Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/DCe9q9sj-y7ERATJdPJYlz7KHqo.roa
File:                     DCe9q9sj-y7ERATJdPJYlz7KHqo.roa (raw, json)
Hash identifier:          sLjys8QwrLQB67RJ3tWCmI1ZH0Cz/8RcaQ+WKavCkI4=
Subject key identifier:   0C:27:BD:AB:DB:23:FB:2E:C4:44:04:C9:74:F2:58:97:3E:CA:1E:AA
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018E84630388F16C0DD130171D6CBAF83271
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/DCe9q9sj-y7ERATJdPJYlz7KHqo.roa
Signing time:             Thu 28 Mar 2024 09:27:45 +0000
ROA not before:           Thu 28 Mar 2024 09:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12566
IP address blocks:        62.62.169.0/24 maxlen: 24
                          87.255.128.0/19 maxlen: 24
                          95.181.220.0/22 maxlen: 24
                          185.39.216.0/22 maxlen: 24
                          194.153.88.0/23 maxlen: 23
                          194.153.89.0/24 maxlen: 24
                          194.153.90.0/24 maxlen: 24
                          194.153.92.0/24 maxlen: 24
                          194.153.97.0/24 maxlen: 24
                          212.23.160.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:84:63:03:88:f1:6c:0d:d1:30:17:1d:6c:ba:f8:32:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Mar 28 09:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c27bdabdb23fb2ec44404c974f258973eca1eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:70:a1:36:a4:1b:5f:72:b3:5a:91:11:b1:c9:
                    e5:e1:4a:dd:be:b6:06:49:6a:8d:06:04:5d:8a:5b:
                    ca:55:97:ba:09:a5:ec:91:57:93:eb:cb:26:a2:b2:
                    39:e5:d3:f9:a3:25:d7:7b:ac:bc:c3:e8:0c:d8:29:
                    3c:f4:59:c2:c9:0a:a4:4e:88:8d:0f:7d:fa:b0:06:
                    c5:58:a1:23:4c:e4:ac:c6:2e:48:60:23:cb:c6:2f:
                    c3:42:fc:49:07:3f:22:39:d9:fa:0f:ce:c8:96:27:
                    a8:a7:94:58:2b:f9:c5:1c:f1:f1:d5:d0:76:8e:39:
                    1d:00:6c:db:7c:cc:ef:2a:fd:39:66:70:84:2a:83:
                    33:49:d1:bb:6b:80:0f:45:a3:1d:4d:64:1a:70:b5:
                    d2:1e:54:f8:ef:21:10:7d:c1:6d:34:ae:a2:d5:97:
                    94:9c:25:d1:78:52:3e:40:41:1d:b3:38:0d:31:5f:
                    61:ee:f9:79:01:5d:5f:3e:53:19:ff:c7:e3:b6:61:
                    04:76:a4:07:11:cd:aa:8a:76:73:06:39:38:ea:0e:
                    16:ee:8b:d4:46:13:34:a3:a7:3e:8d:64:05:35:ce:
                    51:e0:3f:d1:a4:73:49:1a:b4:f6:a6:36:d3:18:1a:
                    b2:cf:d5:e5:55:fa:7d:8a:92:28:de:75:2e:de:ff:
                    9d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:27:BD:AB:DB:23:FB:2E:C4:44:04:C9:74:F2:58:97:3E:CA:1E:AA
