Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/hO9ne9b-cu4zdGEfKZEouvR9FTM.roa
File:                     hO9ne9b-cu4zdGEfKZEouvR9FTM.roa (raw, json)
Hash identifier:          ymwVy5FaWOZXzZm81diZ32Ci1hNa5JX5QRWi6ZLmX3g=
Subject key identifier:   84:EF:67:7B:D6:FE:72:EE:33:74:61:1F:29:91:28:BA:F4:7D:15:33
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018CC6B8132FFEEBBF27A68FCFE03C4954DC
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/hO9ne9b-cu4zdGEfKZEouvR9FTM.roa
Signing time:             Mon 01 Jan 2024 20:30:01 +0000
ROA not before:           Mon 01 Jan 2024 20:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28884
IP address blocks:        213.87.224.0/23 maxlen: 23
                          213.87.184.0/23 maxlen: 23
                          213.87.112.0/23 maxlen: 23
                          213.87.118.0/23 maxlen: 23
                          213.87.114.0/23 maxlen: 23
                          213.87.116.0/23 maxlen: 23
                          213.87.124.0/23 maxlen: 23
                          213.87.120.0/23 maxlen: 23
                          213.87.122.0/23 maxlen: 23
                          213.87.126.0/23 maxlen: 23
                          85.140.96.0/21 maxlen: 21
                          85.140.96.0/20 maxlen: 20
                          85.140.104.0/21 maxlen: 21
                          2a00:1fa2:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:13:2f:fe:eb:bf:27:a6:8f:cf:e0:3c:49:54:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  1 20:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84ef677bd6fe72ee3374611f299128baf47d1533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:91:64:58:cc:3f:f1:f4:d8:5f:11:f8:19:54:
                    86:8c:f1:cb:a3:8b:2d:94:11:df:11:45:d6:da:96:
                    c8:a1:d2:07:a3:d5:e4:5e:79:d1:7c:3e:8c:55:cc:
                    cd:d3:3c:c3:7d:17:fa:f0:9b:0f:93:3a:c2:fb:17:
                    1a:ea:54:4b:07:73:a9:1f:0b:df:1d:6e:7c:d3:3e:
                    aa:c8:26:33:ca:3d:ec:87:22:61:ce:11:a0:e8:54:
                    9b:bb:50:8f:1b:5d:2c:96:c7:26:62:a1:ee:63:c2:
                    c8:74:ff:3a:61:95:da:fc:b3:c8:3d:50:12:48:e1:
                    05:c5:5d:53:8c:f6:d1:bd:5c:f4:8e:0d:ff:46:19:
                    4f:4c:b3:14:e1:e0:85:a2:bd:7b:37:c8:10:39:8b:
                    2d:60:91:59:b1:04:eb:1f:09:30:d3:f9:67:ad:f7:
                    5d:25:73:ae:f3:a4:7b:02:93:4b:fb:f3:ce:0f:9f:
                    68:57:5a:bd:32:b6:3a:90:7c:5f:9b:a0:03:a7:e2:
                    eb:16:5b:28:64:fb:66:04:2f:6e:80:d0:bf:dc:97:
                    24:ca:14:36:a6:6e:66:07:63:8b:02:b3:9c:e5:87:
                    2b:28:01:77:39:93:de:ec:11:57:7b:d2:ed:0e:d5:
                    b1:62:5d:3e:e7:11:c3:1b:f0:09:91:d1:2c:06:b2:
                    e1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:EF:67:7B:D6:FE:72:EE:33:74:61:1F:29:91:28:BA:F4:7D:15:33
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/hO9ne9b-cu4zdGEfKZEouvR9FTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.140.96.0/20
                  213.87.112.0/20
                  213.87.184.0/23
                  213.87.224.0/23
                IPv6:
                  2a00:1fa2:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         12:1b:3d:29:58:30:a2:4a:2d:32:64:84:63:e1:35:be:70:75:
         fd:04:c7:0a:de:46:d0:f9:de:ab:e3:65:77:89:69:f1:6c:e7:
         cb:83:55:b4:b5:97:c1:5b:cb:67:07:57:59:4b:b8:da:f1:cd:
         6d:c6:f8:f3:6e:51:6a:de:73:ab:70:87:ae:1d:6d:2d:6a:05:
         90:5e:23:0c:21:96:d0:4e:fc:23:f5:e2:08:2d:3c:78:18:3f:
         98:33:1b:f8:1b:ce:8f:3e:e2:b3:8f:3c:fc:ac:2a:6a:c5:0b:
         48:96:7e:5a:73:87:33:db:1a:7a:aa:07:21:d1:6b:07:39:d5:
         82:f4:5d:31:81:37:ea:3d:26:0a:1f:55:dc:d8:19:b2:0b:5c:
         c7:23:70:cb:2f:f6:98:89:01:8a:28:de:c6:ea:87:aa:3b:00:
         8e:d3:4b:2a:a5:af:ce:70:ae:8a:d4:f2:3a:00:c8:e8:28:c3:
         3b:64:83:82:3a:c5:09:c5:97:04:0a:1d:01:72:0b:50:0b:b4:
         10:44:26:b8:16:54:a1:fd:e8:30:0c:69:33:7c:90:51:8a:b4:
         79:1e:19:2a:68:38:20:84:87:46:66:d7:f9:6d:15:20:06:65:
         f6:8f:37:76:21:be:a1:fc:1e:0a:a3:78:0a:2b:2d:fc:7c:64:
         c9:57:6e:a7
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzGuBMv/uu/J6aPz+A8SVTcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwMTAxMjAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGVmNjc3YmQ2ZmU3MmVlMzM3NDYxMWYyOTkxMjhiYWY0N2QxNTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZFkWMw/8fTYXxH4GVSGjPHLo4st
lBHfEUXW2pbIodIHo9XkXnnRfD6MVczN0zzDfRf68JsPkzrC+xca6lRLB3OpHwvf
HW580z6qyCYzyj3shyJhzhGg6FSbu1CPG10slscmYqHuY8LIdP86YZXa/LPIPVAS
SOEFxV1TjPbRvVz0jg3/RhlPTLMU4eCFor17N8gQOYstYJFZsQTrHwkw0/lnrfdd
JXOu86R7ApNL+/POD59oV1q9MrY6kHxfm6ADp+LrFlsoZPtmBC9ugNC/3JckyhQ2
pm5mB2OLArOc5YcrKAF3OZPe7BFXe9LtDtWxYl0+5xHDG/AJkdEsBrLh2QIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFITvZ3vW/nLuM3RhHymRKLr0fRUzMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvaE85bmU5Yi1jdTR6ZEdFZktaRW91dlI5RlRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQEVYxgAwQE
1VdwAwQB1Ve4AwQB1VfgMA4EAgACMAgDBgcqAB+igDANBgkqhkiG9w0BAQsFAAOC
AQEAEhs9KVgwokotMmSEY+E1vnB1/QTHCt5G0Pneq+Nld4lp8Wzny4NVtLWXwVvL
ZwdXWUu42vHNbcb4825Rat5zq3CHrh1tLWoFkF4jDCGW0E78I/XiCC08eBg/mDMb
+BvOjz7is488/KwqasULSJZ+WnOHM9saeqoHIdFrBznVgvRdMYE36j0mCh9V3NgZ
sgtcxyNwyy/2mIkBiijexuqHqjsAjtNLKqWvznCuitTyOgDI6CjDO2SDgjrFCcWX
BAodAXILUAu0EEQmuBZUof3oMAxpM3yQUYq0eR4ZKmg4IISHRmbX+W0VIAZl9o83
diG+ofweCqN4Cist/HxkyVdupw==
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:52:36 2024 by rpki-client on console-fra.rpki-client.org