Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/O9Ev7xS6ciwXVK_ONVKEROdFh3c.roa
File:                     O9Ev7xS6ciwXVK_ONVKEROdFh3c.roa (raw, json)
Hash identifier:          ozdnAnxlTkVp3NrypRhMFMxsv6JvG3phsbeS9aYBLKk=
Subject key identifier:   3B:D1:2F:EF:14:BA:72:2C:17:54:AF:CE:35:52:84:44:E7:45:87:77
Certificate issuer:       /CN=a5472b1473bc781b70440315c83d119c8abc86fc
Certificate serial:       018CC64B84A08A4637F17D44738A6A5B72B8
Authority key identifier: A5:47:2B:14:73:BC:78:1B:70:44:03:15:C8:3D:11:9C:8A:BC:86:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/O9Ev7xS6ciwXVK_ONVKEROdFh3c.roa
Signing time:             Mon 01 Jan 2024 18:31:27 +0000
ROA not before:           Mon 01 Jan 2024 18:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2860
IP address blocks:        89.109.64.0/18 maxlen: 18
                          188.125.192.0/19 maxlen: 19
                          185.80.76.0/22 maxlen: 22
                          213.138.224.0/19 maxlen: 19
                          95.172.160.0/19 maxlen: 19
                          213.190.192.0/19 maxlen: 19
                          159.255.48.0/20 maxlen: 20
                          83.223.160.0/19 maxlen: 19
                          84.23.192.0/19 maxlen: 19
                          2a00:d180::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/pUcrFHO8eBtwRAMVyD0RnIq8hvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/pUcrFHO8eBtwRAMVyD0RnIq8hvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:84:a0:8a:46:37:f1:7d:44:73:8a:6a:5b:72:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5472b1473bc781b70440315c83d119c8abc86fc
        Validity
            Not Before: Jan  1 18:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bd12fef14ba722c1754afce35528444e7458777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:73:1a:77:43:69:96:03:af:a9:43:81:ef:e0:
                    7a:10:bc:5e:c5:61:ed:86:7e:4c:b9:79:45:27:bf:
                    e9:f7:05:75:0a:7e:d2:43:38:b1:20:32:27:ea:92:
                    76:13:14:ce:56:45:7b:1a:52:40:48:36:70:6e:2e:
                    87:a3:7a:4d:f7:53:3d:73:85:3f:74:e5:f1:1c:46:
                    6a:76:55:80:7d:d5:e6:9b:40:19:69:de:30:b6:5e:
                    aa:e5:d0:8a:01:8f:e3:f6:d5:a3:9d:f2:92:dd:32:
                    56:22:f4:1a:b8:bd:48:e3:43:91:aa:0a:de:ef:68:
                    40:8c:85:07:df:bb:e0:cf:6e:4c:74:32:c6:a5:d4:
                    00:17:e7:97:b1:64:cb:63:21:33:ad:63:43:d7:34:
                    ac:ee:e6:09:aa:ff:e3:9d:92:ae:2b:3f:9a:78:10:
                    69:ac:79:58:46:66:82:f5:7e:1e:d9:04:2e:4e:a8:
                    9f:cc:e9:7f:c3:7b:ee:a3:5b:e4:2a:f0:01:e4:b7:
                    e1:c3:d6:8c:fa:69:e2:74:04:3d:39:d4:14:7c:3d:
                    27:17:a7:0a:0f:4f:73:a8:63:82:9e:e8:ff:66:c9:
                    ee:dc:ed:2c:00:49:57:17:20:19:70:fc:db:9a:4e:
                    20:6c:d7:22:2d:e9:66:39:62:01:b5:5e:98:80:11:
                    9d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D1:2F:EF:14:BA:72:2C:17:54:AF:CE:35:52:84:44:E7:45:87:77
            X509v3 Authority Key Identifier:
