Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/m7p8vF3VFvAFNDrBANLmzC98HYE.roa
File:                     m7p8vF3VFvAFNDrBANLmzC98HYE.roa (raw, json)
Hash identifier:          aMLmMtM62GnWewhAu9RC+Uw+oJFhyY9hV7DdXNf4+nI=
Subject key identifier:   9B:BA:7C:BC:5D:D5:16:F0:05:34:3A:C1:00:D2:E6:CC:2F:7C:1D:81
Certificate issuer:       /CN=5e399fba9aae9d2d6ffe52ae8c74ae38fc6c1af1
Certificate serial:       018CC9BC59AE8BC82A414C76955A74CDA7BA
Authority key identifier: 5E:39:9F:BA:9A:AE:9D:2D:6F:FE:52:AE:8C:74:AE:38:FC:6C:1A:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/m7p8vF3VFvAFNDrBANLmzC98HYE.roa
Signing time:             Tue 02 Jan 2024 10:33:33 +0000
ROA not before:           Tue 02 Jan 2024 10:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211083
IP address blocks:        185.198.70.0/24 maxlen: 24
                          2a11:6c0:cafe::/48 maxlen: 64
                          2a11:6c0:9::/48 maxlen: 64
                          2a11:6c5::/32 maxlen: 48
                          2a11:6c0:4::/48 maxlen: 64
                          2a11:6c1::/32 maxlen: 48
                          2a11:6c0:2::/48 maxlen: 64
                          2a11:6c4::/32 maxlen: 48
                          2a11:6c2::/32 maxlen: 48
                          2a11:6c0:8::/48 maxlen: 64
                          2a11:6c0:3::/48 maxlen: 64
                          2a11:6c0:6::/48 maxlen: 64
                          2a11:6c3::/32 maxlen: 48
                          2a11:6c0:1::/48 maxlen: 64
                          2a11:6c0:7::/48 maxlen: 64
                          2a11:6c0::/29 maxlen: 32
                          2a11:6c0:5::/48 maxlen: 64
                          2a11:6c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:59:ae:8b:c8:2a:41:4c:76:95:5a:74:cd:a7:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e399fba9aae9d2d6ffe52ae8c74ae38fc6c1af1
        Validity
            Not Before: Jan  2 10:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bba7cbc5dd516f005343ac100d2e6cc2f7c1d81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ae:a6:70:f1:aa:3b:67:e7:1c:9e:e8:c0:a9:
                    36:f0:65:f6:13:89:c0:15:fe:72:23:5e:cd:f6:91:
                    3d:f6:ca:ef:57:63:11:2d:ce:4e:81:2b:d2:5f:3f:
                    ec:7d:61:36:93:e4:72:5b:32:47:70:ce:fc:26:e6:
                    c1:60:63:4e:54:10:f8:a3:8c:10:8f:e1:a2:1f:29:
                    9e:99:c6:5e:e0:29:d1:b6:8c:91:3c:c6:e4:75:cb:
                    57:eb:46:70:a8:a6:16:cb:4e:e9:4b:42:a8:43:20:
                    18:18:dd:6e:38:ce:5b:87:1f:a5:d1:b5:1c:d0:2e:
                    64:a4:c5:f3:ab:10:b8:e0:e4:c2:55:92:05:dc:76:
                    b0:e5:e1:85:9a:d3:5f:f3:95:1e:4c:e0:ac:3a:51:
                    fc:40:18:7b:56:a4:6e:4b:3e:10:5b:5b:b9:63:90:
                    24:c4:cf:22:c3:f9:65:57:1d:0d:59:a4:28:00:b2:
                    33:38:e6:87:45:d1:ec:c9:26:55:03:e8:0f:65:3c:
                    bb:17:82:48:25:29:06:a5:e0:93:e7:95:21:0e:53:
                    08:0b:90:d1:8c:37:7d:89:e1:4c:99:fb:9e:7c:0c:
                    e4:57:9c:74:b0:b1:aa:f2:a3:56:be:e1:cf:7c:2e:
                    40:99:28:3e:29:a0:96:0c:c2:00:5a:bb:4a:3d:4b:
