Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/Z6e-YKpAQbBE8992mbXIdh8DLaI.roa
File:                     Z6e-YKpAQbBE8992mbXIdh8DLaI.roa (raw, json)
Hash identifier:          zdP3R0HZwl1k6gdIkr9nwr7ix2dfU/jxmKc7Z4cQmJ0=
Subject key identifier:   67:A7:BE:60:AA:40:41:B0:44:F3:DF:76:99:B5:C8:76:1F:03:2D:A2
Certificate issuer:       /CN=efa70cb849e3837451bd79af7dc7e035963e6043
Certificate serial:       018CC6B938767BBEEC1B05200334BEE918FF
Authority key identifier: EF:A7:0C:B8:49:E3:83:74:51:BD:79:AF:7D:C7:E0:35:96:3E:60:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/76cMuEnjg3RRvXmvfcfgNZY-YEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/Z6e-YKpAQbBE8992mbXIdh8DLaI.roa
Signing time:             Mon 01 Jan 2024 20:31:16 +0000
ROA not before:           Mon 01 Jan 2024 20:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34916
IP address blocks:        89.44.238.0/23 maxlen: 23
                          89.42.118.0/23 maxlen: 23
                          86.106.27.0/24 maxlen: 24
                          86.104.231.0/24 maxlen: 24
                          86.105.204.0/23 maxlen: 23
                          85.204.193.0/24 maxlen: 24
                          86.105.226.0/24 maxlen: 24
                          89.35.250.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/76cMuEnjg3RRvXmvfcfgNZY-YEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/76cMuEnjg3RRvXmvfcfgNZY-YEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/76cMuEnjg3RRvXmvfcfgNZY-YEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:38:76:7b:be:ec:1b:05:20:03:34:be:e9:18:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efa70cb849e3837451bd79af7dc7e035963e6043
        Validity
            Not Before: Jan  1 20:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67a7be60aa4041b044f3df7699b5c8761f032da2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a9:2b:c1:00:ed:82:34:67:46:cd:b7:c9:e8:
                    ba:c1:79:c1:82:96:6e:45:8a:cb:0a:71:1c:ee:b3:
                    38:08:52:08:74:0f:66:7b:b3:74:f7:eb:bf:98:e9:
                    4c:b2:1d:60:98:b4:0f:33:6a:2c:9f:2e:e5:b7:d0:
                    df:6c:4b:9d:db:a1:82:e1:26:b5:f8:9b:4a:e9:78:
                    dc:39:a8:3a:52:f8:51:7f:58:cd:9b:9b:8a:44:61:
                    1f:47:9c:ee:97:40:32:ec:a7:32:8f:e8:cf:d6:e5:
                    11:77:d0:9a:1c:6c:8f:ba:7d:92:68:11:c2:ea:50:
                    3c:1c:70:1b:d5:71:76:3e:2c:ba:40:4f:57:6b:de:
                    99:ca:8f:9d:b9:3c:81:c7:a6:29:b1:55:ab:44:ec:
                    b7:c9:82:50:c3:2e:65:e9:a8:8f:cd:a4:c6:cc:ae:
                    d5:5f:fc:70:88:79:7f:84:1b:2e:df:1b:d4:ed:df:
                    24:44:aa:d3:43:ee:b8:75:01:24:94:0a:1a:65:fc:
                    4b:bc:1c:d3:34:f1:1b:c4:e4:4a:0c:f2:c6:cf:fa:
                    9c:35:83:d5:ea:e6:12:7d:60:d1:23:12:db:76:19:
                    57:62:8a:d3:45:3d:39:7b:e6:47:e8:3c:0a:82:e5:
                    83:7f:81:e5:22:f1:e4:f3:0e:03:53:32:9e:2c:c2:
                    dd:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A7:BE:60:AA:40:41:B0:44:F3:DF:76:99:B5:C8:76:1F:03:2D:A2
            X509v3 Authority Key Identifier:
                keyid:EF:A7:0C:B8:49:E3:83:74:51:BD:79:AF:7D:C7:E0:35:96:3E:60:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76cMuEnjg3RRvXmvfcfgNZY-YEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/Z6e-YKpAQbBE8992mbXIdh8DLaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/76cMuEnjg3RRvXmvfcfgNZY-YEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.193.0/24
                  86.104.231.0/24
                  86.105.204.0/23
                  86.105.226.0/24
                  86.106.27.0/24
                  89.35.250.0/23
                  89.42.118.0/23
                  89.44.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:7b:60:f9:bf:12:df:dd:3b:c2:de:44:f8:8b:70:77:24:30:
         dd:56:7e:1c:c8:0e:b4:1e:99:3c:25:86:e1:d1:23:0c:43:0b:
         dd:5a:6c:9a:05:df:c3:5d:b3:89:d7:b8:bf:d4:44:c7:88:ba:
         b5:ca:1d:c1:20:d2:7c:6d:2e:92:96:5d:2a:37:67:50:75:d1:
         69:4e:83:6a:e9:57:93:ef:d5:e7:28:03:d8:d5:5f:63:e4:e1:
         36:f2:a7:18:57:62:5c:8b:fd:aa:11:52:79:88:6e:ea:e3:9b:
         7d:2e:f7:ce:cd:a7:a2:3e:e5:2c:f5:89:45:e4:93:c3:e8:36:
         50:22:c7:11:56:6a:30:eb:b5:c0:5b:14:21:1c:b9:ca:7f:2d:
         e7:80:5d:a2:42:02:1d:a9:c3:06:6f:d9:58:ef:d2:f1:c9:32:
         83:18:e1:dc:63:16:bb:a8:ed:ba:9f:9c:53:92:68:9e:59:7d:
         3d:ae:55:2d:e0:9b:b6:b9:69:8d:4a:3f:09:d1:e1:02:4d:20:
         59:f1:47:7e:37:96:51:79:ac:17:3e:70:71:73:d3:4b:a4:29:
         cd:e6:7d:ae:85:9c:db:44:26:39:85:7c:42:67:04:d6:25:9c:
         99:5d:a1:2f:10:32:b1:48:2f:43:51:a8:73:89:24:46:1a:f0:
         67:6e:99:b9
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzGuTh2e77sGwUgAzS+6Rj/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTcwY2I4NDllMzgzNzQ1MWJkNzlhZjdkYzdlMDM1OTYz
ZTYwNDMwHhcNMjQwMTAxMjAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2E3YmU2MGFhNDA0MWIwNDRmM2RmNzY5OWI1Yzg3NjFmMDMyZGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqkrwQDtgjRnRs23yei6wXnBgpZu
RYrLCnEc7rM4CFIIdA9me7N09+u/mOlMsh1gmLQPM2osny7lt9DfbEud26GC4Sa1
+JtK6XjcOag6UvhRf1jNm5uKRGEfR5zul0Ay7Kcyj+jP1uURd9CaHGyPun2SaBHC
6lA8HHAb1XF2Piy6QE9Xa96Zyo+duTyBx6YpsVWrROy3yYJQwy5l6aiPzaTGzK7V
X/xwiHl/hBsu3xvU7d8kRKrTQ+64dQEklAoaZfxLvBzTNPEbxORKDPLGz/qcNYPV
6uYSfWDRIxLbdhlXYorTRT05e+ZH6DwKguWDf4HlIvHk8w4DUzKeLMLdZQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGenvmCqQEGwRPPfdpm1yHYfAy2iMB8GA1UdIwQY
MBaAFO+nDLhJ44N0Ub15r33H4DWWPmBDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZjTXVFbmpnM1JSdlhtdmZjZmdOWlktWUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS82OTJiMWUtYzlmZS00M2UwLWI3MjIt
NTNhNjA0ODA3NjFkLzEvWjZlLVlLcEFRYkJFODk5Mm1iWElkaDhETGFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS82OTJiMWUtYzlmZS00M2UwLWI3MjItNTNhNjA0ODA3NjFk
LzEvNzZjTXVFbmpnM1JSdlhtdmZjZmdOWlktWUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAVczBAwQA
VmjnAwQBVmnMAwQAVmniAwQAVmobAwQBWSP6AwQBWSp2AwQBWSzuMA0GCSqGSIb3
DQEBCwUAA4IBAQA+e2D5vxLf3TvC3kT4i3B3JDDdVn4cyA60Hpk8JYbh0SMMQwvd
WmyaBd/DXbOJ17i/1ETHiLq1yh3BINJ8bS6Sll0qN2dQddFpToNq6VeT79XnKAPY
1V9j5OE28qcYV2Jci/2qEVJ5iG7q45t9LvfOzaeiPuUs9YlF5JPD6DZQIscRVmow
67XAWxQhHLnKfy3ngF2iQgIdqcMGb9lY79LxyTKDGOHcYxa7qO26n5xTkmieWX09
rlUt4Ju2uWmNSj8J0eECTSBZ8Ud+N5ZReawXPnBxc9NLpCnN5n2uhZzbRCY5hXxC
ZwTWJZyZXaEvEDKxSC9DUahziSRGGvBnbpm5
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:42:05 2024 by rpki-client on console-ams.rpki-client.org