Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/fT2Il8eVe4lx4caJq-CCsZZkO6o.roa
File:                     fT2Il8eVe4lx4caJq-CCsZZkO6o.roa (raw, json)
Hash identifier:          7jcm6BFsJKVvBR9XTLjUZMDCy7bPcD+AjvAPi46OdMM=
Subject key identifier:   7D:3D:88:97:C7:95:7B:89:71:E1:C6:89:AB:E0:82:B1:96:64:3B:AA
Certificate issuer:       /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial:       019015F1ED3C136F47D41F54F46A73D81826
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/fT2Il8eVe4lx4caJq-CCsZZkO6o.roa
Signing time:             Fri 14 Jun 2024 08:51:34 +0000
ROA not before:           Fri 14 Jun 2024 08:51:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50606
IP address blocks:        109.232.28.0/22 maxlen: 22
                          185.56.172.0/22 maxlen: 22
                          185.215.72.0/23 maxlen: 23
                          193.42.154.0/24 maxlen: 24
                          194.126.233.0/24 maxlen: 24
                          194.126.245.0/24 maxlen: 24
                          194.126.251.0/24 maxlen: 24
                          194.127.97.0/24 maxlen: 24
                          213.92.128.0/19 maxlen: 32
                          213.156.100.0/22 maxlen: 22
                          2a02:54e0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:15:f1:ed:3c:13:6f:47:d4:1f:54:f4:6a:73:d8:18:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
        Validity
            Not Before: Jun 14 08:51:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d3d8897c7957b8971e1c689abe082b196643baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:63:34:0c:76:71:c3:c8:3f:72:15:8f:e4:9c:
                    14:33:c6:63:f4:c0:5b:95:d2:c9:6f:01:2b:00:fc:
                    88:8b:92:3a:a8:9a:1a:d2:54:89:fe:bd:70:eb:3a:
                    40:3d:ba:b3:41:79:49:f0:1c:e9:68:9d:42:75:b1:
                    98:f0:dd:88:aa:fe:b8:12:a5:c8:ce:65:4f:e2:47:
                    6e:e9:ee:59:ac:de:2b:9e:c5:c4:5a:77:ec:5b:cb:
                    10:f1:e3:4b:f6:44:01:c7:66:48:e4:e1:6f:d4:56:
                    c0:6a:fa:3e:aa:18:a5:49:1f:46:be:84:a0:e4:e9:
                    ac:19:73:2a:4e:e6:f0:02:30:7a:a2:20:47:5f:0e:
                    43:1e:ce:26:00:ca:95:08:0d:c8:8a:87:5e:9e:9a:
                    92:2e:41:a1:f5:f4:df:9a:a5:f4:04:19:25:08:d0:
                    ed:02:ce:84:24:f9:46:46:6a:27:b9:c5:d8:6c:2e:
                    aa:f9:64:c1:a1:2d:b8:e4:ce:46:09:85:0c:da:b0:
                    5b:b8:6f:be:79:66:20:93:7c:d8:6f:f8:65:0c:73:
                    90:98:9a:e5:2b:2e:9e:e8:c6:1c:83:e6:b9:e5:9c:
                    8d:00:e7:c7:73:89:5d:2e:ae:04:c4:78:83:f1:89:
                    8b:34:c6:5b:dd:1e:9b:3a:b1:d1:d4:c1:b8:74:73:
                    dc:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:3D:88:97:C7:95:7B:89:71:E1:C6:89:AB:E0:82:B1:96:64:3B:AA
            X509v3 Authority Key Identifier:
                keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/fT2Il8eVe4lx4caJq-CCsZZkO6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.28.0/22
                  185.56.172.0/22
                  185.215.72.0/23
                  193.42.154.0/24
                  194.126.233.0/24
                  194.126.245.0/24
                  194.126.251.0/24
                  194.127.97.0/24
                  213.92.128.0/19
                  213.156.100.0/22
                IPv6:
                  2a02:54e0::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:83:16:f7:e5:74:13:5e:47:01:9d:cd:47:d2:3b:34:1a:cd:
         51:4a:9c:7f:77:b8:84:72:3e:72:ce:94:25:5c:0d:c1:7c:e6:
         a5:0c:87:6d:77:cf:9b:9f:b6:e5:3f:b3:5b:9a:c9:0b:d8:00:
         45:44:3e:6e:68:51:a2:6a:a1:9f:8d:bd:c8:1e:6a:d5:84:0c:
         70:52:0d:0e:5a:17:59:74:99:9a:d2:dc:81:77:9b:5e:a0:a6:
         f8:45:eb:9c:6b:2f:67:cf:e1:f6:db:11:7f:8d:69:9a:db:5e:
         41:00:93:95:27:cd:35:6b:84:00:ce:74:1f:74:75:8b:bf:c9:
         4f:e9:80:b1:be:80:f2:17:7a:e2:cf:1a:81:1d:ed:b6:36:c2:
         45:33:b1:6b:15:bb:1b:d1:17:cd:b9:43:95:dd:35:3a:21:b0:
         32:70:9b:55:c8:02:a7:0a:44:d6:20:c5:c8:ed:13:49:b2:2c:
         77:c7:0b:cb:23:66:15:de:50:12:2c:70:0e:cf:9d:a2:d9:49:
         ff:b5:e6:39:e2:54:e1:76:60:34:66:ff:e5:ea:57:7a:98:4f:
         e2:ea:ce:a0:66:79:98:04:40:82:f8:45:ca:a6:62:4f:51:91:
         4b:8e:22:55:17:98:4e:c7:c6:46:5f:18:7a:a3:f7:c0:08:58:
         21:0e:08:c7
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZAV8e08E29H1B9U9Gpz2BgmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjQwNjE0MDg1MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDNkODg5N2M3OTU3Yjg5NzFlMWM2ODlhYmUwODJiMTk2NjQzYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWM0DHZxw8g/chWP5JwUM8Zj9MBb
ldLJbwErAPyIi5I6qJoa0lSJ/r1w6zpAPbqzQXlJ8BzpaJ1CdbGY8N2Iqv64EqXI
zmVP4kdu6e5ZrN4rnsXEWnfsW8sQ8eNL9kQBx2ZI5OFv1FbAavo+qhilSR9GvoSg
5OmsGXMqTubwAjB6oiBHXw5DHs4mAMqVCA3IiodenpqSLkGh9fTfmqX0BBklCNDt
As6EJPlGRmonucXYbC6q+WTBoS245M5GCYUM2rBbuG++eWYgk3zYb/hlDHOQmJrl
Ky6e6MYcg+a55ZyNAOfHc4ldLq4ExHiD8YmLNMZb3R6bOrHR1MG4dHPcwwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFH09iJfHlXuJceHGiavggrGWZDuqMB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvZlQySWw4ZVZlNGx4NGNhSnEtQ0NzWlprTzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCbegcAwQC
uTisAwQBuddIAwQAwSqaAwQAwn7pAwQAwn71AwQAwn77AwQAwn9hAwQF1VyAAwQC
1ZxkMA0EAgACMAcDBQMqAlTgMA0GCSqGSIb3DQEBCwUAA4IBAQCYgxb35XQTXkcB
nc1H0js0Gs1RSpx/d7iEcj5yzpQlXA3BfOalDIdtd8+bn7blP7NbmskL2ABFRD5u
aFGiaqGfjb3IHmrVhAxwUg0OWhdZdJma0tyBd5teoKb4Reucay9nz+H22xF/jWma
215BAJOVJ801a4QAznQfdHWLv8lP6YCxvoDyF3rizxqBHe22NsJFM7FrFbsb0RfN
uUOV3TU6IbAycJtVyAKnCkTWIMXI7RNJsix3xwvLI2YV3lASLHAOz52i2Un/teY5
4lThdmA0Zv/l6ld6mE/i6s6gZnmYBECC+EXKpmJPUZFLjiJVF5hOx8ZGXxh6o/fA
CFghDgjH
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:27 2024 by rpki-client on console-fra.rpki-client.org