                    37:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:BA:7C:BC:5D:D5:16:F0:05:34:3A:C1:00:D2:E6:CC:2F:7C:1D:81
            X509v3 Authority Key Identifier:
                keyid:5E:39:9F:BA:9A:AE:9D:2D:6F:FE:52:AE:8C:74:AE:38:FC:6C:1A:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/m7p8vF3VFvAFNDrBANLmzC98HYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.70.0/24
                IPv6:
                  2a11:6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:f7:ed:b8:64:d2:5e:7d:30:55:63:1d:c2:2a:83:fc:31:6f:
         fc:04:67:71:5b:9d:03:b0:ea:ac:ef:c6:43:3b:34:d0:50:37:
         cd:c1:b2:f9:84:8d:83:b1:ac:ae:b8:7d:f4:53:d3:96:ec:75:
         d5:9f:ad:02:4a:9c:2b:d7:f9:01:dc:a8:5c:e1:de:c6:08:0c:
         1c:97:ad:7e:81:40:54:b4:ca:62:d9:39:ec:3b:2e:bf:37:f3:
         82:da:71:2d:00:a1:14:aa:26:df:63:44:f4:de:63:95:93:c7:
         f1:36:c3:6b:be:d8:f9:79:2f:29:ad:a2:ed:c5:f0:37:fc:3d:
         5e:79:7d:d8:2b:1d:ae:c0:ac:d8:bf:e6:ea:ca:1c:52:9d:d6:
         77:2b:87:5c:ce:fc:9f:ef:3b:65:db:ea:49:67:93:08:15:06:
         c2:dc:e8:a2:e0:7f:7b:8e:ab:0a:06:8b:ce:0d:9c:f9:0b:d9:
         2d:00:63:0f:a4:36:97:4b:62:f8:35:be:23:fc:66:d5:ca:68:
         41:7b:b1:c9:3e:8f:f0:e9:9c:6e:66:b4:be:48:4f:e8:66:c3:
         18:20:e7:af:76:6c:0d:75:38:03:8e:21:50:7f:25:e1:fc:93:
         34:12:dd:8e:70:ef:9a:cc:a3:16:e5:fa:81:c8:e6:3b:ea:ee:
         7b:51:3c:b4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvFmui8gqQUx2lVp0zae6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMzk5ZmJhOWFhZTlkMmQ2ZmZlNTJhZThjNzRhZTM4ZmM2
YzFhZjEwHhcNMjQwMTAyMTAzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmJhN2NiYzVkZDUxNmYwMDUzNDNhYzEwMGQyZTZjYzJmN2MxZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoq6mcPGqO2fnHJ7owKk28GX2E4nA
Ff5yI17N9pE99srvV2MRLc5OgSvSXz/sfWE2k+RyWzJHcM78JubBYGNOVBD4o4wQ
j+GiHymemcZe4CnRtoyRPMbkdctX60ZwqKYWy07pS0KoQyAYGN1uOM5bhx+l0bUc
0C5kpMXzqxC44OTCVZIF3Haw5eGFmtNf85UeTOCsOlH8QBh7VqRuSz4QW1u5Y5Ak
xM8iw/llVx0NWaQoALIzOOaHRdHsySZVA+gPZTy7F4JIJSkGpeCT55UhDlMIC5DR
jDd9ieFMmfuefAzkV5x0sLGq8qNWvuHPfC5AmSg+KaCWDMIAWrtKPUs33wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJu6fLxd1RbwBTQ6wQDS5swvfB2BMB8GA1UdIwQY
MBaAFF45n7qarp0tb/5Srox0rjj8bBrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGptZnVwcXVuUzF2X2xLdWpIU3VPUHhzR3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iOTFkMDUtNmEwMy00MGVkLWE5ODMt
YmQ4MDlkOWRlZGI5LzEvbTdwOHZGM1ZGdkFGTkRyQkFOTG16Qzk4SFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iOTFkMDUtNmEwMy00MGVkLWE5ODMtYmQ4MDlkOWRlZGI5
LzEvWGptZnVwcXVuUzF2X2xLdWpIU3VPUHhzR3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucZGMA0E
AgACMAcDBQMqEQbAMA0GCSqGSIb3DQEBCwUAA4IBAQAl9+24ZNJefTBVYx3CKoP8
MW/8BGdxW50DsOqs78ZDOzTQUDfNwbL5hI2DsayuuH30U9OW7HXVn60CSpwr1/kB
3Khc4d7GCAwcl61+gUBUtMpi2TnsOy6/N/OC2nEtAKEUqibfY0T03mOVk8fxNsNr
vtj5eS8praLtxfA3/D1eeX3YKx2uwKzYv+bqyhxSndZ3K4dczvyf7ztl2+pJZ5MI
FQbC3Oii4H97jqsKBovODZz5C9ktAGMPpDaXS2L4Nb4j/GbVymhBe7HJPo/w6Zxu
ZrS+SE/oZsMYIOevdmwNdTgDjiFQfyXh/JM0Et2OcO+azKMW5fqByOY76u57UTy0
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:10:53 2024 by rpki-client on console-ams.rpki-client.org