          185.113.135.0/24 maxlen: 24
                          185.116.192.0/22 maxlen: 22
                          185.116.192.0/24 maxlen: 24
                          185.116.193.0/24 maxlen: 24
                          185.116.194.0/24 maxlen: 24
                          185.116.195.0/24 maxlen: 24
                          185.121.80.0/22 maxlen: 22
                          185.121.80.0/24 maxlen: 24
                          185.121.81.0/24 maxlen: 24
                          185.121.82.0/24 maxlen: 24
                          185.121.83.0/24 maxlen: 24
                          185.125.88.0/24 maxlen: 24
                          185.125.89.0/24 maxlen: 24
                          185.125.90.0/24 maxlen: 24
                          185.125.91.0/24 maxlen: 24
                          185.129.48.0/24 maxlen: 24
                          185.129.49.0/24 maxlen: 24
                          185.129.50.0/24 maxlen: 24
                          185.129.51.0/24 maxlen: 24
                          188.241.216.0/24 maxlen: 24
                          188.241.217.0/24 maxlen: 24
                          2a06:940::/56 maxlen: 56
                          2a06:942::/48 maxlen: 48
                          2a06:942:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2f:46:96:bd:26:01:d5:8e:51:89:08:53:bc:04:71:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Jan 22 03:46:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=700f6626c3d544d92aca0d4b3b6e4e00f6f3a0e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:67:52:7a:13:63:7e:e1:00:99:a1:5a:bb:2d:
                    0b:68:68:20:9f:6c:ca:cb:9a:af:6b:6e:60:7a:ad:
                    c0:5b:71:6b:89:3a:a2:f3:db:15:bc:0c:92:6f:d5:
                    05:7f:a9:a5:c7:6b:8b:c8:9c:aa:b7:75:8d:bd:82:
                    c2:45:1c:52:22:ee:ae:94:59:e1:99:63:b4:ca:da:
                    b5:2d:a4:53:cb:af:e6:c5:48:a4:df:40:57:06:0d:
                    4f:6f:9b:eb:b7:93:ee:98:07:13:ad:d4:50:dd:e4:
                    4b:bf:23:af:e8:2f:59:cc:84:4e:16:9d:35:10:5a:
                    44:cc:f8:a8:a1:87:72:71:37:d0:ed:a6:7c:7a:4a:
                    4e:cf:58:40:92:fe:da:73:5d:f6:82:65:89:00:b3:
                    e6:7a:9b:b8:94:13:92:c9:26:dd:48:30:a6:c7:da:
                    ff:33:6c:33:78:10:ae:b9:0a:81:bd:15:a2:12:bc:
                    58:e7:b7:5f:4a:ad:65:f9:8f:7b:ee:3b:dd:d8:7d:
                    c5:69:00:03:23:bb:e8:87:8e:5e:5f:e4:66:29:56:
                    57:ab:1c:b2:4d:a5:6e:b1:0b:33:82:13:38:4a:33:
                    03:61:aa:e4:a4:9b:ed:18:6d:0e:77:64:c1:96:89:
                    45:92:ff:70:f6:5f:02:40:3f:fe:4e:f9:52:d2:41:
                    42:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:0F:66:26:C3:D5:44:D9:2A:CA:0D:4B:3B:6E:4E:00:F6:F3:A0:E8
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/cA9mJsPVRNkqyg1LO25OAPbzoOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.27.0/24
                  89.33.41.0/24
