Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/nDlFdwM5klarM2739w9Cc8rLUCU.roa
File:                     nDlFdwM5klarM2739w9Cc8rLUCU.roa (raw, json)
Hash identifier:          zjMwgLa/krMfjRagMZEPkb/vlL+b4zdr/fzcHBgrafw=
Subject key identifier:   9C:39:45:77:03:39:92:56:AB:33:6E:F7:F7:0F:42:73:CA:CB:50:25
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019319EED14665A1A7D9718C0E9D446B1DDA
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/nDlFdwM5klarM2739w9Cc8rLUCU.roa
Signing time:             Mon 11 Nov 2024 06:35:01 +0000
ROA not before:           Mon 11 Nov 2024 06:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44889
IP address blocks:        46.38.129.0/24 maxlen: 24
                          46.38.131.0/24 maxlen: 24
                          46.38.140.0/24 maxlen: 24
                          46.38.150.0/24 maxlen: 24
                          46.38.151.0/24 maxlen: 24
                          185.24.150.0/24 maxlen: 24
                          185.29.220.0/24 maxlen: 24
                          185.29.221.0/24 maxlen: 24
                          212.16.64.0/19 maxlen: 24
                          212.16.71.0/24 maxlen: 24
                          212.16.72.0/24 maxlen: 25
                          212.16.81.0/24 maxlen: 24
                          212.16.86.0/23 maxlen: 23
                          212.16.89.0/24 maxlen: 24
                          212.80.0.0/19 maxlen: 24
                          212.80.2.0/24 maxlen: 24
                          212.80.12.0/24 maxlen: 24
                          212.80.13.0/24 maxlen: 24
                          212.80.14.0/24 maxlen: 24
                          212.80.15.0/24 maxlen: 24
                          2a00:7d80::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:19:ee:d1:46:65:a1:a7:d9:71:8c:0e:9d:44:6b:1d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Nov 11 06:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c39457703399256ab336ef7f70f4273cacb5025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:79:87:27:4f:b8:c6:62:87:ea:21:df:29:c2:
                    77:e7:f7:3d:b4:76:90:60:35:4c:71:cf:c3:96:b6:
                    90:f0:d5:09:33:ef:9c:c1:9a:d1:69:27:24:18:15:
                    26:d4:a8:84:3d:d1:dd:55:12:71:73:1c:b2:69:b0:
                    ab:b8:72:e9:e1:0d:6c:0c:74:8c:4e:b8:d4:b1:5d:
                    0d:29:2e:2f:d5:4a:28:f1:6b:ca:10:ac:6b:4a:55:
                    6c:c7:7a:1d:13:32:04:aa:04:dd:0f:b7:41:fe:5a:
                    9a:ca:8b:11:5b:d7:7b:1f:67:38:f8:17:d2:66:83:
                    66:f8:1d:9a:a3:cf:c1:a9:b0:2b:07:3b:1b:6d:96:
                    42:a8:be:e3:34:5b:d0:d7:eb:9d:bd:4a:b3:47:7b:
                    52:72:9d:24:cd:8b:34:45:7a:01:ca:de:62:09:d5:
                    08:79:4f:ab:6a:0c:d9:7c:4e:05:e1:dd:6e:d8:01:
                    e0:98:dc:92:cd:84:a6:e9:e6:3c:27:4e:bb:bc:e2:
                    72:95:37:b0:42:52:af:0f:8f:8a:32:06:62:5d:d4:
                    12:38:e5:4b:22:64:32:80:60:fa:ac:a7:18:5f:c7:
                    e9:1c:fc:d0:16:80:bb:f7:0a:18:36:a1:db:2f:34:
                    d5:06:0a:46:88:cc:13:78:81:28:27:b6:5c:ad:62:
                    35:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:39:45:77:03:39:92:56:AB:33:6E:F7:F7:0F:42:73:CA:CB:50:25
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/nDlFdwM5klarM2739w9Cc8rLUCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.129.0/24
                  46.38.131.0/24
                  46.38.140.0/24
                  46.38.150.0/23
                  185.24.150.0/24
                  185.29.220.0/23
                  212.16.64.0/19
                  212.80.0.0/19
                IPv6:
                  2a00:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:53:4e:7e:e1:82:ef:2f:48:58:91:2d:4d:87:dc:65:fe:7b:
         77:6a:7e:f1:db:10:9d:0e:dc:2c:44:1c:d0:16:dc:b9:ee:2e:
         86:07:e7:23:ba:33:86:06:82:6b:81:b9:d5:f0:89:dc:d4:f3:
         f0:a3:69:96:3b:90:76:e8:97:3d:33:e1:d9:ed:14:98:fd:51:
         a1:d6:82:97:0b:45:20:69:68:46:b6:f4:a5:f7:48:38:e8:57:
         4a:e8:ca:2c:01:95:ac:75:64:ce:41:de:b6:41:bd:84:cc:1a:
         60:c9:bc:f0:57:92:44:2b:66:8c:99:2d:74:0e:f9:ec:70:a1:
         ec:9f:27:f5:7a:14:66:66:15:61:ab:71:db:00:da:7e:6b:8f:
         66:0d:d3:3d:51:45:ad:22:3c:29:0f:56:10:8c:cc:a8:6b:3a:
         c2:c8:9a:43:87:f8:c2:ba:8d:17:e8:a5:32:00:c1:f9:3b:78:
         53:5c:c1:1c:16:17:c7:c0:72:42:6b:82:96:e3:ae:0d:31:57:
         3d:5e:96:ee:7a:c9:0d:b0:7d:76:ec:03:38:61:b1:e2:fe:ee:
         1f:96:ba:6f:c7:bf:36:14:dd:d2:3a:40:ac:80:7a:98:14:95:
         8a:f4:2d:28:38:87:e4:fb:07:13:a3:e5:82:cd:38:4a:09:f0:
         14:b1:49:64
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZMZ7tFGZaGn2XGMDp1Eax3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQxMTExMDYzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzM5NDU3NzAzMzk5MjU2YWIzMzZlZjdmNzBmNDI3M2NhY2I1MDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHmHJ0+4xmKH6iHfKcJ35/c9tHaQ
YDVMcc/DlraQ8NUJM++cwZrRaSckGBUm1KiEPdHdVRJxcxyyabCruHLp4Q1sDHSM
TrjUsV0NKS4v1Uoo8WvKEKxrSlVsx3odEzIEqgTdD7dB/lqayosRW9d7H2c4+BfS
ZoNm+B2ao8/BqbArBzsbbZZCqL7jNFvQ1+udvUqzR3tScp0kzYs0RXoByt5iCdUI
eU+ragzZfE4F4d1u2AHgmNySzYSm6eY8J067vOJylTewQlKvD4+KMgZiXdQSOOVL
ImQygGD6rKcYX8fpHPzQFoC79woYNqHbLzTVBgpGiMwTeIEoJ7ZcrWI1tQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFJw5RXcDOZJWqzNu9/cPQnPKy1AlMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvbkRsRmR3TTVrbGFyTTI3Mzl3OUNjOHJMVUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQALiaBAwQA
LiaDAwQALiaMAwQBLiaWAwQAuRiWAwQBuR3cAwQF1BBAAwQF1FAAMA0EAgACMAcD
BQMqAH2AMA0GCSqGSIb3DQEBCwUAA4IBAQC7U05+4YLvL0hYkS1Nh9xl/nt3an7x
2xCdDtwsRBzQFty57i6GB+cjujOGBoJrgbnV8Inc1PPwo2mWO5B26Jc9M+HZ7RSY
/VGh1oKXC0UgaWhGtvSl90g46FdK6MosAZWsdWTOQd62Qb2EzBpgybzwV5JEK2aM
mS10DvnscKHsnyf1ehRmZhVhq3HbANp+a49mDdM9UUWtIjwpD1YQjMyoazrCyJpD
h/jCuo0X6KUyAMH5O3hTXMEcFhfHwHJCa4KW464NMVc9XpbueskNsH127AM4YbHi
/u4flrpvx782FN3SOkCsgHqYFJWK9C0oOIfk+wcTo+WCzThKCfAUsUlk
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:41:30 2024 by rpki-client on console-ams.rpki-client.org