Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/1-fVxYVA90ENf6TO5BN-RM0zVQDI.roa
File:                     1-fVxYVA90ENf6TO5BN-RM0zVQDI.roa (raw, json)
Hash identifier:          g7vc0EjqbHOCFrg4mOslwVR90hPyS10ox5oPFIZsjeM=
Subject key identifier:   F9:F5:71:61:50:3D:D0:43:5F:E9:33:B9:04:DF:91:33:4C:D5:40:32
Certificate issuer:       /CN=bf73a3f21a1944421b4ddba7ecbc8360cca5e6fc
Certificate serial:       018CC26D666A4629830AE86DB6344080088A
Authority key identifier: BF:73:A3:F2:1A:19:44:42:1B:4D:DB:A7:EC:BC:83:60:CC:A5:E6:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v3Oj8hoZREIbTdun7LyDYMyl5vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/1-fVxYVA90ENf6TO5BN-RM0zVQDI.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47581
IP address blocks:        185.146.127.0/24 maxlen: 24
                          212.58.157.0/24 maxlen: 24
                          212.58.159.0/24 maxlen: 24
                          212.58.158.0/24 maxlen: 24
                          2a07:7b80:106::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/v3Oj8hoZREIbTdun7LyDYMyl5vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/v3Oj8hoZREIbTdun7LyDYMyl5vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v3Oj8hoZREIbTdun7LyDYMyl5vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:66:6a:46:29:83:0a:e8:6d:b6:34:40:80:08:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf73a3f21a1944421b4ddba7ecbc8360cca5e6fc
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9f57161503dd0435fe933b904df91334cd54032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:53:ca:68:da:10:b5:0f:c6:39:db:7f:f6:22:
                    aa:7e:5d:12:3d:5d:6a:0a:a7:93:c7:e5:5b:41:87:
                    2a:65:21:3e:48:38:d5:2c:ed:95:77:1a:c9:eb:3b:
                    b1:71:80:71:c7:e3:b4:f5:39:a5:12:58:0b:03:70:
                    8f:b8:2d:31:cd:44:77:4b:57:31:11:b4:b1:cd:8b:
                    f2:bd:4a:12:21:1f:6d:c0:3d:7b:2a:17:53:b9:78:
                    c0:79:c1:1c:80:0c:d0:af:52:f1:72:e7:63:ef:57:
                    b3:3b:ec:a5:65:b8:74:52:c5:77:5d:f4:73:c7:e5:
                    35:97:1f:68:68:ac:91:27:76:93:cd:f9:fc:e2:1a:
                    4c:b3:0c:6d:39:65:5c:bc:cb:64:dd:a7:9e:8d:ef:
                    7f:89:8f:e0:b0:e6:cc:6d:fe:48:5f:82:da:83:5c:
                    e8:2d:a5:79:d4:6d:42:48:24:8a:ec:0e:8e:19:ed:
                    4c:fc:3a:59:53:28:b2:fd:a7:72:a0:a8:a2:e2:85:
                    ac:07:93:68:48:de:15:8a:85:bf:88:3c:18:02:d3:
                    4d:0d:bf:8b:61:e4:c7:a2:3f:c7:55:6b:b8:17:00:
                    96:18:d7:c2:41:3c:28:cd:29:88:e7:71:45:68:e4:
                    97:fd:bd:99:c3:1f:1c:98:f0:2d:0a:01:39:3b:06:
                    6c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F5:71:61:50:3D:D0:43:5F:E9:33:B9:04:DF:91:33:4C:D5:40:32
            X509v3 Authority Key Identifier:
                keyid:BF:73:A3:F2:1A:19:44:42:1B:4D:DB:A7:EC:BC:83:60:CC:A5:E6:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v3Oj8hoZREIbTdun7LyDYMyl5vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/1-fVxYVA90ENf6TO5BN-RM0zVQDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/v3Oj8hoZREIbTdun7LyDYMyl5vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.127.0/24
