Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/22c60e-72fd-47af-99f3-26848ffee765/1/lNodm1bB0GPqtRUxSA6-6IUWhcM.roa
File:                     lNodm1bB0GPqtRUxSA6-6IUWhcM.roa (raw, json)
Hash identifier:          wOJ4Qij/RckGyrYSI3VJLaSDpIkQYixUmNJOK5JP8oE=
Subject key identifier:   94:DA:1D:9B:56:C1:D0:63:EA:B5:15:31:48:0E:BE:E8:85:16:85:C3
Certificate issuer:       /CN=bd7410f4e62c7772c78d5750b21fc214339e94a2
Certificate serial:       018CC6B83EC48CF8AE4EA6071F5A158CFDD2
Authority key identifier: BD:74:10:F4:E6:2C:77:72:C7:8D:57:50:B2:1F:C2:14:33:9E:94:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vXQQ9OYsd3LHjVdQsh_CFDOelKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/22c60e-72fd-47af-99f3-26848ffee765/1/lNodm1bB0GPqtRUxSA6-6IUWhcM.roa
Signing time:             Mon 01 Jan 2024 20:30:12 +0000
ROA not before:           Mon 01 Jan 2024 20:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42310
IP address blocks:        77.72.72.0/23 maxlen: 23
                          77.72.74.0/23 maxlen: 23
                          77.72.76.0/23 maxlen: 23
                          77.72.78.0/24 maxlen: 24
                          77.72.78.0/23 maxlen: 23
                          77.72.79.0/24 maxlen: 24
                          2a01:4b0:1::/48 maxlen: 48
                          2a01:4b0:2::/48 maxlen: 48
                          2a01:4b0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/22c60e-72fd-47af-99f3-26848ffee765/1/vXQQ9OYsd3LHjVdQsh_CFDOelKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/22c60e-72fd-47af-99f3-26848ffee765/1/vXQQ9OYsd3LHjVdQsh_CFDOelKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vXQQ9OYsd3LHjVdQsh_CFDOelKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:3e:c4:8c:f8:ae:4e:a6:07:1f:5a:15:8c:fd:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd7410f4e62c7772c78d5750b21fc214339e94a2
        Validity
            Not Before: Jan  1 20:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94da1d9b56c1d063eab51531480ebee8851685c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b7:06:68:56:47:a3:68:52:4e:de:82:de:d7:
                    7a:ec:71:18:66:5c:da:b4:39:87:54:4b:77:ab:a8:
                    09:58:73:e1:22:2c:89:c8:a3:ae:21:cb:0e:a8:42:
                    0b:49:98:fa:c9:c5:c2:fb:65:03:e9:cc:82:93:26:
                    b9:9d:86:20:6c:dc:27:35:89:65:f9:cf:52:93:8b:
                    8f:f5:3d:5f:1c:ba:3e:a3:73:06:5f:68:17:a6:53:
                    95:ca:c6:43:41:bf:0f:81:2a:65:c1:44:86:d0:39:
                    ea:94:3d:c9:6b:1a:ca:d4:d3:73:ea:ee:96:21:02:
                    fc:3a:8f:68:a3:8d:d0:16:a9:cc:fa:5b:0d:e4:c8:
                    bb:bf:92:a4:3a:ee:f8:78:4f:e7:d7:c2:7b:d5:3b:
                    f2:fb:fd:22:d9:54:5a:8c:d6:82:ad:4e:47:ae:b5:
                    4d:3a:f5:9a:6f:9a:b5:85:7a:39:68:89:8e:c9:7b:
                    f9:db:d6:a2:af:67:75:a5:59:b4:81:54:e2:2c:60:
                    19:90:59:d7:d3:cc:e5:23:80:4e:95:a4:68:7e:4f:
                    3e:03:cb:c0:55:c8:16:28:9d:85:3b:d9:10:90:d3:
                    37:89:fc:ea:e0:5c:17:95:bf:5d:bd:4f:12:d9:c1:
                    d3:8d:e5:89:81:39:01:f2:dd:a6:cf:d1:48:a4:ec:
                    be:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:DA:1D:9B:56:C1:D0:63:EA:B5:15:31:48:0E:BE:E8:85:16:85:C3
