Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/c93aNeFuIBq67DLTDtzGrbYVmws.roa
File:                     c93aNeFuIBq67DLTDtzGrbYVmws.roa (raw, json)
Hash identifier:          sOrFOFGdSscumi0ANhVQjRfll3emtq1pkCkfbQrvgCA=
Subject key identifier:   73:DD:DA:35:E1:6E:20:1A:BA:EC:32:D3:0E:DC:C6:AD:B6:15:9B:0B
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018CC794D24DCC0014B3817D2D8C3701DE85
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/c93aNeFuIBq67DLTDtzGrbYVmws.roa
Signing time:             Tue 02 Jan 2024 00:31:08 +0000
ROA not before:           Tue 02 Jan 2024 00:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205659
IP address blocks:        216.173.76.0/24 maxlen: 24
                          216.173.82.0/24 maxlen: 24
                          45.43.167.0/24 maxlen: 24
                          104.239.10.0/23 maxlen: 23
                          216.173.96.0/22 maxlen: 22
                          216.173.102.0/24 maxlen: 24
                          216.173.106.0/24 maxlen: 24
                          216.173.110.0/24 maxlen: 24
                          216.173.107.0/24 maxlen: 24
                          104.239.105.0/24 maxlen: 24
                          104.239.104.0/24 maxlen: 24
                          104.239.106.0/24 maxlen: 24
                          104.239.107.0/24 maxlen: 24
                          104.239.111.0/24 maxlen: 24
                          104.239.124.0/23 maxlen: 23
                          104.239.126.0/24 maxlen: 24
                          216.173.120.0/24 maxlen: 24
                          104.239.75.0/24 maxlen: 24
                          104.239.78.0/24 maxlen: 24
                          104.239.76.0/23 maxlen: 23
                          104.239.80.0/23 maxlen: 23
                          104.233.12.0/22 maxlen: 22
                          104.233.24.0/23 maxlen: 23
                          104.233.26.0/24 maxlen: 24
                          104.238.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d2:4d:cc:00:14:b3:81:7d:2d:8c:37:01:de:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 00:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73ddda35e16e201abaec32d30edcc6adb6159b0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:dc:58:37:92:58:20:7a:d7:58:88:d2:7a:82:
                    50:07:15:81:c8:69:1e:ba:83:d4:02:2b:2f:4a:ea:
                    d4:d6:c9:35:19:88:77:2d:79:cf:92:23:6c:ed:6e:
                    1a:80:56:24:97:ec:2f:27:cb:b6:4a:ec:fa:ff:9e:
                    dd:df:25:67:92:ee:e3:28:ca:a5:9b:c3:0c:d4:e4:
                    cc:f6:8c:3f:fb:8c:26:7f:36:1d:fb:4b:c0:aa:7f:
                    b9:1c:98:67:4e:1c:bd:51:f7:9e:7d:22:15:64:2d:
                    5a:9e:93:a4:bd:a4:3f:d9:ec:15:03:57:21:93:af:
                    ac:11:b5:47:ad:2f:91:52:a2:74:86:1f:be:3b:9b:
                    fe:77:f1:55:69:31:0c:18:fe:18:17:29:4a:74:09:
                    f2:6f:0f:7a:21:ef:8d:7c:e0:7d:59:8d:54:fa:b5:
                    95:e0:50:e8:92:95:a0:c3:db:67:54:16:ed:e6:a3:
                    fb:4d:93:72:9b:df:e3:55:34:4b:64:6b:07:2b:fb:
                    e6:8f:78:08:6d:a0:e6:51:89:1d:c2:06:d4:88:c7:
                    90:4c:4f:ad:98:a4:18:2b:ac:f3:3d:76:a0:39:30:
                    40:c2:d3:4e:cb:92:10:1a:b2:0f:8f:66:65:9f:e9:
                    00:ff:fa:99:fe:7c:2f:a3:2f:3d:47:1e:a6:9f:31:
                    ca:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:DD:DA:35:E1:6E:20:1A:BA:EC:32:D3:0E:DC:C6:AD:B6:15:9B:0B
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/c93aNeFuIBq67DLTDtzGrbYVmws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.167.0/24
                  104.233.12.0/22
                  104.233.24.0-104.233.26.255
                  104.238.10.0/24
                  104.239.10.0/23
                  104.239.75.0-104.239.78.255
                  104.239.80.0/23
                  104.239.104.0/22
                  104.239.111.0/24
                  104.239.124.0-104.239.126.255
                  216.173.76.0/24
                  216.173.82.0/24
                  216.173.96.0/22
                  216.173.102.0/24
                  216.173.106.0/23
                  216.173.110.0/24
                  216.173.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:ef:80:cb:70:5d:ff:d8:1a:fb:23:c0:fa:f8:50:d8:9e:a4:
         cb:79:4e:22:60:0d:7d:c2:aa:e3:e2:d5:4e:b5:c8:15:b1:9a:
         29:26:06:54:e7:e2:62:46:13:e7:c8:99:67:26:27:63:1e:50:
         b7:1d:c4:cd:2b:e2:7d:b1:36:52:21:38:fe:cb:42:ce:a9:7c:
         4e:bf:94:ae:dd:58:26:d3:9e:41:4f:9e:20:e9:ec:16:84:99:
         44:b3:f1:f7:f6:c1:50:31:aa:0e:33:73:ef:cb:49:7c:86:aa:
         ec:2c:ab:4b:43:ea:d2:fa:d2:d5:25:33:c8:e2:4e:5d:21:91:
         b2:6c:22:8b:6e:05:9c:e1:a1:19:47:a4:f2:48:0c:69:a7:af:
         c2:ce:b9:07:35:4d:47:69:d4:65:8c:70:96:70:3f:be:a2:3c:
         e8:87:19:b1:e3:93:97:f0:9e:57:1b:e7:85:a5:5f:1b:2e:38:
         e0:f0:23:1b:b0:c5:99:34:56:5c:61:fd:aa:93:37:d4:84:28:
         a5:95:ed:47:f2:1a:d1:6f:0d:f8:6c:cc:6f:8c:16:0c:dd:de:
         38:58:59:ab:25:ab:59:af:40:37:23:5e:ea:23:d3:57:85:f6:
         0c:cc:b7:8d:83:57:b6:82:39:b3:ed:88:3d:d4:51:98:a5:36:
         8c:dc:6d:a9
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYzHlNJNzAAUs4F9LYw3Ad6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwMTAyMDAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2RkZGEzNWUxNmUyMDFhYmFlYzMyZDMwZWRjYzZhZGI2MTU5YjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdxYN5JYIHrXWIjSeoJQBxWByGke
uoPUAisvSurU1sk1GYh3LXnPkiNs7W4agFYkl+wvJ8u2Suz6/57d3yVnku7jKMql
m8MM1OTM9ow/+4wmfzYd+0vAqn+5HJhnThy9UfeefSIVZC1anpOkvaQ/2ewVA1ch
k6+sEbVHrS+RUqJ0hh++O5v+d/FVaTEMGP4YFylKdAnybw96Ie+NfOB9WY1U+rWV
4FDokpWgw9tnVBbt5qP7TZNym9/jVTRLZGsHK/vmj3gIbaDmUYkdwgbUiMeQTE+t
mKQYK6zzPXagOTBAwtNOy5IQGrIPj2Zln+kA//qZ/nwvoy89Rx6mnzHKQQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFHPd2jXhbiAauuwy0w7cxq22FZsLMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvYzkzYU5lRnVJQnE2N0RMVER0ekdyYllWbXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAC0r
pwMEAmjpDDAMAwQDaOkYAwQAaOkaAwQAaO4KAwQBaO8KMAwDBABo70sDBABo704D
BAFo71ADBAJo72gDBABo728wDAMEAmjvfAMEAGjvfgMEANitTAMEANitUgMEAtit
YAMEANitZgMEAditagMEANitbgMEANiteDANBgkqhkiG9w0BAQsFAAOCAQEAbO+A
y3Bd/9ga+yPA+vhQ2J6ky3lOImANfcKq4+LVTrXIFbGaKSYGVOfiYkYT58iZZyYn
Yx5Qtx3EzSvifbE2UiE4/stCzql8Tr+Urt1YJtOeQU+eIOnsFoSZRLPx9/bBUDGq
DjNz78tJfIaq7CyrS0Pq0vrS1SUzyOJOXSGRsmwii24FnOGhGUek8kgMaaevws65
BzVNR2nUZYxwlnA/vqI86IcZseOTl/CeVxvnhaVfGy444PAjG7DFmTRWXGH9qpM3
1IQopZXtR/Ia0W8N+GzMb4wWDN3eOFhZqyWrWa9ANyNe6iPTV4X2DMy3jYNXtoI5
s+2IPdRRmKU2jNxtqQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:26:00 2024 by rpki-client on console-ams.rpki-client.org