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/DCe9q9sj-y7ERATJdPJYlz7KHqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.62.169.0/24
                  87.255.128.0/19
                  95.181.220.0/22
                  185.39.216.0/22
                  194.153.88.0-194.153.90.255
                  194.153.92.0/24
                  194.153.97.0/24
                  212.23.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         50:14:64:8a:2d:57:d3:22:3a:03:c1:fc:9e:2f:54:74:c8:1e:
         f8:5d:5b:9b:63:be:d5:f6:6c:34:6d:84:9d:73:86:5e:93:26:
         98:7b:be:bf:d6:02:f0:04:7a:7c:f3:e9:b2:7a:c5:3f:1e:fe:
         32:46:f1:bc:46:a1:55:0e:1c:67:53:45:1c:bc:4f:db:84:3f:
         08:28:ec:37:f7:1a:2e:31:88:21:86:76:45:bf:a6:ce:2d:77:
         80:38:7f:69:83:f5:51:bc:1d:95:a1:4e:2e:de:e4:53:52:e0:
         36:bb:9f:14:6c:63:65:84:64:ee:7f:5b:96:f3:3d:fc:79:88:
         b2:ec:69:18:df:b9:f6:98:c9:bf:9b:9d:16:3b:30:fe:cc:7d:
         e6:f1:12:4f:61:e8:d6:04:48:57:af:83:e6:51:1a:e0:8f:67:
         ee:82:53:53:eb:56:4a:d1:95:47:79:ba:1e:5e:4c:0b:2e:c7:
         ae:c9:18:a3:c5:aa:3c:38:09:2d:34:8d:ff:3b:3f:b0:d4:43:
         29:10:63:b3:24:67:cd:8d:b1:7c:24:57:e9:e6:dd:0f:08:c8:
         2e:7a:f2:7d:71:9f:d0:57:45:b8:17:46:02:e8:d7:1e:e2:a9:
         1a:f8:70:ba:8f:85:5d:64:aa:03:a3:4a:59:6d:7f:e3:50:8c:
         5a:78:10:06
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY6EYwOI8WwN0TAXHWy6+DJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMzI4MDkyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzI3YmRhYmRiMjNmYjJlYzQ0NDA0Yzk3NGYyNTg5NzNlY2ExZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3ChNqQbX3KzWpERscnl4UrdvrYG
SWqNBgRdilvKVZe6CaXskVeT68smorI55dP5oyXXe6y8w+gM2Ck89FnCyQqkToiN
D336sAbFWKEjTOSsxi5IYCPLxi/DQvxJBz8iOdn6D87Ilieop5RYK/nFHPHx1dB2
jjkdAGzbfMzvKv05ZnCEKoMzSdG7a4APRaMdTWQacLXSHlT47yEQfcFtNK6i1ZeU
nCXReFI+QEEdszgNMV9h7vl5AV1fPlMZ/8fjtmEEdqQHEc2qinZzBjk46g4W7ovU
RhM0o6c+jWQFNc5R4D/RpHNJGrT2pjbTGBqyz9XlVfp9ipIo3nUu3v+dNQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFAwnvavbI/suxEQEyXTyWJc+yh6qMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvRENlOXE5c2oteTdFUkFUSmRQSllsejdLSHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAPj6pAwQF
V/+AAwQCX7XcAwQCuSfYMAwDBAPCmVgDBADCmVoDBADCmVwDBADCmWEDBAXUF6Aw
DQYJKoZIhvcNAQELBQADggEBAFAUZIotV9MiOgPB/J4vVHTIHvhdW5tjvtX2bDRt
hJ1zhl6TJph7vr/WAvAEenzz6bJ6xT8e/jJG8bxGoVUOHGdTRRy8T9uEPwgo7Df3
Gi4xiCGGdkW/ps4td4A4f2mD9VG8HZWhTi7e5FNS4Da7nxRsY2WEZO5/W5bzPfx5
iLLsaRjfufaYyb+bnRY7MP7MfebxEk9h6NYESFevg+ZRGuCPZ+6CU1PrVkrRlUd5
uh5eTAsux67JGKPFqjw4CS00jf87P7DUQykQY7MkZ82NsXwkV+nm3Q8IyC568n1x
n9BXRbgXRgLo1x7iqRr4cLqPhV1kqgOjSlltf+NQjFp4EAY=
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:03:07 2024 by rpki-client on console-ams.rpki-client.org