Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/dCnxtv8ZqZAMgXEO1gkn2xaUQ68.roa
File:                     dCnxtv8ZqZAMgXEO1gkn2xaUQ68.roa (raw, json)
Hash identifier:          Bf5wW7Hg4hDBFYB0fIOot5YKOwdX6kHMLXYkAOu5Fow=
Subject key identifier:   74:29:F1:B6:FF:19:A9:90:0C:81:71:0E:D6:09:27:DB:16:94:43:AF
Certificate issuer:       /CN=959efe6ef97728a4282ae2c7b05a240506571f1c
Certificate serial:       018CC64B66E87610155B90BA41C5F302DD19
Authority key identifier: 95:9E:FE:6E:F9:77:28:A4:28:2A:E2:C7:B0:5A:24:05:06:57:1F:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lZ7-bvl3KKQoKuLHsFokBQZXHxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/dCnxtv8ZqZAMgXEO1gkn2xaUQ68.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202105
IP address blocks:        87.237.226.0/24 maxlen: 24
                          87.237.225.0/24 maxlen: 24
                          87.237.224.0/24 maxlen: 24
                          185.82.116.0/24 maxlen: 24
                          185.82.117.0/24 maxlen: 24
                          185.82.118.0/24 maxlen: 24
                          185.82.119.0/24 maxlen: 24
                          87.237.228.0/24 maxlen: 24
                          87.237.229.0/24 maxlen: 24
                          185.51.206.0/24 maxlen: 24
                          87.237.227.0/24 maxlen: 24
                          87.237.231.0/24 maxlen: 24
                          87.237.230.0/24 maxlen: 24
                          185.51.205.0/24 maxlen: 24
                          185.51.204.0/24 maxlen: 24
                          185.51.207.0/24 maxlen: 24
                          83.136.9.0/24 maxlen: 24
                          83.136.10.0/24 maxlen: 24
                          83.136.8.0/24 maxlen: 24
                          83.136.11.0/24 maxlen: 24
                          83.136.13.0/24 maxlen: 24
                          83.136.14.0/24 maxlen: 24
                          83.136.12.0/24 maxlen: 24
                          83.136.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/lZ7-bvl3KKQoKuLHsFokBQZXHxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/lZ7-bvl3KKQoKuLHsFokBQZXHxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lZ7-bvl3KKQoKuLHsFokBQZXHxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:66:e8:76:10:15:5b:90:ba:41:c5:f3:02:dd:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=959efe6ef97728a4282ae2c7b05a240506571f1c
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7429f1b6ff19a9900c81710ed60927db169443af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:7a:12:51:a0:a4:a5:6b:bf:c9:1e:1c:3f:f1:
                    a0:3e:fd:4e:20:f8:d8:a7:50:5f:17:a1:4d:5c:50:
                    4d:1c:27:3c:30:14:8d:07:1a:90:f5:83:49:57:91:
                    2f:f5:73:5e:65:0b:fd:d5:62:39:e2:94:0a:d0:33:
                    2c:e7:cb:4b:87:ba:86:dc:a5:36:be:7d:f5:fb:6a:
                    76:4e:6a:c2:6c:b6:6e:1f:5c:1d:df:df:04:e9:ac:
                    fa:f4:ee:d3:95:ad:af:b2:75:bc:ec:23:f7:86:21:
                    aa:f2:0b:86:ea:db:78:a7:eb:37:28:20:c7:26:2b:
                    3e:77:30:1a:a1:b6:f8:3e:18:a7:7a:e5:6d:ae:c0:
                    21:2a:04:34:22:4f:94:eb:94:c2:dd:18:01:ca:d9:
                    23:e5:78:8e:44:37:6b:82:63:7f:49:5d:b5:15:dd:
                    14:78:b3:03:d3:0f:3f:60:95:83:bd:4e:73:b4:66:
                    24:1c:63:55:0b:31:07:d2:a0:c2:be:66:b2:09:a8:
                    50:fb:95:a6:f1:8c:d2:7c:a0:d4:59:a8:a8:20:68:
                    2b:38:18:da:f3:2a:e5:49:b0:cb:a6:dd:7b:66:0b:
