Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/xCv6Um_kr0ojcJdnegz0VKWhEVc.roa
File:                     xCv6Um_kr0ojcJdnegz0VKWhEVc.roa (raw, json)
Hash identifier:          zJ+TIXiRmN3YbrDApcVvqZwlqoo95+W7uUj7tukkIPQ=
Subject key identifier:   C4:2B:FA:52:6F:E4:AF:4A:23:70:97:67:7A:0C:F4:54:A5:A1:11:57
Certificate issuer:       /CN=f7aa039b886b226578bdb6a42781bf59044bb138
Certificate serial:       018CC6B87E7051C4F3DECBBF13818D2ECEE0
Authority key identifier: F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/xCv6Um_kr0ojcJdnegz0VKWhEVc.roa
Signing time:             Mon 01 Jan 2024 20:30:28 +0000
ROA not before:           Mon 01 Jan 2024 20:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24739
IP address blocks:        84.242.4.0/24 maxlen: 24
                          185.7.147.0/24 maxlen: 24
                          185.7.146.0/24 maxlen: 24
                          81.24.112.0/20 maxlen: 20
                          62.181.33.0/24 maxlen: 24
                          62.181.40.0/24 maxlen: 24
                          62.181.40.0/22 maxlen: 24
                          62.181.45.0/24 maxlen: 24
                          62.181.52.0/24 maxlen: 24
                          77.232.52.0/22 maxlen: 22
                          93.174.240.0/21 maxlen: 21
                          81.23.96.0/19 maxlen: 19
                          77.232.56.0/21 maxlen: 21
                          213.208.185.0/24 maxlen: 25
                          37.143.16.0/20 maxlen: 20
                          77.232.50.0/23 maxlen: 23
                          46.252.240.0/20 maxlen: 20
                          84.47.137.0/24 maxlen: 25
                          46.252.254.0/24 maxlen: 24
                          79.99.104.0/21 maxlen: 21
                          79.99.104.0/24 maxlen: 24
                          185.58.248.0/24 maxlen: 24
                          185.124.188.0/22 maxlen: 25
                          213.135.93.0/24 maxlen: 25
                          46.228.0.0/20 maxlen: 20
                          176.32.176.0/20 maxlen: 20
                          217.197.224.0/20 maxlen: 20
                          212.59.112.0/22 maxlen: 22
                          213.135.68.0/24 maxlen: 25
                          213.135.78.0/24 maxlen: 25
                          213.135.75.0/24 maxlen: 25
                          213.135.76.0/24 maxlen: 25
                          178.238.16.0/20 maxlen: 20
                          84.47.188.0/24 maxlen: 25
                          2a00:1020::/32 maxlen: 32
                          2a00:1020:c::/48 maxlen: 48
                          2a00:1020:7::/48 maxlen: 48
                          2a00:1020:b::/48 maxlen: 48
                          2a00:1020:d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:7e:70:51:c4:f3:de:cb:bf:13:81:8d:2e:ce:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7aa039b886b226578bdb6a42781bf59044bb138
        Validity
            Not Before: Jan  1 20:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c42bfa526fe4af4a237097677a0cf454a5a11157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e4:b9:0f:6d:b1:57:e0:57:04:b6:e1:1f:f7:
                    14:2e:70:3f:c2:0d:ad:d3:be:75:ce:40:d0:84:d0:
                    51:92:9d:96:80:10:c6:d1:8e:fc:2c:28:20:6e:31:
                    95:e3:10:a0:69:42:6a:f7:fe:24:8e:3d:d4:aa:b9:
                    c4:8e:bd:bd:18:f3:e6:c0:19:33:77:a5:3a:d2:62:
                    79:43:fe:1a:a2:fa:c4:20:d6:51:e6:fd:fd:ef:5a:
                    06:03:5b:78:f4:cb:aa:bc:42:33:b9:be:25:d9:b0:
                    c4:d0:de:36:ae:5e:74:46:ba:32:d7:86:88:46:40:
                    13:1a:39:7b:16:f2:d7:48:ab:5e:65:50:29:1b:b4:
                    68:6b:65:7b:80:c7:9d:4c:9b:79:cb:be:02:21:5e:
                    a3:10:28:8e:c9:d2:86:57:70:45:68:06:a9:f2:e0:
                    78:78:45:b9:4b:4d:af:36:79:92:c4:57:bd:f8:3b:
                    ce:18:36:5b:fd:34:87:1a:39:ae:9f:68:5a:ea:93:
                    0d:3d:6b:fb:e1:73:21:4c:9c:72:3f:84:91:1b:29:
                    02:72:44:e3:e0:9d:1c:0f:35:7f:20:a9:2a:0b:b4:
                    1b:eb:ca:8d:59:8e:d9:e2:c4:2d:a4:09:e6:60:ac:
                    e2:0a:bb:22:1c:be:0a:a7:58:a1:23:e4:50:db:fd:
                    a9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:2B:FA:52:6F:E4:AF:4A:23:70:97:67:7A:0C:F4:54:A5:A1:11:57
            X509v3 Authority Key Identifier:
                keyid:F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/xCv6Um_kr0ojcJdnegz0VKWhEVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.16.0/20
                  46.228.0.0/20
                  46.252.240.0/20
                  62.181.33.0/24
                  62.181.40.0/22
                  62.181.45.0/24
                  62.181.52.0/24
                  77.232.50.0-77.232.63.255
                  79.99.104.0/21
                  81.23.96.0/19
                  81.24.112.0/20
                  84.47.137.0/24
                  84.47.188.0/24
                  84.242.4.0/24
                  93.174.240.0/21
                  176.32.176.0/20
                  178.238.16.0/20
                  185.7.146.0/23
                  185.58.248.0/24
                  185.124.188.0/22
                  212.59.112.0/22
                  213.135.68.0/24
                  213.135.75.0-213.135.76.255
                  213.135.78.0/24
                  213.135.93.0/24
                  213.208.185.0/24
                  217.197.224.0/20
                IPv6:
                  2a00:1020::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:15:ea:45:83:f5:7e:a9:52:f7:ae:61:97:84:c7:76:87:1e:
         77:df:f5:66:d6:2e:3e:fa:7d:59:89:48:5e:6c:17:dd:55:d7:
         ec:65:ff:24:2c:8c:a5:10:89:83:0c:de:ae:9c:d8:7a:a0:19:
         42:b7:53:fa:70:33:be:f0:57:0a:56:15:a4:d8:29:d2:44:e5:
         c3:bd:1d:a8:29:d7:60:3d:e6:b2:82:91:1a:5b:0f:c2:e9:9b:
         25:a6:9b:86:4a:e0:10:13:ca:1e:c6:32:26:e8:ae:94:71:a5:
         ee:fb:f0:52:a8:c8:b3:85:21:24:8a:cd:6e:ab:09:41:0a:7c:
         9a:5b:c5:40:ef:a3:ba:47:1f:4c:20:b2:05:ba:e3:52:27:5b:
         1a:fb:dd:01:77:47:24:94:ee:ed:1f:9f:2d:e4:bc:70:10:3f:
         be:4c:1c:d8:1e:33:cf:93:00:f7:0f:34:29:0c:45:26:f9:b6:
         63:8a:54:cd:bf:4e:f6:47:f1:e2:6b:50:21:ee:07:89:fb:de:
         ee:5c:33:41:03:26:89:7e:56:a0:bf:96:8e:77:c0:35:76:75:
         17:1f:8e:90:64:52:76:f4:65:ce:4e:26:ad:9a:50:5e:fa:f3:
         51:88:8b:4d:09:23:40:00:cc:20:22:ae:fa:6c:36:2b:1e:95:
         eb:10:56:3f
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgISAYzGuH5wUcTz3su/E4GNLs7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YWEwMzliODg2YjIyNjU3OGJkYjZhNDI3ODFiZjU5MDQ0
YmIxMzgwHhcNMjQwMTAxMjAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDJiZmE1MjZmZTRhZjRhMjM3MDk3Njc3YTBjZjQ1NGE1YTExMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouS5D22xV+BXBLbhH/cULnA/wg2t
0751zkDQhNBRkp2WgBDG0Y78LCggbjGV4xCgaUJq9/4kjj3UqrnEjr29GPPmwBkz
d6U60mJ5Q/4aovrEINZR5v3971oGA1t49MuqvEIzub4l2bDE0N42rl50Rroy14aI
RkATGjl7FvLXSKteZVApG7Roa2V7gMedTJt5y74CIV6jECiOydKGV3BFaAap8uB4
eEW5S02vNnmSxFe9+DvOGDZb/TSHGjmun2ha6pMNPWv74XMhTJxyP4SRGykCckTj
4J0cDzV/IKkqC7Qb68qNWY7Z4sQtpAnmYKziCrsiHL4Kp1ihI+RQ2/2p1wIDAQAB
o4ICyTCCAsUwHQYDVR0OBBYEFMQr+lJv5K9KI3CXZ3oM9FSloRFXMB8GA1UdIwQY
MBaAFPeqA5uIayJleL22pCeBv1kES7E4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWIt
NmY2MjFkNzM2YWZmLzEveEN2NlVtX2tyMG9qY0pkbmVnejBWS1doRVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWItNmY2MjFkNzM2YWZm
LzEvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHeBggrBgEFBQcBBwEB/wSBzjCByzCBuQQCAAEwgbIDBAQl
jxADBAQu5AADBAQu/PADBAA+tSEDBAI+tSgDBAA+tS0DBAA+tTQwDAMEAU3oMgME
Bk3oAAMEA09jaAMEBVEXYAMEBFEYcAMEAFQviQMEAFQvvAMEAFTyBAMEA12u8AME
BLAgsAMEBLLuEAMEAbkHkgMEALk6+AMEArl8vAMEAtQ7cAMEANWHRDAMAwQA1YdL
AwQA1YdMAwQA1YdOAwQA1YddAwQA1dC5AwQE2cXgMA0EAgACMAcDBQAqABAgMA0G
CSqGSIb3DQEBCwUAA4IBAQADFepFg/V+qVL3rmGXhMd2hx533/Vm1i4++n1ZiUhe
bBfdVdfsZf8kLIylEImDDN6unNh6oBlCt1P6cDO+8FcKVhWk2CnSROXDvR2oKddg
PeaygpEaWw/C6ZslppuGSuAQE8oexjIm6K6UcaXu+/BSqMizhSEkis1uqwlBCnya
W8VA76O6Rx9MILIFuuNSJ1sa+90Bd0cklO7tH58t5LxwED++TBzYHjPPkwD3DzQp
DEUm+bZjilTNv072R/Hia1Ah7geJ+97uXDNBAyaJflagv5aOd8A1dnUXH46QZFJ2
9GXOTiatmlBe+vNRiItNCSNAAMwgIq76bDYrHpXrEFY/
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:10:29 2024 by rpki-client on console-fra.rpki-client.org