Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Kg5gAKst3lA3kQXHyayGjsBCNvo.roa
File:                     Kg5gAKst3lA3kQXHyayGjsBCNvo.roa (raw, json)
Hash identifier:          i8AVKGYxcnmFc9cNf22CdEFyvJjuI6bQyVzxPUY6SVM=
Subject key identifier:   2A:0E:60:00:AB:2D:DE:50:37:91:05:C7:C9:AC:86:8E:C0:42:36:FA
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29CF5C33FCD5CA1D5F904074FCCE44
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Kg5gAKst3lA3kQXHyayGjsBCNvo.roa
Signing time:             Tue 02 Jan 2024 12:33:06 +0000
ROA not before:           Tue 02 Jan 2024 12:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.95.102.0/23 maxlen: 24
                          185.95.101.0/24 maxlen: 24
                          185.81.174.0/24 maxlen: 24
                          185.81.184.0/24 maxlen: 24
                          185.81.187.0/24 maxlen: 24
                          185.97.3.0/24 maxlen: 24
                          185.97.1.0/24 maxlen: 24
                          185.89.43.0/24 maxlen: 24
                          185.89.42.0/24 maxlen: 24
                          185.68.246.0/24 maxlen: 24
                          185.68.247.0/24 maxlen: 24
                          194.104.10.0/24 maxlen: 24
                          185.68.184.0/24 maxlen: 24
                          5.181.169.0/24 maxlen: 24
                          5.181.168.0/24 maxlen: 24
                          213.232.122.0/24 maxlen: 24
                          213.232.120.0/24 maxlen: 24
                          83.171.226.0/24 maxlen: 24
                          83.171.224.0/24 maxlen: 24
                          83.171.227.0/24 maxlen: 24
                          185.96.38.0/24 maxlen: 24
                          185.89.104.0/23 maxlen: 24
                          185.89.108.0/22 maxlen: 24
                          141.98.87.0/24 maxlen: 24
                          5.183.255.0/24 maxlen: 24
                          185.88.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:cf:5c:33:fc:d5:ca:1d:5f:90:40:74:fc:ce:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a0e6000ab2dde50379105c7c9ac868ec04236fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6c:ec:af:17:ca:29:65:b8:8f:24:b2:8f:87:
                    32:c8:ab:ae:07:b4:2c:bc:52:bb:6c:90:6c:d4:32:
                    98:3c:e6:b1:f2:ef:96:45:8d:62:60:86:58:37:74:
                    7a:5f:06:a0:ac:6c:62:14:2b:0c:d4:8c:cd:f7:78:
                    b9:ed:47:0f:8b:d7:bb:cc:bc:a3:f9:9e:79:2f:3a:
                    7a:c9:7f:90:88:24:09:34:8c:7b:c7:53:ed:23:97:
                    70:ca:d5:c9:19:a5:e9:be:58:41:ba:56:95:2c:6a:
                    bc:c9:3d:39:7c:a3:ad:51:e0:0c:88:d0:84:6e:a7:
                    55:e0:22:6b:26:c5:18:83:ec:00:cd:0e:06:ff:01:
                    ea:2e:b2:80:9e:3a:ee:1b:55:a9:6e:3e:6b:ee:93:
                    7a:34:ac:73:2b:30:59:30:c6:a1:cf:4a:ea:e3:a0:
                    ca:e0:9c:95:3e:47:8f:86:7d:37:82:e6:a1:9b:83:
                    36:38:2b:fb:84:ca:dd:53:30:76:e8:fc:05:36:b9:
                    3e:5f:b3:82:6f:9f:43:ce:a6:9a:17:87:a6:76:45:
                    a4:b9:fe:38:a5:d9:14:0d:6c:ca:c7:51:28:3e:dd:
                    72:b6:ce:73:e5:74:0c:fa:a8:82:91:9b:7c:63:c1:
                    d1:89:f5:8f:8a:46:46:67:44:2b:de:e8:a8:3b:7d:
                    0b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:0E:60:00:AB:2D:DE:50:37:91:05:C7:C9:AC:86:8E:C0:42:36:FA
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Kg5gAKst3lA3kQXHyayGjsBCNvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.168.0/23
                  5.183.255.0/24
                  83.171.224.0/24
                  83.171.226.0/23
                  141.98.87.0/24
                  185.68.184.0/24
                  185.68.246.0/23
                  185.81.174.0/24
                  185.81.184.0/24
                  185.81.187.0/24
                  185.88.36.0/24
                  185.89.42.0/23
                  185.89.104.0/23
                  185.89.108.0/22
                  185.95.101.0-185.95.103.255
                  185.96.38.0/24
                  185.97.1.0/24
                  185.97.3.0/24
                  194.104.10.0/24
                  213.232.120.0/24
                  213.232.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:e7:56:63:96:de:88:a2:48:3e:94:c6:38:2f:3f:ac:92:7d:
         28:67:89:2b:fe:58:10:d2:96:75:30:62:e5:d4:0c:ec:4c:01:
         2a:b3:ad:db:fe:77:d5:44:84:d6:55:6c:37:dc:01:74:1d:b4:
         38:16:c3:95:67:c7:25:57:ea:ac:35:c2:ad:71:d2:bf:22:dc:
         8c:f8:ef:eb:7a:5f:a1:a9:c5:f5:27:06:77:54:0e:80:6f:be:
         59:db:4b:86:88:24:7a:de:a9:7c:31:60:dc:56:ed:2f:bb:da:
         d6:57:bb:de:c2:c9:1a:6b:f9:c8:78:56:bb:20:23:4a:3a:0f:
         ed:61:4e:7b:45:bc:40:83:75:3c:ad:59:0b:cd:c4:a2:96:81:
         17:65:c1:d8:2a:42:1a:7e:f5:12:20:6e:b5:55:1a:ca:30:2c:
         74:24:0f:41:a6:2c:63:93:48:30:cf:13:38:65:08:75:0e:fa:
         20:66:5d:4b:ea:cc:08:9b:c7:eb:2b:6b:bd:b4:65:e5:a4:28:
         18:98:50:dd:1b:1c:72:54:48:4f:84:f7:35:03:eb:9b:67:f0:
         3f:0a:6d:35:a8:94:ba:9b:95:e9:90:79:fb:66:51:c4:2d:7a:
         6c:ed:fd:7e:b3:61:66:30:e0:f4:a9:09:05:cd:c4:5e:40:6c:
         66:d2:18:ae
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgISAYzKKc9cM/zVyh1fkEB0/M5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTBlNjAwMGFiMmRkZTUwMzc5MTA1YzdjOWFjODY4ZWMwNDIzNmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWzsrxfKKWW4jySyj4cyyKuuB7Qs
vFK7bJBs1DKYPOax8u+WRY1iYIZYN3R6XwagrGxiFCsM1IzN93i57UcPi9e7zLyj
+Z55Lzp6yX+QiCQJNIx7x1PtI5dwytXJGaXpvlhBulaVLGq8yT05fKOtUeAMiNCE
bqdV4CJrJsUYg+wAzQ4G/wHqLrKAnjruG1Wpbj5r7pN6NKxzKzBZMMahz0rq46DK
4JyVPkePhn03guahm4M2OCv7hMrdUzB26PwFNrk+X7OCb59DzqaaF4emdkWkuf44
pdkUDWzKx1EoPt1yts5z5XQM+qiCkZt8Y8HRifWPikZGZ0Qr3uioO30LMQIDAQAB
o4ICjjCCAoowHQYDVR0OBBYEFCoOYACrLd5QN5EFx8msho7AQjb6MB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvS2c1Z0FLc3QzbEEza1FYSHlheUdqc0JDTnZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGjBggrBgEFBQcBBwEB/wSBkzCBkDCBjQQCAAEwgYYDBAEF
tagDBAAFt/8DBABTq+ADBAFTq+IDBACNYlcDBAC5RLgDBAG5RPYDBAC5Ua4DBAC5
UbgDBAC5UbsDBAC5WCQDBAG5WSoDBAG5WWgDBAK5WWwwDAMEALlfZQMEA7lfYAME
ALlgJgMEALlhAQMEALlhAwMEAMJoCgMEANXoeAMEANXoejANBgkqhkiG9w0BAQsF
AAOCAQEAaedWY5beiKJIPpTGOC8/rJJ9KGeJK/5YENKWdTBi5dQM7EwBKrOt2/53
1USE1lVsN9wBdB20OBbDlWfHJVfqrDXCrXHSvyLcjPjv63pfoanF9ScGd1QOgG++
WdtLhogket6pfDFg3FbtL7va1le73sLJGmv5yHhWuyAjSjoP7WFOe0W8QIN1PK1Z
C83EopaBF2XB2CpCGn71EiButVUayjAsdCQPQaYsY5NIMM8TOGUIdQ76IGZdS+rM
CJvH6ytrvbRl5aQoGJhQ3RscclRIT4T3NQPrm2fwPwptNaiUupuV6ZB5+2ZRxC16
bO39frNhZjDg9KkJBc3EXkBsZtIYrg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:42:02 2024 by rpki-client on console-fra.rpki-client.org