Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/L_e3zk7V9O622dbvVzCSskKozzI.roa
File:                     L_e3zk7V9O622dbvVzCSskKozzI.roa (raw, json)
Hash identifier:          izrqg/9Wj0abVJ1xLIDLaKQLQl8gfa2jjyYPxdvr18Q=
Subject key identifier:   2F:F7:B7:CE:4E:D5:F4:EE:B6:D9:D6:EF:57:30:92:B2:42:A8:CF:32
Certificate issuer:       /CN=7d3b2c333b729557ac0be02740b22296d802bf81
Certificate serial:       018CC5DC385B9DCE6F4E25892372C3256A5E
Authority key identifier: 7D:3B:2C:33:3B:72:95:57:AC:0B:E0:27:40:B2:22:96:D8:02:BF:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fTssMztylVesC-AnQLIiltgCv4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/L_e3zk7V9O622dbvVzCSskKozzI.roa
Signing time:             Mon 01 Jan 2024 16:29:53 +0000
ROA not before:           Mon 01 Jan 2024 16:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207242
IP address blocks:        185.195.84.0/22 maxlen: 22
                          185.162.24.0/22 maxlen: 22
                          185.194.44.0/22 maxlen: 22
                          185.195.224.0/22 maxlen: 22
                          185.242.72.0/22 maxlen: 22
                          2a0a:5f40::/32 maxlen: 32
                          2a0c:c380::/32 maxlen: 32
                          2a07:ca40::/29 maxlen: 29
                          2a0a:5640::/32 maxlen: 32
                          2a0a:4440::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/fTssMztylVesC-AnQLIiltgCv4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/fTssMztylVesC-AnQLIiltgCv4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fTssMztylVesC-AnQLIiltgCv4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:38:5b:9d:ce:6f:4e:25:89:23:72:c3:25:6a:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d3b2c333b729557ac0be02740b22296d802bf81
        Validity
            Not Before: Jan  1 16:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ff7b7ce4ed5f4eeb6d9d6ef573092b242a8cf32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b7:28:17:7f:a7:ed:f6:28:aa:b4:b8:19:2a:
                    d0:d2:d6:a6:59:92:0a:76:a5:ee:04:bf:e2:2c:10:
                    0f:4c:15:18:1a:bc:e3:d0:3b:98:e1:d3:12:c5:df:
                    f9:88:70:08:61:51:1c:c5:ef:1c:37:e5:34:4c:4f:
                    3a:74:d9:bf:19:20:43:a9:c0:50:a6:ab:bc:cf:a9:
                    27:4f:50:da:74:51:e3:29:f3:a3:6c:88:bd:06:c6:
                    ac:75:b3:cc:0d:90:d1:8f:e5:b8:09:04:8e:e6:83:
                    a9:17:58:8c:41:c9:68:26:89:04:05:c0:d2:d1:16:
                    5d:a8:f2:41:b1:a5:45:c6:eb:b8:c3:91:dc:22:eb:
                    82:ea:ac:e1:53:0b:ef:19:cb:be:d6:db:5d:53:7a:
                    b9:77:5f:0b:de:00:c1:97:2f:e2:3b:61:88:fa:05:
                    d9:1f:9c:a8:f4:1d:1d:2b:27:15:f8:39:9e:9d:94:
                    72:a3:fa:6e:70:9d:ac:d1:1d:17:fa:6b:51:8e:98:
                    d6:39:41:0b:c0:e4:21:c8:b3:02:d4:b1:0f:d1:a0:
                    06:6b:20:68:ca:6c:d8:ad:5a:00:68:fb:3c:d0:9f:
                    f3:ad:3c:8c:74:0e:79:c4:be:62:0b:1c:f5:77:7d:
                    a8:f8:90:04:61:83:2a:38:29:5b:e7:b7:52:63:8c:
                    4a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:F7:B7:CE:4E:D5:F4:EE:B6:D9:D6:EF:57:30:92:B2:42:A8:CF:32
            X509v3 Authority Key Identifier:
                keyid:7D:3B:2C:33:3B:72:95:57:AC:0B:E0:27:40:B2:22:96:D8:02:BF:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fTssMztylVesC-AnQLIiltgCv4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/L_e3zk7V9O622dbvVzCSskKozzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/6b1b64-2564-47a7-b1c1-52835db6512c/1/fTssMztylVesC-AnQLIiltgCv4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.24.0/22
                  185.194.44.0/22
                  185.195.84.0/22
                  185.195.224.0/22
                  185.242.72.0/22
                IPv6:
                  2a07:ca40::/29
                  2a0a:4440::/32
                  2a0a:5640::/32
                  2a0a:5f40::/32
                  2a0c:c380::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:e7:52:60:f5:20:66:2a:86:50:f3:9e:f6:c0:b9:19:3a:5c:
         ae:e4:57:9a:c5:3c:54:51:6c:60:a7:ec:48:fa:bf:72:8c:c5:
         e7:d0:ad:f5:f7:4a:0a:d7:3e:9d:9a:8f:1c:9c:4f:ef:f3:89:
         29:e0:9a:1d:9e:9c:21:8a:bb:75:c9:22:bb:65:9e:79:ec:fe:
         01:09:e6:25:1e:9c:67:44:8b:45:bf:5c:d2:81:12:83:42:5a:
         cb:4e:83:43:d4:1b:85:fc:12:0e:40:82:96:44:37:8b:0d:81:
         48:e0:7a:b9:3e:8b:49:49:8a:15:94:8f:bc:b0:a1:73:dd:26:
         89:6f:48:30:e1:cf:09:b3:9d:76:12:69:93:66:53:8d:38:fc:
         ea:e6:73:29:ff:09:d3:da:f5:61:1f:b1:2c:2d:1c:ec:15:7b:
         d3:74:39:be:68:0d:92:80:59:ac:69:d1:68:4a:88:8b:ee:cd:
         49:c4:65:52:90:0e:10:83:48:69:2a:54:c8:ba:c8:10:05:f5:
         90:46:fd:d5:24:e5:43:54:bc:bc:fa:5a:7a:bc:53:35:70:24:
         3d:8f:ed:67:64:bc:2f:ac:a2:36:23:90:cb:f1:71:a4:37:1f:
         92:68:cf:d9:7e:04:d1:74:99:ee:2b:3c:d0:72:70:b4:18:fc:
         6b:1e:c5:48
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYzF3Dhbnc5vTiWJI3LDJWpeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkM2IyYzMzM2I3Mjk1NTdhYzBiZTAyNzQwYjIyMjk2ZDgw
MmJmODEwHhcNMjQwMTAxMTYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmY3YjdjZTRlZDVmNGVlYjZkOWQ2ZWY1NzMwOTJiMjQyYThjZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrcoF3+n7fYoqrS4GSrQ0tamWZIK
dqXuBL/iLBAPTBUYGrzj0DuY4dMSxd/5iHAIYVEcxe8cN+U0TE86dNm/GSBDqcBQ
pqu8z6knT1DadFHjKfOjbIi9BsasdbPMDZDRj+W4CQSO5oOpF1iMQcloJokEBcDS
0RZdqPJBsaVFxuu4w5HcIuuC6qzhUwvvGcu+1ttdU3q5d18L3gDBly/iO2GI+gXZ
H5yo9B0dKycV+DmenZRyo/pucJ2s0R0X+mtRjpjWOUELwOQhyLMC1LEP0aAGayBo
ymzYrVoAaPs80J/zrTyMdA55xL5iCxz1d32o+JAEYYMqOClb57dSY4xKLwIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFC/3t85O1fTuttnW71cwkrJCqM8yMB8GA1UdIwQY
MBaAFH07LDM7cpVXrAvgJ0CyIpbYAr+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlRzc016dHlsVmVzQy1BblFMSWlsdGdDdjRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS82YjFiNjQtMjU2NC00N2E3LWIxYzEt
NTI4MzVkYjY1MTJjLzEvTF9lM3prN1Y5TzYyMmRidlZ6Q1Nza0tvenpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS82YjFiNjQtMjU2NC00N2E3LWIxYzEtNTI4MzVkYjY1MTJj
LzEvZlRzc016dHlsVmVzQy1BblFMSWlsdGdDdjRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTAkBAIAATAeAwQCuaIYAwQC
ucIsAwQCucNUAwQCucPgAwQCufJIMCkEAgACMCMDBQMqB8pAAwUAKgpEQAMFACoK
VkADBQAqCl9AAwUAKgzDgDANBgkqhkiG9w0BAQsFAAOCAQEAiudSYPUgZiqGUPOe
9sC5GTpcruRXmsU8VFFsYKfsSPq/cozF59Ct9fdKCtc+nZqPHJxP7/OJKeCaHZ6c
IYq7dckiu2Weeez+AQnmJR6cZ0SLRb9c0oESg0Jay06DQ9QbhfwSDkCClkQ3iw2B
SOB6uT6LSUmKFZSPvLChc90miW9IMOHPCbOddhJpk2ZTjTj86uZzKf8J09r1YR+x
LC0c7BV703Q5vmgNkoBZrGnRaEqIi+7NScRlUpAOEINIaSpUyLrIEAX1kEb91STl
Q1S8vPpaerxTNXAkPY/tZ2S8L6yiNiOQy/FxpDcfkmjP2X4E0XSZ7is80HJwtBj8
ax7FSA==
-----END CERTIFICATE-----
Generated at Sun Jun 16 04:46:45 2024 by rpki-client on console-fra.rpki-client.org