Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/8EFiJAhVVTivxMXn55H2jw0r_6I.roa
File:                     8EFiJAhVVTivxMXn55H2jw0r_6I.roa (raw, json)
Hash identifier:          P8o1N3fVJ1W+2PVpZbny54rJ/mV2S4EYYaRgDUOsV5Q=
Subject key identifier:   F0:41:62:24:08:55:55:38:AF:C4:C5:E7:E7:91:F6:8F:0D:2B:FF:A2
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF7D26A3E541D5A895CC5996D36C96
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/8EFiJAhVVTivxMXn55H2jw0r_6I.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49334
IP address blocks:        188.132.131.0/24 maxlen: 24
                          212.68.58.0/24 maxlen: 24
                          212.68.54.0/24 maxlen: 24
                          212.68.53.0/24 maxlen: 24
                          212.68.62.0/24 maxlen: 24
                          212.68.63.0/24 maxlen: 24
                          31.210.34.0/24 maxlen: 24
                          188.132.173.0/24 maxlen: 24
                          188.132.181.0/24 maxlen: 24
                          188.132.182.0/24 maxlen: 24
                          188.132.187.0/24 maxlen: 24
                          78.135.65.0/24 maxlen: 24
                          31.210.53.0/24 maxlen: 24
                          31.210.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7d:26:a3:e5:41:d5:a8:95:cc:59:96:d3:6c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f041622408555538afc4c5e7e791f68f0d2bffa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f3:86:16:cb:5a:00:94:99:5c:68:3c:33:86:
                    fb:7c:56:ab:fe:c4:ad:e1:f0:54:7d:9c:7d:bc:1b:
                    f6:eb:2a:06:b8:4a:4a:a5:18:46:86:06:ac:36:0d:
                    b0:2c:44:48:07:53:85:2a:83:03:9a:44:58:90:51:
                    75:68:47:5c:99:57:14:3c:d3:a3:80:1e:4f:5a:33:
                    4d:db:34:ab:45:d3:54:1a:3c:be:a2:c5:4b:7e:af:
                    43:f3:81:61:20:af:ab:8b:52:a5:6e:10:7e:d9:fe:
                    9f:38:17:2a:94:a9:51:a3:21:7e:15:88:0e:06:cb:
                    0f:89:75:b5:e5:34:f2:7f:7e:62:01:42:ef:87:37:
                    6b:49:66:2c:ca:92:98:76:81:a1:c6:8e:7c:2b:1c:
                    3b:18:bb:e9:a9:76:62:0c:84:7f:96:46:5c:33:29:
                    3b:26:37:ec:5d:57:4c:ca:19:c7:28:e9:04:bd:7b:
                    49:2a:32:74:cf:4c:43:4d:92:15:1f:53:97:67:6c:
                    99:67:2c:43:60:7b:5f:1b:bb:7d:6e:a9:21:7d:1f:
                    7e:f8:5b:1c:65:b8:4c:ee:74:9d:82:44:f4:00:58:
                    21:1c:3c:e4:72:7b:c8:ba:c4:9c:12:86:51:90:1b:
                    6d:7a:fe:b6:13:5f:51:24:02:06:ed:6f:06:09:3b:
                    77:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:41:62:24:08:55:55:38:AF:C4:C5:E7:E7:91:F6:8F:0D:2B:FF:A2
