Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/M9aRoldSPL80zu-Kaoagp2WP3ZQ.roa
File:                     M9aRoldSPL80zu-Kaoagp2WP3ZQ.roa (raw, json)
Hash identifier:          8fJuMkijRNl9SzEIDk8/AYrDLIsWhRWm1dwF7UBzYis=
Subject key identifier:   33:D6:91:A2:57:52:3C:BF:34:CE:EF:8A:6A:86:A0:A7:65:8F:DD:94
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       018CC80155531F598C36A81A192D2A62423B
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/M9aRoldSPL80zu-Kaoagp2WP3ZQ.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51964
IP address blocks:        57.92.0.0/15 maxlen: 24
                          57.199.0.0/16 maxlen: 24
                          57.7.0.0/16 maxlen: 24
                          57.76.0.0/14 maxlen: 32
                          57.98.0.0/16 maxlen: 24
                          57.66.0.0/15 maxlen: 32
                          57.194.0.0/15 maxlen: 24
                          57.205.0.0/16 maxlen: 24
                          57.96.0.0/15 maxlen: 24
                          57.80.0.0/14 maxlen: 32
                          57.70.0.0/16 maxlen: 32
                          57.86.0.0/15 maxlen: 32
                          57.100.0.0/16 maxlen: 24
                          57.68.0.0/15 maxlen: 32
                          57.207.0.0/16 maxlen: 24
                          57.74.0.0/16 maxlen: 32
                          57.90.0.0/16 maxlen: 32
                          57.202.0.0/15 maxlen: 24
                          57.197.0.0/16 maxlen: 24
                          57.21.0.0/16 maxlen: 24
                          57.208.0.0/12 maxlen: 24
                          57.200.0.0/16 maxlen: 24
                          57.72.0.0/15 maxlen: 32
                          57.35.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:55:53:1f:59:8c:36:a8:1a:19:2d:2a:62:42:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33d691a257523cbf34ceef8a6a86a0a7658fdd94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ea:79:4b:b9:4e:f3:51:cf:20:91:ab:9e:c3:
                    93:7b:c9:b5:4d:af:78:23:ca:a9:f5:48:f4:a9:12:
                    f1:6f:ea:1d:09:d9:fd:f1:be:f9:82:f5:ba:21:91:
                    3e:e5:65:c8:cc:6a:c0:e7:d7:48:f1:db:ed:8a:8f:
                    08:4c:56:91:05:a9:61:f5:e2:ff:ae:72:0c:5d:b7:
                    1a:e8:8f:12:2c:12:2e:c8:05:ac:99:2c:00:93:54:
                    70:d3:e1:f8:50:5d:43:20:95:1d:44:a2:a2:b1:2a:
                    0a:8d:73:db:21:81:cb:32:36:15:2c:7d:32:aa:8f:
                    fd:ed:c0:a0:13:2f:b6:bc:3d:fe:9d:33:cf:94:4f:
                    7a:59:73:c0:aa:32:b0:65:87:20:7b:69:d3:86:93:
                    27:4e:a2:dd:5f:d8:fb:51:8e:ef:85:b0:53:3f:3e:
                    36:2d:28:4c:ac:eb:11:be:e9:b5:41:1a:9c:bc:a6:
                    f9:98:e5:fc:2e:08:20:cd:dc:ac:20:67:f2:cf:03:
                    b6:d7:46:9f:c6:24:6f:94:30:2d:78:7f:22:d5:1c:
                    77:1c:da:bf:64:47:7d:26:7f:e1:9e:65:a0:40:7b:
                    72:14:09:9c:e9:8e:6f:1e:54:48:c0:83:91:5e:66:
                    90:d5:5c:3d:92:16:24:63:30:eb:d5:c4:69:ee:59:
                    6d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:D6:91:A2:57:52:3C:BF:34:CE:EF:8A:6A:86:A0:A7:65:8F:DD:94