                  212.58.157.0-212.58.159.255
                IPv6:
                  2a07:7b80:106::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:f0:a3:37:6a:11:17:90:c9:f9:bb:3e:8c:36:10:14:3c:d0:
         59:77:e5:59:0c:37:62:41:fa:8f:8e:a8:b4:ca:d3:29:87:d1:
         0e:19:9c:03:f0:6b:5e:bb:39:14:6f:b2:4d:cb:1b:05:82:2e:
         20:f0:77:65:fd:35:fe:31:55:30:d1:15:28:f6:a6:5e:ee:d3:
         53:d2:c8:02:c5:9f:56:e1:8c:d2:71:ab:22:a7:f6:94:50:72:
         07:21:19:dc:13:0d:77:76:ac:f7:3b:e9:79:1f:cf:8d:d0:d7:
         b7:7c:08:af:dc:03:d4:ba:0c:2e:7e:ed:16:b2:23:51:36:04:
         67:8c:74:54:53:c6:49:28:08:fc:2f:84:dc:0f:e8:7b:23:1c:
         dd:05:69:61:0d:73:93:bf:9a:95:6c:b1:72:b3:ad:34:bb:28:
         69:da:3b:09:aa:04:41:45:44:da:13:bc:a1:28:19:55:c2:72:
         38:27:84:22:07:75:7a:d7:3a:8d:fb:fa:a9:75:99:7c:ef:77:
         04:fc:4a:f1:1a:98:76:50:fd:d8:29:34:f6:69:43:3d:82:e0:
         d6:e8:3e:eb:df:24:8d:95:2b:4e:4d:48:52:07:62:a9:da:72:
         e5:13:fa:a5:dc:9e:43:70:6c:ec:44:e2:bc:65:3b:88:ee:61:
         c3:25:d5:3d
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzCbWZqRimDCuhttjRAgAiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNzNhM2YyMWExOTQ0NDIxYjRkZGJhN2VjYmM4MzYwY2Nh
NWU2ZmMwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWY1NzE2MTUwM2RkMDQzNWZlOTMzYjkwNGRmOTEzMzRjZDU0MDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklPKaNoQtQ/GOdt/9iKqfl0SPV1q
CqeTx+VbQYcqZSE+SDjVLO2VdxrJ6zuxcYBxx+O09TmlElgLA3CPuC0xzUR3S1cx
EbSxzYvyvUoSIR9twD17KhdTuXjAecEcgAzQr1Lxcudj71ezO+ylZbh0UsV3XfRz
x+U1lx9oaKyRJ3aTzfn84hpMswxtOWVcvMtk3aeeje9/iY/gsObMbf5IX4Lag1zo
LaV51G1CSCSK7A6OGe1M/DpZUyiy/adyoKii4oWsB5NoSN4VioW/iDwYAtNNDb+L
YeTHoj/HVWu4FwCWGNfCQTwozSmI53FFaOSX/b2Zwx8cmPAtCgE5OwZsnwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFPn1cWFQPdBDX+kzuQTfkTNM1UAyMB8GA1UdIwQY
MBaAFL9zo/IaGURCG03bp+y8g2DMpeb8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjNPajhob1pSRUliVGR1bjdMeURZTXlsNXZ3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS80MDA2ODYtOGM3NS00MmQwLThiZDEt
MDAwNDQ3NTdmZThhLzEvMS1mVnhZVkE5MEVOZjZUTzVCTi1STTB6VlFESS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzEvNDAwNjg2LThjNzUtNDJkMC04YmQxLTAwMDQ0NzU3ZmU4
YS8xL3YzT2o4aG9aUkVJYlRkdW43THlEWU15bDV2dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA+BggrBgEFBQcBBwEB/wQvMC0wGgQCAAEwFAMEALmSfzAM
AwQA1DqdAwQF1DqAMA8EAgACMAkDBwAqB3uAAQYwDQYJKoZIhvcNAQELBQADggEB
AIvwozdqEReQyfm7Pow2EBQ80Fl35VkMN2JB+o+OqLTK0ymH0Q4ZnAPwa167ORRv
sk3LGwWCLiDwd2X9Nf4xVTDRFSj2pl7u01PSyALFn1bhjNJxqyKn9pRQcgchGdwT
DXd2rPc76Xkfz43Q17d8CK/cA9S6DC5+7RayI1E2BGeMdFRTxkkoCPwvhNwP6Hsj
HN0FaWENc5O/mpVssXKzrTS7KGnaOwmqBEFFRNoTvKEoGVXCcjgnhCIHdXrXOo37
+ql1mXzvdwT8SvEamHZQ/dgpNPZpQz2C4NboPuvfJI2VK05NSFIHYqnacuUT+qXc
nkNwbOxE4rxlO4juYcMl1T0=
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:07:57 2024 by rpki-client on console-ams.rpki-client.org