            X509v3 Authority Key Identifier:
                keyid:BD:74:10:F4:E6:2C:77:72:C7:8D:57:50:B2:1F:C2:14:33:9E:94:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vXQQ9OYsd3LHjVdQsh_CFDOelKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/22c60e-72fd-47af-99f3-26848ffee765/1/lNodm1bB0GPqtRUxSA6-6IUWhcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/22c60e-72fd-47af-99f3-26848ffee765/1/vXQQ9OYsd3LHjVdQsh_CFDOelKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.72.72.0/21
                IPv6:
                  2a01:4b0::-2a01:4b0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a0:81:ed:cb:e8:08:d9:3f:11:47:aa:03:20:0a:e7:12:e3:24:
         f6:44:e8:3a:d8:9c:15:80:bc:43:68:4f:fd:97:a8:3b:6e:11:
         7f:e1:1e:8b:6f:57:2c:8d:45:38:95:07:c2:37:76:6e:39:e5:
         94:5b:22:2a:00:45:92:b1:7e:07:2b:61:33:84:86:fd:22:55:
         33:64:ca:d1:fd:0b:79:77:34:d0:ea:05:70:f3:3c:14:c2:eb:
         24:de:71:1b:a6:e6:e1:1a:63:f5:41:26:89:cd:0d:6a:82:76:
         1d:b5:a0:77:8d:74:51:d9:76:08:96:e1:87:f3:d8:5f:a1:69:
         92:aa:c2:ab:37:fd:f8:b2:5a:ee:0d:63:e6:94:3d:41:7c:93:
         06:11:7f:55:e6:69:94:ed:3f:d6:69:90:a4:74:6c:82:97:74:
         3e:0a:88:f5:27:8f:47:37:52:5d:22:92:f6:f9:9b:f7:25:61:
         93:4b:1d:f8:58:26:e1:b9:de:ac:ed:1d:31:19:66:dd:8c:c2:
         69:5f:6c:c8:2d:3e:dd:42:79:eb:b5:54:20:d4:20:d2:ab:63:
         54:b9:66:34:12:57:a8:0f:66:d7:35:5e:a1:48:eb:a5:d3:ef:
         1e:14:65:81:b1:2b:0b:34:1a:7a:f6:08:70:60:58:df:c6:4f:
         18:1f:6a:79
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzGuD7EjPiuTqYHH1oVjP3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNzQxMGY0ZTYyYzc3NzJjNzhkNTc1MGIyMWZjMjE0MzM5
ZTk0YTIwHhcNMjQwMTAxMjAzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGRhMWQ5YjU2YzFkMDYzZWFiNTE1MzE0ODBlYmVlODg1MTY4NWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7cGaFZHo2hSTt6C3td67HEYZlza
tDmHVEt3q6gJWHPhIiyJyKOuIcsOqEILSZj6ycXC+2UD6cyCkya5nYYgbNwnNYll
+c9Sk4uP9T1fHLo+o3MGX2gXplOVysZDQb8PgSplwUSG0DnqlD3JaxrK1NNz6u6W
IQL8Oo9oo43QFqnM+lsN5Mi7v5KkOu74eE/n18J71Tvy+/0i2VRajNaCrU5HrrVN
OvWab5q1hXo5aImOyXv529air2d1pVm0gVTiLGAZkFnX08zlI4BOlaRofk8+A8vA
VcgWKJ2FO9kQkNM3ifzq4FwXlb9dvU8S2cHTjeWJgTkB8t2mz9FIpOy+jwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJTaHZtWwdBj6rUVMUgOvuiFFoXDMB8GA1UdIwQY
MBaAFL10EPTmLHdyx41XULIfwhQznpSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlhRUTlPWXNkM0xIalZkUXNoX0NGRE9lbEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8yMmM2MGUtNzJmZC00N2FmLTk5ZjMt
MjY4NDhmZmVlNzY1LzEvbE5vZG0xYkIwR1BxdFJVeFNBNi02SVVXaGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8yMmM2MGUtNzJmZC00N2FmLTk5ZjMtMjY4NDhmZmVlNzY1
LzEvdlhRUTlPWXNkM0xIalZkUXNoX0NGRE9lbEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQDTUhIMBgE
AgACMBIwEAMFBCoBBLADBwAqAQSwAAIwDQYJKoZIhvcNAQELBQADggEBAKCB7cvo
CNk/EUeqAyAK5xLjJPZE6DrYnBWAvENoT/2XqDtuEX/hHotvVyyNRTiVB8I3dm45
5ZRbIioARZKxfgcrYTOEhv0iVTNkytH9C3l3NNDqBXDzPBTC6yTecRum5uEaY/VB
JonNDWqCdh21oHeNdFHZdgiW4Yfz2F+haZKqwqs3/fiyWu4NY+aUPUF8kwYRf1Xm
aZTtP9ZpkKR0bIKXdD4KiPUnj0c3Ul0ikvb5m/clYZNLHfhYJuG53qztHTEZZt2M
wmlfbMgtPt1Ceeu1VCDUINKrY1S5ZjQSV6gPZtc1XqFI66XT7x4UZYGxKws0Gnr2
CHBgWN/GTxgfank=
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:40:55 2024 by rpki-client on console-ams.rpki-client.org