Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/GNedUi6ey3GoBYVDrXUf5tRCNAE.roa
File:                     GNedUi6ey3GoBYVDrXUf5tRCNAE.roa (raw, json)
Hash identifier:          Mil2i27jabA8ULmwS1m73vH5QhI8pZgthbHaKte8hM0=
Subject key identifier:   18:D7:9D:52:2E:9E:CB:71:A8:05:85:43:AD:75:1F:E6:D4:42:34:01
Certificate issuer:       /CN=6311a69c8172044854931f100a59bd089cb8881a
Certificate serial:       018CC94D60E1539D9757D20737F78F71FCE4
Authority key identifier: 63:11:A6:9C:81:72:04:48:54:93:1F:10:0A:59:BD:08:9C:B8:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YxGmnIFyBEhUkx8QClm9CJy4iBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/GNedUi6ey3GoBYVDrXUf5tRCNAE.roa
Signing time:             Tue 02 Jan 2024 08:32:20 +0000
ROA not before:           Tue 02 Jan 2024 08:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        141.108.0.0/16 maxlen: 16
                          192.84.127.0/24 maxlen: 24
                          192.84.128.0/20 maxlen: 20
                          192.135.8.0/21 maxlen: 21
                          192.135.16.0/20 maxlen: 20
                          192.84.144.0/21 maxlen: 21
                          192.84.152.0/22 maxlen: 22
                          192.135.32.0/23 maxlen: 23
                          192.135.36.0/24 maxlen: 24
                          192.135.37.0/24 maxlen: 24
                          192.135.34.0/24 maxlen: 24
                          192.84.156.0/24 maxlen: 24
                          192.135.35.0/24 maxlen: 24
                          131.154.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/YxGmnIFyBEhUkx8QClm9CJy4iBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/YxGmnIFyBEhUkx8QClm9CJy4iBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YxGmnIFyBEhUkx8QClm9CJy4iBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:60:e1:53:9d:97:57:d2:07:37:f7:8f:71:fc:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6311a69c8172044854931f100a59bd089cb8881a
        Validity
            Not Before: Jan  2 08:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18d79d522e9ecb71a8058543ad751fe6d4423401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:55:5e:e2:28:10:14:00:aa:c3:30:ce:32:53:
                    39:26:bd:38:3b:95:bd:6b:e1:80:5b:a9:f6:f3:b0:
                    ef:f6:40:f4:38:be:9f:04:db:f9:3f:7f:38:8c:d5:
                    52:de:5f:07:6c:af:64:2d:44:c8:bb:cd:67:e3:a6:
                    b9:91:d1:a2:2a:50:67:60:f0:8a:8b:b5:39:d2:ab:
                    81:33:31:78:b1:38:c0:2a:da:67:c8:d9:62:81:b0:
                    cd:e5:3e:4a:05:1a:ae:29:38:b2:a0:52:53:9c:f8:
                    fb:53:04:d0:bc:99:93:48:22:a3:53:42:3c:1e:5b:
                    6f:05:c4:1a:82:e7:a2:20:d0:01:8c:e4:44:97:e6:
                    2c:aa:06:ba:8b:e6:cd:47:57:9f:1d:d0:fb:9e:6d:
                    f8:6c:0a:73:04:39:c2:8c:c3:75:f6:e1:7b:5e:cb:
                    9c:b3:f5:90:5e:0a:52:f8:72:99:e8:37:19:69:88:
                    a9:eb:35:9d:9d:e5:26:1e:e0:e1:c5:08:00:30:dc:
                    15:50:ae:4e:bb:00:07:39:13:18:d3:ba:3b:e5:15:
                    d6:38:af:06:0b:0c:98:58:1e:c3:c0:b3:57:7a:9b:
                    1f:63:2d:00:9c:e4:67:83:c9:c3:48:b2:fe:20:77:
                    1a:80:8d:0b:0e:4b:bb:39:d0:a9:57:5e:67:5a:f4:
                    5d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D7:9D:52:2E:9E:CB:71:A8:05:85:43:AD:75:1F:E6:D4:42:34:01
