Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/ALPOlnhaYjp-i2o3-6AvJuUoRcg.roa
File:                     ALPOlnhaYjp-i2o3-6AvJuUoRcg.roa (raw, json)
Hash identifier:          kRQt+bAoHDnXFYwT4WM8jQkMMgRLSWzNnWaLVHxuMwk=
Subject key identifier:   00:B3:CE:96:78:5A:62:3A:7E:8B:6A:37:FB:A0:2F:26:E5:28:45:C8
Certificate issuer:       /CN=cf40fdd82a0fdf3b70be18221eeba60d801ed7bf
Certificate serial:       018CC7957254CB63EFAD3111161C46697385
Authority key identifier: CF:40:FD:D8:2A:0F:DF:3B:70:BE:18:22:1E:EB:A6:0D:80:1E:D7:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z0D92CoP3ztwvhgiHuumDYAe178.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/ALPOlnhaYjp-i2o3-6AvJuUoRcg.roa
Signing time:             Tue 02 Jan 2024 00:31:49 +0000
ROA not before:           Tue 02 Jan 2024 00:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8280
IP address blocks:        185.51.132.0/22 maxlen: 24
                          185.51.132.0/24 maxlen: 32
                          185.51.135.0/24 maxlen: 24
                          185.51.133.0/24 maxlen: 24
                          46.227.58.0/24 maxlen: 32
                          46.227.56.0/21 maxlen: 24
                          46.227.56.0/24 maxlen: 32
                          46.227.57.0/24 maxlen: 24
                          46.227.60.0/24 maxlen: 24
                          46.227.61.0/24 maxlen: 32
                          46.227.59.0/24 maxlen: 24
                          46.227.63.0/24 maxlen: 24
                          46.227.62.0/24 maxlen: 24
                          78.108.32.0/20 maxlen: 24
                          78.108.37.0/24 maxlen: 24
                          78.108.36.0/24 maxlen: 24
                          78.108.38.0/24 maxlen: 24
                          78.108.33.0/24 maxlen: 24
                          78.108.32.0/24 maxlen: 24
                          78.108.35.0/24 maxlen: 24
                          78.108.34.0/24 maxlen: 24
                          78.108.40.0/24 maxlen: 24
                          78.108.39.0/24 maxlen: 24
                          78.108.42.0/24 maxlen: 24
                          78.108.41.0/24 maxlen: 24
                          78.108.44.0/24 maxlen: 24
                          78.108.43.0/24 maxlen: 24
                          78.108.45.0/24 maxlen: 24
                          78.108.47.0/24 maxlen: 24
                          78.108.46.0/24 maxlen: 24
                          2001:1548:7006::/48 maxlen: 48
                          2001:1548:7001::/48 maxlen: 48
                          2001:1548::/29 maxlen: 29
                          2001:1548:7010::/48 maxlen: 48
                          2001:1548:7009::/48 maxlen: 48
                          2001:1548:7004::/48 maxlen: 48
                          2001:1548:7007::/48 maxlen: 48
                          2001:1548:7002::/48 maxlen: 48
                          2001:1548:7011::/48 maxlen: 48
                          2001:1548:7005::/48 maxlen: 48
                          2001:1548:7000::/48 maxlen: 48
                          2001:1548:7003::/48 maxlen: 48
                          2001:1548:7008::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/z0D92CoP3ztwvhgiHuumDYAe178.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/z0D92CoP3ztwvhgiHuumDYAe178.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z0D92CoP3ztwvhgiHuumDYAe178.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:72:54:cb:63:ef:ad:31:11:16:1c:46:69:73:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf40fdd82a0fdf3b70be18221eeba60d801ed7bf
        Validity
            Not Before: Jan  2 00:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00b3ce96785a623a7e8b6a37fba02f26e52845c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b6:ee:63:35:ab:00:ef:e8:29:bf:fc:ba:dd:
                    45:f7:be:26:d3:c7:13:2e:3f:d5:05:ba:e4:70:2d:
                    f1:e1:e2:dd:19:3e:67:1a:e9:be:75:27:71:a1:52:
                    40:60:1f:de:58:3a:1b:d0:55:d3:ae:ed:15:7d:bf:
                    1f:e6:ed:8d:cf:2a:dc:ee:47:ce:23:46:9a:9b:39:
                    36:b8:ff:78:88:cf:ca:c3:17:69:c1:ab:23:49:03:
                    b7:da:64:e3:98:e0:f8:c1:b3:c6:db:23:7c:47:07:
                    6e:c8:1d:dd:74:ab:50:a5:4a:a9:37:85:a3:a0:97:
                    6b:a4:d9:0d:8f:de:6e:dd:0c:48:b0:87:23:17:a5:
                    b8:fa:d4:b4:bb:67:35:55:5e:b0:43:a5:77:42:3e:
                    74:10:29:d1:df:ca:73:bb:1b:83:4d:24:87:1c:2c:
                    db:2c:13:8b:24:51:44:05:a0:27:99:3f:cc:82:22:
                    bf:0f:8e:60:38:0d:6a:77:50:cd:b6:32:81:df:ae:
                    a9:35:f6:94:7b:2f:91:2e:5c:b6:c7:6b:5e:0b:82:
                    1e:d1:62:40:68:fc:71:51:f1:fe:8d:f9:4f:25:c5:
                    66:e1:e5:3e:08:c1:18:e6:8d:92:4b:be:9c:ff:72:
                    b1:fe:0c:4a:ad:48:33:c2:06:c6:b2:15:79:cf:da:
                    e7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B3:CE:96:78:5A:62:3A:7E:8B:6A:37:FB:A0:2F:26:E5:28:45:C8
            X509v3 Authority Key Identifier:
                keyid:CF:40:FD:D8:2A:0F:DF:3B:70:BE:18:22:1E:EB:A6:0D:80:1E:D7:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z0D92CoP3ztwvhgiHuumDYAe178.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/ALPOlnhaYjp-i2o3-6AvJuUoRcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/z0D92CoP3ztwvhgiHuumDYAe178.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.227.56.0/21
                  78.108.32.0/20
                  185.51.132.0/22
                IPv6:
                  2001:1548::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:11:da:12:4f:8a:0e:b0:ff:61:73:6e:ae:6f:2e:db:33:f0:
         d2:66:6f:d4:fc:c1:28:b0:13:3d:d8:3b:c0:8b:33:73:84:75:
         20:0b:8a:7a:fd:a9:fe:1c:c7:40:50:11:09:e5:44:77:00:fe:
         b4:6e:6f:c1:60:c5:9f:23:50:d2:8d:0d:42:81:79:71:c8:94:
         40:62:00:c2:db:b2:43:8c:d2:a1:23:cb:e9:e7:13:1c:52:77:
         1f:72:c5:8e:fa:3f:cb:87:f9:50:34:97:db:84:95:e0:c9:ba:
         ce:7e:ad:62:60:55:e0:52:91:ab:20:80:e6:ef:e6:b8:c3:da:
         9e:ea:d5:bf:ae:d2:39:54:19:3c:0f:2c:e1:76:e1:e2:47:07:
         55:08:da:ef:79:a6:4b:22:71:77:4b:b9:91:b2:a6:f3:d2:b3:
         a7:b9:51:f7:59:e9:65:b4:f3:65:73:4e:a2:5d:d8:0f:48:e4:
         49:18:24:8d:f6:39:af:f6:56:97:30:92:b9:78:f9:75:88:d6:
         fd:10:a9:de:17:52:8d:a6:9f:fc:b6:58:02:b5:91:a4:f3:cb:
         af:9e:7e:c0:1d:d2:93:b7:ac:34:ea:d5:5b:aa:33:4e:31:7d:
         83:ab:73:df:00:a3:b0:fe:f9:29:07:76:1e:f8:dc:62:72:e5:
         55:76:78:51
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzHlXJUy2PvrTERFhxGaXOFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNDBmZGQ4MmEwZmRmM2I3MGJlMTgyMjFlZWJhNjBkODAx
ZWQ3YmYwHhcNMjQwMTAyMDAzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGIzY2U5Njc4NWE2MjNhN2U4YjZhMzdmYmEwMmYyNmU1Mjg0NWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLbuYzWrAO/oKb/8ut1F974m08cT
Lj/VBbrkcC3x4eLdGT5nGum+dSdxoVJAYB/eWDob0FXTru0Vfb8f5u2Nzyrc7kfO
I0aamzk2uP94iM/KwxdpwasjSQO32mTjmOD4wbPG2yN8RwduyB3ddKtQpUqpN4Wj
oJdrpNkNj95u3QxIsIcjF6W4+tS0u2c1VV6wQ6V3Qj50ECnR38pzuxuDTSSHHCzb
LBOLJFFEBaAnmT/MgiK/D45gOA1qd1DNtjKB366pNfaUey+RLly2x2teC4Ie0WJA
aPxxUfH+jflPJcVm4eU+CMEY5o2SS76c/3Kx/gxKrUgzwgbGshV5z9rnEwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFACzzpZ4WmI6fotqN/ugLyblKEXIMB8GA1UdIwQY
MBaAFM9A/dgqD987cL4YIh7rpg2AHte/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejBEOTJDb1AzenR3dmhnaUh1dW1EWUFlMTc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS83OTI3MzctNmEwMi00MjRiLTgyY2It
YTI5Y2U3ZGExMGZkLzEvQUxQT2xuaGFZanAtaTJvMy02QXZKdVVvUmNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS83OTI3MzctNmEwMi00MjRiLTgyY2ItYTI5Y2U3ZGExMGZk
LzEvejBEOTJDb1AzenR3dmhnaUh1dW1EWUFlMTc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLuM4AwQE
TmwgAwQCuTOEMA0EAgACMAcDBQMgARVIMA0GCSqGSIb3DQEBCwUAA4IBAQAAEdoS
T4oOsP9hc26uby7bM/DSZm/U/MEosBM92DvAizNzhHUgC4p6/an+HMdAUBEJ5UR3
AP60bm/BYMWfI1DSjQ1CgXlxyJRAYgDC27JDjNKhI8vp5xMcUncfcsWO+j/Lh/lQ
NJfbhJXgybrOfq1iYFXgUpGrIIDm7+a4w9qe6tW/rtI5VBk8DyzhduHiRwdVCNrv
eaZLInF3S7mRsqbz0rOnuVH3WelltPNlc06iXdgPSORJGCSN9jmv9laXMJK5ePl1
iNb9EKneF1KNpp/8tlgCtZGk88uvnn7AHdKTt6w06tVbqjNOMX2Dq3PfAKOw/vkp
B3Ye+NxicuVVdnhR
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:30:28 2024 by rpki-client on console-fra.rpki-client.org