Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/doBXpltMaoRTppeWzm4KuRvg7es.roa
File:                     doBXpltMaoRTppeWzm4KuRvg7es.roa (raw, json)
Hash identifier:          MEjJCkK0GOc1u3cf63jkYQ9N7sG5d2ctX6OctWAO2oA=
Subject key identifier:   76:80:57:A6:5B:4C:6A:84:53:A6:97:96:CE:6E:0A:B9:1B:E0:ED:EB
Certificate issuer:       /CN=ac1f721b7b7e6d049fbfe520e1ca89c1ca256813
Certificate serial:       0190BA742DDDF876F6ABF567E14098DB834E
Authority key identifier: AC:1F:72:1B:7B:7E:6D:04:9F:BF:E5:20:E1:CA:89:C1:CA:25:68:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rB9yG3t-bQSfv-Ug4cqJwcolaBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/doBXpltMaoRTppeWzm4KuRvg7es.roa
Signing time:             Tue 16 Jul 2024 07:31:34 +0000
ROA not before:           Tue 16 Jul 2024 07:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39401
IP address blocks:        85.217.224.0/20 maxlen: 24
                          85.217.224.0/24 maxlen: 24
                          85.217.225.0/24 maxlen: 24
                          85.217.226.0/24 maxlen: 24
                          85.217.227.0/24 maxlen: 24
                          85.217.228.0/24 maxlen: 24
                          85.217.229.0/24 maxlen: 24
                          85.217.230.0/24 maxlen: 24
                          85.217.231.0/24 maxlen: 24
                          85.217.232.0/24 maxlen: 24
                          85.217.233.0/24 maxlen: 24
                          85.217.234.0/24 maxlen: 24
                          85.217.235.0/24 maxlen: 24
                          85.217.236.0/24 maxlen: 24
                          85.217.237.0/24 maxlen: 24
                          85.217.240.0/22 maxlen: 24
                          85.217.240.0/24 maxlen: 24
                          85.217.241.0/24 maxlen: 24
                          85.217.242.0/24 maxlen: 24
                          85.217.243.0/24 maxlen: 24
                          85.217.244.0/23 maxlen: 24
                          85.217.244.0/24 maxlen: 24
                          85.217.245.0/24 maxlen: 24
                          85.217.246.0/24 maxlen: 24
                          85.217.247.0/24 maxlen: 24
                          85.217.248.0/23 maxlen: 23
                          85.217.248.0/24 maxlen: 24
                          85.217.249.0/24 maxlen: 24
                          85.217.250.0/23 maxlen: 23
                          85.217.250.0/24 maxlen: 24
                          85.217.251.0/24 maxlen: 24
                          85.217.252.0/23 maxlen: 23
                          85.217.252.0/24 maxlen: 24
                          85.217.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/rB9yG3t-bQSfv-Ug4cqJwcolaBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/rB9yG3t-bQSfv-Ug4cqJwcolaBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rB9yG3t-bQSfv-Ug4cqJwcolaBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ba:74:2d:dd:f8:76:f6:ab:f5:67:e1:40:98:db:83:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac1f721b7b7e6d049fbfe520e1ca89c1ca256813
        Validity
            Not Before: Jul 16 07:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=768057a65b4c6a8453a69796ce6e0ab91be0edeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6e:d0:9d:43:4f:62:fd:22:60:55:b0:ce:76:
                    6a:3a:57:39:a7:a4:eb:b1:f9:9c:d7:1a:59:0c:5e:
                    02:d5:df:22:93:63:79:72:75:0d:e1:91:05:72:24:
                    d4:b0:08:d1:27:cc:3d:cd:36:9d:85:8f:03:ec:d0:
                    05:fb:94:75:1b:e4:e6:0c:0d:0d:fc:68:51:7b:cf:
                    c2:05:72:7b:7e:61:e6:77:a2:2b:8c:7a:7a:99:b0:
                    8f:89:ac:75:1f:ba:cc:5e:e2:93:b9:e5:0a:fa:8b:
                    1d:1c:d0:45:1d:d3:27:b3:13:c0:d3:03:95:b4:ae:
                    e3:40:53:d8:b5:2c:95:78:b1:22:bf:fc:c1:90:a9:
                    5c:93:2d:5a:78:64:c5:ea:fb:fe:bd:5b:cf:77:98:
                    b5:8d:c0:44:e9:82:e5:8c:f7:e2:44:a7:66:ec:77:
                    00:03:4e:95:d9:dd:58:9e:b8:5c:7a:2f:27:33:44:
                    27:39:81:8f:f9:68:eb:48:30:bb:3d:78:c2:ae:ce:
                    66:e8:02:f8:70:4e:fa:99:21:6b:32:38:1a:63:03:
                    e7:f9:f8:23:3f:7e:24:81:57:e1:1b:86:92:f7:0b:
                    81:f8:73:a3:af:6d:12:87:df:a4:af:3a:10:e0:bc:
                    83:0f:4c:60:d7:45:af:6c:3f:74:f0:1e:4c:6d:5d:
                    92:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:80:57:A6:5B:4C:6A:84:53:A6:97:96:CE:6E:0A:B9:1B:E0:ED:EB
            X509v3 Authority Key Identifier:
                keyid:AC:1F:72:1B:7B:7E:6D:04:9F:BF:E5:20:E1:CA:89:C1:CA:25:68:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rB9yG3t-bQSfv-Ug4cqJwcolaBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/doBXpltMaoRTppeWzm4KuRvg7es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/56d267-1c43-47c8-afb2-64d29c86bf3e/1/rB9yG3t-bQSfv-Ug4cqJwcolaBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.217.224.0-85.217.253.255

    Signature Algorithm: sha256WithRSAEncryption
         42:f7:4a:0f:03:4c:29:27:95:77:36:ed:2c:8e:9b:3f:4d:5c:
         03:9c:4a:13:16:1f:41:9d:e1:80:17:e6:08:52:d0:00:57:2f:
         d1:f6:8e:83:94:dd:91:ae:93:13:99:24:37:a0:2f:93:80:46:
         18:99:59:54:20:e7:60:ee:10:bb:8c:99:64:99:2e:e0:4d:5e:
         70:53:25:a8:65:b6:86:e8:dc:a7:58:a3:52:57:71:dc:d8:57:
         f2:f8:82:d4:dd:63:35:86:20:af:98:51:da:43:54:d3:47:bc:
         d1:4d:d3:94:ff:03:05:3f:c5:00:d8:5b:ce:5d:b0:c8:20:6f:
         64:86:7f:fa:89:a6:e4:9d:f6:62:cd:2f:8e:b6:2d:09:85:ad:
         7a:5e:33:1f:ef:88:1f:13:bf:9f:98:ae:d7:b9:b5:63:9e:f3:
         f1:2a:5d:e6:87:10:d6:4d:62:ab:5e:ed:b0:e3:0d:6e:fb:9c:
         6f:ce:b0:6a:e0:11:8b:d7:5d:d3:ae:1c:28:89:6f:c4:c9:c2:
         1a:d5:42:73:80:5e:c0:23:ba:ed:ac:11:e6:21:9b:cb:39:ee:
         b3:6f:a9:7a:99:78:72:06:4d:f7:46:fb:8b:77:3d:c2:d0:8d:
         2e:89:ce:30:69:9e:01:02:91:c6:a2:aa:61:37:b1:93:0d:8f:
         2c:dd:d0:5c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZC6dC3d+Hb2q/Vn4UCY24NOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMWY3MjFiN2I3ZTZkMDQ5ZmJmZTUyMGUxY2E4OWMxY2Ey
NTY4MTMwHhcNMjQwNzE2MDczMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjgwNTdhNjViNGM2YTg0NTNhNjk3OTZjZTZlMGFiOTFiZTBlZGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtW7QnUNPYv0iYFWwznZqOlc5p6Tr
sfmc1xpZDF4C1d8ik2N5cnUN4ZEFciTUsAjRJ8w9zTadhY8D7NAF+5R1G+TmDA0N
/GhRe8/CBXJ7fmHmd6IrjHp6mbCPiax1H7rMXuKTueUK+osdHNBFHdMnsxPA0wOV
tK7jQFPYtSyVeLEiv/zBkKlcky1aeGTF6vv+vVvPd5i1jcBE6YLljPfiRKdm7HcA
A06V2d1Ynrhcei8nM0QnOYGP+WjrSDC7PXjCrs5m6AL4cE76mSFrMjgaYwPn+fgj
P34kgVfhG4aS9wuB+HOjr20Sh9+krzoQ4LyDD0xg10WvbD908B5MbV2SqQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHaAV6ZbTGqEU6aXls5uCrkb4O3rMB8GA1UdIwQY
MBaAFKwfcht7fm0En7/lIOHKicHKJWgTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckI5eUczdC1iUVNmdi1VZzRjcUp3Y29sYUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC81NmQyNjctMWM0My00N2M4LWFmYjIt
NjRkMjljODZiZjNlLzEvZG9CWHBsdE1hb1JUcHBlV3ptNEt1UnZnN2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC81NmQyNjctMWM0My00N2M4LWFmYjItNjRkMjljODZiZjNl
LzEvckI5eUczdC1iUVNmdi1VZzRjcUp3Y29sYUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAVV2eAD
BAFV2fwwDQYJKoZIhvcNAQELBQADggEBAEL3Sg8DTCknlXc27SyOmz9NXAOcShMW
H0Gd4YAX5ghS0ABXL9H2joOU3ZGukxOZJDegL5OARhiZWVQg52DuELuMmWSZLuBN
XnBTJahltobo3KdYo1JXcdzYV/L4gtTdYzWGIK+YUdpDVNNHvNFN05T/AwU/xQDY
W85dsMggb2SGf/qJpuSd9mLNL462LQmFrXpeMx/viB8Tv5+Yrte5tWOe8/EqXeaH
ENZNYqte7bDjDW77nG/OsGrgEYvXXdOuHCiJb8TJwhrVQnOAXsAjuu2sEeYhm8s5
7rNvqXqZeHIGTfdG+4t3PcLQjS6JzjBpngECkcaiqmE3sZMNjyzd0Fw=
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:22:42 2024 by rpki-client on console-fra.rpki-client.org