                    43:88:72:f1:46:02:a7:a4:99:fc:cb:d7:35:04:5f:
                    fb:b4:08:f4:7b:ca:77:40:7a:0c:e8:13:e3:51:21:
                    0f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:29:F1:B6:FF:19:A9:90:0C:81:71:0E:D6:09:27:DB:16:94:43:AF
            X509v3 Authority Key Identifier:
                keyid:95:9E:FE:6E:F9:77:28:A4:28:2A:E2:C7:B0:5A:24:05:06:57:1F:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lZ7-bvl3KKQoKuLHsFokBQZXHxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/dCnxtv8ZqZAMgXEO1gkn2xaUQ68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/lZ7-bvl3KKQoKuLHsFokBQZXHxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.8.0/21
                  87.237.224.0/21
                  185.51.204.0/22
                  185.82.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:2e:15:4d:a2:d9:40:84:92:39:5e:99:b3:99:d6:65:fe:f2:
         fd:ba:9a:9b:ab:59:70:2b:25:15:8c:d8:df:b3:a3:3f:29:ec:
         e5:9a:bd:a3:9b:50:2d:d5:25:92:f6:cc:61:c5:b3:dd:8d:d0:
         ec:3b:d2:01:04:2d:c3:b6:cc:94:b1:60:fa:ec:6c:d5:fe:0d:
         22:b5:8d:4b:59:bf:22:2e:ed:ce:ce:0c:bd:ea:5c:f6:74:19:
         bf:b1:10:82:43:47:c2:7e:3b:72:0b:2d:d2:be:02:c2:f5:38:
         e9:84:27:dc:e7:88:fe:e2:4f:5c:b1:2a:44:ce:76:d7:8e:c8:
         33:c9:d9:ab:4f:c9:82:81:5f:f2:2b:4c:ca:69:71:82:84:3f:
         05:b0:22:21:26:01:1d:0c:89:73:48:4c:0d:92:81:fb:16:e7:
         d9:77:3b:63:70:d2:d6:d3:70:2d:a3:cf:ac:e5:34:e9:8d:f6:
         7c:7b:56:b5:31:02:86:0d:d5:f9:fc:c6:4d:fc:cd:cb:18:8e:
         1f:7e:65:21:bd:49:b7:06:39:ff:11:fe:99:cf:a6:8b:09:50:
         d1:86:ce:eb:9d:15:ef:12:aa:44:bb:18:96:b6:f1:9e:47:f5:
         00:f7:2b:0c:04:7d:b0:08:82:95:31:b4:59:3b:b0:b3:5a:1b:
         c0:d0:c6:47
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGS2bodhAVW5C6QcXzAt0ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1OWVmZTZlZjk3NzI4YTQyODJhZTJjN2IwNWEyNDA1MDY1
NzFmMWMwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDI5ZjFiNmZmMTlhOTkwMGM4MTcxMGVkNjA5MjdkYjE2OTQ0M2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3oSUaCkpWu/yR4cP/GgPv1OIPjY
p1BfF6FNXFBNHCc8MBSNBxqQ9YNJV5Ev9XNeZQv91WI54pQK0DMs58tLh7qG3KU2
vn31+2p2TmrCbLZuH1wd398E6az69O7Tla2vsnW87CP3hiGq8guG6tt4p+s3KCDH
Jis+dzAaobb4PhineuVtrsAhKgQ0Ik+U65TC3RgBytkj5XiORDdrgmN/SV21Fd0U
eLMD0w8/YJWDvU5ztGYkHGNVCzEH0qDCvmayCahQ+5Wm8YzSfKDUWaioIGgrOBja
8yrlSbDLpt17ZgtDiHLxRgKnpJn8y9c1BF/7tAj0e8p3QHoM6BPjUSEPiQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHQp8bb/GamQDIFxDtYJJ9sWlEOvMB8GA1UdIwQY
MBaAFJWe/m75dyikKCrix7BaJAUGVx8cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFo3LWJ2bDNLS1FvS3VMSHNGb2tCUVpYSHh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84YzFlNDktN2RkMS00NDhkLTg4MTUt
YTA5MjY2YmI0ZDhjLzEvZENueHR2OFpxWkFNZ1hFTzFna24yeGFVUTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84YzFlNDktN2RkMS00NDhkLTg4MTUtYTA5MjY2YmI0ZDhj
LzEvbFo3LWJ2bDNLS1FvS3VMSHNGb2tCUVpYSHh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDU4gIAwQD
V+3gAwQCuTPMAwQCuVJ0MA0GCSqGSIb3DQEBCwUAA4IBAQB5LhVNotlAhJI5Xpmz
mdZl/vL9upqbq1lwKyUVjNjfs6M/Kezlmr2jm1At1SWS9sxhxbPdjdDsO9IBBC3D
tsyUsWD67GzV/g0itY1LWb8iLu3Ozgy96lz2dBm/sRCCQ0fCfjtyCy3SvgLC9Tjp
hCfc54j+4k9csSpEznbXjsgzydmrT8mCgV/yK0zKaXGChD8FsCIhJgEdDIlzSEwN
koH7FufZdztjcNLW03Ato8+s5TTpjfZ8e1a1MQKGDdX5/MZN/M3LGI4ffmUhvUm3
Bjn/Ef6Zz6aLCVDRhs7rnRXvEqpEuxiWtvGeR/UA9ysMBH2wCIKVMbRZO7CzWhvA
0MZH
-----END CERTIFICATE-----
Generated at Sat Jun 15 19:50:36 2024 by rpki-client on console-fra.rpki-client.org