Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/cBaGAIQyJhcS_INf-H9Dex1s5j4.roa
File:                     cBaGAIQyJhcS_INf-H9Dex1s5j4.roa (raw, json)
Hash identifier:          Fv/3/qbN1IDEUT8Gw8Vj5qMsApGLEiNAS1PWUtRRUGw=
Subject key identifier:   70:16:86:00:84:32:26:17:12:FC:83:5F:F8:7F:43:7B:1D:6C:E6:3E
Certificate issuer:       /CN=3ba1782b6afba7c6bcf070b93fed4cc84af41352
Certificate serial:       018CC3B708C5E856BE1B83C61429F2E19C22
Authority key identifier: 3B:A1:78:2B:6A:FB:A7:C6:BC:F0:70:B9:3F:ED:4C:C8:4A:F4:13:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6F4K2r7p8a88HC5P-1MyEr0E1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/cBaGAIQyJhcS_INf-H9Dex1s5j4.roa
Signing time:             Mon 01 Jan 2024 06:30:01 +0000
ROA not before:           Mon 01 Jan 2024 06:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34879
IP address blocks:        78.41.104.0/23 maxlen: 24
                          78.41.106.0/24 maxlen: 24
                          78.41.110.0/23 maxlen: 24
                          78.41.109.0/24 maxlen: 24
                          78.41.108.0/24 maxlen: 24
                          78.41.107.0/24 maxlen: 24
                          46.235.186.0/24 maxlen: 24
                          46.235.184.0/23 maxlen: 24
                          46.235.189.0/24 maxlen: 24
                          46.235.188.0/24 maxlen: 24
                          46.235.188.0/23 maxlen: 23
                          46.235.187.0/24 maxlen: 24
                          46.235.190.0/23 maxlen: 23
                          37.220.162.0/23 maxlen: 24
                          37.220.161.0/24 maxlen: 24
                          37.220.160.0/24 maxlen: 24
                          37.220.166.0/24 maxlen: 24
                          37.220.165.0/24 maxlen: 24
                          37.220.167.0/24 maxlen: 24
                          93.93.91.0/24 maxlen: 24
                          93.93.90.0/24 maxlen: 24
                          93.93.88.0/23 maxlen: 24
                          93.93.94.0/24 maxlen: 24
                          93.93.92.0/23 maxlen: 24
                          93.93.95.0/24 maxlen: 24
                          185.17.169.0/24 maxlen: 24
                          185.17.168.0/24 maxlen: 24
                          185.17.170.0/23 maxlen: 24
                          2a03:e040:10::/48 maxlen: 48
                          2a03:e040::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/O6F4K2r7p8a88HC5P-1MyEr0E1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/O6F4K2r7p8a88HC5P-1MyEr0E1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O6F4K2r7p8a88HC5P-1MyEr0E1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:08:c5:e8:56:be:1b:83:c6:14:29:f2:e1:9c:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba1782b6afba7c6bcf070b93fed4cc84af41352
        Validity
            Not Before: Jan  1 06:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=701686008432261712fc835ff87f437b1d6ce63e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e8:05:e3:52:bd:45:c1:40:47:35:ff:77:e7:
                    97:4a:87:a9:47:44:6b:bd:bb:b8:97:d8:2d:39:f4:
                    bc:99:81:29:d6:9e:41:f3:7d:84:3d:4c:45:69:c7:
                    b7:52:58:03:72:a5:4b:60:d0:a4:1c:0e:7e:dd:7e:
                    aa:ea:1e:3d:77:6d:40:c7:ef:91:9a:73:38:d6:79:
                    84:e3:bb:ec:16:96:46:fd:0e:ba:09:42:63:86:8b:
                    3f:64:fc:b6:ed:b8:80:db:cb:de:9b:5c:a6:f0:f3:
                    a0:d2:de:2a:91:65:62:d6:fd:6e:94:b7:e6:82:11:
                    b1:9d:ab:58:f5:9b:15:ab:54:9c:8b:63:9c:be:75:
                    86:9d:92:13:fe:42:87:5e:27:29:ac:05:ed:50:27:
                    32:c4:ba:de:ce:a4:63:5a:c6:e5:47:73:c0:04:ca:
                    32:86:8e:a9:d3:8c:f1:5f:fb:89:11:e3:6c:ea:a1:
                    7f:a6:f7:20:73:e3:4d:8d:f9:a1:68:7f:39:4f:ae:
