Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/8106c6-96e3-4856-8e53-69ebed17814a/1/CL-l79gv5sKmDrI5H3D3m8rMcuw.roa
File:                     CL-l79gv5sKmDrI5H3D3m8rMcuw.roa (raw, json)
Hash identifier:          Q4bUYWxmO/qyWC5yv6KacuNXAzGiuuTVyLT+IEQnWqw=
Subject key identifier:   08:BF:A5:EF:D8:2F:E6:C2:A6:0E:B2:39:1F:70:F7:9B:CA:CC:72:EC
Certificate issuer:       /CN=7274b5ee2aa0778af1304358225ac67e55170a88
Certificate serial:       018D3C0B0560035F0D4CFDB50A765E3ACC88
Authority key identifier: 72:74:B5:EE:2A:A0:77:8A:F1:30:43:58:22:5A:C6:7E:55:17:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cnS17iqgd4rxMENYIlrGflUXCog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/8106c6-96e3-4856-8e53-69ebed17814a/1/CL-l79gv5sKmDrI5H3D3m8rMcuw.roa
Signing time:             Wed 24 Jan 2024 15:16:11 +0000
ROA not before:           Wed 24 Jan 2024 15:16:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205115
IP address blocks:        87.120.56.0/23 maxlen: 24
                          87.120.70.0/23 maxlen: 24
                          87.120.82.0/23 maxlen: 24
                          87.120.94.0/23 maxlen: 24
                          87.120.188.0/23 maxlen: 24
                          87.120.238.0/23 maxlen: 24
                          87.121.80.0/23 maxlen: 24
                          94.156.38.0/23 maxlen: 24
                          178.249.236.0/22 maxlen: 24
                          185.134.108.0/22 maxlen: 24
                          2a06:eb40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/8106c6-96e3-4856-8e53-69ebed17814a/1/cnS17iqgd4rxMENYIlrGflUXCog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/8106c6-96e3-4856-8e53-69ebed17814a/1/cnS17iqgd4rxMENYIlrGflUXCog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cnS17iqgd4rxMENYIlrGflUXCog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:0b:05:60:03:5f:0d:4c:fd:b5:0a:76:5e:3a:cc:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7274b5ee2aa0778af1304358225ac67e55170a88
        Validity
            Not Before: Jan 24 15:16:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08bfa5efd82fe6c2a60eb2391f70f79bcacc72ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e3:18:48:91:29:8e:02:cc:95:61:d2:bc:de:
                    3c:a8:df:d0:ab:af:c1:3d:82:6e:71:bc:e6:ef:03:
                    d1:e8:c9:ee:43:ea:21:b3:1a:7d:a3:14:c4:c1:a5:
                    fd:29:87:e6:a6:8d:3c:3a:03:bb:05:1e:6b:48:a6:
                    97:22:c8:2b:5f:f0:6c:3e:22:f7:1f:cc:14:b5:4f:
                    b5:b4:12:fc:7e:21:22:5a:a4:96:4a:94:b6:3e:ff:
                    55:b4:16:11:1f:37:4d:0b:ac:13:c6:c0:9a:64:24:
                    0b:97:2b:04:e7:bd:59:3e:90:0c:a0:bc:2d:d5:65:
                    79:2f:52:b0:7e:6a:f7:20:0b:c0:02:35:71:71:08:
                    56:9d:04:ea:19:a4:e2:8a:c6:36:bc:24:a1:65:5c:
                    bb:34:96:7b:3a:1b:18:1f:c8:10:f5:33:64:5e:36:
                    9b:8c:87:3c:23:51:71:77:bb:3b:5e:30:ce:df:67:
                    e7:01:72:7c:d6:09:dc:00:bd:aa:c9:40:6c:44:2d:
                    ac:b5:59:14:19:ab:b4:04:4f:d3:9f:00:3f:c6:13:
                    a7:08:b4:00:49:be:e1:be:3a:55:22:b0:81:47:13:
                    ce:c0:9e:af:fe:93:63:7d:92:c7:98:f3:d0:d0:e0:
                    dc:fe:fd:2a:2f:0a:35:46:64:bb:ec:26:70:86:ba:
                    38:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:BF:A5:EF:D8:2F:E6:C2:A6:0E:B2:39:1F:70:F7:9B:CA:CC:72:EC
            X509v3 Authority Key Identifier:
                keyid:72:74:B5:EE:2A:A0:77:8A:F1:30:43:58:22:5A:C6:7E:55:17:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cnS17iqgd4rxMENYIlrGflUXCog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8106c6-96e3-4856-8e53-69ebed17814a/1/CL-l79gv5sKmDrI5H3D3m8rMcuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8106c6-96e3-4856-8e53-69ebed17814a/1/cnS17iqgd4rxMENYIlrGflUXCog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.56.0/23
                  87.120.70.0/23
                  87.120.82.0/23
                  87.120.94.0/23
                  87.120.188.0/23
                  87.120.238.0/23
                  87.121.80.0/23
                  94.156.38.0/23
                  178.249.236.0/22
                  185.134.108.0/22
                IPv6:
                  2a06:eb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:bc:71:94:fb:b3:20:3b:44:fa:03:d8:7e:70:19:83:bc:14:
         73:84:1e:d5:ee:1a:b2:2a:3f:88:95:4a:0e:ea:7e:ef:d7:05:
         07:97:a9:6f:01:66:53:09:b6:cf:b2:77:22:b2:ff:fa:0f:e6:
         99:14:15:c2:c2:ca:d6:b2:ac:5a:da:05:39:e9:16:d0:88:03:
         4f:f0:85:39:a2:b8:44:95:bd:7e:9d:48:34:ca:08:7a:02:b8:
         ad:30:4f:8b:6e:d2:5e:38:00:a2:ae:cd:70:5a:ba:63:d8:2b:
         92:0a:95:ee:cd:28:ab:9f:fe:2e:8e:17:9f:c0:d0:c6:d5:d5:
         15:91:7d:b8:c7:1d:cf:57:ff:3f:17:0b:92:b5:2d:3d:92:b7:
         fc:87:1f:c0:6f:bf:33:d2:8d:e7:61:d4:d4:6c:6a:a0:0d:5f:
         1c:46:0e:07:b7:a0:75:ac:1d:c4:04:5d:17:74:a0:32:2a:be:
         9b:61:21:14:d4:35:d5:48:16:94:9b:7e:fc:a4:38:e1:be:f8:
         f7:75:e6:c0:a6:f1:b3:27:32:dc:7a:fe:60:f2:14:d6:2a:88:
         1f:b0:9d:e7:57:8b:69:a2:1a:e1:a9:08:6e:81:7d:cf:1d:31:
         d4:d8:0f:0c:a9:74:98:85:3f:f6:ff:ac:53:a8:6a:3f:6a:00:
         b9:17:40:2b
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAY08CwVgA18NTP21CnZeOsyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNzRiNWVlMmFhMDc3OGFmMTMwNDM1ODIyNWFjNjdlNTUx
NzBhODgwHhcNMjQwMTI0MTUxNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGJmYTVlZmQ4MmZlNmMyYTYwZWIyMzkxZjcwZjc5YmNhY2M3MmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeMYSJEpjgLMlWHSvN48qN/Qq6/B
PYJucbzm7wPR6MnuQ+ohsxp9oxTEwaX9KYfmpo08OgO7BR5rSKaXIsgrX/BsPiL3
H8wUtU+1tBL8fiEiWqSWSpS2Pv9VtBYRHzdNC6wTxsCaZCQLlysE571ZPpAMoLwt
1WV5L1Kwfmr3IAvAAjVxcQhWnQTqGaTiisY2vCShZVy7NJZ7OhsYH8gQ9TNkXjab
jIc8I1Fxd7s7XjDO32fnAXJ81gncAL2qyUBsRC2stVkUGau0BE/TnwA/xhOnCLQA
Sb7hvjpVIrCBRxPOwJ6v/pNjfZLHmPPQ0ODc/v0qLwo1RmS77CZwhro4LwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFAi/pe/YL+bCpg6yOR9w95vKzHLsMB8GA1UdIwQY
MBaAFHJ0te4qoHeK8TBDWCJaxn5VFwqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY25TMTdpcWdkNHJ4TUVOWUlsckdmbFVYQ29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84MTA2YzYtOTZlMy00ODU2LThlNTMt
NjllYmVkMTc4MTRhLzEvQ0wtbDc5Z3Y1c0ttRHJJNUgzRDNtOHJNY3V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84MTA2YzYtOTZlMy00ODU2LThlNTMtNjllYmVkMTc4MTRh
LzEvY25TMTdpcWdkNHJ4TUVOWUlsckdmbFVYQ29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQBV3g4AwQB
V3hGAwQBV3hSAwQBV3heAwQBV3i8AwQBV3juAwQBV3lQAwQBXpwmAwQCsvnsAwQC
uYZsMA0EAgACMAcDBQMqButAMA0GCSqGSIb3DQEBCwUAA4IBAQBSvHGU+7MgO0T6
A9h+cBmDvBRzhB7V7hqyKj+IlUoO6n7v1wUHl6lvAWZTCbbPsncisv/6D+aZFBXC
wsrWsqxa2gU56RbQiANP8IU5orhElb1+nUg0ygh6AritME+LbtJeOACirs1wWrpj
2CuSCpXuzSirn/4ujhefwNDG1dUVkX24xx3PV/8/FwuStS09krf8hx/Ab78z0o3n
YdTUbGqgDV8cRg4Ht6B1rB3EBF0XdKAyKr6bYSEU1DXVSBaUm378pDjhvvj3debA
pvGzJzLcev5g8hTWKogfsJ3nV4tpohrhqQhugX3PHTHU2A8MqXSYhT/2/6xTqGo/
agC5F0Ar
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:05:10 2024 by rpki-client on console-ams.rpki-client.org