Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/cCn90OjAoQU67DS7qpqLwGzvcdU.roa
File:                     cCn90OjAoQU67DS7qpqLwGzvcdU.roa (raw, json)
Hash identifier:          mHw4fsPqQ906Pz1p29c/ONgFxjgvaWw5bmFwvoffZuI=
Subject key identifier:   70:29:FD:D0:E8:C0:A1:05:3A:EC:34:BB:AA:9A:8B:C0:6C:EF:71:D5
Certificate issuer:       /CN=c7770135d0f0d30a868df551d8752d4b4badc2c1
Certificate serial:       018CC72605A11BEC2466A76AAF2EEBF437F8
Authority key identifier: C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/cCn90OjAoQU67DS7qpqLwGzvcdU.roa
Signing time:             Mon 01 Jan 2024 22:30:06 +0000
ROA not before:           Mon 01 Jan 2024 22:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51942
IP address blocks:        185.133.36.0/22 maxlen: 22
                          81.173.44.0/22 maxlen: 22
                          91.221.150.0/23 maxlen: 23
                          2001:67c:16b4::/48 maxlen: 48
                          2a06:21c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:05:a1:1b:ec:24:66:a7:6a:af:2e:eb:f4:37:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7770135d0f0d30a868df551d8752d4b4badc2c1
        Validity
            Not Before: Jan  1 22:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7029fdd0e8c0a1053aec34bbaa9a8bc06cef71d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:22:18:d4:f3:13:62:53:1b:4a:cb:ef:73:65:
                    42:6f:6c:61:66:f6:1d:70:2a:8b:bf:b0:b6:8d:3b:
                    d3:bd:c6:e9:56:c1:56:ac:78:79:83:bd:93:a8:e8:
                    a1:f2:9e:1e:09:05:f6:90:56:46:24:fd:63:24:e1:
                    a7:57:a7:cd:96:49:d5:66:c0:bd:07:a6:57:8f:04:
                    72:a8:28:e0:5f:c1:97:cb:dd:65:20:45:64:c9:23:
                    fd:48:c9:10:21:f9:3c:7a:36:6d:d6:46:e5:6b:71:
                    bb:63:b0:99:dd:5b:fe:4d:39:09:6e:1c:d4:c3:be:
                    d1:19:72:21:37:99:35:25:72:a7:98:22:76:99:b2:
                    81:7c:7f:b0:f4:eb:8b:4d:df:a7:a5:2e:bc:7c:a2:
                    ac:b2:de:06:87:91:58:52:98:64:0b:f1:6c:3c:fd:
                    42:04:e5:fb:35:80:af:f5:92:e7:0a:8c:3a:05:33:
                    13:e2:f5:1b:62:5e:0a:81:49:0b:28:a6:8c:a3:e4:
                    28:c5:c0:8e:f2:3d:40:55:df:f6:65:17:51:75:f5:
                    f4:cd:1f:0f:5a:59:b5:12:52:cb:a5:23:03:a0:1a:
                    23:33:b4:8f:70:3d:11:d3:69:56:69:67:31:14:87:
                    2d:82:e7:60:e4:ec:fd:ad:bd:bc:28:01:9b:62:26:
                    89:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:29:FD:D0:E8:C0:A1:05:3A:EC:34:BB:AA:9A:8B:C0:6C:EF:71:D5
            X509v3 Authority Key Identifier:
                keyid:C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/cCn90OjAoQU67DS7qpqLwGzvcdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.173.44.0/22
                  91.221.150.0/23
                  185.133.36.0/22
