Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/abPWT50cPtyTBZgNrGBKOQBTw5k.roa
File:                     abPWT50cPtyTBZgNrGBKOQBTw5k.roa (raw, json)
Hash identifier:          bYTH3Y6QfSw5EXSJPRDeQbLKzXq6AtnlrDUdcicOF/A=
Subject key identifier:   69:B3:D6:4F:9D:1C:3E:DC:93:05:98:0D:AC:60:4A:39:00:53:C3:99
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       018CC26D3457C796FFD1DC7C6A6B4DBCA372
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/abPWT50cPtyTBZgNrGBKOQBTw5k.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33932
IP address blocks:        217.150.212.0/24 maxlen: 24
                          217.150.213.0/24 maxlen: 24
                          217.150.211.0/24 maxlen: 24
                          217.150.209.0/24 maxlen: 24
                          217.150.208.0/20 maxlen: 24
                          217.150.210.0/24 maxlen: 24
                          217.150.208.0/24 maxlen: 24
                          217.150.214.0/24 maxlen: 24
                          217.150.223.0/24 maxlen: 24
                          185.228.172.0/24 maxlen: 24
                          185.228.175.0/24 maxlen: 24
                          185.228.173.0/24 maxlen: 24
                          185.228.174.0/24 maxlen: 24
                          2a0d:2e00:1000::/36 maxlen: 36
                          2a0d:2e00:2000::/36 maxlen: 36
                          2a0d:2e00:3000::/36 maxlen: 36
                          2a0d:2e00:4000::/36 maxlen: 36
                          2a0d:2e00:1000::/48 maxlen: 48
                          2a0d:2e00:2000::/48 maxlen: 48
                          2a0d:2e00:3000::/48 maxlen: 48
                          2a0d:2e00:4000::/48 maxlen: 48
                          2a0d:2e00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:34:57:c7:96:ff:d1:dc:7c:6a:6b:4d:bc:a3:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69b3d64f9d1c3edc9305980dac604a390053c399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a4:60:f5:46:d0:a7:ce:dd:89:07:3c:5c:25:
                    9f:76:0b:80:fb:54:07:60:b2:4a:65:87:55:9a:3a:
                    e1:6d:49:53:34:96:8e:0d:1a:24:74:6c:1a:c5:11:
                    98:3a:55:9a:e2:e3:92:04:bd:87:c7:46:79:d7:75:
                    68:df:e5:03:26:bd:a3:a3:a0:c2:93:67:d5:2e:97:
                    53:6e:11:c3:66:91:17:94:a3:5a:2e:52:a6:83:3d:
                    8f:10:78:22:51:d2:48:6b:fc:df:d7:83:42:df:f4:
                    5e:94:65:2f:f6:a9:eb:ed:10:28:2e:79:33:cc:ab:
                    a8:92:68:1d:a2:45:d9:4e:77:c4:2a:1c:0b:e9:03:
                    6c:47:5d:51:3c:20:4a:e4:b5:70:c3:35:02:a5:ee:
                    4a:01:2d:98:c7:1c:dd:a8:28:28:89:d3:e9:4d:b0:
                    d3:62:f6:6b:9d:0d:8f:66:e1:5a:a9:1f:bc:05:69:
                    04:03:48:68:3a:af:55:29:2d:ff:2f:cb:c8:81:cf:
                    9f:93:6e:b0:d2:88:f4:1a:10:41:bf:5b:ef:7b:c4:
                    05:27:6b:d8:d2:58:38:3e:3f:b6:f3:1b:5e:f2:2b:
                    ce:5c:4c:0a:c2:14:c8:03:cc:7f:b4:80:90:80:3d:
                    91:ea:95:01:28:e5:4c:7f:58:9b:58:3e:85:5c:4a:
                    0f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B3:D6:4F:9D:1C:3E:DC:93:05:98:0D:AC:60:4A:39:00:53:C3:99
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/abPWT50cPtyTBZgNrGBKOQBTw5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.172.0/22
                  217.150.208.0/20
                IPv6:
                  2a0d:2e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:d7:6e:95:f0:44:3d:c4:49:f9:9a:71:b1:b2:f4:b8:f4:e4:
         50:58:46:3e:67:65:a6:1d:82:e4:15:a5:5c:40:2a:aa:11:90:
         5c:a9:bd:2e:5c:34:e3:9f:d9:1d:6a:09:ea:bd:e7:ad:2c:15:
         e7:16:f5:0b:d2:7e:02:29:dd:1a:cf:b0:5f:65:af:4d:20:d1:
         e4:6c:a3:71:c5:20:3b:09:6b:71:c2:66:7d:8f:92:1d:20:69:
         31:65:85:87:5b:04:02:ef:98:84:77:4e:9f:6e:03:ad:d5:92:
         1e:a4:eb:82:0d:ad:bc:40:8a:73:5e:1f:de:21:6b:b1:65:35:
         19:ef:79:72:07:6d:69:ee:e6:0d:13:db:3a:ee:5a:45:e8:ec:
         c2:f8:a6:dc:8a:03:80:59:bf:58:40:29:4b:4e:be:c9:37:5a:
         fc:af:1d:e1:68:10:b3:0e:67:8b:6c:69:5f:4d:22:e5:27:bc:
         f5:3c:83:59:1a:92:7b:4b:bb:63:76:b1:73:c2:52:97:b6:aa:
         a6:b3:db:99:fd:88:52:57:96:36:6c:d5:65:9a:31:34:7e:9f:
         ce:9d:29:4e:93:0a:a6:73:4d:15:eb:c3:df:d8:8b:fb:ab:98:
         45:ce:d6:13:49:05:87:d5:85:ae:ec:0d:84:07:f3:60:00:68:
         1b:c2:5e:54
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbTRXx5b/0dx8amtNvKNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWIzZDY0ZjlkMWMzZWRjOTMwNTk4MGRhYzYwNGEzOTAwNTNjMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqRg9UbQp87diQc8XCWfdguA+1QH
YLJKZYdVmjrhbUlTNJaODRokdGwaxRGYOlWa4uOSBL2Hx0Z513Vo3+UDJr2jo6DC
k2fVLpdTbhHDZpEXlKNaLlKmgz2PEHgiUdJIa/zf14NC3/RelGUv9qnr7RAoLnkz
zKuokmgdokXZTnfEKhwL6QNsR11RPCBK5LVwwzUCpe5KAS2YxxzdqCgoidPpTbDT
YvZrnQ2PZuFaqR+8BWkEA0hoOq9VKS3/L8vIgc+fk26w0oj0GhBBv1vve8QFJ2vY
0lg4Pj+28xte8ivOXEwKwhTIA8x/tICQgD2R6pUBKOVMf1ibWD6FXEoP3wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGmz1k+dHD7ckwWYDaxgSjkAU8OZMB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEvYWJQV1Q1MGNQdHlUQlpnTnJHQktPUUJUdzVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCueSsAwQE
2ZbQMA0EAgACMAcDBQMqDS4AMA0GCSqGSIb3DQEBCwUAA4IBAQCC126V8EQ9xEn5
mnGxsvS49ORQWEY+Z2WmHYLkFaVcQCqqEZBcqb0uXDTjn9kdagnqveetLBXnFvUL
0n4CKd0az7BfZa9NINHkbKNxxSA7CWtxwmZ9j5IdIGkxZYWHWwQC75iEd06fbgOt
1ZIepOuCDa28QIpzXh/eIWuxZTUZ73lyB21p7uYNE9s67lpF6OzC+KbcigOAWb9Y
QClLTr7JN1r8rx3haBCzDmeLbGlfTSLlJ7z1PINZGpJ7S7tjdrFzwlKXtqqms9uZ
/YhSV5Y2bNVlmjE0fp/OnSlOkwqmc00V68Pf2Iv7q5hFztYTSQWH1YWu7A2EB/Ng
AGgbwl5U
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:43:22 2024 by rpki-client on console-fra.rpki-client.org