Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/39b8ad-e653-4ccd-828c-b7eb12998b35/1/i6YnZQMCRaAdUUevKf3lqGfn55I.roa
File:                     i6YnZQMCRaAdUUevKf3lqGfn55I.roa (raw, json)
Hash identifier:          zhIjzuwm8iRPElryed+eRVX1uUzRx4FO2Yk+WYH6hFU=
Subject key identifier:   8B:A6:27:65:03:02:45:A0:1D:51:47:AF:29:FD:E5:A8:67:E7:E7:92
Certificate issuer:       /CN=0866af425ab3d39d7337c2b125d39593ad91c1d1
Certificate serial:       018CCA2A6F5AEE1709E54F64F35BABD1EA4E
Authority key identifier: 08:66:AF:42:5A:B3:D3:9D:73:37:C2:B1:25:D3:95:93:AD:91:C1:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGavQlqz051zN8KxJdOVk62RwdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/39b8ad-e653-4ccd-828c-b7eb12998b35/1/i6YnZQMCRaAdUUevKf3lqGfn55I.roa
Signing time:             Tue 02 Jan 2024 12:33:47 +0000
ROA not before:           Tue 02 Jan 2024 12:33:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205344
IP address blocks:        194.148.0.0/22 maxlen: 22
                          91.239.54.0/24 maxlen: 24
                          185.219.12.0/22 maxlen: 22
                          2a0c:bc00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/39b8ad-e653-4ccd-828c-b7eb12998b35/1/CGavQlqz051zN8KxJdOVk62RwdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/39b8ad-e653-4ccd-828c-b7eb12998b35/1/CGavQlqz051zN8KxJdOVk62RwdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CGavQlqz051zN8KxJdOVk62RwdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6f:5a:ee:17:09:e5:4f:64:f3:5b:ab:d1:ea:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0866af425ab3d39d7337c2b125d39593ad91c1d1
        Validity
            Not Before: Jan  2 12:33:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ba62765030245a01d5147af29fde5a867e7e792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e9:c4:85:8e:de:09:81:dd:52:75:a5:e4:e4:
                    e5:a2:d6:03:5c:2d:97:ff:32:7a:cb:2e:b2:fb:77:
                    38:89:eb:da:fa:f4:34:5a:fe:39:ea:9a:88:81:e7:
                    fa:8f:d9:05:e2:9f:4c:8d:c4:15:71:6d:1d:a2:37:
                    eb:be:9a:c6:c4:29:43:18:ca:55:91:5d:aa:c8:91:
                    8e:68:ac:a1:c7:66:ad:50:bb:e4:13:30:88:b1:c6:
                    7b:32:f5:07:c3:62:10:7d:26:88:c7:c9:11:52:cf:
                    33:b5:40:01:3d:41:a0:fc:32:8a:8c:2d:0c:a8:f2:
                    69:13:2b:87:0b:01:93:fb:a9:d0:34:0b:c4:fb:f6:
                    1b:11:af:5d:23:e9:6a:52:36:6a:53:42:77:da:ed:
                    ce:d6:76:7b:1c:df:7f:32:fd:4b:ac:6c:61:83:73:
                    f3:43:1a:68:b3:db:6e:8d:3c:3d:d7:83:79:3b:b2:
                    63:1b:4e:21:96:83:c1:af:16:67:44:9d:70:9a:a7:
                    f4:f1:5e:fe:21:ea:1d:18:4d:96:5a:a2:9d:1c:bd:
                    56:84:3f:d3:0f:0d:ea:66:77:9f:5d:80:aa:09:ed:
                    c3:0d:81:e9:4f:99:e6:e0:89:0d:cf:90:85:5d:ad:
                    4a:c9:63:36:1f:b9:45:68:0f:eb:e3:04:81:19:e0:
                    3d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A6:27:65:03:02:45:A0:1D:51:47:AF:29:FD:E5:A8:67:E7:E7:92
            X509v3 Authority Key Identifier:
                keyid:08:66:AF:42:5A:B3:D3:9D:73:37:C2:B1:25:D3:95:93:AD:91:C1:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGavQlqz051zN8KxJdOVk62RwdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/39b8ad-e653-4ccd-828c-b7eb12998b35/1/i6YnZQMCRaAdUUevKf3lqGfn55I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/39b8ad-e653-4ccd-828c-b7eb12998b35/1/CGavQlqz051zN8KxJdOVk62RwdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.54.0/24
                  185.219.12.0/22
                  194.148.0.0/22
                IPv6:
                  2a0c:bc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:b3:1e:b7:84:88:95:67:95:15:36:bc:f9:e5:f2:d4:be:c1:
         51:53:95:54:80:c8:47:8f:c0:a2:c1:73:a2:ed:4a:24:17:2d:
         9c:29:b1:21:10:ad:28:33:84:ef:95:c1:45:74:88:12:90:65:
         34:a8:92:cb:18:0c:3f:4f:45:02:c3:89:20:0d:f0:1f:fa:de:
         2b:4d:6e:ee:1e:a8:5e:19:ac:b8:e3:6e:90:c5:9f:a1:4a:8e:
         a2:e0:af:59:8a:86:a3:d2:65:67:82:67:8f:34:2a:2a:30:a5:
         35:aa:25:ff:9d:13:34:9b:14:12:b3:4f:cc:ee:ef:a1:6f:24:
         8d:53:2d:7d:d7:4d:ef:b6:8e:ab:91:60:2a:b4:77:ae:53:12:
         29:4b:1f:f0:b4:cb:76:cb:12:ea:91:92:79:40:3d:88:27:70:
         0c:6d:d7:6d:e9:31:85:a5:00:6d:64:c9:4a:11:34:51:f0:56:
         1c:fe:73:6c:bc:49:c0:2f:6e:af:3c:4e:52:1c:af:76:33:46:
         25:ef:54:5f:f6:94:2a:90:e4:8c:c0:d9:2d:dc:40:c9:12:21:
         dd:58:14:38:88:e3:c5:ac:50:67:ab:76:43:e4:b5:b9:d0:d0:
         16:46:e3:0f:ab:92:ca:06:2c:d5:6f:c5:9c:47:64:7e:66:3a:
         e3:11:83:32
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzKKm9a7hcJ5U9k81ur0epOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjZhZjQyNWFiM2QzOWQ3MzM3YzJiMTI1ZDM5NTkzYWQ5
MWMxZDEwHhcNMjQwMTAyMTIzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE2Mjc2NTAzMDI0NWEwMWQ1MTQ3YWYyOWZkZTVhODY3ZTdlNzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArunEhY7eCYHdUnWl5OTlotYDXC2X
/zJ6yy6y+3c4ieva+vQ0Wv456pqIgef6j9kF4p9MjcQVcW0dojfrvprGxClDGMpV
kV2qyJGOaKyhx2atULvkEzCIscZ7MvUHw2IQfSaIx8kRUs8ztUABPUGg/DKKjC0M
qPJpEyuHCwGT+6nQNAvE+/YbEa9dI+lqUjZqU0J32u3O1nZ7HN9/Mv1LrGxhg3Pz
Qxpos9tujTw914N5O7JjG04hloPBrxZnRJ1wmqf08V7+IeodGE2WWqKdHL1WhD/T
Dw3qZnefXYCqCe3DDYHpT5nm4IkNz5CFXa1KyWM2H7lFaA/r4wSBGeA9GQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIumJ2UDAkWgHVFHryn95ahn5+eSMB8GA1UdIwQY
MBaAFAhmr0Jas9OdczfCsSXTlZOtkcHRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dhdlFscXowNTF6TjhLeEpkT1ZrNjJSd2RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8zOWI4YWQtZTY1My00Y2NkLTgyOGMt
YjdlYjEyOTk4YjM1LzEvaTZZblpRTUNSYUFkVVVldktmM2xxR2ZuNTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8zOWI4YWQtZTY1My00Y2NkLTgyOGMtYjdlYjEyOTk4YjM1
LzEvQ0dhdlFscXowNTF6TjhLeEpkT1ZrNjJSd2RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAW+82AwQC
udsMAwQCwpQAMA0EAgACMAcDBQMqDLwAMA0GCSqGSIb3DQEBCwUAA4IBAQA2sx63
hIiVZ5UVNrz55fLUvsFRU5VUgMhHj8CiwXOi7UokFy2cKbEhEK0oM4TvlcFFdIgS
kGU0qJLLGAw/T0UCw4kgDfAf+t4rTW7uHqheGay4426QxZ+hSo6i4K9Zioaj0mVn
gmePNCoqMKU1qiX/nRM0mxQSs0/M7u+hbySNUy19103vto6rkWAqtHeuUxIpSx/w
tMt2yxLqkZJ5QD2IJ3AMbddt6TGFpQBtZMlKETRR8FYc/nNsvEnAL26vPE5SHK92
M0Yl71Rf9pQqkOSMwNkt3EDJEiHdWBQ4iOPFrFBnq3ZD5LW50NAWRuMPq5LKBizV
b8WcR2R+ZjrjEYMy
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:41:34 2024 by rpki-client on console-fra.rpki-client.org