Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/PfRGyoNSS7bVTtlvv_cRzZfZl1c.roa
File:                     PfRGyoNSS7bVTtlvv_cRzZfZl1c.roa (raw, json)
Hash identifier:          RcOLY1NdAl2welThNHXokOEGdlnTsoKT0RhSl+QQAUs=
Subject key identifier:   3D:F4:46:CA:83:52:4B:B6:D5:4E:D9:6F:BF:F7:11:CD:97:D9:97:57
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC79454FF8E768F64B96E9263296B157C
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/PfRGyoNSS7bVTtlvv_cRzZfZl1c.roa
Signing time:             Tue 02 Jan 2024 00:30:36 +0000
ROA not before:           Tue 02 Jan 2024 00:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60148
IP address blocks:        2.187.255.0/24 maxlen: 24
                          2.187.254.0/24 maxlen: 24
                          2.182.255.0/24 maxlen: 24
                          2.182.254.0/24 maxlen: 24
                          78.39.221.0/24 maxlen: 24
                          78.39.152.0/24 maxlen: 24
                          78.39.157.0/24 maxlen: 24
                          80.191.56.0/24 maxlen: 24
                          78.38.239.0/24 maxlen: 24
                          2.187.253.0/24 maxlen: 24
                          78.38.238.0/24 maxlen: 24
                          78.38.237.0/24 maxlen: 24
                          2.185.254.0/24 maxlen: 24
                          2.185.255.0/24 maxlen: 24
                          2.180.255.0/24 maxlen: 24
                          2.180.254.0/24 maxlen: 24
                          2.181.222.0/24 maxlen: 24
                          2.181.223.0/24 maxlen: 24
                          2.183.254.0/24 maxlen: 24
                          2.183.255.0/24 maxlen: 24
                          195.146.37.0/24 maxlen: 24
                          195.146.59.0/24 maxlen: 24
                          2.184.255.0/24 maxlen: 24
                          2.184.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:54:ff:8e:76:8f:64:b9:6e:92:63:29:6b:15:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3df446ca83524bb6d54ed96fbff711cd97d99757
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5a:8f:c5:b0:31:63:b4:52:38:39:99:24:3c:
                    04:0b:4e:eb:70:58:45:dc:c2:cd:ff:88:55:9d:42:
                    c3:e7:31:a4:88:15:92:fe:3f:aa:39:87:03:71:b7:
                    f4:f7:80:98:e1:ba:77:d5:94:46:63:03:0c:97:cf:
                    51:3a:8d:fc:fb:9f:dd:c4:41:a9:e0:7e:5c:55:70:
                    a9:c6:e9:13:d4:6e:d2:fd:d0:1f:b3:b1:f0:3c:cb:
                    d7:c0:ea:86:ce:cf:b7:55:36:2c:4d:06:dc:c0:e0:
                    01:af:5e:6c:12:bd:08:43:4c:50:90:36:83:7f:c2:
                    17:0d:89:14:16:b3:fb:c4:a1:07:07:61:61:51:a7:
                    be:3c:88:9e:59:80:97:9d:8f:90:63:46:1b:21:09:
                    bb:70:11:21:b7:2f:7c:53:69:3a:6f:37:82:c2:5c:
                    85:de:21:ef:0b:80:a7:77:95:30:ae:27:81:bd:97:
                    51:b0:3b:ce:58:9c:3c:be:b2:89:fe:18:c5:12:28:
                    c3:a3:c6:19:d5:c8:df:32:77:28:59:99:35:d3:a9:
                    ca:7b:0f:42:1f:c1:1c:93:bb:7f:1d:29:5e:dd:0b:
                    88:25:ba:12:75:5a:c8:0d:32:e3:d8:fb:f7:10:3e:
