Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/YXP1e74-d0k4KD6XhNctxjdz9Hk.roa
File:                     YXP1e74-d0k4KD6XhNctxjdz9Hk.roa (raw, json)
Hash identifier:          pDe7gY/m3Ltj6ekuEHipK84G7m9xJidz8hJCkPlQd/o=
Subject key identifier:   61:73:F5:7B:BE:3E:77:49:38:28:3E:97:84:D7:2D:C6:37:73:F4:79
Certificate issuer:       /CN=17dd9c23af69ec2cdb6fe2b9936eb494cfd1621f
Certificate serial:       018CC87045ABDF061A056426CFC0EC3BD9EE
Authority key identifier: 17:DD:9C:23:AF:69:EC:2C:DB:6F:E2:B9:93:6E:B4:94:CF:D1:62:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/YXP1e74-d0k4KD6XhNctxjdz9Hk.roa
Signing time:             Tue 02 Jan 2024 04:30:50 +0000
ROA not before:           Tue 02 Jan 2024 04:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        157.167.225.0/24 maxlen: 24
                          157.167.226.0/24 maxlen: 24
                          157.167.224.0/24 maxlen: 24
                          157.167.227.0/24 maxlen: 24
                          157.167.230.0/24 maxlen: 24
                          157.167.231.0/24 maxlen: 24
                          157.167.228.0/24 maxlen: 24
                          157.167.229.0/24 maxlen: 24
                          157.167.233.0/24 maxlen: 24
                          157.167.232.0/24 maxlen: 24
                          157.167.240.0/24 maxlen: 24
                          157.167.239.0/24 maxlen: 24
                          157.167.234.0/24 maxlen: 24
                          157.167.237.0/24 maxlen: 24
                          157.167.238.0/24 maxlen: 24
                          157.167.235.0/24 maxlen: 24
                          157.167.236.0/24 maxlen: 24
                          157.167.152.0/24 maxlen: 24
                          157.167.155.0/24 maxlen: 24
                          157.167.156.0/24 maxlen: 24
                          157.167.153.0/24 maxlen: 24
                          157.167.184.0/21 maxlen: 21
                          157.167.136.0/21 maxlen: 21
                          157.167.134.0/24 maxlen: 24
                          157.167.135.0/24 maxlen: 24
                          157.167.144.0/21 maxlen: 21
                          85.115.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:45:ab:df:06:1a:05:64:26:cf:c0:ec:3b:d9:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17dd9c23af69ec2cdb6fe2b9936eb494cfd1621f
        Validity
            Not Before: Jan  2 04:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6173f57bbe3e774938283e9784d72dc63773f479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1a:c2:e6:01:87:ec:ff:7d:63:a9:8d:0d:4d:
                    11:af:4e:b7:fb:71:d0:a0:e0:7a:9c:18:8c:64:92:
                    a3:a3:98:d6:cf:d1:55:eb:97:1c:48:fa:da:61:2e:
                    c3:ea:96:e8:c3:af:d9:7b:40:30:33:47:48:2a:58:
                    fd:1d:0e:a2:e1:f7:57:13:28:32:48:17:d3:a5:35:
                    de:bf:3e:16:79:80:d2:ff:16:1b:78:1b:6f:05:03:
                    d0:a3:a6:0f:00:64:b9:d7:be:3f:86:9a:93:e8:74:
                    86:21:87:b8:87:bc:79:47:7c:52:e2:4e:97:47:98:
                    b1:61:d1:1b:78:4b:64:50:95:6d:92:88:df:06:03:
                    07:8b:da:4e:90:68:ba:b1:f1:67:a3:86:37:d3:ec:
                    83:3a:8f:7f:b1:90:ea:81:6b:1b:91:10:e8:75:4a:
                    1d:82:32:f6:6f:aa:45:9d:96:78:f9:36:82:14:af:
                    24:69:7d:77:05:a4:80:61:ba:58:44:3f:fe:f9:8c:
                    5a:05:2e:71:cb:35:56:87:12:50:d3:73:9f:fb:60:
                    1a:5c:8b:d3:63:bf:65:ab:47:b1:ac:79:27:57:bf:
                    d8:fc:d8:51:6f:93:2d:7c:b8:9c:d0:c6:15:39:f8:
                    88:33:62:c7:33:33:87:87:29:be:71:d0:10:23:9b:
                    1b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:73:F5:7B:BE:3E:77:49:38:28:3E:97:84:D7:2D:C6:37:73:F4:79
            X509v3 Authority Key Identifier:
                keyid:17:DD:9C:23:AF:69:EC:2C:DB:6F:E2:B9:93:6E:B4:94:CF:D1:62:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/YXP1e74-d0k4KD6XhNctxjdz9Hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.38.0/24
                  157.167.134.0-157.167.153.255
                  157.167.155.0-157.167.156.255
                  157.167.184.0/21
                  157.167.224.0-157.167.240.255

    Signature Algorithm: sha256WithRSAEncryption
         26:15:ba:b1:41:b4:49:15:fe:b2:47:84:c9:e1:f2:a5:8a:d2:
         dc:de:0e:4a:7b:c8:96:5c:08:81:c1:e8:83:d1:73:7a:d4:c0:
         05:85:92:a9:5c:a0:a8:b9:dd:f4:05:61:f3:f4:fc:9c:ff:ab:
         55:7b:f8:2d:fa:19:ed:54:ee:e0:30:c5:5b:8a:89:41:2a:ff:
         9f:85:c3:51:b9:4a:52:be:1f:52:28:95:24:5c:c9:9c:11:78:
         96:7a:24:64:64:66:c1:b5:21:d6:2e:9d:b2:2b:a3:2c:d6:23:
         b9:ec:64:7a:ae:e8:c9:26:67:32:63:82:0d:98:8f:dc:56:19:
         c0:ca:21:8e:42:57:e6:98:53:66:9a:37:70:f2:3c:fa:5b:8a:
         35:c1:e9:dc:ce:3f:e7:5f:55:36:e0:c1:4b:30:9c:b7:f4:83:
         cd:a8:d0:fe:e4:65:2f:50:44:c7:d8:ed:a3:31:c2:e3:06:b7:
         e4:2b:d9:b4:f3:96:d6:64:1e:c3:fc:03:2d:69:0b:45:c6:1f:
         43:80:5d:00:4c:0c:5e:6a:ed:c1:dc:75:3a:1a:d7:59:d4:5b:
         d9:b0:cd:f2:cf:1a:75:c7:f3:b9:4a:00:51:da:92:bc:cd:d9:
         5a:d3:56:8e:bf:9d:17:0c:f6:8a:6d:53:ee:af:41:99:11:fd:
         48:58:76:f3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzIcEWr3wYaBWQmz8DsO9nuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZGQ5YzIzYWY2OWVjMmNkYjZmZTJiOTkzNmViNDk0Y2Zk
MTYyMWYwHhcNMjQwMTAyMDQzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTczZjU3YmJlM2U3NzQ5MzgyODNlOTc4NGQ3MmRjNjM3NzNmNDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhrC5gGH7P99Y6mNDU0Rr063+3HQ
oOB6nBiMZJKjo5jWz9FV65ccSPraYS7D6pbow6/Ze0AwM0dIKlj9HQ6i4fdXEygy
SBfTpTXevz4WeYDS/xYbeBtvBQPQo6YPAGS5174/hpqT6HSGIYe4h7x5R3xS4k6X
R5ixYdEbeEtkUJVtkojfBgMHi9pOkGi6sfFno4Y30+yDOo9/sZDqgWsbkRDodUod
gjL2b6pFnZZ4+TaCFK8kaX13BaSAYbpYRD/++YxaBS5xyzVWhxJQ03Of+2AaXIvT
Y79lq0exrHknV7/Y/NhRb5MtfLic0MYVOfiIM2LHMzOHhym+cdAQI5sbpwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGFz9Xu+PndJOCg+l4TXLcY3c/R5MB8GA1UdIwQY
MBaAFBfdnCOvaews22/iuZNutJTP0WIfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjkyY0k2OXA3Q3piYi1LNWsyNjBsTV9SWWg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni84MzU3ZTItYTEwNi00NGFlLWI4NjYt
OGZhN2I0YzUzMDczLzEvWVhQMWU3NC1kMGs0S0Q2WGhOY3R4amR6OUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni84MzU3ZTItYTEwNi00NGFlLWI4NjYtOGZhN2I0YzUzMDcz
LzEvRjkyY0k2OXA3Q3piYi1LNWsyNjBsTV9SWWg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVXMmMAwD
BAGdp4YDBAGdp5gwDAMEAJ2nmwMEAJ2nnAMEA52nuDAMAwQFnafgAwQAnafwMA0G
CSqGSIb3DQEBCwUAA4IBAQAmFbqxQbRJFf6yR4TJ4fKlitLc3g5Ke8iWXAiBweiD
0XN61MAFhZKpXKCoud30BWHz9Pyc/6tVe/gt+hntVO7gMMVbiolBKv+fhcNRuUpS
vh9SKJUkXMmcEXiWeiRkZGbBtSHWLp2yK6Ms1iO57GR6rujJJmcyY4INmI/cVhnA
yiGOQlfmmFNmmjdw8jz6W4o1wenczj/nX1U24MFLMJy39IPNqND+5GUvUETH2O2j
McLjBrfkK9m085bWZB7D/AMtaQtFxh9DgF0ATAxeau3B3HU6GtdZ1FvZsM3yzxp1
x/O5SgBR2pK8zdla01aOv50XDPaKbVPur0GZEf1IWHbz
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:35:53 2024 by rpki-client on console-fra.rpki-client.org