                IPv6:
                  2001:67c:16b4::/48
                  2a06:21c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:a6:9a:b0:6b:0c:8f:75:25:1e:75:3a:1c:65:8a:22:2e:fb:
         16:d5:7d:c1:52:5d:a5:e3:aa:92:ef:54:ef:c6:24:dd:30:0d:
         f9:ae:fb:9d:d8:9a:49:66:89:3a:d3:8a:7a:aa:ef:13:2c:e1:
         16:10:de:dd:24:90:8a:e3:d6:e1:c9:1d:c0:07:33:d1:d5:2b:
         aa:c7:dc:9a:c0:d8:49:e7:30:22:51:89:ce:b5:dd:cd:84:79:
         83:47:0d:50:88:26:d9:f7:4a:f7:5a:0e:a1:f0:f7:68:60:9e:
         61:6a:2b:21:e7:b8:9e:5f:41:91:1a:89:f2:cf:ad:42:bb:f5:
         a8:ed:20:af:32:e3:86:fa:df:77:c1:86:f3:d7:79:8b:c8:ba:
         9a:dc:8d:36:24:3a:05:da:48:fc:40:7d:50:23:3d:c0:9b:40:
         32:94:c7:d2:b2:7c:4d:b1:ba:85:a1:5d:6e:a8:95:d1:fa:a5:
         02:14:00:9e:55:30:34:6d:18:81:ce:7e:ce:e6:dc:6a:da:b6:
         aa:87:41:12:e2:c0:2c:f4:fc:31:57:c3:d1:b9:b8:af:23:f0:
         f9:d8:97:7d:4f:e9:ff:90:40:c5:34:7a:79:69:6d:26:b4:77:
         36:b2:e6:b7:85:50:10:7d:79:ce:98:2c:e9:55:ce:90:2c:02:
         f3:7c:0d:9a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzHJgWhG+wkZqdqry7r9Df4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NzcwMTM1ZDBmMGQzMGE4NjhkZjU1MWQ4NzUyZDRiNGJh
ZGMyYzEwHhcNMjQwMTAxMjIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDI5ZmRkMGU4YzBhMTA1M2FlYzM0YmJhYTlhOGJjMDZjZWY3MWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyIY1PMTYlMbSsvvc2VCb2xhZvYd
cCqLv7C2jTvTvcbpVsFWrHh5g72TqOih8p4eCQX2kFZGJP1jJOGnV6fNlknVZsC9
B6ZXjwRyqCjgX8GXy91lIEVkySP9SMkQIfk8ejZt1kbla3G7Y7CZ3Vv+TTkJbhzU
w77RGXIhN5k1JXKnmCJ2mbKBfH+w9OuLTd+npS68fKKsst4Gh5FYUphkC/FsPP1C
BOX7NYCv9ZLnCow6BTMT4vUbYl4KgUkLKKaMo+QoxcCO8j1AVd/2ZRdRdfX0zR8P
Wlm1ElLLpSMDoBojM7SPcD0R02lWaWcxFIctgudg5Oz9rb28KAGbYiaJGwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFHAp/dDowKEFOuw0u6qai8Bs73HVMB8GA1UdIwQY
MBaAFMd3ATXQ8NMKho31Udh1LUtLrcLBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDNjQk5kRHcwd3FHamZWUjJIVXRTMHV0d3NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9iOTcwNzAtYzVmNC00NDEwLTk0YjUt
ZDY0ZDc1Mzk0MDM3LzEvY0NuOTBPakFvUVU2N0RTN3FwcUx3R3p2Y2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9iOTcwNzAtYzVmNC00NDEwLTk0YjUtZDY0ZDc1Mzk0MDM3
LzEveDNjQk5kRHcwd3FHamZWUjJIVXRTMHV0d3NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAYBAIAATASAwQCUa0sAwQB
W92WAwQCuYUkMBYEAgACMBADBwAgAQZ8FrQDBQMqBiHAMA0GCSqGSIb3DQEBCwUA
A4IBAQAhppqwawyPdSUedTocZYoiLvsW1X3BUl2l46qS71TvxiTdMA35rvud2JpJ
Zok604p6qu8TLOEWEN7dJJCK49bhyR3ABzPR1Suqx9yawNhJ5zAiUYnOtd3NhHmD
Rw1QiCbZ90r3Wg6h8PdoYJ5haish57ieX0GRGonyz61Cu/Wo7SCvMuOG+t93wYbz
13mLyLqa3I02JDoF2kj8QH1QIz3Am0AylMfSsnxNsbqFoV1uqJXR+qUCFACeVTA0
bRiBzn7O5txq2raqh0ES4sAs9PwxV8PRubivI/D52Jd9T+n/kEDFNHp5aW0mtHc2
sua3hVAQfXnOmCzpVc6QLALzfA2a
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:18:52 2024 by rpki-client on console-ams.rpki-client.org