            X509v3 Authority Key Identifier:
                keyid:63:11:A6:9C:81:72:04:48:54:93:1F:10:0A:59:BD:08:9C:B8:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YxGmnIFyBEhUkx8QClm9CJy4iBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/GNedUi6ey3GoBYVDrXUf5tRCNAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c4abfe-a8e6-4a14-8b5c-d0e0f213936c/1/YxGmnIFyBEhUkx8QClm9CJy4iBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.154.0.0/16
                  141.108.0.0/16
                  192.84.127.0-192.84.156.255
                  192.135.8.0-192.135.37.255

    Signature Algorithm: sha256WithRSAEncryption
         5c:cb:7f:14:d3:97:f8:97:00:e5:d4:f0:ee:41:fd:df:96:d5:
         70:6b:97:a2:48:1e:ba:82:56:bb:84:2f:c7:9f:10:c4:59:34:
         61:dd:73:dc:3d:55:d2:d3:3a:9b:08:8a:58:e1:4b:73:f8:f8:
         25:35:34:f1:21:1b:d1:99:d8:1d:fd:35:3b:52:ef:ed:2e:05:
         99:10:14:7d:1b:ba:37:56:5d:db:2c:78:41:89:21:b6:1e:cb:
         bb:53:97:58:54:22:90:12:f3:8b:e4:d5:78:7d:68:80:a5:50:
         63:31:4c:bb:a5:26:ae:16:b9:9f:73:19:60:b2:43:4c:bb:be:
         7e:63:45:75:7a:6e:16:89:20:65:c0:74:60:a9:7f:49:89:7e:
         e5:3d:1c:17:5b:70:20:d3:27:66:a0:e2:ea:65:93:de:4d:51:
         2b:90:41:87:6f:6e:3a:e7:39:6f:76:58:00:5b:e5:62:c5:70:
         9a:ed:3d:90:3d:a1:ff:dc:40:ee:c5:53:e8:d0:0a:8f:8c:d1:
         c7:d3:49:2f:19:44:82:24:0d:c9:67:4e:c2:d8:7f:c7:82:2c:
         44:5b:38:80:41:24:98:33:55:ac:8c:7d:30:4f:57:f4:7c:63:
         4f:e6:17:72:2e:26:73:41:dc:6f:9f:16:d7:28:71:1c:83:85:
         81:26:ba:24
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzJTWDhU52XV9IHN/ePcfzkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMTFhNjljODE3MjA0NDg1NDkzMWYxMDBhNTliZDA4OWNi
ODg4MWEwHhcNMjQwMTAyMDgzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGQ3OWQ1MjJlOWVjYjcxYTgwNTg1NDNhZDc1MWZlNmQ0NDIzNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1Ve4igQFACqwzDOMlM5Jr04O5W9
a+GAW6n287Dv9kD0OL6fBNv5P384jNVS3l8HbK9kLUTIu81n46a5kdGiKlBnYPCK
i7U50quBMzF4sTjAKtpnyNligbDN5T5KBRquKTiyoFJTnPj7UwTQvJmTSCKjU0I8
HltvBcQagueiINABjOREl+Ysqga6i+bNR1efHdD7nm34bApzBDnCjMN19uF7Xsuc
s/WQXgpS+HKZ6DcZaYip6zWdneUmHuDhxQgAMNwVUK5OuwAHORMY07o75RXWOK8G
CwyYWB7DwLNXepsfYy0AnORng8nDSLL+IHcagI0LDku7OdCpV15nWvRd0QIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFBjXnVIunstxqAWFQ611H+bUQjQBMB8GA1UdIwQY
MBaAFGMRppyBcgRIVJMfEApZvQicuIgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXhHbW5JRnlCRWhVa3g4UUNsbTlDSnk0aUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9jNGFiZmUtYThlNi00YTE0LThiNWMt
ZDBlMGYyMTM5MzZjLzEvR05lZFVpNmV5M0dvQllWRHJYVWY1dFJDTkFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9jNGFiZmUtYThlNi00YTE0LThiNWMtZDBlMGYyMTM5MzZj
LzEvWXhHbW5JRnlCRWhVa3g4UUNsbTlDSnk0aUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwMAg5oDAwCN
bDAMAwQAwFR/AwQAwFScMAwDBAPAhwgDBAHAhyQwDQYJKoZIhvcNAQELBQADggEB
AFzLfxTTl/iXAOXU8O5B/d+W1XBrl6JIHrqCVruEL8efEMRZNGHdc9w9VdLTOpsI
iljhS3P4+CU1NPEhG9GZ2B39NTtS7+0uBZkQFH0bujdWXdsseEGJIbYey7tTl1hU
IpAS84vk1Xh9aIClUGMxTLulJq4WuZ9zGWCyQ0y7vn5jRXV6bhaJIGXAdGCpf0mJ
fuU9HBdbcCDTJ2ag4uplk95NUSuQQYdvbjrnOW92WABb5WLFcJrtPZA9of/cQO7F
U+jQCo+M0cfTSS8ZRIIkDclnTsLYf8eCLERbOIBBJJgzVayMfTBPV/R8Y0/mF3Iu
JnNB3G+fFtcocRyDhYEmuiQ=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:56:04 2024 by rpki-client on console-fra.rpki-client.org