                    01:ba:10:c2:5d:b0:d0:18:af:e3:3e:d7:38:91:0a:
                    c4:4e:e2:eb:fc:ba:02:07:52:fe:84:9b:31:a1:23:
                    25:3c:ad:b2:a3:f0:83:0b:f0:0b:49:f0:c1:8c:dd:
                    a0:59:a1:37:09:81:ee:2d:5f:73:df:21:c9:5c:18:
                    d4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:16:86:00:84:32:26:17:12:FC:83:5F:F8:7F:43:7B:1D:6C:E6:3E
            X509v3 Authority Key Identifier:
                keyid:3B:A1:78:2B:6A:FB:A7:C6:BC:F0:70:B9:3F:ED:4C:C8:4A:F4:13:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6F4K2r7p8a88HC5P-1MyEr0E1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/cBaGAIQyJhcS_INf-H9Dex1s5j4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/O6F4K2r7p8a88HC5P-1MyEr0E1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.220.160.0/22
                  37.220.165.0-37.220.167.255
                  46.235.184.0/21
                  78.41.104.0/21
                  93.93.88.0/21
                  185.17.168.0/22
                IPv6:
                  2a03:e040::/48
                  2a03:e040:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:0a:7d:79:28:7d:63:e9:bb:7c:b5:c7:bc:11:26:ff:1d:42:
         20:45:ca:9e:a8:ae:b1:15:e9:8b:71:a7:06:8b:bc:69:fc:b1:
         33:82:7e:67:a9:c4:48:ee:a6:6c:cc:bf:68:89:24:b7:67:e8:
         06:cc:9b:19:5d:38:52:39:97:e2:f8:20:c2:b6:0d:54:e0:77:
         b5:b5:a0:f5:63:24:3d:1f:4a:0f:51:2d:fc:ed:e9:1c:54:1a:
         ed:66:d1:46:24:94:7a:56:5a:98:25:b9:25:38:4d:a3:b9:e3:
         d0:a2:2f:a6:c2:2a:5a:a9:fb:79:ae:6c:19:da:1e:d1:dd:42:
         45:14:12:48:57:93:e0:c9:4f:d2:8e:d0:b7:a5:d3:35:2a:3e:
         9f:c0:e7:0c:6a:96:eb:75:be:cb:64:c9:0e:1e:99:fe:99:63:
         98:4f:53:55:bc:4d:ea:62:33:c0:72:ed:e6:37:8a:05:c2:bd:
         95:62:26:58:38:f3:c3:78:cf:fe:64:20:43:50:aa:79:34:7b:
         8d:ec:b5:4d:e2:cc:ad:cd:4c:79:7f:3f:76:79:44:f4:53:5f:
         20:d6:8b:c4:1b:fa:59:b9:6a:a3:4b:96:96:9e:90:b3:cf:a0:
         44:98:ef:f8:6c:6d:a0:0a:c5:fb:42:aa:4e:e0:50:bd:ff:7b:
         cd:a2:01:5f
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzDtwjF6Fa+G4PGFCny4ZwiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTE3ODJiNmFmYmE3YzZiY2YwNzBiOTNmZWQ0Y2M4NGFm
NDEzNTIwHhcNMjQwMTAxMDYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDE2ODYwMDg0MzIyNjE3MTJmYzgzNWZmODdmNDM3YjFkNmNlNjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiegF41K9RcFARzX/d+eXSoepR0Rr
vbu4l9gtOfS8mYEp1p5B832EPUxFace3UlgDcqVLYNCkHA5+3X6q6h49d21Ax++R
mnM41nmE47vsFpZG/Q66CUJjhos/ZPy27biA28vem1ym8POg0t4qkWVi1v1ulLfm
ghGxnatY9ZsVq1Sci2OcvnWGnZIT/kKHXicprAXtUCcyxLrezqRjWsblR3PABMoy
ho6p04zxX/uJEeNs6qF/pvcgc+NNjfmhaH85T64BuhDCXbDQGK/jPtc4kQrETuLr
/LoCB1L+hJsxoSMlPK2yo/CDC/ALSfDBjN2gWaE3CYHuLV9z3yHJXBjU0QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHAWhgCEMiYXEvyDX/h/Q3sdbOY+MB8GA1UdIwQY
MBaAFDuheCtq+6fGvPBwuT/tTMhK9BNSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZGNEsycjdwOGE4OEhDNVAtMU15RXIwRTFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9hZDdhYzMtYjhhZC00MmIwLWFkMmEt
YWU5NjdkNzM5ZGQzLzEvY0JhR0FJUXlKaGNTX0lOZi1IOURleDFzNWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9hZDdhYzMtYjhhZC00MmIwLWFkMmEtYWU5NjdkNzM5ZGQz
LzEvTzZGNEsycjdwOGE4OEhDNVAtMU15RXIwRTFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAyBAIAATAsAwQCJdygMAwD
BAAl3KUDBAMl3KADBAMu67gDBANOKWgDBANdXVgDBAK5EagwGAQCAAIwEgMHACoD
4EAAAAMHACoD4EAAEDANBgkqhkiG9w0BAQsFAAOCAQEAqwp9eSh9Y+m7fLXHvBEm
/x1CIEXKnqiusRXpi3GnBou8afyxM4J+Z6nESO6mbMy/aIkkt2foBsybGV04UjmX
4vggwrYNVOB3tbWg9WMkPR9KD1Et/O3pHFQa7WbRRiSUelZamCW5JThNo7nj0KIv
psIqWqn7ea5sGdoe0d1CRRQSSFeT4MlP0o7Qt6XTNSo+n8DnDGqW63W+y2TJDh6Z
/pljmE9TVbxN6mIzwHLt5jeKBcK9lWImWDjzw3jP/mQgQ1CqeTR7jey1TeLMrc1M
eX8/dnlE9FNfINaLxBv6Wblqo0uWlp6Qs8+gRJjv+GxtoArF+0KqTuBQvf97zaIB
Xw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:57:51 2024 by rpki-client on console-fra.rpki-client.org