Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/6So1IzRK1T8pR05awDPlZ9N1znc.roa
File:                     6So1IzRK1T8pR05awDPlZ9N1znc.roa (raw, json)
Hash identifier:          74ZTMFoSJrDgu8SqwSIaPheGy94mV5SxO6sCgC3HlQI=
Subject key identifier:   E9:2A:35:23:34:4A:D5:3F:29:47:4E:5A:C0:33:E5:67:D3:75:CE:77
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       018CC2DAE3AA5D9D85FED609F300E89521EA
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/6So1IzRK1T8pR05awDPlZ9N1znc.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44043
IP address blocks:        176.223.120.0/23 maxlen: 23
                          176.223.124.0/23 maxlen: 23
                          176.223.122.0/23 maxlen: 23
                          176.223.126.0/23 maxlen: 23
                          94.176.105.0/24 maxlen: 24
                          94.176.104.0/24 maxlen: 24
                          188.240.2.0/23 maxlen: 23
                          188.241.183.0/24 maxlen: 24
                          188.213.20.0/23 maxlen: 23
                          92.114.95.0/24 maxlen: 24
                          92.114.94.0/24 maxlen: 24
                          91.195.28.0/24 maxlen: 24
                          91.195.29.0/24 maxlen: 24
                          46.102.249.0/24 maxlen: 24
                          188.215.244.0/23 maxlen: 23
                          89.44.47.0/24 maxlen: 24
                          188.212.156.0/24 maxlen: 24
                          188.215.250.0/23 maxlen: 23
                          188.240.235.0/24 maxlen: 24
                          185.92.192.0/24 maxlen: 24
                          185.92.195.0/24 maxlen: 24
                          185.92.193.0/24 maxlen: 24
                          185.92.194.0/24 maxlen: 24
                          89.44.120.0/24 maxlen: 24
                          89.44.139.0/24 maxlen: 24
                          89.44.138.0/24 maxlen: 24
                          176.126.201.0/24 maxlen: 24
                          176.126.202.0/24 maxlen: 24
                          176.126.200.0/24 maxlen: 24
                          176.126.203.0/24 maxlen: 24
                          89.46.7.0/24 maxlen: 24
                          31.14.15.0/24 maxlen: 24
                          31.14.13.0/24 maxlen: 24
                          31.14.14.0/24 maxlen: 24
                          31.14.12.0/24 maxlen: 24
                          31.14.22.0/24 maxlen: 24
                          31.14.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 07:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e3:aa:5d:9d:85:fe:d6:09:f3:00:e8:95:21:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e92a3523344ad53f29474e5ac033e567d375ce77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:cd:28:8f:b1:b5:50:54:06:ed:6c:40:15:06:
                    f0:0b:1d:68:ae:23:5f:e6:b2:4d:ea:f6:48:f1:e2:
                    f7:40:4b:ac:22:0e:b9:55:46:d6:f2:43:16:1b:9f:
                    6f:fc:aa:ed:51:e6:74:86:17:e7:c3:01:1f:4a:58:
                    2f:dc:e1:4b:c1:d1:4d:06:7e:ae:6b:82:66:e8:99:
                    b8:09:73:89:bd:dc:df:59:d3:d2:a7:82:94:7a:67:
                    b0:0b:a0:7b:81:13:f0:3e:4f:1c:d8:b1:31:e9:0e:
                    f6:1e:b0:39:66:b7:65:d7:2b:db:cb:f0:c7:c9:17:
                    29:db:59:c5:f8:3e:6e:6b:fd:a0:e3:17:ee:93:29:
                    32:63:8f:ba:ab:c0:61:d3:00:54:88:b3:9e:c3:d8:
                    9f:c1:50:ee:4f:c7:38:dc:26:72:a3:88:42:40:df:
                    d6:b8:fd:65:c0:6a:e6:95:6c:b2:a5:46:1f:05:ec:
                    59:70:56:0f:f3:6f:49:d3:7b:5d:bd:b6:0e:0e:8b:
                    60:bd:74:fa:c8:81:63:cb:9f:67:69:18:3b:a4:f6:
                    eb:f9:85:bd:4c:04:7e:23:70:13:6f:e5:71:b5:fc:
                    93:9d:2a:72:a6:bf:44:77:b5:9b:ca:8c:78:b0:fc:
                    41:e3:44:ec:24:52:59:1f:b5:58:da:ab:7b:52:43:
                    da:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:2A:35:23:34:4A:D5:3F:29:47:4E:5A:C0:33:E5:67:D3:75:CE:77
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/6So1IzRK1T8pR05awDPlZ9N1znc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.12.0/22
                  31.14.22.0/23
                  46.102.249.0/24
                  89.44.47.0/24
                  89.44.120.0/24
                  89.44.138.0/23
                  89.46.7.0/24
                  91.195.28.0/23
                  92.114.94.0/23
                  94.176.104.0/23
                  176.126.200.0/22
                  176.223.120.0/21
                  185.92.192.0/22
                  188.212.156.0/24
                  188.213.20.0/23
                  188.215.244.0/23
                  188.215.250.0/23
                  188.240.2.0/23
                  188.240.235.0/24
                  188.241.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:a5:33:37:43:26:8b:c5:ab:75:d3:eb:01:8c:73:2c:eb:e2:
         4d:12:3a:a0:e4:99:bc:88:3e:85:94:01:bd:68:3e:58:ba:45:
         3b:41:39:e3:b8:20:fa:ea:0f:53:cb:56:70:6b:d8:2a:84:b8:
         d1:ef:8e:28:ca:be:d5:72:c5:97:76:22:79:91:f5:05:67:ed:
         cb:d3:5b:bc:f0:5e:1c:fa:fd:db:21:6d:9b:3b:00:8b:28:41:
         2e:1f:0f:8d:c0:93:d7:6b:32:5b:81:73:c0:d4:a3:cf:30:59:
         c0:5c:88:ea:74:27:c3:58:8c:a8:5f:7d:4b:1c:17:5a:3e:43:
         31:e7:26:93:40:04:0e:32:8f:4c:33:cb:0a:9d:e0:ab:89:43:
         23:41:be:4d:3e:04:65:63:30:42:10:4f:e6:96:4c:54:7b:9c:
         81:31:a9:db:b4:9d:38:f7:5c:d0:91:0c:de:7f:5f:b1:72:b1:
         57:75:9c:b2:f5:c8:f2:d0:9b:a0:78:9b:fc:c9:cf:ed:1a:2c:
         26:6f:b7:f4:78:24:47:74:89:ba:39:0a:08:3b:63:22:ef:92:
         6c:e9:4a:78:4e:f5:66:01:50:e4:fe:b2:90:de:08:96:6e:d1:
         00:0d:4a:18:64:58:ef:63:51:40:04:bd:9b:a1:de:11:47:ea:
         f5:37:90:0f
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYzC2uOqXZ2F/tYJ8wDolSHqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTJhMzUyMzM0NGFkNTNmMjk0NzRlNWFjMDMzZTU2N2QzNzVjZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiM0oj7G1UFQG7WxAFQbwCx1oriNf
5rJN6vZI8eL3QEusIg65VUbW8kMWG59v/KrtUeZ0hhfnwwEfSlgv3OFLwdFNBn6u
a4Jm6Jm4CXOJvdzfWdPSp4KUemewC6B7gRPwPk8c2LEx6Q72HrA5Zrdl1yvby/DH
yRcp21nF+D5ua/2g4xfukykyY4+6q8Bh0wBUiLOew9ifwVDuT8c43CZyo4hCQN/W
uP1lwGrmlWyypUYfBexZcFYP829J03tdvbYODotgvXT6yIFjy59naRg7pPbr+YW9
TAR+I3ATb+VxtfyTnSpypr9Ed7Wbyox4sPxB40TsJFJZH7VY2qt7UkPaXQIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFOkqNSM0StU/KUdOWsAz5WfTdc53MB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvNlNvMUl6UksxVDhwUjA1YXdEUGxaOU4xem5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDB+BAIAATB4AwQCHw4M
AwQBHw4WAwQALmb5AwQAWSwvAwQAWSx4AwQBWSyKAwQAWS4HAwQBW8McAwQBXHJe
AwQBXrBoAwQCsH7IAwQDsN94AwQCuVzAAwQAvNScAwQBvNUUAwQBvNf0AwQBvNf6
AwQBvPACAwQAvPDrAwQAvPG3MA0GCSqGSIb3DQEBCwUAA4IBAQCMpTM3QyaLxat1
0+sBjHMs6+JNEjqg5Jm8iD6FlAG9aD5YukU7QTnjuCD66g9Ty1Zwa9gqhLjR744o
yr7VcsWXdiJ5kfUFZ+3L01u88F4c+v3bIW2bOwCLKEEuHw+NwJPXazJbgXPA1KPP
MFnAXIjqdCfDWIyoX31LHBdaPkMx5yaTQAQOMo9MM8sKneCriUMjQb5NPgRlYzBC
EE/mlkxUe5yBManbtJ0491zQkQzef1+xcrFXdZyy9cjy0JugeJv8yc/tGiwmb7f0
eCRHdIm6OQoIO2Mi75Js6Up4TvVmAVDk/rKQ3giWbtEADUoYZFjvY1FABL2bod4R
R+r1N5AP
-----END CERTIFICATE-----
Generated at Tue Dec 3 14:37:50 2024 by rpki-client on console-fra.rpki-client.org