Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/08973f-fb6a-41e5-8720-fb4cf137c1e9/1/dVOST6O78KqzBnGjM-NS0hfiJXw.roa
File:                     dVOST6O78KqzBnGjM-NS0hfiJXw.roa (raw, json)
Hash identifier:          /T/OjMqxk41z+ZqWRGzZDhWGnahYhgVZvfs02azLeZY=
Subject key identifier:   75:53:92:4F:A3:BB:F0:AA:B3:06:71:A3:33:E3:52:D2:17:E2:25:7C
Certificate issuer:       /CN=b2f27953ad4690c068fb40f9f356003379bb63f8
Certificate serial:       018CC56EB529997E4BD1A02256B3DE8E8731
Authority key identifier: B2:F2:79:53:AD:46:90:C0:68:FB:40:F9:F3:56:00:33:79:BB:63:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/svJ5U61GkMBo-0D581YAM3m7Y_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/08973f-fb6a-41e5-8720-fb4cf137c1e9/1/dVOST6O78KqzBnGjM-NS0hfiJXw.roa
Signing time:             Mon 01 Jan 2024 14:30:16 +0000
ROA not before:           Mon 01 Jan 2024 14:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9085
IP address blocks:        212.180.128.0/17 maxlen: 17
                          185.53.124.0/22 maxlen: 22
                          212.75.96.0/19 maxlen: 19
                          2001:4c30::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/08973f-fb6a-41e5-8720-fb4cf137c1e9/1/svJ5U61GkMBo-0D581YAM3m7Y_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/08973f-fb6a-41e5-8720-fb4cf137c1e9/1/svJ5U61GkMBo-0D581YAM3m7Y_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/svJ5U61GkMBo-0D581YAM3m7Y_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b5:29:99:7e:4b:d1:a0:22:56:b3:de:8e:87:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2f27953ad4690c068fb40f9f356003379bb63f8
        Validity
            Not Before: Jan  1 14:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7553924fa3bbf0aab30671a333e352d217e2257c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:86:bb:9c:c5:76:38:ec:25:14:2c:07:e9:6b:
                    ee:25:63:24:66:57:0a:59:95:8d:39:be:97:18:1d:
                    c9:6a:ff:dc:45:a4:37:49:d3:ee:95:16:73:3f:e5:
                    44:13:e4:16:0e:7d:a5:aa:19:12:eb:e4:f4:4c:2b:
                    53:4a:41:04:81:62:0f:2e:9f:9a:eb:f7:a1:56:ee:
                    79:7b:71:46:43:8c:24:10:ab:f1:49:b3:ba:8b:d4:
                    01:ca:0f:62:3b:ca:f9:ba:1f:ce:76:2d:f8:f8:07:
                    07:82:77:3a:ec:dd:8b:62:a9:66:1e:95:14:8b:62:
                    cb:81:b5:49:e9:b4:90:86:88:58:46:e7:01:67:8d:
                    9a:f6:35:8d:08:26:3c:27:1e:2f:36:11:2c:1c:0d:
                    a7:e9:ad:eb:ff:dd:cc:6a:5f:66:05:8c:eb:13:a4:
                    2c:29:95:42:c3:76:f6:7c:2b:81:22:1d:9a:d8:4f:
                    79:d0:ca:26:b7:b9:fa:f0:ae:d2:bd:8b:b6:4d:10:
                    96:fb:e4:ad:ed:6d:22:a9:67:04:e7:89:ee:11:63:
                    9f:63:e0:ed:91:d4:73:92:b6:89:53:ae:91:ac:65:
                    b4:71:6c:ce:fd:de:f2:70:cb:db:28:bb:6f:a1:1f:
                    e0:01:23:cd:eb:f4:9e:42:39:5e:ff:63:82:b6:10:
                    bf:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:53:92:4F:A3:BB:F0:AA:B3:06:71:A3:33:E3:52:D2:17:E2:25:7C
            X509v3 Authority Key Identifier:
                keyid:B2:F2:79:53:AD:46:90:C0:68:FB:40:F9:F3:56:00:33:79:BB:63:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/svJ5U61GkMBo-0D581YAM3m7Y_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/08973f-fb6a-41e5-8720-fb4cf137c1e9/1/dVOST6O78KqzBnGjM-NS0hfiJXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/08973f-fb6a-41e5-8720-fb4cf137c1e9/1/svJ5U61GkMBo-0D581YAM3m7Y_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.124.0/22
                  212.75.96.0/19
                  212.180.128.0/17
                IPv6:
                  2001:4c30::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:6e:a6:d2:2d:76:34:d3:e7:bb:e3:c0:f2:b6:8b:d5:25:dd:
         ce:39:a7:80:e0:6b:0d:2c:b8:cd:c3:fe:6b:26:98:19:33:dc:
         4d:a2:16:96:75:ee:66:39:b2:d1:04:16:a8:98:5d:96:2f:04:
         b5:85:85:04:f7:46:72:62:f8:83:90:ea:63:55:9f:c8:21:08:
         b5:d3:5e:0b:6a:67:f4:8b:82:98:98:fa:06:2a:6b:90:55:1a:
         fd:f5:46:b0:63:3d:27:0e:3c:5d:73:1a:7f:4e:6b:14:d0:63:
         8c:8e:c5:01:2b:f3:ab:63:bc:9f:62:76:87:fe:b2:93:d7:d7:
         f4:6a:69:55:32:3e:e0:6d:b5:00:0c:5a:29:59:af:06:a4:c8:
         87:96:14:11:aa:d7:38:17:63:77:ae:59:5f:ef:50:65:1f:c6:
         ab:9f:4b:a6:22:9f:7c:6b:de:96:0b:b3:8a:34:7e:31:b3:4b:
         50:07:3f:6b:f9:d5:9c:f8:99:52:2a:0b:01:6c:15:8f:de:2d:
         31:a7:49:9b:3a:0e:1f:81:0c:ca:5e:77:38:c8:3d:eb:29:10:
         64:e9:5e:23:da:40:77:39:37:37:36:98:c8:d1:c9:b6:11:b2:
         d8:fb:a8:c0:f7:81:77:8a:d4:e3:f6:c1:d5:97:ed:6b:bd:c4:
         ba:4e:d4:a9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzFbrUpmX5L0aAiVrPejocxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZjI3OTUzYWQ0NjkwYzA2OGZiNDBmOWYzNTYwMDMzNzli
YjYzZjgwHhcNMjQwMTAxMTQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTUzOTI0ZmEzYmJmMGFhYjMwNjcxYTMzM2UzNTJkMjE3ZTIyNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYa7nMV2OOwlFCwH6WvuJWMkZlcK
WZWNOb6XGB3Jav/cRaQ3SdPulRZzP+VEE+QWDn2lqhkS6+T0TCtTSkEEgWIPLp+a
6/ehVu55e3FGQ4wkEKvxSbO6i9QByg9iO8r5uh/Odi34+AcHgnc67N2LYqlmHpUU
i2LLgbVJ6bSQhohYRucBZ42a9jWNCCY8Jx4vNhEsHA2n6a3r/93Mal9mBYzrE6Qs
KZVCw3b2fCuBIh2a2E950Momt7n68K7SvYu2TRCW++St7W0iqWcE54nuEWOfY+Dt
kdRzkraJU66RrGW0cWzO/d7ycMvbKLtvoR/gASPN6/SeQjle/2OCthC/3QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHVTkk+ju/CqswZxozPjUtIX4iV8MB8GA1UdIwQY
MBaAFLLyeVOtRpDAaPtA+fNWADN5u2P4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3ZKNVU2MUdrTUJvLTBENTgxWUFNM203WV9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8wODk3M2YtZmI2YS00MWU1LTg3MjAt
ZmI0Y2YxMzdjMWU5LzEvZFZPU1Q2Tzc4S3F6Qm5Hak0tTlMwaGZpSlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8wODk3M2YtZmI2YS00MWU1LTg3MjAtZmI0Y2YxMzdjMWU5
LzEvc3ZKNVU2MUdrTUJvLTBENTgxWUFNM203WV9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuTV8AwQF
1EtgAwQH1LSAMA0EAgACMAcDBQAgAUwwMA0GCSqGSIb3DQEBCwUAA4IBAQATbqbS
LXY00+e748DytovVJd3OOaeA4GsNLLjNw/5rJpgZM9xNohaWde5mObLRBBaomF2W
LwS1hYUE90ZyYviDkOpjVZ/IIQi1014Lamf0i4KYmPoGKmuQVRr99UawYz0nDjxd
cxp/TmsU0GOMjsUBK/OrY7yfYnaH/rKT19f0amlVMj7gbbUADFopWa8GpMiHlhQR
qtc4F2N3rllf71BlH8arn0umIp98a96WC7OKNH4xs0tQBz9r+dWc+JlSKgsBbBWP
3i0xp0mbOg4fgQzKXnc4yD3rKRBk6V4j2kB3OTc3NpjI0cm2EbLY+6jA94F3itTj
9sHVl+1rvcS6TtSp
-----END CERTIFICATE-----
Generated at Sat Nov 23 16:19:06 2024 by rpki-client on console-fra.rpki-client.org