Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/6H60Ac8hDNGLpGNYctYmI3V8sQg.roa
File:                     6H60Ac8hDNGLpGNYctYmI3V8sQg.roa (raw, json)
Hash identifier:          JowiaJ7ktcuHTx4uxLJWvGmK+5UTRNmZDnA1aye/SBY=
Subject key identifier:   E8:7E:B4:01:CF:21:0C:D1:8B:A4:63:58:72:D6:26:23:75:7C:B1:08
Certificate issuer:       /CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
Certificate serial:       018CC7952325708831BAA30C6CEA41306386
Authority key identifier: 4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/6H60Ac8hDNGLpGNYctYmI3V8sQg.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8508
IP address blocks:        83.230.64.0/21 maxlen: 21
                          83.230.64.0/20 maxlen: 20
                          213.227.96.0/19 maxlen: 19
                          213.227.80.0/20 maxlen: 20
                          213.227.88.0/21 maxlen: 21
                          185.126.188.0/22 maxlen: 22
                          83.230.96.0/19 maxlen: 19
                          83.230.110.0/24 maxlen: 24
                          83.230.118.0/23 maxlen: 23
                          157.158.0.0/16 maxlen: 16
                          212.106.177.0/24 maxlen: 24
                          212.106.176.0/24 maxlen: 24
                          212.106.176.0/20 maxlen: 20
                          83.230.123.0/24 maxlen: 24
                          212.106.184.0/22 maxlen: 22
                          212.106.183.0/24 maxlen: 24
                          2a01:1d8::/30 maxlen: 30
                          2a01:1de::/32 maxlen: 32
                          2a01:1dd::/32 maxlen: 32
                          2a01:1dc::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:23:25:70:88:31:ba:a3:0c:6c:ea:41:30:63:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e87eb401cf210cd18ba4635872d62623757cb108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e5:8a:fa:5c:49:fd:39:f3:28:6c:1b:91:5a:
                    ec:c4:68:fb:35:9d:6c:b2:d2:d8:40:14:26:4d:0b:
                    fd:28:e1:da:5a:ad:d7:98:1d:d2:95:82:ca:d6:61:
                    3d:b3:26:b3:be:33:74:75:09:4b:61:9e:0a:cd:8b:
                    30:75:71:35:8a:98:0f:db:ac:4c:ea:f6:6c:1e:49:
                    45:84:86:0b:f1:02:38:53:01:57:ec:40:a5:fb:19:
                    02:52:19:fb:ff:1e:76:70:7f:4b:99:35:57:cb:8c:
                    02:e5:97:7e:a2:78:e5:59:74:d4:e1:c9:72:e5:c2:
                    78:06:23:8f:e1:06:ea:69:82:83:ee:9a:76:a0:67:
                    3d:f5:d1:7e:77:d7:8a:12:d9:2c:fa:74:b7:c9:e8:
                    da:6b:23:b2:5f:52:62:18:56:9c:c3:ca:d8:16:6e:
                    20:15:05:13:51:ee:28:c2:86:f8:0e:eb:09:70:6f:
                    8f:fe:8a:b1:8f:1d:e9:00:62:f2:7e:7b:9e:81:59:
                    29:f0:bb:09:d5:41:43:3b:49:a0:cc:99:e7:19:2c:
                    ff:ba:84:44:43:99:4a:93:21:f6:22:ab:22:1b:20:
                    92:6b:fe:77:9f:60:df:f7:5b:1b:c7:2e:2b:9b:ed:
                    87:2c:56:1f:58:bb:e7:15:d4:23:03:46:2c:d1:23:
                    20:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:7E:B4:01:CF:21:0C:D1:8B:A4:63:58:72:D6:26:23:75:7C:B1:08
