Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/j6vn8Tq4QfV68pFE4XqinT6qF38.roa
File:                     j6vn8Tq4QfV68pFE4XqinT6qF38.roa (raw, json)
Hash identifier:          PVJRhd+fm5M+yXEvk2nEvEWt6WQa4VaNHakcskBTtYY=
Subject key identifier:   8F:AB:E7:F1:3A:B8:41:F5:7A:F2:91:44:E1:7A:A2:9D:3E:AA:17:7F
Certificate issuer:       /CN=96cbcf2e957ca8d942472a7b0044285b26db6b22
Certificate serial:       018CC9BBBE8CE0A7ECCEC2E0D5966D424D3E
Authority key identifier: 96:CB:CF:2E:95:7C:A8:D9:42:47:2A:7B:00:44:28:5B:26:DB:6B:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/j6vn8Tq4QfV68pFE4XqinT6qF38.roa
Signing time:             Tue 02 Jan 2024 10:32:53 +0000
ROA not before:           Tue 02 Jan 2024 10:32:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58256
IP address blocks:        185.83.184.0/24 maxlen: 24
                          185.83.186.0/24 maxlen: 24
                          185.83.185.0/24 maxlen: 24
                          185.83.187.0/24 maxlen: 24
                          37.143.145.0/24 maxlen: 24
                          37.143.144.0/24 maxlen: 24
                          185.42.213.0/24 maxlen: 24
                          185.42.212.0/24 maxlen: 24
                          185.42.215.0/24 maxlen: 24
                          185.42.214.0/24 maxlen: 24
                          37.143.151.0/24 maxlen: 24
                          37.143.150.0/24 maxlen: 24
                          37.143.149.0/24 maxlen: 24
                          37.143.148.0/24 maxlen: 24
                          37.143.147.0/24 maxlen: 24
                          37.143.146.0/24 maxlen: 24
                          185.83.31.0/24 maxlen: 24
                          185.83.30.0/24 maxlen: 24
                          185.83.29.0/24 maxlen: 24
                          185.83.28.0/24 maxlen: 24
                          91.108.132.0/24 maxlen: 24
                          91.108.131.0/24 maxlen: 24
                          91.108.130.0/24 maxlen: 24
                          91.108.129.0/24 maxlen: 24
                          91.108.128.0/24 maxlen: 24
                          91.108.139.0/24 maxlen: 24
                          91.108.133.0/24 maxlen: 24
                          91.108.138.0/24 maxlen: 24
                          91.108.137.0/24 maxlen: 24
                          91.108.136.0/24 maxlen: 24
                          91.108.135.0/24 maxlen: 24
                          91.108.134.0/24 maxlen: 24
                          91.108.140.0/24 maxlen: 24
                          91.108.145.0/24 maxlen: 24
                          91.108.144.0/24 maxlen: 24
                          91.108.143.0/24 maxlen: 24
                          91.108.142.0/24 maxlen: 24
                          91.108.141.0/24 maxlen: 24
                          91.108.152.0/24 maxlen: 24
                          91.108.151.0/24 maxlen: 24
                          91.108.150.0/24 maxlen: 24
                          91.108.149.0/24 maxlen: 24
                          91.108.148.0/24 maxlen: 24
                          91.108.147.0/24 maxlen: 24
                          91.108.146.0/24 maxlen: 24
                          91.108.154.0/24 maxlen: 24
                          91.108.153.0/24 maxlen: 24
                          91.108.159.0/24 maxlen: 24
                          91.108.158.0/24 maxlen: 24
                          91.108.157.0/24 maxlen: 24
                          91.108.156.0/24 maxlen: 24
                          91.108.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:be:8c:e0:a7:ec:ce:c2:e0:d5:96:6d:42:4d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96cbcf2e957ca8d942472a7b0044285b26db6b22
        Validity
            Not Before: Jan  2 10:32:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fabe7f13ab841f57af29144e17aa29d3eaa177f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:12:7d:2d:2a:01:96:5f:34:5b:22:28:50:0e:
                    12:07:ad:b1:2b:9a:3a:2b:4c:77:a6:24:1e:55:f9:
                    e6:0a:a9:e6:a1:fb:d1:d0:bf:b7:d5:d8:47:a9:6a:
                    db:e4:e2:09:d1:99:51:2d:53:6e:59:44:91:11:b7:
                    b8:79:b4:44:73:87:fc:91:82:71:1e:40:fb:0d:1f:
                    ac:4f:e6:a5:c1:10:bf:8d:b6:3d:a8:ea:bb:13:b0:
                    18:87:db:19:33:56:a1:71:35:33:87:1e:0b:57:75:
                    92:05:7f:17:ee:2a:3e:12:53:32:14:90:ca:ad:3d:
                    2e:01:63:4d:bb:4d:a7:8f:54:67:ef:bc:91:f2:d0:
                    bb:2a:e4:0f:e0:8a:8d:c1:6f:4a:50:96:b5:1a:82:
                    33:e0:f3:dc:7b:9b:65:9e:c6:75:d9:6e:83:51:77:
                    2e:1e:8c:3a:e0:70:dc:4c:2d:5e:cf:97:ab:05:ef:
                    5c:e5:9f:2f:24:d8:ba:a7:a0:ed:ef:95:e2:39:68:
                    f0:35:3c:b4:72:db:43:4f:79:9f:b6:e8:e4:c1:6d:
                    05:96:4a:2c:7b:07:34:42:af:c4:71:27:88:30:38:
                    75:89:91:5a:0c:3c:54:0e:eb:49:25:9a:bb:f5:6a:
                    fa:b2:db:c9:25:f2:94:c8:19:52:4f:91:e1:e6:95:
                    7f:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:AB:E7:F1:3A:B8:41:F5:7A:F2:91:44:E1:7A:A2:9D:3E:AA:17:7F
            X509v3 Authority Key Identifier:
                keyid:96:CB:CF:2E:95:7C:A8:D9:42:47:2A:7B:00:44:28:5B:26:DB:6B:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lsvPLpV8qNlCRyp7AEQoWybbayI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/j6vn8Tq4QfV68pFE4XqinT6qF38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1b60e9-b6e0-4890-9de1-13b431342ab8/1/lsvPLpV8qNlCRyp7AEQoWybbayI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.144.0/21
                  91.108.128.0/19
                  185.42.212.0/22
                  185.83.28.0/22
                  185.83.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:a2:6d:11:d8:32:98:64:33:54:61:14:38:92:8e:7f:d8:e2:
         89:01:12:cf:5a:05:88:8c:f5:b0:a2:57:a2:78:c3:42:ef:6f:
         09:fb:dd:17:6e:14:02:c8:ef:2b:f5:71:d5:75:bf:79:9e:77:
         ee:1a:60:9f:9e:9f:67:bf:d6:0f:be:42:2e:75:0a:50:4a:3a:
         55:1d:2d:63:cb:36:2a:51:17:cb:4c:95:51:48:86:43:25:f3:
         88:c8:36:0f:92:d8:bd:69:72:85:69:5f:21:61:bb:0a:60:a1:
         7c:27:ea:86:d6:8c:0c:1e:a7:3b:62:59:b1:a2:7c:5b:72:e1:
         23:3f:d3:ee:f2:5b:db:3e:94:8d:b2:e9:38:ed:29:96:5d:79:
         fb:98:7b:4b:6e:c6:91:39:eb:89:8b:1a:89:87:58:22:4a:01:
         23:f3:bc:a0:60:44:d3:27:ed:9d:1b:01:a8:01:36:76:47:49:
         8f:99:a3:93:59:41:76:ce:af:d5:d5:61:3e:4e:9b:17:fb:72:
         24:20:48:5b:7d:04:77:0a:e3:1e:ba:5c:2e:9b:ed:b6:01:c3:
         0d:4d:6d:08:40:8f:2a:32:1c:91:af:3f:43:81:51:ed:39:c9:
         3b:21:7f:d6:44:5a:3b:5b:21:d8:f1:0d:12:3b:ab:4b:a5:6d:
         e0:7a:56:d2
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzJu76M4KfszsLg1ZZtQk0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2Y2JjZjJlOTU3Y2E4ZDk0MjQ3MmE3YjAwNDQyODViMjZk
YjZiMjIwHhcNMjQwMTAyMTAzMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmFiZTdmMTNhYjg0MWY1N2FmMjkxNDRlMTdhYTI5ZDNlYWExNzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBJ9LSoBll80WyIoUA4SB62xK5o6
K0x3piQeVfnmCqnmofvR0L+31dhHqWrb5OIJ0ZlRLVNuWUSREbe4ebREc4f8kYJx
HkD7DR+sT+alwRC/jbY9qOq7E7AYh9sZM1ahcTUzhx4LV3WSBX8X7io+ElMyFJDK
rT0uAWNNu02nj1Rn77yR8tC7KuQP4IqNwW9KUJa1GoIz4PPce5tlnsZ12W6DUXcu
How64HDcTC1ez5erBe9c5Z8vJNi6p6Dt75XiOWjwNTy0cttDT3mftujkwW0Flkos
ewc0Qq/EcSeIMDh1iZFaDDxUDutJJZq79Wr6stvJJfKUyBlST5Hh5pV/iwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFI+r5/E6uEH1evKRROF6op0+qhd/MB8GA1UdIwQY
MBaAFJbLzy6VfKjZQkcqewBEKFsm22siMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHN2UExwVjhxTmxDUnlwN0FFUW9XeWJiYXlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xYjYwZTktYjZlMC00ODkwLTlkZTEt
MTNiNDMxMzQyYWI4LzEvajZ2bjhUcTRRZlY2OHBGRTRYcWluVDZxRjM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xYjYwZTktYjZlMC00ODkwLTlkZTEtMTNiNDMxMzQyYWI4
LzEvbHN2UExwVjhxTmxDUnlwN0FFUW9XeWJiYXlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDJY+QAwQF
W2yAAwQCuSrUAwQCuVMcAwQCuVO4MA0GCSqGSIb3DQEBCwUAA4IBAQAaom0R2DKY
ZDNUYRQ4ko5/2OKJARLPWgWIjPWwoleieMNC728J+90XbhQCyO8r9XHVdb95nnfu
GmCfnp9nv9YPvkIudQpQSjpVHS1jyzYqURfLTJVRSIZDJfOIyDYPkti9aXKFaV8h
YbsKYKF8J+qG1owMHqc7YlmxonxbcuEjP9Pu8lvbPpSNsuk47SmWXXn7mHtLbsaR
OeuJixqJh1giSgEj87ygYETTJ+2dGwGoATZ2R0mPmaOTWUF2zq/V1WE+TpsX+3Ik
IEhbfQR3CuMeulwum+22AcMNTW0IQI8qMhyRrz9DgVHtOck7IX/WRFo7WyHY8Q0S
O6tLpW3gelbS
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:38:22 2024 by rpki-client on console-ams.rpki-client.org