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/M9aRoldSPL80zu-Kaoagp2WP3ZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.7.0.0/16
                  57.21.0.0/16
                  57.35.0.0/16
                  57.66.0.0-57.70.255.255
                  57.72.0.0-57.74.255.255
                  57.76.0.0-57.83.255.255
                  57.86.0.0/15
                  57.90.0.0/16
                  57.92.0.0/15
                  57.96.0.0-57.98.255.255
                  57.100.0.0/16
                  57.194.0.0/15
                  57.197.0.0/16
                  57.199.0.0-57.200.255.255
                  57.202.0.0/15
                  57.205.0.0/16
                  57.207.0.0-57.223.255.255

    Signature Algorithm: sha256WithRSAEncryption
         66:33:43:db:b6:e6:f1:b3:02:5f:f9:2e:c1:61:a3:72:e3:46:
         b2:92:0a:1b:f6:49:f5:04:08:86:75:70:96:6e:b0:9a:47:15:
         6f:4a:bc:b3:a5:9d:2f:f9:36:d7:1e:50:8b:44:f1:b1:7f:7e:
         f6:5d:51:f0:c6:7f:d0:ac:fd:4d:c6:5a:89:1e:8c:2a:09:f8:
         68:83:2d:2a:fb:36:a4:f1:f1:f2:f4:83:c8:2d:a0:f6:d7:20:
         75:94:17:15:7a:b8:d0:10:00:78:ec:6b:9f:33:35:43:c6:62:
         b1:d6:47:b0:f1:68:32:9c:d7:af:e9:c9:4a:34:a9:d0:7b:43:
         d6:5c:ff:68:70:c3:f8:a5:cf:11:d0:ba:4e:fe:1a:91:d1:d1:
         43:57:84:39:87:8b:7d:d7:0c:13:05:99:9a:15:a9:f1:a4:be:
         d5:99:ba:f3:85:f6:75:6e:ce:19:04:c5:64:a5:23:d0:34:25:
         a9:b5:0f:a3:18:15:05:d0:db:cc:9e:1e:10:f0:ac:44:57:75:
         d2:9f:a7:ee:a9:3e:75:d4:41:dd:08:69:a1:ba:d9:96:bf:f1:
         a0:7b:d3:07:14:77:49:77:7c:5f:ec:40:9c:ae:e1:6e:29:e5:
         7c:95:19:0d:d3:60:6c:9d:b3:36:86:63:3d:55:11:cd:9b:7f:
         9b:60:39:a3
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgISAYzIAVVTH1mMNqgaGS0qYkI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2Q2OTFhMjU3NTIzY2JmMzRjZWVmOGE2YTg2YTBhNzY1OGZkZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOp5S7lO81HPIJGrnsOTe8m1Ta94
I8qp9Uj0qRLxb+odCdn98b75gvW6IZE+5WXIzGrA59dI8dvtio8ITFaRBalh9eL/
rnIMXbca6I8SLBIuyAWsmSwAk1Rw0+H4UF1DIJUdRKKisSoKjXPbIYHLMjYVLH0y
qo/97cCgEy+2vD3+nTPPlE96WXPAqjKwZYcge2nThpMnTqLdX9j7UY7vhbBTPz42
LShMrOsRvum1QRqcvKb5mOX8LgggzdysIGfyzwO210afxiRvlDAteH8i1Rx3HNq/
ZEd9Jn/hnmWgQHtyFAmc6Y5vHlRIwIORXmaQ1Vw9khYkYzDr1cRp7lltzwIDAQAB
o4IChjCCAoIwHQYDVR0OBBYEFDPWkaJXUjy/NM7vimqGoKdlj92UMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvTTlhUm9sZFNQTDgwenUtS2FvYWdwMldQM1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGbBggrBgEFBQcBBwEB/wSBizCBiDCBhQQCAAEwfwMDADkH
AwMAORUDAwA5IzAKAwMBOUIDAwA5RjAKAwMDOUgDAwA5SjAKAwMCOUwDAwI5UAMD
ATlWAwMAOVoDAwE5XDAKAwMFOWADAwA5YgMDADlkAwMBOcIDAwA5xTAKAwMAOccD
AwA5yAMDATnKAwMAOc0wCgMDADnPAwMFOcAwDQYJKoZIhvcNAQELBQADggEBAGYz
Q9u25vGzAl/5LsFho3LjRrKSChv2SfUECIZ1cJZusJpHFW9KvLOlnS/5NtceUItE
8bF/fvZdUfDGf9Cs/U3GWokejCoJ+GiDLSr7NqTx8fL0g8gtoPbXIHWUFxV6uNAQ
AHjsa58zNUPGYrHWR7DxaDKc16/pyUo0qdB7Q9Zc/2hww/ilzxHQuk7+GpHR0UNX
hDmHi33XDBMFmZoVqfGkvtWZuvOF9nVuzhkExWSlI9A0Jam1D6MYFQXQ28yeHhDw
rERXddKfp+6pPnXUQd0IaaG62Za/8aB70wcUd0l3fF/sQJyu4W4p5XyVGQ3TYGyd
szaGYz1VEc2bf5tgOaM=
-----END CERTIFICATE-----
Generated at Sun Jun 16 12:09:34 2024 by rpki-client on console-ams.rpki-client.org