Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/bPM96phsGHiGUglJMca6ly4IoQ4.roa
File:                     bPM96phsGHiGUglJMca6ly4IoQ4.roa (raw, json)
Hash identifier:          CHKD/Ng1IauVc2cOLJvjEvg4WSi1+jS56Fniud1GN5Y=
Subject key identifier:   6C:F3:3D:EA:98:6C:18:78:86:52:09:49:31:C6:BA:97:2E:08:A1:0E
Certificate issuer:       /CN=cbd745ebfcec382df252c2f750db648f4f034abf
Certificate serial:       018CC94E23D3DCAE1013F78049256ECC348C
Authority key identifier: CB:D7:45:EB:FC:EC:38:2D:F2:52:C2:F7:50:DB:64:8F:4F:03:4A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9dF6_zsOC3yUsL3UNtkj08DSr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/bPM96phsGHiGUglJMca6ly4IoQ4.roa
Signing time:             Tue 02 Jan 2024 08:33:10 +0000
ROA not before:           Tue 02 Jan 2024 08:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3209
IP address blocks:        146.60.0.0/16 maxlen: 24
                          213.23.0.0/16 maxlen: 24
                          82.82.0.0/20 maxlen: 20
                          82.82.0.0/15 maxlen: 24
                          212.144.0.0/16 maxlen: 24
                          92.208.0.0/14 maxlen: 24
                          92.72.0.0/13 maxlen: 24
                          92.212.0.0/15 maxlen: 24
                          195.50.128.0/18 maxlen: 18
                          176.94.0.0/17 maxlen: 24
                          85.238.224.0/19 maxlen: 19
                          145.254.0.0/16 maxlen: 24
                          213.128.96.0/19 maxlen: 19
                          145.253.0.0/20 maxlen: 20
                          145.253.0.0/16 maxlen: 16
                          92.214.0.0/15 maxlen: 24
                          195.158.128.0/19 maxlen: 19
                          176.94.128.0/17 maxlen: 24
                          84.56.0.0/13 maxlen: 24
                          94.216.0.0/13 maxlen: 24
                          193.25.240.0/22 maxlen: 22
                          193.25.244.0/23 maxlen: 23
                          176.95.0.0/16 maxlen: 24
                          193.25.247.0/24 maxlen: 24
                          185.2.132.0/22 maxlen: 24
                          188.96.0.0/12 maxlen: 24
                          88.64.0.0/12 maxlen: 24
                          178.0.0.0/12 maxlen: 24
                          92.216.0.0/14 maxlen: 24
                          2a00:20::/32 maxlen: 48
                          2a00::/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/y9dF6_zsOC3yUsL3UNtkj08DSr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/y9dF6_zsOC3yUsL3UNtkj08DSr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9dF6_zsOC3yUsL3UNtkj08DSr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:23:d3:dc:ae:10:13:f7:80:49:25:6e:cc:34:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd745ebfcec382df252c2f750db648f4f034abf
        Validity
            Not Before: Jan  2 08:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cf33dea986c18788652094931c6ba972e08a10e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:4c:6a:87:75:2d:24:2d:99:74:9f:22:3e:1d:
                    39:d6:82:f4:6d:3f:cc:16:47:b4:c7:aa:33:3d:5c:
                    06:29:98:73:b6:d6:3e:de:e0:c6:82:bb:b4:f4:a5:
                    8f:21:dd:76:31:b5:e2:2e:a8:24:cc:6f:a0:be:f1:
                    8b:67:b6:cd:b6:c2:f5:5b:99:8d:2d:e1:16:52:4a:
                    f9:f8:44:8b:92:81:78:93:69:36:47:17:a2:4f:42:
                    08:4a:18:71:ca:8c:46:4f:08:af:62:6c:07:9d:90:
                    96:3c:44:f0:5f:81:f6:de:bb:a0:c7:a6:1d:12:ce:
                    39:52:0f:a6:e8:94:56:b4:15:cb:85:90:d8:4c:ef:
                    5c:11:8d:59:eb:25:3c:5f:8c:18:49:bb:1e:00:16:
                    41:98:98:bb:52:2f:37:27:72:1e:4a:d6:c4:f9:12:
                    87:11:b0:e5:e1:d8:27:6c:53:59:6a:65:f8:a2:6e:
                    61:60:62:35:45:e3:30:2e:9f:1e:3a:63:bc:f5:a9:
                    89:d0:61:34:50:7a:e6:7e:12:7e:84:26:28:b6:94:
                    bb:b9:b0:57:f9:fe:00:01:0c:5c:a4:76:17:32:5e:
                    2f:32:05:17:05:76:00:90:af:7b:84:77:95:f6:70:
                    2f:f4:00:23:a1:9c:d0:1e:c9:32:a8:f0:e8:ef:ca:
                    60:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:F3:3D:EA:98:6C:18:78:86:52:09:49:31:C6:BA:97:2E:08:A1:0E
            X509v3 Authority Key Identifier:
                keyid:CB:D7:45:EB:FC:EC:38:2D:F2:52:C2:F7:50:DB:64:8F:4F:03:4A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9dF6_zsOC3yUsL3UNtkj08DSr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/bPM96phsGHiGUglJMca6ly4IoQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6b329f-f4f5-4af0-a81e-92b6796c77cc/1/y9dF6_zsOC3yUsL3UNtkj08DSr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.82.0.0/15
                  84.56.0.0/13
                  85.238.224.0/19
                  88.64.0.0/12
                  92.72.0.0/13
                  92.208.0.0-92.219.255.255
                  94.216.0.0/13
                  145.253.0.0-145.254.255.255
                  146.60.0.0/16
                  176.94.0.0/15
                  178.0.0.0/12
                  185.2.132.0/22
                  188.96.0.0/12
                  193.25.240.0-193.25.245.255
                  193.25.247.0/24
                  195.50.128.0/18
                  195.158.128.0/19
                  212.144.0.0/16
                  213.23.0.0/16
                  213.128.96.0/19
                IPv6:
                  2a00::/22

    Signature Algorithm: sha256WithRSAEncryption
         19:5b:7a:58:17:52:fd:74:d2:ff:4f:42:61:fe:f5:bc:b2:5f:
         80:55:f8:7a:e6:5a:b7:9a:d3:8e:04:6d:0e:e8:1e:8f:d1:2e:
         b4:10:80:41:c9:4e:f4:8a:b9:5d:4e:22:78:d0:1f:cf:c7:95:
         df:09:f8:43:7a:5f:c8:77:fe:45:bb:9f:10:ab:bd:9a:27:4c:
         54:58:e9:47:d3:cc:4c:ad:91:79:60:3e:a0:cd:e8:aa:6e:5a:
         65:39:05:21:1f:29:08:26:61:20:87:52:79:5a:0c:e4:fe:ed:
         8a:ea:21:54:3b:42:c6:ef:f1:d5:45:af:b6:70:24:45:9c:48:
         4f:d8:30:af:c8:60:51:ce:53:64:20:89:17:c6:9c:48:87:61:
         80:8a:8f:91:a4:c7:2f:c3:b8:42:e0:56:f5:8b:a4:c1:78:3c:
         0e:d5:e4:cd:13:4c:4f:5b:72:20:4c:da:dd:d4:dc:50:78:a1:
         11:e2:1c:c9:85:e5:35:49:86:9e:f6:d8:aa:9a:84:0f:9d:1c:
         85:d9:54:fa:94:c5:c6:14:8b:ae:7d:dc:e0:a3:65:77:6d:4f:
         f7:e6:d6:56:13:5a:5e:8a:af:62:83:51:51:e0:c7:06:28:7b:
         31:e6:2f:b7:95:da:26:a1:df:eb:64:16:fe:24:19:2a:92:10:
         71:40:b7:ed
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgISAYzJTiPT3K4QE/eASSVuzDSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDc0NWViZmNlYzM4MmRmMjUyYzJmNzUwZGI2NDhmNGYw
MzRhYmYwHhcNMjQwMTAyMDgzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2YzM2RlYTk4NmMxODc4ODY1MjA5NDkzMWM2YmE5NzJlMDhhMTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgExqh3UtJC2ZdJ8iPh051oL0bT/M
Fke0x6ozPVwGKZhzttY+3uDGgru09KWPId12MbXiLqgkzG+gvvGLZ7bNtsL1W5mN
LeEWUkr5+ESLkoF4k2k2RxeiT0IIShhxyoxGTwivYmwHnZCWPETwX4H23rugx6Yd
Es45Ug+m6JRWtBXLhZDYTO9cEY1Z6yU8X4wYSbseABZBmJi7Ui83J3IeStbE+RKH
EbDl4dgnbFNZamX4om5hYGI1ReMwLp8eOmO89amJ0GE0UHrmfhJ+hCYotpS7ubBX
+f4AAQxcpHYXMl4vMgUXBXYAkK97hHeV9nAv9AAjoZzQHskyqPDo78pg6wIDAQAB
o4IClzCCApMwHQYDVR0OBBYEFGzzPeqYbBh4hlIJSTHGupcuCKEOMB8GA1UdIwQY
MBaAFMvXRev87Dgt8lLC91DbZI9PA0q/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlkRjZfenNPQzN5VXNMM1VOdGtqMDhEU3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi82YjMyOWYtZjRmNS00YWYwLWE4MWUt
OTJiNjc5NmM3N2NjLzEvYlBNOTZwaHNHSGlHVWdsSk1jYTZseTRJb1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi82YjMyOWYtZjRmNS00YWYwLWE4MWUtOTJiNjc5NmM3N2Nj
LzEveTlkRjZfenNPQzN5VXNMM1VOdGtqMDhEU3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGsBggrBgEFBQcBBwEB/wSBnDCBmTCBiAQCAAEwgYEDAwFS
UgMDA1Q4AwQFVe7gAwMEWEADAwNcSDAKAwMEXNADAwJc2AMDA17YMAoDAwCR/QMD
AJH+AwMAkjwDAwGwXgMDBLIAAwQCuQKEAwMEvGAwDAMEBMEZ8AMEAcEZ9AMEAMEZ
9wMEBsMygAMEBcOegAMDANSQAwMA1RcDBAXVgGAwDAQCAAIwBgMEAioAADANBgkq
hkiG9w0BAQsFAAOCAQEAGVt6WBdS/XTS/09CYf71vLJfgFX4euZat5rTjgRtDuge
j9EutBCAQclO9Iq5XU4ieNAfz8eV3wn4Q3pfyHf+RbufEKu9midMVFjpR9PMTK2R
eWA+oM3oqm5aZTkFIR8pCCZhIIdSeVoM5P7tiuohVDtCxu/x1UWvtnAkRZxIT9gw
r8hgUc5TZCCJF8acSIdhgIqPkaTHL8O4QuBW9YukwXg8DtXkzRNMT1tyIEza3dTc
UHihEeIcyYXlNUmGnvbYqpqED50chdlU+pTFxhSLrn3c4KNld21P9+bWVhNaXoqv
YoNRUeDHBih7MeYvt5XaJqHf62QW/iQZKpIQcUC37Q==
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:15:06 2024 by rpki-client on console-fra.rpki-client.org