Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/pmsv-rMV2DGwQu_vRfVouwc6fjo.roa
File:                     pmsv-rMV2DGwQu_vRfVouwc6fjo.roa (raw, json)
Hash identifier:          CEdic76nmuR8YEeVXSjwzunjNGfLWm4CFGnQJYq52/8=
Subject key identifier:   A6:6B:2F:FA:B3:15:D8:31:B0:42:EF:EF:45:F5:68:BB:07:3A:7E:3A
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       018D79B499CDF57F67AAFF31F5B24909F148
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/pmsv-rMV2DGwQu_vRfVouwc6fjo.roa
Signing time:             Mon 05 Feb 2024 14:38:15 +0000
ROA not before:           Mon 05 Feb 2024 14:38:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47583
IP address blocks:        89.116.101.0/24 maxlen: 24
                          89.116.104.0/24 maxlen: 24
                          89.116.105.0/24 maxlen: 24
                          89.116.109.0/24 maxlen: 24
                          89.116.110.0/24 maxlen: 24
                          89.116.111.0/24 maxlen: 24
                          89.116.114.0/24 maxlen: 24
                          89.116.120.0/24 maxlen: 24
                          89.116.121.0/24 maxlen: 24
                          89.116.122.0/24 maxlen: 24
                          89.116.133.0/24 maxlen: 24
                          89.116.134.0/24 maxlen: 24
                          89.116.136.0/24 maxlen: 24
                          89.116.138.0/24 maxlen: 24
                          89.116.139.0/24 maxlen: 24
                          89.116.152.0/24 maxlen: 24
                          89.116.157.0/24 maxlen: 24
                          89.116.159.0/24 maxlen: 24
                          89.116.167.0/24 maxlen: 24
                          89.116.170.0/24 maxlen: 24
                          89.116.187.0/24 maxlen: 24
                          89.116.188.0/24 maxlen: 24
                          89.116.191.0/24 maxlen: 24
                          89.116.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:79:b4:99:cd:f5:7f:67:aa:ff:31:f5:b2:49:09:f1:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Feb  5 14:38:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a66b2ffab315d831b042efef45f568bb073a7e3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:54:3e:31:b0:ae:64:d2:d6:ff:38:4b:af:88:
                    df:6d:65:28:12:b8:57:93:53:78:8b:00:6c:9c:0a:
                    09:99:14:55:58:a9:53:0d:96:a9:92:e3:5c:99:e8:
                    d4:1d:76:09:bf:f7:7c:cf:94:95:fb:18:b8:a3:20:
                    d5:6b:9d:6c:9a:03:8f:b5:8b:eb:13:3a:1f:65:93:
                    60:3d:e0:2e:0a:94:55:8f:c9:cc:1d:9d:6a:f7:d3:
                    d4:b8:55:9a:4f:d2:d3:2e:a8:f9:7e:a4:d5:63:8c:
                    c9:52:26:51:25:82:cd:56:6b:76:e0:3d:9e:29:8d:
                    ee:37:5d:18:8c:ab:06:64:26:cc:88:49:cc:e5:70:
                    e8:2c:7b:c0:65:30:06:cd:4e:df:9b:1c:5b:e3:b0:
                    f7:aa:05:ae:42:f9:33:56:6a:00:e0:ce:50:85:fb:
                    a9:c2:c6:67:1a:4c:bc:f0:3f:67:dc:e0:f6:7c:54:
                    14:48:0c:aa:42:0a:57:17:b2:78:dc:23:d1:90:98:
                    ab:a4:12:be:f6:29:5c:c1:e6:ca:0c:99:4b:b8:fc:
                    46:6d:89:34:86:7f:7e:18:f9:ca:57:d3:ea:26:e2:
                    ca:39:ed:3f:75:ab:d0:c8:98:75:25:ba:cb:25:cd:
                    18:ba:81:4f:9e:49:dd:f9:9a:a2:fd:9b:09:4b:ca:
                    58:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:6B:2F:FA:B3:15:D8:31:B0:42:EF:EF:45:F5:68:BB:07:3A:7E:3A
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/pmsv-rMV2DGwQu_vRfVouwc6fjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.101.0/24
                  89.116.104.0/23
                  89.116.109.0-89.116.111.255
                  89.116.114.0/24
                  89.116.120.0-89.116.122.255
                  89.116.133.0-89.116.134.255
                  89.116.136.0/24
                  89.116.138.0/23
                  89.116.152.0/24
                  89.116.157.0/24
                  89.116.159.0/24
                  89.116.167.0/24
                  89.116.170.0/24
                  89.116.187.0-89.116.188.255
                  89.116.191.0-89.116.192.255

    Signature Algorithm: sha256WithRSAEncryption
         76:68:c9:04:72:06:3e:8d:8d:06:e6:5a:1b:32:59:41:8c:2a:
         45:a4:3a:47:db:0d:1c:2f:88:4f:16:44:e4:77:f7:90:2d:e4:
         90:20:47:1f:3f:09:d9:90:d6:46:95:1a:06:e4:02:41:10:f6:
         87:7f:0a:e1:62:ca:2f:cb:c6:9e:44:f6:ce:5b:49:27:1d:a2:
         cf:c7:11:4b:68:fd:42:3e:f0:9d:31:f9:41:54:2e:2e:3d:87:
         a3:b9:f8:a4:2b:07:53:15:54:f7:db:f8:86:7e:81:03:96:ea:
         2f:68:46:d7:e1:7a:e4:f8:53:bd:9e:8b:8f:79:9c:83:9f:8a:
         57:69:05:61:4e:91:86:7e:33:02:6d:ae:b1:7f:c3:31:34:a0:
         d9:3d:42:f4:a5:e1:c9:b3:cc:02:4e:82:65:d2:50:f9:4d:4f:
         fc:2a:86:d1:44:75:ac:c0:51:1c:78:8c:2a:b7:94:30:3b:6e:
         e3:51:1f:78:87:e1:cd:7f:07:53:ac:93:2b:2b:2b:21:89:2e:
         72:f5:80:99:ad:4c:b2:4e:8f:b5:95:a8:49:98:96:9b:22:9e:
         a8:40:32:36:b1:d5:97:50:84:5e:87:29:94:0f:65:46:e5:3f:
         8c:7f:b6:29:08:c4:19:cf:6b:67:79:75:a6:f7:50:7c:a9:d4:
         27:ab:0f:2e
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAY15tJnN9X9nqv8x9bJJCfFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwMjA1MTQzODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjZiMmZmYWIzMTVkODMxYjA0MmVmZWY0NWY1NjhiYjA3M2E3ZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFQ+MbCuZNLW/zhLr4jfbWUoErhX
k1N4iwBsnAoJmRRVWKlTDZapkuNcmejUHXYJv/d8z5SV+xi4oyDVa51smgOPtYvr
EzofZZNgPeAuCpRVj8nMHZ1q99PUuFWaT9LTLqj5fqTVY4zJUiZRJYLNVmt24D2e
KY3uN10YjKsGZCbMiEnM5XDoLHvAZTAGzU7fmxxb47D3qgWuQvkzVmoA4M5Qhfup
wsZnGky88D9n3OD2fFQUSAyqQgpXF7J43CPRkJirpBK+9ilcwebKDJlLuPxGbYk0
hn9+GPnKV9PqJuLKOe0/davQyJh1JbrLJc0YuoFPnknd+Zqi/ZsJS8pY5QIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFKZrL/qzFdgxsELv70X1aLsHOn46MB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvcG1zdi1yTVYyREd3UXVfdlJmVm91d2M2ZmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGfBggrBgEFBQcBBwEB/wSBjzCBjDCBiQQCAAEwgYIDBABZ
dGUDBAFZdGgwDAMEAFl0bQMEBFl0YAMEAFl0cjAMAwQDWXR4AwQAWXR6MAwDBABZ
dIUDBABZdIYDBABZdIgDBAFZdIoDBABZdJgDBABZdJ0DBABZdJ8DBABZdKcDBABZ
dKowDAMEAFl0uwMEAFl0vDAMAwQAWXS/AwQAWXTAMA0GCSqGSIb3DQEBCwUAA4IB
AQB2aMkEcgY+jY0G5lobMllBjCpFpDpH2w0cL4hPFkTkd/eQLeSQIEcfPwnZkNZG
lRoG5AJBEPaHfwrhYsovy8aeRPbOW0knHaLPxxFLaP1CPvCdMflBVC4uPYejufik
KwdTFVT32/iGfoEDluovaEbX4Xrk+FO9nouPeZyDn4pXaQVhTpGGfjMCba6xf8Mx
NKDZPUL0peHJs8wCToJl0lD5TU/8KobRRHWswFEceIwqt5QwO27jUR94h+HNfwdT
rJMrKyshiS5y9YCZrUyyTo+1lahJmJabIp6oQDI2sdWXUIRehymUD2VG5T+Mf7Yp
CMQZz2tneXWm91B8qdQnqw8u
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:51:32 2024 by rpki-client on console-ams.rpki-client.org