            X509v3 Authority Key Identifier:
                keyid:4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/6H60Ac8hDNGLpGNYctYmI3V8sQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.230.64.0/20
                  83.230.96.0/19
                  157.158.0.0/16
                  185.126.188.0/22
                  212.106.176.0/20
                  213.227.80.0-213.227.127.255
                IPv6:
                  2a01:1d8::-2a01:1de:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         04:4c:54:fa:82:0e:7a:34:8e:4f:f5:a5:fa:44:e5:31:52:1a:
         e7:49:95:ea:62:3f:95:f3:a0:9a:49:06:07:07:03:48:29:20:
         21:9d:64:71:b7:62:87:71:51:2e:e3:be:87:0f:4a:0b:ac:e9:
         37:93:d2:35:10:22:9d:db:b1:54:d4:76:0a:f2:14:23:08:a1:
         b7:54:6d:40:0b:fb:d0:15:03:94:ac:a6:22:2b:ef:69:c4:17:
         d4:53:af:f0:db:9e:38:53:24:34:15:58:97:b0:eb:d0:bd:b5:
         63:4d:d9:54:b5:8c:ed:5d:d6:83:9d:7f:96:cf:ff:7a:d3:f7:
         a1:0d:33:a0:4a:f8:9b:4a:87:44:ca:91:6a:6f:91:14:98:59:
         f7:88:1e:44:ab:06:4d:d0:d5:da:44:d9:74:5f:be:7e:a8:fc:
         f9:54:46:39:91:da:af:11:ae:d1:d4:cb:83:82:88:01:73:7d:
         29:b6:ad:a6:5b:ad:0d:74:ae:f6:df:9d:ba:a5:06:35:e1:df:
         1d:b2:95:f6:1e:69:55:24:e6:d6:7f:24:3f:28:15:1e:7a:57:
         47:29:4f:49:7c:fd:32:0b:9f:02:42:11:6c:61:f7:73:80:3a:
         24:ac:ef:0c:d8:cf:b9:53:23:13:e4:dc:4a:43:5b:dc:e3:ae:
         c0:9e:ca:97
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYzHlSMlcIgxuqMMbOpBMGOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDA1Y2FhYjM0YmJmZGU2YjhlZTY2YzYwMDg2MGM2Y2U5
NmYzMmIwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODdlYjQwMWNmMjEwY2QxOGJhNDYzNTg3MmQ2MjYyMzc1N2NiMTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+WK+lxJ/TnzKGwbkVrsxGj7NZ1s
stLYQBQmTQv9KOHaWq3XmB3SlYLK1mE9syazvjN0dQlLYZ4KzYswdXE1ipgP26xM
6vZsHklFhIYL8QI4UwFX7ECl+xkCUhn7/x52cH9LmTVXy4wC5Zd+onjlWXTU4cly
5cJ4BiOP4QbqaYKD7pp2oGc99dF+d9eKEtks+nS3yejaayOyX1JiGFacw8rYFm4g
FQUTUe4owob4DusJcG+P/oqxjx3pAGLyfnuegVkp8LsJ1UFDO0mgzJnnGSz/uoRE
Q5lKkyH2IqsiGyCSa/53n2Df91sbxy4rm+2HLFYfWLvnFdQjA0Ys0SMg3QIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFOh+tAHPIQzRi6RjWHLWJiN1fLEIMB8GA1UdIwQY
MBaAFEtAXKqzS7/ea47mbGAIYMbOlvMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYt
ZDg3YWZmYjhiYzYxLzEvNkg2MEFjOGhETkdMcEdOWWN0WW1JM1Y4c1FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYtZDg3YWZmYjhiYzYx
LzEvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzAxBAIAATArAwQEU+ZAAwQF
U+ZgAwMAnZ4DBAK5frwDBATUarAwDAMEBNXjUAMEB9XjADAWBAIAAjAQMA4DBQMq
AQHYAwUAKgEB3jANBgkqhkiG9w0BAQsFAAOCAQEABExU+oIOejSOT/Wl+kTlMVIa
50mV6mI/lfOgmkkGBwcDSCkgIZ1kcbdih3FRLuO+hw9KC6zpN5PSNRAinduxVNR2
CvIUIwiht1RtQAv70BUDlKymIivvacQX1FOv8NueOFMkNBVYl7Dr0L21Y03ZVLWM
7V3Wg51/ls//etP3oQ0zoEr4m0qHRMqRam+RFJhZ94geRKsGTdDV2kTZdF++fqj8
+VRGOZHarxGu0dTLg4KIAXN9KbatplutDXSu9t+duqUGNeHfHbKV9h5pVSTm1n8k
PygVHnpXRylPSXz9MgufAkIRbGH3c4A6JKzvDNjPuVMjE+TcSkNb3OOuwJ7Klw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:00:45 2024 by rpki-client on console-fra.rpki-client.org