Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/ukDtjMwzVP_G_tVDERsskX-Jlmc.roa
File:                     ukDtjMwzVP_G_tVDERsskX-Jlmc.roa (raw, json)
Hash identifier:          0VpWds26jOxXnybBPlfANOIYKApacKtw6DD4/ZaVdEc=
Subject key identifier:   BA:40:ED:8C:CC:33:54:FF:C6:FE:D5:43:11:1B:2C:91:7F:89:96:67
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29D3EEFBF01D023C32E4F1FEDB7BC7
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/ukDtjMwzVP_G_tVDERsskX-Jlmc.roa
Signing time:             Tue 02 Jan 2024 12:33:08 +0000
ROA not before:           Tue 02 Jan 2024 12:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.111.27.0/24 maxlen: 24
                          185.100.158.0/24 maxlen: 24
                          185.73.219.0/24 maxlen: 24
                          185.73.218.0/24 maxlen: 24
                          185.110.131.0/24 maxlen: 24
                          185.110.130.0/24 maxlen: 24
                          185.110.129.0/24 maxlen: 24
                          185.110.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d3:ee:fb:f0:1d:02:3c:32:e4:f1:fe:db:7b:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba40ed8ccc3354ffc6fed543111b2c917f899667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0a:fb:ce:78:a9:93:7d:41:b6:36:f4:2b:ff:
                    a7:8f:2a:97:fa:1a:44:0b:6d:60:60:22:bb:76:a6:
                    9e:07:5a:0f:b9:44:d8:23:48:ce:f4:c7:12:31:0c:
                    c6:fa:ae:c1:03:d3:9e:2d:d6:01:b2:2b:0e:48:c1:
                    07:31:57:4f:68:f8:2e:a3:c4:51:9f:6e:9e:6a:b6:
                    0c:0f:60:95:73:59:47:7e:d4:c9:33:e7:11:d4:b9:
                    73:1a:cf:4f:cb:8d:59:66:65:29:38:39:2b:0a:24:
                    36:85:8c:64:ef:7a:8d:a4:c3:bd:78:a6:c2:fa:94:
                    dd:f5:17:58:0b:ce:30:d4:52:8d:21:9b:f0:10:f4:
                    42:18:a9:c4:bc:c9:8b:5d:6c:1f:ef:72:cc:49:90:
                    41:6b:25:25:c1:26:64:8f:20:74:bf:bf:1c:b8:54:
                    64:38:91:be:04:d2:4f:cf:d7:bc:f9:27:48:f4:a3:
                    20:8a:4e:37:00:ef:91:73:45:40:93:f7:33:06:a8:
                    d9:e7:ee:c6:78:92:f4:26:fd:29:e2:93:e1:c1:b3:
                    f2:8a:41:6b:32:eb:19:e8:0f:dc:ea:5f:84:3c:0b:
                    0e:3b:ad:ac:62:38:5d:2c:cd:fd:a3:24:86:86:c8:
                    e2:42:87:a6:b0:d6:e7:da:d1:63:7a:80:a2:81:aa:
                    03:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:40:ED:8C:CC:33:54:FF:C6:FE:D5:43:11:1B:2C:91:7F:89:96:67
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/ukDtjMwzVP_G_tVDERsskX-Jlmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.218.0/23
                  185.100.158.0/24
                  185.110.128.0/22
                  185.111.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e9:c3:f7:c3:a9:5c:75:c5:ce:20:17:39:0c:c1:9b:7a:12:
         09:19:d6:86:50:ae:ec:2c:7e:97:23:43:72:f3:9b:7c:64:7f:
         86:39:48:4f:ae:61:ae:21:c5:52:3c:68:26:51:d3:d5:dd:78:
         25:58:19:42:28:9d:6c:2a:7e:0c:22:99:17:61:7f:0e:4f:eb:
         ad:e6:b1:35:84:ce:1e:e0:44:d4:a9:4d:4e:b2:48:26:ab:3b:
         c3:12:51:cf:08:32:85:1c:9f:6d:fe:c0:dc:8a:bf:24:20:38:
         a7:27:1a:a3:45:9d:b5:a2:ee:b2:55:21:69:08:71:9a:f2:6d:
         e9:d1:d6:b1:e2:f8:a8:5c:9b:45:fb:d8:0c:d1:d5:f8:95:b8:
         ff:6b:5f:be:2a:79:da:52:6d:03:37:8d:2c:9c:cb:96:f5:40:
         89:1e:ef:0f:b1:eb:55:89:6e:19:5f:51:b9:2f:e1:14:75:d7:
         db:2c:df:e6:fe:91:c8:de:39:16:a7:ef:c7:a8:e0:6c:b8:4c:
         ad:78:8b:63:f9:d6:59:22:55:fd:30:42:e6:5e:c9:f4:d1:c9:
         6c:65:b0:64:3c:c5:82:cb:1c:65:5b:c2:44:1f:72:87:24:fc:
         c9:d4:fb:6d:fb:bf:34:6f:10:84:99:88:88:6d:b2:b5:c3:13:
         52:48:4d:f6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzKKdPu+/AdAjwy5PH+23vHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTQwZWQ4Y2NjMzM1NGZmYzZmZWQ1NDMxMTFiMmM5MTdmODk5NjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwr7znipk31Btjb0K/+njyqX+hpE
C21gYCK7dqaeB1oPuUTYI0jO9McSMQzG+q7BA9OeLdYBsisOSMEHMVdPaPguo8RR
n26earYMD2CVc1lHftTJM+cR1LlzGs9Py41ZZmUpODkrCiQ2hYxk73qNpMO9eKbC
+pTd9RdYC84w1FKNIZvwEPRCGKnEvMmLXWwf73LMSZBBayUlwSZkjyB0v78cuFRk
OJG+BNJPz9e8+SdI9KMgik43AO+Rc0VAk/czBqjZ5+7GeJL0Jv0p4pPhwbPyikFr
MusZ6A/c6l+EPAsOO62sYjhdLM39oySGhsjiQoemsNbn2tFjeoCigaoDWQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLpA7YzMM1T/xv7VQxEbLJF/iZZnMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvdWtEdGpNd3pWUF9HX3RWREVSc3NrWC1KbG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBuUnaAwQA
uWSeAwQCuW6AAwQAuW8bMA0GCSqGSIb3DQEBCwUAA4IBAQA+6cP3w6lcdcXOIBc5
DMGbehIJGdaGUK7sLH6XI0Ny85t8ZH+GOUhPrmGuIcVSPGgmUdPV3XglWBlCKJ1s
Kn4MIpkXYX8OT+ut5rE1hM4e4ETUqU1OskgmqzvDElHPCDKFHJ9t/sDcir8kIDin
JxqjRZ21ou6yVSFpCHGa8m3p0dax4vioXJtF+9gM0dX4lbj/a1++KnnaUm0DN40s
nMuW9UCJHu8PsetViW4ZX1G5L+EUddfbLN/m/pHI3jkWp+/HqOBsuEyteItj+dZZ
IlX9MELmXsn00clsZbBkPMWCyxxlW8JEH3KHJPzJ1Ptt+780bxCEmYiIbbK1wxNS
SE32
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:42:03 2024 by rpki-client on console-fra.rpki-client.org