Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/PBLkogbUTUw67OgQCkTPZ-3kTD8.roa
File:                     PBLkogbUTUw67OgQCkTPZ-3kTD8.roa (raw, json)
Hash identifier:          pdTngGpZHVRDwMcBUzFdFdjW4tMnCNx1MqgBqHY/iBs=
Subject key identifier:   3C:12:E4:A2:06:D4:4D:4C:3A:EC:E8:10:0A:44:CF:67:ED:E4:4C:3F
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FE785726C6FD2566F9209A764586E
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/PBLkogbUTUw67OgQCkTPZ-3kTD8.roa
Signing time:             Tue 02 Jan 2024 04:30:26 +0000
ROA not before:           Tue 02 Jan 2024 04:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9215
IP address blocks:        212.252.64.0/24 maxlen: 24
                          85.153.180.0/24 maxlen: 24
                          212.252.67.0/24 maxlen: 24
                          212.252.65.0/24 maxlen: 24
                          212.252.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:e7:85:72:6c:6f:d2:56:6f:92:09:a7:64:58:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c12e4a206d44d4c3aece8100a44cf67ede44c3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:82:5f:91:2d:86:5a:73:f4:60:a9:1f:75:dc:
                    46:c0:63:87:ce:b2:8c:2b:ce:e5:89:64:3e:f9:8a:
                    bb:9e:4a:9e:e9:41:84:3f:ca:05:0c:bd:68:15:b7:
                    52:97:80:49:0b:5c:85:c9:34:11:c3:b6:b0:41:24:
                    22:51:91:fa:e0:25:cd:60:02:89:9f:61:2d:50:de:
                    3a:5c:4d:7e:10:89:93:89:1d:4d:75:07:73:02:c1:
                    92:55:86:47:e5:c6:ef:2f:b7:af:3e:33:94:af:ed:
                    d6:74:0a:fe:09:a2:b5:0b:4f:3d:be:6b:25:8c:e0:
                    ec:12:05:9a:da:b1:16:27:5b:01:0f:c7:38:44:0a:
                    7f:b3:42:10:d1:fa:71:51:b0:11:e3:5e:02:71:dc:
                    1c:69:33:2c:06:48:b2:19:45:e7:42:df:bd:6d:b1:
                    92:b8:98:25:a3:3a:75:5c:2e:bc:13:2a:16:d8:f1:
                    51:e2:11:6e:35:2d:f4:bf:58:3c:3e:3e:ff:e9:f7:
                    4d:c3:44:8a:b8:0d:20:03:0a:58:a5:9a:6d:00:26:
                    51:98:32:ea:a8:57:5a:4b:21:96:34:4c:3b:6a:fd:
                    ca:e9:de:3f:98:6f:f2:03:51:1a:df:e4:2f:1d:45:
                    c2:e3:66:9c:3f:49:e5:64:46:c7:99:ca:bb:fa:60:
                    67:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:12:E4:A2:06:D4:4D:4C:3A:EC:E8:10:0A:44:CF:67:ED:E4:4C:3F
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/PBLkogbUTUw67OgQCkTPZ-3kTD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.180.0/24
                  212.252.64.0/23
                  212.252.67.0/24
                  212.252.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c9:bc:34:38:15:12:85:01:68:6a:aa:bd:bf:9a:f5:74:f9:
         e7:9d:9c:6f:b8:7a:3e:b9:da:4b:bf:a1:3d:59:91:93:aa:fc:
         7c:b2:55:89:e5:a3:a1:71:ea:38:3a:c2:44:38:32:30:70:4a:
         55:f5:18:30:25:ae:73:89:10:a2:c7:f9:3d:f3:ba:7f:1a:63:
         73:56:86:6a:32:b3:a9:b8:1c:d2:a8:74:17:7b:ab:0e:b0:ae:
         88:ff:90:54:89:34:53:58:8a:3c:32:54:ec:4e:eb:0e:70:4f:
         de:a7:d5:75:38:7d:f1:c5:bb:28:16:5c:1b:f4:e0:a7:2f:b5:
         3c:68:7c:8e:67:3e:bf:2d:28:60:a9:b1:1c:81:4d:b6:1c:70:
         4d:09:e7:8f:68:64:f3:6c:15:cb:dd:36:b1:2b:d4:3b:d3:31:
         2d:dd:aa:1a:0b:4c:5b:14:16:3f:ee:d8:41:82:a5:0b:2d:95:
         af:7d:cd:f2:95:af:0c:fb:cc:7a:73:3b:9c:da:1d:47:0e:ae:
         9f:6f:d7:66:e3:d3:ac:01:06:35:c4:8a:74:a3:ed:30:2b:b3:
         70:34:1c:47:08:1c:84:f1:4d:c5:e9:23:7b:5b:bd:c0:78:7a:
         8a:2a:de:8b:b3:24:76:f5:02:37:49:54:49:db:c0:d4:1a:94:
         ae:3f:b5:bd
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzIb+eFcmxv0lZvkgmnZFhuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzEyZTRhMjA2ZDQ0ZDRjM2FlY2U4MTAwYTQ0Y2Y2N2VkZTQ0YzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIJfkS2GWnP0YKkfddxGwGOHzrKM
K87liWQ++Yq7nkqe6UGEP8oFDL1oFbdSl4BJC1yFyTQRw7awQSQiUZH64CXNYAKJ
n2EtUN46XE1+EImTiR1NdQdzAsGSVYZH5cbvL7evPjOUr+3WdAr+CaK1C089vmsl
jODsEgWa2rEWJ1sBD8c4RAp/s0IQ0fpxUbAR414CcdwcaTMsBkiyGUXnQt+9bbGS
uJglozp1XC68EyoW2PFR4hFuNS30v1g8Pj7/6fdNw0SKuA0gAwpYpZptACZRmDLq
qFdaSyGWNEw7av3K6d4/mG/yA1Ea3+QvHUXC42acP0nlZEbHmcq7+mBn9QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDwS5KIG1E1MOuzoEApEz2ft5Ew/MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvUEJMa29nYlVUVXc2N09nUUNrVFBaLTNrVEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVZm0AwQB
1PxAAwQA1PxDAwQA1PxLMA0GCSqGSIb3DQEBCwUAA4IBAQAfybw0OBUShQFoaqq9
v5r1dPnnnZxvuHo+udpLv6E9WZGTqvx8slWJ5aOhceo4OsJEODIwcEpV9RgwJa5z
iRCix/k987p/GmNzVoZqMrOpuBzSqHQXe6sOsK6I/5BUiTRTWIo8MlTsTusOcE/e
p9V1OH3xxbsoFlwb9OCnL7U8aHyOZz6/LShgqbEcgU22HHBNCeePaGTzbBXL3Tax
K9Q70zEt3aoaC0xbFBY/7thBgqULLZWvfc3yla8M+8x6czuc2h1HDq6fb9dm49Os
AQY1xIp0o+0wK7NwNBxHCByE8U3F6SN7W73AeHqKKt6LsyR29QI3SVRJ28DUGpSu
P7W9
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:42:03 2024 by rpki-client on console-ams.rpki-client.org