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/8EFiJAhVVTivxMXn55H2jw0r_6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.34.0/24
                  31.210.52.0/23
                  78.135.65.0/24
                  188.132.131.0/24
                  188.132.173.0/24
                  188.132.181.0-188.132.182.255
                  188.132.187.0/24
                  212.68.53.0-212.68.54.255
                  212.68.58.0/24
                  212.68.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:39:db:d7:26:4d:0e:91:16:41:a2:5c:b3:a9:6d:03:30:ff:
         0a:cc:b2:14:a6:c8:9b:1b:7a:c5:be:3f:a2:e1:53:e8:03:97:
         fc:e2:5b:35:0f:39:2c:cb:6f:18:dd:05:66:5c:f7:a7:1f:ab:
         e9:ff:3d:a3:78:be:d7:95:79:81:56:d8:3d:ed:fd:b9:3b:e2:
         18:27:9a:c3:d5:d7:2e:f3:06:a1:f8:de:4d:a1:93:02:4f:05:
         30:2f:8f:da:06:15:12:1e:b4:ae:b2:26:7b:f6:75:15:45:2e:
         21:b5:ae:21:9d:2d:77:e6:3d:2d:20:72:4c:fb:62:3f:22:d1:
         4f:87:c6:5a:f9:e2:e5:f0:77:95:47:7e:02:ed:a7:b7:3f:da:
         b6:91:fd:2c:fe:b5:7c:61:47:25:13:23:7b:0b:93:a3:2d:65:
         cc:40:b3:f2:e6:23:36:da:30:93:27:51:85:ce:7a:f9:43:9f:
         5c:89:c2:6e:e7:50:19:46:35:1d:55:9a:3f:10:13:82:07:58:
         94:3b:a9:d6:b0:bc:ce:a5:f5:36:1e:f3:0f:77:5e:f6:b4:2f:
         98:2e:8a:10:2b:8d:69:7a:60:d2:81:2e:f8:a8:ac:86:d2:2a:
         80:de:c9:c5:6a:44:17:52:aa:7e:54:63:c7:8b:8f:32:32:64:
         a5:8d:0f:8a
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYzI330mo+VB1aiVzFmW02yWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQxNjIyNDA4NTU1NTM4YWZjNGM1ZTdlNzkxZjY4ZjBkMmJmZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfOGFstaAJSZXGg8M4b7fFar/sSt
4fBUfZx9vBv26yoGuEpKpRhGhgasNg2wLERIB1OFKoMDmkRYkFF1aEdcmVcUPNOj
gB5PWjNN2zSrRdNUGjy+osVLfq9D84FhIK+ri1KlbhB+2f6fOBcqlKlRoyF+FYgO
BssPiXW15TTyf35iAULvhzdrSWYsypKYdoGhxo58Kxw7GLvpqXZiDIR/lkZcMyk7
JjfsXVdMyhnHKOkEvXtJKjJ0z0xDTZIVH1OXZ2yZZyxDYHtfG7t9bqkhfR9++Fsc
ZbhM7nSdgkT0AFghHDzkcnvIusScEoZRkBttev62E19RJAIG7W8GCTt3sQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFPBBYiQIVVU4r8TF5+eR9o8NK/+iMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvOEVGaUpBaFZWVGl2eE1YbjU1SDJqdzByXzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQAH9IiAwQB
H9I0AwQATodBAwQAvISDAwQAvIStMAwDBAC8hLUDBAC8hLYDBAC8hLswDAMEANRE
NQMEANRENgMEANREOgMEAdREPjANBgkqhkiG9w0BAQsFAAOCAQEAOznb1yZNDpEW
QaJcs6ltAzD/CsyyFKbImxt6xb4/ouFT6AOX/OJbNQ85LMtvGN0FZlz3px+r6f89
o3i+15V5gVbYPe39uTviGCeaw9XXLvMGofjeTaGTAk8FMC+P2gYVEh60rrIme/Z1
FUUuIbWuIZ0td+Y9LSByTPtiPyLRT4fGWvni5fB3lUd+Au2ntz/atpH9LP61fGFH
JRMjewuToy1lzECz8uYjNtowkydRhc56+UOfXInCbudQGUY1HVWaPxATggdYlDup
1rC8zqX1Nh7zD3de9rQvmC6KECuNaXpg0oEu+KishtIqgN7JxWpEF1KqflRjx4uP
MjJkpY0Pig==
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:35:48 2024 by rpki-client on console-ams.rpki-client.org