                    9e:f4:40:c5:ad:34:d3:21:29:53:35:8a:eb:cc:1f:
                    d6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F4:46:CA:83:52:4B:B6:D5:4E:D9:6F:BF:F7:11:CD:97:D9:97:57
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/PfRGyoNSS7bVTtlvv_cRzZfZl1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.180.254.0/23
                  2.181.222.0/23
                  2.182.254.0/23
                  2.183.254.0/23
                  2.184.254.0/23
                  2.185.254.0/23
                  2.187.253.0-2.187.255.255
                  78.38.237.0-78.38.239.255
                  78.39.152.0/24
                  78.39.157.0/24
                  78.39.221.0/24
                  80.191.56.0/24
                  195.146.37.0/24
                  195.146.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:51:09:9c:2f:a8:59:29:32:4a:a6:a7:bb:7f:24:08:f2:be:
         b9:de:6a:bb:b7:43:01:6f:86:1c:c0:39:e3:94:ef:39:35:6d:
         03:30:90:84:84:77:ce:c7:74:e0:6e:59:a3:f3:53:bd:70:92:
         ee:30:99:df:83:a6:89:5a:2f:f4:e0:7c:d6:57:67:a7:3b:e6:
         4a:44:97:80:20:76:a4:6d:a7:da:cc:75:63:c0:59:cc:04:7b:
         15:97:aa:34:d2:17:02:77:75:5c:59:c2:3f:79:21:c2:ae:7b:
         dc:a5:26:0b:86:4c:8b:38:04:f8:95:49:2c:e4:e9:67:20:1f:
         b9:53:03:18:33:cf:8a:20:61:c5:5b:04:0e:ca:d4:fb:90:9f:
         9f:4f:61:1b:3c:89:43:7b:6c:c8:90:7d:ee:3e:5a:7e:31:b9:
         88:b3:1e:54:37:1a:c9:95:d8:b7:ca:95:e7:cb:14:7c:89:1f:
         45:a3:99:9f:60:0e:57:e2:d4:51:e9:43:18:88:45:e2:bf:a6:
         92:d3:e2:5b:3e:49:a6:09:d9:72:a2:73:0d:10:28:09:c3:38:
         f1:20:26:20:f9:1a:bb:45:be:d6:81:14:c6:48:dd:3f:af:95:
         fd:4c:a0:a4:43:57:6c:64:79:45:b3:b1:4b:3a:37:92:64:4b:
         93:d1:ed:5c
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAYzHlFT/jnaPZLlukmMpaxV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGY0NDZjYTgzNTI0YmI2ZDU0ZWQ5NmZiZmY3MTFjZDk3ZDk5NzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFqPxbAxY7RSODmZJDwEC07rcFhF
3MLN/4hVnULD5zGkiBWS/j+qOYcDcbf094CY4bp31ZRGYwMMl89ROo38+5/dxEGp
4H5cVXCpxukT1G7S/dAfs7HwPMvXwOqGzs+3VTYsTQbcwOABr15sEr0IQ0xQkDaD
f8IXDYkUFrP7xKEHB2FhUae+PIieWYCXnY+QY0YbIQm7cBEhty98U2k6bzeCwlyF
3iHvC4Cnd5UwrieBvZdRsDvOWJw8vrKJ/hjFEijDo8YZ1cjfMncoWZk106nKew9C
H8Eck7t/HSle3QuIJboSdVrIDTLj2Pv3ED6e9EDFrTTTISlTNYrrzB/WDwIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFD30RsqDUku21U7Zb7/3Ec2X2ZdXMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvUGZSR3lvTlNTN2JWVHRsdnZfY1J6WmZabDFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBpBAIAATBjAwQBArT+AwQB
ArXeAwQBArb+AwQBArf+AwQBArj+AwQBArn+MAsDBAACu/0DAwICuDAMAwQATibt
AwQETibgAwQATieYAwQATiedAwQATifdAwQAUL84AwQAw5IlAwQAw5I7MA0GCSqG
SIb3DQEBCwUAA4IBAQAVUQmcL6hZKTJKpqe7fyQI8r653mq7t0MBb4YcwDnjlO85
NW0DMJCEhHfOx3Tgblmj81O9cJLuMJnfg6aJWi/04HzWV2enO+ZKRJeAIHakbafa
zHVjwFnMBHsVl6o00hcCd3VcWcI/eSHCrnvcpSYLhkyLOAT4lUks5OlnIB+5UwMY
M8+KIGHFWwQOytT7kJ+fT2EbPIlDe2zIkH3uPlp+MbmIsx5UNxrJldi3ypXnyxR8
iR9Fo5mfYA5X4tRR6UMYiEXiv6aS0+JbPkmmCdlyonMNECgJwzjxICYg+Rq7Rb7W
gRTGSN0/r5X9TKCkQ1dsZHlFs7FLOjeSZEuT0e1c
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:38:38 2024 by rpki-client on console-fra.rpki-client.org