Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/44124d-8b15-45b2-a5c1-7bc73eee1447/1/1-VGt9HI4qmVcmYfXoYfbXB7Fz8.roa
File:                     1-VGt9HI4qmVcmYfXoYfbXB7Fz8.roa (raw, json)
Hash identifier:          /iy+FZ1lhX6hD5v/VkzRyiRTHT+Nfy6N1w6LFHc56wY=
Subject key identifier:   D7:E5:46:B7:D1:C8:E2:A9:95:72:66:1F:5E:86:1F:6D:70:7B:17:3F
Certificate issuer:       /CN=b9b8139993be665f3b5d0f6909ef058fa8f97922
Certificate serial:       018CC4939A259343228DF5B0E86A81CE22E5
Authority key identifier: B9:B8:13:99:93:BE:66:5F:3B:5D:0F:69:09:EF:05:8F:A8:F9:79:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubgTmZO-Zl87XQ9pCe8Fj6j5eSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/44124d-8b15-45b2-a5c1-7bc73eee1447/1/1-VGt9HI4qmVcmYfXoYfbXB7Fz8.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39442
IP address blocks:        188.247.32.0/19 maxlen: 19
                          217.149.176.0/22 maxlen: 22
                          217.149.176.0/20 maxlen: 20
                          217.149.181.0/24 maxlen: 24
                          217.149.184.0/21 maxlen: 21
                          213.234.0.0/20 maxlen: 20
                          213.234.0.0/24 maxlen: 24
                          213.234.1.0/24 maxlen: 24
                          213.234.5.0/24 maxlen: 24
                          213.234.6.0/24 maxlen: 24
                          213.234.8.0/24 maxlen: 24
                          213.234.10.0/24 maxlen: 24
                          213.234.11.0/24 maxlen: 24
                          213.234.16.0/22 maxlen: 22
                          213.234.16.0/24 maxlen: 24
                          213.234.18.0/23 maxlen: 23
                          213.234.20.0/24 maxlen: 24
                          213.234.21.0/24 maxlen: 24
                          213.234.22.0/24 maxlen: 24
                          188.247.44.0/24 maxlen: 24
                          188.247.44.0/22 maxlen: 22
                          188.247.40.0/24 maxlen: 24
                          185.183.48.0/22 maxlen: 22
                          188.247.55.0/24 maxlen: 24
                          188.247.56.0/21 maxlen: 21
                          185.125.72.0/22 maxlen: 22
                          92.39.104.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/44124d-8b15-45b2-a5c1-7bc73eee1447/1/ubgTmZO-Zl87XQ9pCe8Fj6j5eSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/44124d-8b15-45b2-a5c1-7bc73eee1447/1/ubgTmZO-Zl87XQ9pCe8Fj6j5eSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubgTmZO-Zl87XQ9pCe8Fj6j5eSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9a:25:93:43:22:8d:f5:b0:e8:6a:81:ce:22:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b8139993be665f3b5d0f6909ef058fa8f97922
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7e546b7d1c8e2a99572661f5e861f6d707b173f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1c:51:8f:96:fc:8d:b7:f7:95:a3:7c:b6:d9:
                    75:03:50:e6:a2:14:31:50:8d:23:81:23:b2:da:04:
                    12:a0:5a:cb:e6:f5:8f:40:10:c7:11:82:67:c1:ae:
                    b9:11:7d:a4:fc:57:2b:71:df:6e:ab:67:8b:eb:05:
                    ea:25:67:e0:a3:7f:1b:62:c8:ba:7c:bd:15:4f:be:
                    84:39:68:e9:00:05:97:68:c6:da:eb:c4:f2:1d:03:
                    11:32:8d:69:36:03:fd:e3:98:f7:77:67:17:13:87:
                    23:44:53:4a:75:89:27:77:e7:1f:36:58:fe:ab:fe:
                    de:d5:e1:96:30:8e:d5:7f:b6:46:e2:79:39:79:df:
                    d1:34:e7:e3:ec:83:b0:d2:44:3f:97:48:e7:e3:88:
                    12:e6:56:67:75:54:d3:55:25:9e:d9:cf:ff:c1:cd:
                    ac:ef:56:76:b5:d4:f1:e6:a9:1c:31:38:2e:d3:e9:
                    7b:3c:ef:33:95:67:24:48:2c:50:f9:05:9c:19:62:
                    aa:0c:86:1d:7b:c2:64:da:19:8d:c3:7c:06:67:3a:
                    de:ac:16:fa:f8:12:01:3a:6e:79:8f:cf:33:35:16:
                    ef:1c:af:de:35:ef:84:50:a4:a1:8b:eb:a6:35:4c:
                    17:ff:9c:cb:1f:1d:79:62:b0:b8:9c:f3:4e:a6:8b:
                    4e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E5:46:B7:D1:C8:E2:A9:95:72:66:1F:5E:86:1F:6D:70:7B:17:3F
            X509v3 Authority Key Identifier:
                keyid:B9:B8:13:99:93:BE:66:5F:3B:5D:0F:69:09:EF:05:8F:A8:F9:79:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubgTmZO-Zl87XQ9pCe8Fj6j5eSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/44124d-8b15-45b2-a5c1-7bc73eee1447/1/1-VGt9HI4qmVcmYfXoYfbXB7Fz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/44124d-8b15-45b2-a5c1-7bc73eee1447/1/ubgTmZO-Zl87XQ9pCe8Fj6j5eSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.39.104.0/21
                  185.125.72.0/22
                  185.183.48.0/22
                  188.247.32.0/19
                  213.234.0.0-213.234.22.255
                  217.149.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9a:b6:16:7d:fa:79:ad:5f:e7:3a:b2:b3:6e:31:e4:6b:13:7f:
         14:cd:57:ec:5e:ae:3e:cf:65:60:82:df:c1:f1:36:9e:96:40:
         a9:04:21:16:2b:39:73:2a:02:f0:da:7f:36:e8:26:b4:86:3c:
         c8:b6:10:22:b3:89:78:10:77:fb:f1:4c:8c:d8:7a:43:c7:65:
         68:3b:6a:52:e2:a7:fd:0f:c5:9f:e9:11:21:6e:2a:01:a5:b8:
         3c:73:ed:81:cd:63:ba:da:26:ae:ed:02:be:61:9e:88:80:22:
         27:b1:c0:b9:bd:c8:9a:08:5c:82:42:41:51:6c:ac:5c:29:56:
         7c:45:4b:b8:5b:23:a3:15:3d:13:f1:6f:ea:ac:3e:b9:81:30:
         34:da:97:da:96:d6:3f:e7:39:69:d0:f1:f3:1b:7a:39:d5:bd:
         da:e7:01:e8:dd:b4:b8:b3:28:37:89:0a:d5:a6:08:aa:78:d9:
         28:94:ac:d2:8c:fd:8b:bc:04:a7:d7:50:2b:2f:f6:49:cb:f9:
         d8:57:39:fe:4e:ef:a1:93:35:ef:14:3c:c4:29:6c:98:06:c3:
         25:b4:82:68:ab:eb:0b:da:7d:f6:86:ea:42:8b:bb:18:ce:74:
         5d:1f:f2:c7:e9:0e:a1:13:05:9d:8a:20:55:6c:87:6f:22:0f:
         32:d8:88:0b
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYzEk5olk0MijfWw6GqBziLlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjgxMzk5OTNiZTY2NWYzYjVkMGY2OTA5ZWYwNThmYThm
OTc5MjIwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2U1NDZiN2QxYzhlMmE5OTU3MjY2MWY1ZTg2MWY2ZDcwN2IxNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxxRj5b8jbf3laN8ttl1A1DmohQx
UI0jgSOy2gQSoFrL5vWPQBDHEYJnwa65EX2k/Fcrcd9uq2eL6wXqJWfgo38bYsi6
fL0VT76EOWjpAAWXaMba68TyHQMRMo1pNgP945j3d2cXE4cjRFNKdYknd+cfNlj+
q/7e1eGWMI7Vf7ZG4nk5ed/RNOfj7IOw0kQ/l0jn44gS5lZndVTTVSWe2c//wc2s
71Z2tdTx5qkcMTgu0+l7PO8zlWckSCxQ+QWcGWKqDIYde8Jk2hmNw3wGZzrerBb6
+BIBOm55j88zNRbvHK/eNe+EUKShi+umNUwX/5zLHx15YrC4nPNOpotOJQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFNflRrfRyOKplXJmH16GH21wexc/MB8GA1UdIwQY
MBaAFLm4E5mTvmZfO10PaQnvBY+o+XkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJnVG1aTy1abDg3WFE5cENlOEZqNmo1ZVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC80NDEyNGQtOGIxNS00NWIyLWE1YzEt
N2JjNzNlZWUxNDQ3LzEvMS1WR3Q5SEk0cW1WY21ZZlhvWWZiWEI3Rno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC80NDEyNGQtOGIxNS00NWIyLWE1YzEtN2JjNzNlZWUxNDQ3
LzEvdWJnVG1aTy1abDg3WFE5cENlOEZqNmo1ZVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAxBAIAATArAwQDXCdoAwQC
uX1IAwQCubcwAwQFvPcgMAsDAwHV6gMEANXqFgMEBNmVsDANBgkqhkiG9w0BAQsF
AAOCAQEAmrYWffp5rV/nOrKzbjHkaxN/FM1X7F6uPs9lYILfwfE2npZAqQQhFis5
cyoC8Np/NugmtIY8yLYQIrOJeBB3+/FMjNh6Q8dlaDtqUuKn/Q/Fn+kRIW4qAaW4
PHPtgc1jutomru0CvmGeiIAiJ7HAub3ImghcgkJBUWysXClWfEVLuFsjoxU9E/Fv
6qw+uYEwNNqX2pbWP+c5adDx8xt6OdW92ucB6N20uLMoN4kK1aYIqnjZKJSs0oz9
i7wEp9dQKy/2Scv52Fc5/k7voZM17xQ8xClsmAbDJbSCaKvrC9p99obqQou7GM50
XR/yx+kOoRMFnYogVWyHbyIPMtiICw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:38:53 2024 by rpki-client on console-ams.rpki-client.org