Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/064fac-eddd-4903-a13d-0b9c76c0d91c/1/eInNgAHOM3N8ED9Sfo0TwAe-7TQ.roa
File:                     eInNgAHOM3N8ED9Sfo0TwAe-7TQ.roa (raw, json)
Hash identifier:          YST+g81WCEefubbIauMqfmlWtd/Yfn/pND5R9EHzT4Q=
Subject key identifier:   78:89:CD:80:01:CE:33:73:7C:10:3F:52:7E:8D:13:C0:07:BE:ED:34
Certificate issuer:       /CN=657ed6f5bba633d55269fdd056bcf60c68c7b2b8
Certificate serial:       018CC5DBFB355BF5C816DFAB2874933EDC46
Authority key identifier: 65:7E:D6:F5:BB:A6:33:D5:52:69:FD:D0:56:BC:F6:0C:68:C7:B2:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZX7W9bumM9VSaf3QVrz2DGjHsrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/064fac-eddd-4903-a13d-0b9c76c0d91c/1/eInNgAHOM3N8ED9Sfo0TwAe-7TQ.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12861
IP address blocks:        212.29.70.0/24 maxlen: 24
                          212.29.67.0/24 maxlen: 24
                          212.29.66.0/24 maxlen: 24
                          212.29.69.0/24 maxlen: 24
                          212.29.68.0/24 maxlen: 24
                          212.29.90.0/24 maxlen: 24
                          91.237.216.0/23 maxlen: 24
                          212.29.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/064fac-eddd-4903-a13d-0b9c76c0d91c/1/ZX7W9bumM9VSaf3QVrz2DGjHsrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/064fac-eddd-4903-a13d-0b9c76c0d91c/1/ZX7W9bumM9VSaf3QVrz2DGjHsrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZX7W9bumM9VSaf3QVrz2DGjHsrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fb:35:5b:f5:c8:16:df:ab:28:74:93:3e:dc:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=657ed6f5bba633d55269fdd056bcf60c68c7b2b8
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7889cd8001ce33737c103f527e8d13c007beed34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:69:d3:c5:7f:91:b3:61:fd:c6:04:9b:06:d6:
                    65:9e:79:a5:16:5a:aa:fe:f0:90:63:e9:32:87:7e:
                    33:5d:2b:32:6a:1c:6b:da:c9:50:9f:fd:a1:82:45:
                    c0:8e:6f:dc:1a:02:df:cb:69:91:2f:de:db:e1:7f:
                    2e:08:98:7d:72:3d:fd:2c:67:65:75:63:17:3e:13:
                    a4:a5:d0:25:21:4d:e8:e6:0b:96:9c:f2:6a:29:2e:
                    3e:e3:e8:ab:dd:c1:ee:1e:14:47:f4:ff:37:0f:d7:
                    5a:4f:54:11:ce:b8:81:5e:a2:6f:21:7d:32:a2:44:
                    1a:c4:da:49:38:6f:3b:67:f2:72:b8:1b:bb:18:8d:
                    a3:98:28:6f:21:61:a4:d6:80:ca:42:f5:7e:f7:86:
                    0c:24:97:7d:cd:58:54:b2:8b:10:53:3f:bc:35:5d:
                    a4:1b:4f:a0:77:08:29:ee:03:7b:1a:66:e3:4d:43:
                    be:fa:da:ad:0f:a5:f1:e3:01:1d:d9:d5:09:2a:90:
                    f1:f2:a9:33:5c:0c:5d:0f:e3:fd:66:44:c9:92:72:
                    ab:b8:6b:c0:fb:4d:db:e8:02:4d:cd:16:84:b8:ee:
                    de:82:31:97:0d:b0:96:76:61:8a:53:c6:26:a2:67:
                    73:00:3d:9d:81:be:ca:3b:cf:95:22:95:d3:93:b3:
                    25:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:89:CD:80:01:CE:33:73:7C:10:3F:52:7E:8D:13:C0:07:BE:ED:34
            X509v3 Authority Key Identifier:
                keyid:65:7E:D6:F5:BB:A6:33:D5:52:69:FD:D0:56:BC:F6:0C:68:C7:B2:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZX7W9bumM9VSaf3QVrz2DGjHsrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/064fac-eddd-4903-a13d-0b9c76c0d91c/1/eInNgAHOM3N8ED9Sfo0TwAe-7TQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/064fac-eddd-4903-a13d-0b9c76c0d91c/1/ZX7W9bumM9VSaf3QVrz2DGjHsrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.216.0/23
                  212.29.64.0/24
                  212.29.66.0-212.29.70.255
                  212.29.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:33:30:58:0d:b6:61:d8:dc:9f:18:fc:0b:b6:c8:55:d1:f6:
         e7:2e:7f:e8:68:b6:b7:b0:0d:4a:b1:f7:ce:90:b4:f4:34:33:
         27:84:2b:a1:9d:c0:1b:77:16:1b:ec:74:5e:7a:9e:c3:b4:04:
         97:d4:e7:eb:2c:b4:63:5c:26:6f:6f:e8:ce:5c:41:13:66:60:
         2e:8d:e1:53:ff:c5:1d:f2:25:06:84:f4:98:82:02:86:38:8c:
         7d:1a:fa:d8:a4:fe:19:9e:f0:fe:c3:57:e7:38:3d:ad:8e:ef:
         1c:a8:76:60:62:91:0d:00:6f:13:4e:38:6f:8f:5b:59:18:16:
         92:cb:b1:bb:ba:39:41:50:45:a7:05:6f:e7:4b:75:5d:2f:32:
         36:2d:cc:cd:c8:b8:db:11:06:14:0e:ce:e3:91:a5:62:93:d2:
         15:21:ec:9f:56:1b:d2:6e:8e:0c:71:bc:10:09:24:a9:82:20:
         c0:6c:9c:9d:8c:56:a7:c8:62:70:c9:a9:b8:a3:52:d1:07:6d:
         63:b6:2c:16:d3:04:dc:be:cd:46:d4:a7:69:55:1c:5a:cd:64:
         9c:3c:5c:70:07:e5:a9:8a:7a:0c:7e:0b:d4:5d:18:ac:c2:df:
         f0:e6:b3:da:59:00:64:d6:d2:0e:d3:af:3f:4f:79:41:1d:02:
         14:bf:d6:06
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzF2/s1W/XIFt+rKHSTPtxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1N2VkNmY1YmJhNjMzZDU1MjY5ZmRkMDU2YmNmNjBjNjhj
N2IyYjgwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODg5Y2Q4MDAxY2UzMzczN2MxMDNmNTI3ZThkMTNjMDA3YmVlZDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2nTxX+Rs2H9xgSbBtZlnnmlFlqq
/vCQY+kyh34zXSsyahxr2slQn/2hgkXAjm/cGgLfy2mRL97b4X8uCJh9cj39LGdl
dWMXPhOkpdAlIU3o5guWnPJqKS4+4+ir3cHuHhRH9P83D9daT1QRzriBXqJvIX0y
okQaxNpJOG87Z/JyuBu7GI2jmChvIWGk1oDKQvV+94YMJJd9zVhUsosQUz+8NV2k
G0+gdwgp7gN7GmbjTUO++tqtD6Xx4wEd2dUJKpDx8qkzXAxdD+P9ZkTJknKruGvA
+03b6AJNzRaEuO7egjGXDbCWdmGKU8YmomdzAD2dgb7KO8+VIpXTk7MlGQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFHiJzYABzjNzfBA/Un6NE8AHvu00MB8GA1UdIwQY
MBaAFGV+1vW7pjPVUmn90Fa89gxox7K4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlg3VzlidW1NOVZTYWYzUVZyejJER2pIc3JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8wNjRmYWMtZWRkZC00OTAzLWExM2Qt
MGI5Yzc2YzBkOTFjLzEvZUluTmdBSE9NM044RUQ5U2ZvMFR3QWUtN1RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8wNjRmYWMtZWRkZC00OTAzLWExM2QtMGI5Yzc2YzBkOTFj
LzEvWlg3VzlidW1NOVZTYWYzUVZyejJER2pIc3JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQBW+3YAwQA
1B1AMAwDBAHUHUIDBADUHUYDBADUHVowDQYJKoZIhvcNAQELBQADggEBABwzMFgN
tmHY3J8Y/Au2yFXR9ucuf+hotrewDUqx986QtPQ0MyeEK6GdwBt3FhvsdF56nsO0
BJfU5+sstGNcJm9v6M5cQRNmYC6N4VP/xR3yJQaE9JiCAoY4jH0a+tik/hme8P7D
V+c4Pa2O7xyodmBikQ0AbxNOOG+PW1kYFpLLsbu6OUFQRacFb+dLdV0vMjYtzM3I
uNsRBhQOzuORpWKT0hUh7J9WG9JujgxxvBAJJKmCIMBsnJ2MVqfIYnDJqbijUtEH
bWO2LBbTBNy+zUbUp2lVHFrNZJw8XHAH5amKegx+C9RdGKzC3/Dms9pZAGTW0g7T
rz9PeUEdAhS/1gY=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:37:33 2024 by rpki-client on console-ams.rpki-client.org