                  89.35.124.0/23
                  89.46.33.0/24
                  185.98.4.0/22
                  185.100.64.0/22
                  185.111.104.0/22
                  185.113.132.0/22
                  185.116.192.0/22
                  185.121.80.0/22
                  185.125.88.0/22
                  185.129.48.0/22
                  188.241.216.0/23
                IPv6:
                  2a06:940::/56
                  2a06:942::/48
                  2a06:942:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:1b:6f:38:95:0c:67:89:e4:10:1a:d7:c9:e6:2a:54:6f:72:
         e9:04:dd:62:86:e4:50:e9:03:2f:7b:14:c0:8e:6a:18:b1:88:
         48:0a:55:80:36:1d:ca:2f:a6:9e:15:db:14:43:3b:09:02:b0:
         22:e1:b4:89:50:ce:3f:a4:2c:9f:5c:65:99:b0:03:ce:fd:16:
         15:d0:07:61:6a:a3:47:c4:de:d2:4a:58:fa:b6:62:72:06:4d:
         5d:79:20:e9:c0:e1:f5:10:df:ea:81:f0:14:22:4d:2c:d0:bf:
         2e:59:1c:b9:ad:03:c2:47:6c:39:fd:a5:e4:c7:af:36:aa:fc:
         3e:e5:6c:99:9b:3e:f4:e6:a7:a8:d3:cf:25:7d:8e:09:59:fe:
         bf:7f:3d:be:e8:2d:b5:c5:5b:7f:94:98:73:7d:2f:21:dd:e8:
         14:2e:2d:a9:e9:15:b5:15:96:5a:58:ec:30:63:3f:e1:fc:f6:
         2d:95:9c:f8:a8:d3:1f:b9:4b:7e:d8:b2:d4:7b:83:94:26:87:
         9b:86:27:8e:0e:87:17:c9:e9:75:09:92:64:fd:26:9e:90:ed:
         14:82:14:ce:c3:07:cc:94:35:d2:c8:77:a4:b7:1e:0c:2f:06:
         5e:fc:a2:d4:f8:9d:f1:06:db:02:a5:70:cf:ab:8e:11:6a:63:
         64:da:de:b0
-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgISAY0vRpa9JgHVjlGJCFO8BHGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjQwMTIyMDM0NjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDBmNjYyNmMzZDU0NGQ5MmFjYTBkNGIzYjZlNGUwMGY2ZjNhMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWdSehNjfuEAmaFauy0LaGggn2zK
y5qva25geq3AW3FriTqi89sVvAySb9UFf6mlx2uLyJyqt3WNvYLCRRxSIu6ulFnh
mWO0ytq1LaRTy6/mxUik30BXBg1Pb5vrt5PumAcTrdRQ3eRLvyOv6C9ZzIROFp01
EFpEzPiooYdycTfQ7aZ8ekpOz1hAkv7ac132gmWJALPmepu4lBOSySbdSDCmx9r/
M2wzeBCuuQqBvRWiErxY57dfSq1l+Y977jvd2H3FaQADI7voh45eX+RmKVZXqxyy
TaVusQszghM4SjMDYarkpJvtGG0Od2TBlolFkv9w9l8CQD/+TvlS0kFCjQIDAQAB
o4ICdjCCAnIwHQYDVR0OBBYEFHAPZibD1UTZKsoNSztuTgD286DoMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvY0E5bUpzUFZSTmtxeWcxTE8yNU9BUGJ6b09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGLBggrBgEFBQcBBwEB/wR8MHowVAQCAAEwTgMEAB8OGwME
AFkhKQMEAVkjfAMEAFkuIQMEArliBAMEArlkQAMEArlvaAMEArlxhAMEArl0wAME
Arl5UAMEArl9WAMEArmBMAMEAbzx2DAiBAIAAjAcAwgAKgYJQAAAAAMHACoGCUIA
AAMHACoGCUIAAjANBgkqhkiG9w0BAQsFAAOCAQEAgBtvOJUMZ4nkEBrXyeYqVG9y
6QTdYobkUOkDL3sUwI5qGLGISApVgDYdyi+mnhXbFEM7CQKwIuG0iVDOP6Qsn1xl
mbADzv0WFdAHYWqjR8Te0kpY+rZicgZNXXkg6cDh9RDf6oHwFCJNLNC/Llkcua0D
wkdsOf2l5MevNqr8PuVsmZs+9OanqNPPJX2OCVn+v389vugttcVbf5SYc30vId3o
FC4tqekVtRWWWljsMGM/4fz2LZWc+KjTH7lLftiy1HuDlCaHm4Ynjg6HF8npdQmS
ZP0mnpDtFIIUzsMHzJQ10sh3pLceDC8GXvyi1Pid8QbbAqVwz6uOEWpjZNresA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:36:12 2024 by rpki-client on console-ams.rpki-client.org