Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/KFmbJp3uTvWuxW7j-sfdGY82dI0.roa
File:                     KFmbJp3uTvWuxW7j-sfdGY82dI0.roa (raw, json)
Hash identifier:          4Taido7YnSnE8ptGNlulqQhU3707Naq9U8lJFc4mPpg=
Subject key identifier:   28:59:9B:26:9D:EE:4E:F5:AE:C5:6E:E3:FA:C7:DD:19:8F:36:74:8D
Certificate issuer:       /CN=69c67969c3c9d8fadbc9a73e3ff56361d0203b71
Certificate serial:       018CC5DC75F2F4004D1BB20D79816DA6AC18
Authority key identifier: 69:C6:79:69:C3:C9:D8:FA:DB:C9:A7:3E:3F:F5:63:61:D0:20:3B:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/acZ5acPJ2Prbyac-P_VjYdAgO3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/KFmbJp3uTvWuxW7j-sfdGY82dI0.roa
Signing time:             Mon 01 Jan 2024 16:30:08 +0000
ROA not before:           Mon 01 Jan 2024 16:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199976
IP address blocks:        185.136.29.0/24 maxlen: 24
                          185.136.28.0/24 maxlen: 24
                          185.136.31.0/24 maxlen: 24
                          185.136.30.0/24 maxlen: 24
                          5.102.130.0/24 maxlen: 24
                          5.102.129.0/24 maxlen: 24
                          5.102.132.0/24 maxlen: 24
                          5.102.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/acZ5acPJ2Prbyac-P_VjYdAgO3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/acZ5acPJ2Prbyac-P_VjYdAgO3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/acZ5acPJ2Prbyac-P_VjYdAgO3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:75:f2:f4:00:4d:1b:b2:0d:79:81:6d:a6:ac:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69c67969c3c9d8fadbc9a73e3ff56361d0203b71
        Validity
            Not Before: Jan  1 16:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28599b269dee4ef5aec56ee3fac7dd198f36748d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0a:09:00:95:a3:e7:f0:88:ea:46:c7:69:12:
                    75:30:8f:af:fc:ee:6f:15:b7:a2:cf:bc:a0:78:2d:
                    f3:bf:1f:76:af:08:e7:cd:fb:3f:f2:97:d8:24:0c:
                    00:24:e8:ce:d1:e8:75:04:1e:2b:cd:27:06:a9:12:
                    1c:03:28:87:aa:c8:2d:88:37:84:e7:6f:17:18:22:
                    af:39:36:c5:28:96:ff:da:e9:6b:83:df:d9:f0:6f:
                    37:b5:5a:0c:fa:43:95:a8:ac:ea:44:67:40:07:26:
                    8d:22:3e:0e:6d:d5:ac:ff:e3:bf:48:92:32:6f:b5:
                    c7:6a:14:62:5a:15:cc:d6:cd:a8:e1:06:e9:35:08:
                    39:d9:de:e5:8e:1d:e7:9a:b8:be:f8:fa:79:94:1d:
                    05:c7:b8:d3:0e:bb:6a:4e:84:05:9c:b4:6e:4d:14:
                    47:8a:7c:be:76:8a:b2:8d:80:3a:5d:c6:af:ad:b7:
                    de:ca:e5:07:47:c4:f4:b8:36:68:22:32:a0:32:60:
                    d3:e6:01:87:cf:33:8b:9e:90:ed:90:eb:a2:bf:e7:
                    b8:40:65:88:2a:57:7e:b6:2d:b3:58:8c:d6:26:e1:
                    9c:d7:5c:4b:08:05:7c:4e:b8:1c:c7:63:0f:8d:5b:
                    0f:24:c6:49:3a:69:a5:4e:6d:f7:ea:f9:f5:4b:f3:
                    97:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:59:9B:26:9D:EE:4E:F5:AE:C5:6E:E3:FA:C7:DD:19:8F:36:74:8D
            X509v3 Authority Key Identifier:
                keyid:69:C6:79:69:C3:C9:D8:FA:DB:C9:A7:3E:3F:F5:63:61:D0:20:3B:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/acZ5acPJ2Prbyac-P_VjYdAgO3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/KFmbJp3uTvWuxW7j-sfdGY82dI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/acZ5acPJ2Prbyac-P_VjYdAgO3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.128.0-5.102.130.255
                  5.102.132.0/24
                  185.136.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:bb:f1:aa:2c:7c:6c:1e:89:1c:3e:69:84:2d:98:ad:ce:47:
         8e:b0:ca:41:71:4b:15:3c:de:ae:03:df:87:b4:96:36:ed:88:
         a4:5d:6b:01:68:01:54:60:8d:d1:7c:4f:62:36:9d:ad:b4:06:
         74:fb:8c:2a:6e:11:d3:4c:4b:56:88:0f:68:a6:cc:f9:c2:a0:
         d8:8a:9e:b2:70:e4:bd:50:58:88:b8:83:bd:e8:fe:24:e6:b1:
         e2:64:e4:5e:ec:7c:84:ee:50:e5:1d:a0:24:6c:00:4b:bd:47:
         72:4b:c9:e7:3b:cc:ef:bc:2b:b5:78:09:55:af:71:a4:a7:f6:
         30:95:6d:76:ae:cc:08:ed:3f:77:c6:dc:a5:e3:5e:8f:f6:a8:
         b4:74:2c:9e:05:1b:b2:6f:b5:cc:41:3b:f6:0c:17:48:49:af:
         50:8c:22:39:dd:c2:7f:13:55:d2:89:7a:bf:f0:94:7a:f7:76:
         0b:38:1f:db:40:11:a9:84:fb:4a:f2:0c:37:33:d7:e4:02:58:
         ea:df:e7:4a:c4:95:3c:56:1e:35:0c:5b:89:83:37:7f:5a:49:
         26:4c:5e:9b:41:9b:ec:4c:b2:e9:43:7a:70:2b:c7:f4:1e:14:
         3d:5f:88:80:fb:7d:d8:37:b6:df:e0:87:11:e5:a3:96:47:93:
         46:17:19:73
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzF3HXy9ABNG7INeYFtpqwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YzY3OTY5YzNjOWQ4ZmFkYmM5YTczZTNmZjU2MzYxZDAy
MDNiNzEwHhcNMjQwMTAxMTYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODU5OWIyNjlkZWU0ZWY1YWVjNTZlZTNmYWM3ZGQxOThmMzY3NDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQoJAJWj5/CI6kbHaRJ1MI+v/O5v
Fbeiz7ygeC3zvx92rwjnzfs/8pfYJAwAJOjO0eh1BB4rzScGqRIcAyiHqsgtiDeE
528XGCKvOTbFKJb/2ulrg9/Z8G83tVoM+kOVqKzqRGdAByaNIj4ObdWs/+O/SJIy
b7XHahRiWhXM1s2o4QbpNQg52d7ljh3nmri++Pp5lB0Fx7jTDrtqToQFnLRuTRRH
iny+doqyjYA6XcavrbfeyuUHR8T0uDZoIjKgMmDT5gGHzzOLnpDtkOuiv+e4QGWI
Kld+ti2zWIzWJuGc11xLCAV8Trgcx2MPjVsPJMZJOmmlTm336vn1S/OXFwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFChZmyad7k71rsVu4/rH3RmPNnSNMB8GA1UdIwQY
MBaAFGnGeWnDydj628mnPj/1Y2HQIDtxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWNaNWFjUEoyUHJieWFjLVBfVmpZZEFnTzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9jZGJmOGYtNmU2Ny00YWIxLWJmMTgt
NDhlZjhlMTExNGU0LzEvS0ZtYkpwM3VUdld1eFc3ai1zZmRHWTgyZEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9jZGJmOGYtNmU2Ny00YWIxLWJmMTgtNDhlZjhlMTExNGU0
LzEvYWNaNWFjUEoyUHJieWFjLVBfVmpZZEFnTzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAcFZoAD
BAAFZoIDBAAFZoQDBAK5iBwwDQYJKoZIhvcNAQELBQADggEBAAu78aosfGweiRw+
aYQtmK3OR46wykFxSxU83q4D34e0ljbtiKRdawFoAVRgjdF8T2I2na20BnT7jCpu
EdNMS1aID2imzPnCoNiKnrJw5L1QWIi4g73o/iTmseJk5F7sfITuUOUdoCRsAEu9
R3JLyec7zO+8K7V4CVWvcaSn9jCVbXauzAjtP3fG3KXjXo/2qLR0LJ4FG7JvtcxB
O/YMF0hJr1CMIjndwn8TVdKJer/wlHr3dgs4H9tAEamE+0ryDDcz1+QCWOrf50rE
lTxWHjUMW4mDN39aSSZMXptBm+xMsulDenArx/QeFD1fiID7fdg3tt/ghxHlo5ZH
k0YXGXM=
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:58:56 2024 by rpki-client on console-fra.rpki-client.org