                keyid:A5:47:2B:14:73:BC:78:1B:70:44:03:15:C8:3D:11:9C:8A:BC:86:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pUcrFHO8eBtwRAMVyD0RnIq8hvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/O9Ev7xS6ciwXVK_ONVKEROdFh3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/30112f-0e9d-4fc8-b854-b1565b255854/1/pUcrFHO8eBtwRAMVyD0RnIq8hvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.223.160.0/19
                  84.23.192.0/19
                  89.109.64.0/18
                  95.172.160.0/19
                  159.255.48.0/20
                  185.80.76.0/22
                  188.125.192.0/19
                  213.138.224.0/19
                  213.190.192.0/19
                IPv6:
                  2a00:d180::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:e3:07:1e:62:4d:8d:77:1a:6c:c7:83:a8:e6:fd:76:49:05:
         45:03:fd:fa:03:be:6c:f4:02:65:d8:55:7d:bd:a0:73:7f:d1:
         3c:08:74:de:eb:a4:20:5f:a8:44:61:58:62:02:4a:dd:1f:f1:
         6f:6a:2d:0d:b7:b1:96:c3:30:1f:91:41:e4:34:24:13:87:61:
         cc:b4:ee:85:87:2f:2b:dd:47:bc:49:d9:a0:16:6b:cc:52:03:
         83:f1:82:78:50:1e:e8:d3:7d:6b:be:2c:a7:c3:6a:ad:11:d6:
         88:e8:4a:3e:0c:fb:86:a7:ff:05:79:28:10:06:f8:58:49:69:
         4d:5b:ab:c9:39:d0:9f:45:40:75:bb:0b:8f:2a:de:ce:ee:72:
         e8:e0:7d:75:af:b6:11:5a:17:db:6f:57:c0:b1:f8:cc:99:bb:
         7b:7d:9d:97:10:55:e3:89:fd:65:a1:01:7c:b3:9a:8e:26:2c:
         2e:74:24:3e:6a:5f:64:7e:b8:6a:b6:60:a1:c7:b4:1a:64:83:
         b9:e4:85:c6:e0:ad:a8:f3:26:ea:af:18:2b:88:b7:b2:8e:93:
         84:e4:be:3e:b5:23:f2:c8:a4:cc:a7:01:99:a6:e1:67:cf:88:
         dc:e9:79:24:ac:87:be:31:fb:12:71:34:a0:92:df:ab:f5:45:
         92:39:0e:21
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzGS4SgikY38X1Ec4pqW3K4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NDcyYjE0NzNiYzc4MWI3MDQ0MDMxNWM4M2QxMTljOGFi
Yzg2ZmMwHhcNMjQwMTAxMTgzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQxMmZlZjE0YmE3MjJjMTc1NGFmY2UzNTUyODQ0NGU3NDU4Nzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HMad0NplgOvqUOB7+B6ELxexWHt
hn5MuXlFJ7/p9wV1Cn7SQzixIDIn6pJ2ExTOVkV7GlJASDZwbi6Ho3pN91M9c4U/
dOXxHEZqdlWAfdXmm0AZad4wtl6q5dCKAY/j9tWjnfKS3TJWIvQauL1I40ORqgre
72hAjIUH37vgz25MdDLGpdQAF+eXsWTLYyEzrWND1zSs7uYJqv/jnZKuKz+aeBBp
rHlYRmaC9X4e2QQuTqifzOl/w3vuo1vkKvAB5Lfhw9aM+mnidAQ9OdQUfD0nF6cK
D09zqGOCnuj/Zsnu3O0sAElXFyAZcPzbmk4gbNciLelmOWIBtV6YgBGdnwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDvRL+8UunIsF1SvzjVShETnRYd3MB8GA1UdIwQY
MBaAFKVHKxRzvHgbcEQDFcg9EZyKvIb8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFVjckZITzhlQnR3UkFNVnlEMFJuSXE4aHZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zMDExMmYtMGU5ZC00ZmM4LWI4NTQt
YjE1NjViMjU1ODU0LzEvTzlFdjd4UzZjaXdYVktfT05WS0VST2RGaDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zMDExMmYtMGU5ZC00ZmM4LWI4NTQtYjE1NjViMjU1ODU0
LzEvcFVjckZITzhlQnR3UkFNVnlEMFJuSXE4aHZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQFU9+gAwQF
VBfAAwQGWW1AAwQFX6ygAwQEn/8wAwQCuVBMAwQFvH3AAwQF1YrgAwQF1b7AMA0E
AgACMAcDBQAqANGAMA0GCSqGSIb3DQEBCwUAA4IBAQBo4wceYk2Ndxpsx4Oo5v12
SQVFA/36A75s9AJl2FV9vaBzf9E8CHTe66QgX6hEYVhiAkrdH/Fvai0Nt7GWwzAf
kUHkNCQTh2HMtO6Fhy8r3Ue8SdmgFmvMUgOD8YJ4UB7o031rviynw2qtEdaI6Eo+
DPuGp/8FeSgQBvhYSWlNW6vJOdCfRUB1uwuPKt7O7nLo4H11r7YRWhfbb1fAsfjM
mbt7fZ2XEFXjif1loQF8s5qOJiwudCQ+al9kfrhqtmChx7QaZIO55IXG4K2o8ybq
rxgriLeyjpOE5L4+tSPyyKTMpwGZpuFnz4jc6XkkrIe+MfsScTSgkt+r9UWSOQ4h
-----END CERTIFICATE-----
Generated at Sat Nov 23 12:01:30 2024 by rpki-client on console-fra.rpki-client.org