Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/zM027GHnMUbLJmm62Kvh9xLG_6c.roa
File:                     zM027GHnMUbLJmm62Kvh9xLG_6c.roa (raw, json)
Hash identifier:          9K0YFBGGX0fDS40uwODg7qjVc9XbKaEljsH3WPygoys=
Subject key identifier:   CC:CD:36:EC:61:E7:31:46:CB:26:69:BA:D8:AB:E1:F7:12:C6:FF:A7
Certificate issuer:       /CN=15ab3e72f7340da856e93d62ee8d023f1d7c8ee7
Certificate serial:       018CC5010B45DB31A3643879D833883030F9
Authority key identifier: 15:AB:3E:72:F7:34:0D:A8:56:E9:3D:62:EE:8D:02:3F:1D:7C:8E:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fas-cvc0DahW6T1i7o0CPx18juc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/zM027GHnMUbLJmm62Kvh9xLG_6c.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209549
IP address blocks:        185.149.38.0/24 maxlen: 24
                          185.149.37.0/24 maxlen: 24
                          185.149.36.0/24 maxlen: 24
                          185.149.36.0/22 maxlen: 22
                          2a0d:b780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/Fas-cvc0DahW6T1i7o0CPx18juc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/Fas-cvc0DahW6T1i7o0CPx18juc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fas-cvc0DahW6T1i7o0CPx18juc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0b:45:db:31:a3:64:38:79:d8:33:88:30:30:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15ab3e72f7340da856e93d62ee8d023f1d7c8ee7
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cccd36ec61e73146cb2669bad8abe1f712c6ffa7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:56:3d:7b:00:ee:8b:0c:f2:de:10:ca:41:e3:
                    8b:6c:c7:1b:a5:34:5d:5b:20:68:7c:f9:bd:72:31:
                    c2:96:b9:50:93:a0:48:c6:85:71:e2:98:af:b0:93:
                    8f:be:a3:00:3b:a3:71:52:e8:db:5c:6c:b6:e9:b5:
                    f3:ab:31:62:77:2d:2b:69:16:f0:37:a6:1c:c5:84:
                    84:4b:c0:bb:a1:34:93:22:ed:9c:29:5f:af:f7:78:
                    73:b6:9c:ea:d5:a8:be:4d:a2:a7:a2:b0:4e:b8:95:
                    6d:70:64:db:5b:2b:6e:ad:30:d7:e2:0f:b9:fb:ef:
                    4e:af:48:94:6b:b3:ac:0a:27:e9:78:ff:c8:fa:d1:
                    56:96:79:8c:f3:0a:ba:ae:9b:67:71:cc:6c:7a:51:
                    a0:e7:73:0a:8c:04:ae:1a:7f:6d:45:9e:98:b2:b6:
                    65:b2:d1:ec:55:49:ae:4c:4b:0e:a2:7b:fb:80:cb:
                    fc:04:ba:6e:c7:d7:f8:48:7d:da:dc:4d:ac:97:20:
                    0b:0a:fc:4b:61:1c:5c:de:fa:38:5d:c5:f1:81:7b:
                    7f:5c:49:1f:53:6b:6a:d4:59:96:31:e1:d6:a0:3e:
                    ab:3c:1a:27:0b:e6:e7:da:88:94:f0:4e:ca:32:17:
                    1b:78:6a:3a:20:7f:f9:c8:10:ae:33:21:68:a4:d3:
                    46:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:CD:36:EC:61:E7:31:46:CB:26:69:BA:D8:AB:E1:F7:12:C6:FF:A7
            X509v3 Authority Key Identifier:
                keyid:15:AB:3E:72:F7:34:0D:A8:56:E9:3D:62:EE:8D:02:3F:1D:7C:8E:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fas-cvc0DahW6T1i7o0CPx18juc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/zM027GHnMUbLJmm62Kvh9xLG_6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/9c130b-e15e-4b6d-b5fb-719b0497e7cc/1/Fas-cvc0DahW6T1i7o0CPx18juc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.36.0/22
                IPv6:
                  2a0d:b780::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:7a:b7:28:69:44:09:2a:d0:fd:99:dd:ac:c0:63:b1:12:66:
         18:0e:72:11:84:0e:d8:48:32:2d:c6:ea:81:77:67:49:96:9b:
         31:48:5f:fc:d4:b2:27:e1:86:54:4c:3c:94:0b:34:38:bb:41:
         16:5f:14:8f:f5:35:a2:7b:a9:42:ce:87:1a:3a:35:8f:5f:06:
         f0:92:1f:84:f6:e4:d4:c7:5d:e7:77:da:ac:2b:c9:d5:f4:36:
         03:30:a0:75:0c:86:0d:5b:7a:d4:b8:ae:3a:e2:02:be:60:52:
         bd:21:63:fd:25:cc:24:65:7c:51:17:13:8d:3c:80:8f:e7:b6:
         ad:57:90:ce:1f:48:c2:fe:d1:0e:05:59:01:8d:ec:09:f1:84:
         60:e2:f9:53:2b:df:7c:26:48:fe:76:c2:50:ee:aa:8f:29:23:
         6e:a7:bd:54:3e:d2:09:8c:12:ab:23:82:30:a9:66:b4:50:2f:
         72:a1:05:fa:07:fc:02:62:e4:84:0a:c0:e1:b0:5e:38:23:64:
         f8:9c:04:b7:46:00:d9:f0:7a:a9:b2:0f:07:38:72:38:19:a8:
         85:38:9c:c7:74:0e:78:4c:3e:e6:c7:d8:c7:51:4c:27:24:d2:
         0a:b1:72:bc:0b:c5:bf:c6:07:9d:76:c9:a5:6b:63:f8:ba:6c:
         af:0d:9e:59
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAQtF2zGjZDh52DOIMDD5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1YWIzZTcyZjczNDBkYTg1NmU5M2Q2MmVlOGQwMjNmMWQ3
YzhlZTcwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2NkMzZlYzYxZTczMTQ2Y2IyNjY5YmFkOGFiZTFmNzEyYzZmZmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlY9ewDuiwzy3hDKQeOLbMcbpTRd
WyBofPm9cjHClrlQk6BIxoVx4pivsJOPvqMAO6NxUujbXGy26bXzqzFidy0raRbw
N6YcxYSES8C7oTSTIu2cKV+v93hztpzq1ai+TaKnorBOuJVtcGTbWyturTDX4g+5
++9Or0iUa7OsCifpeP/I+tFWlnmM8wq6rptnccxselGg53MKjASuGn9tRZ6YsrZl
stHsVUmuTEsOonv7gMv8BLpux9f4SH3a3E2slyALCvxLYRxc3vo4XcXxgXt/XEkf
U2tq1FmWMeHWoD6rPBonC+bn2oiU8E7KMhcbeGo6IH/5yBCuMyFopNNG/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMzNNuxh5zFGyyZputir4fcSxv+nMB8GA1UdIwQY
MBaAFBWrPnL3NA2oVuk9Yu6NAj8dfI7nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmFzLWN2YzBEYWhXNlQxaTdvMENQeDE4anVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni85YzEzMGItZTE1ZS00YjZkLWI1ZmIt
NzE5YjA0OTdlN2NjLzEvek0wMjdHSG5NVWJMSm1tNjJLdmg5eExHXzZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni85YzEzMGItZTE1ZS00YjZkLWI1ZmItNzE5YjA0OTdlN2Nj
LzEvRmFzLWN2YzBEYWhXNlQxaTdvMENQeDE4anVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZUkMA0E
AgACMAcDBQMqDbeAMA0GCSqGSIb3DQEBCwUAA4IBAQApercoaUQJKtD9md2swGOx
EmYYDnIRhA7YSDItxuqBd2dJlpsxSF/81LIn4YZUTDyUCzQ4u0EWXxSP9TWie6lC
zocaOjWPXwbwkh+E9uTUx13nd9qsK8nV9DYDMKB1DIYNW3rUuK464gK+YFK9IWP9
JcwkZXxRFxONPICP57atV5DOH0jC/tEOBVkBjewJ8YRg4vlTK998Jkj+dsJQ7qqP
KSNup71UPtIJjBKrI4IwqWa0UC9yoQX6B/wCYuSECsDhsF44I2T4nAS3RgDZ8Hqp
sg8HOHI4GaiFOJzHdA54TD7mx9jHUUwnJNIKsXK8C8W/xgeddsmla2P4umyvDZ5Z
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:40:18 2024 by rpki-client on console-ams.rpki-client.org