Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/12f5d1-e760-4101-af25-7fc49da53d13/1/3dHvMefjUIkuYQzbH1hXDLV5ptE.roa
File:                     3dHvMefjUIkuYQzbH1hXDLV5ptE.roa (raw, json)
Hash identifier:          /0kEtwkR5mTjeAeBzfF8rk9vlecuF+Qtw6WCbmhEj2M=
Subject key identifier:   DD:D1:EF:31:E7:E3:50:89:2E:61:0C:DB:1F:58:57:0C:B5:79:A6:D1
Certificate issuer:       /CN=9116dcbf78c62d51da9076a0d06adad36ee3b755
Certificate serial:       018CC94E1BFC5BD519DA6F8204C2B5992D7B
Authority key identifier: 91:16:DC:BF:78:C6:2D:51:DA:90:76:A0:D0:6A:DA:D3:6E:E3:B7:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kRbcv3jGLVHakHag0Gra027jt1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/12f5d1-e760-4101-af25-7fc49da53d13/1/3dHvMefjUIkuYQzbH1hXDLV5ptE.roa
Signing time:             Tue 02 Jan 2024 08:33:08 +0000
ROA not before:           Tue 02 Jan 2024 08:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43272
IP address blocks:        185.177.29.0/24 maxlen: 24
                          185.177.28.0/22 maxlen: 22
                          185.177.28.0/24 maxlen: 24
                          185.177.31.0/24 maxlen: 24
                          185.177.30.0/24 maxlen: 24
                          77.247.249.0/24 maxlen: 24
                          77.247.248.0/21 maxlen: 21
                          77.247.248.0/24 maxlen: 24
                          77.247.251.0/24 maxlen: 24
                          77.247.250.0/24 maxlen: 24
                          77.247.252.0/24 maxlen: 24
                          77.247.253.0/24 maxlen: 24
                          77.247.255.0/24 maxlen: 24
                          77.247.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/12f5d1-e760-4101-af25-7fc49da53d13/1/kRbcv3jGLVHakHag0Gra027jt1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/12f5d1-e760-4101-af25-7fc49da53d13/1/kRbcv3jGLVHakHag0Gra027jt1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kRbcv3jGLVHakHag0Gra027jt1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:1b:fc:5b:d5:19:da:6f:82:04:c2:b5:99:2d:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9116dcbf78c62d51da9076a0d06adad36ee3b755
        Validity
            Not Before: Jan  2 08:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddd1ef31e7e350892e610cdb1f58570cb579a6d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2a:38:cc:e8:dc:d4:ba:7c:10:7f:37:c3:51:
                    ec:b9:f6:fc:d1:01:96:48:2e:d1:ad:06:a0:43:63:
                    4c:52:40:51:8d:3f:cc:e1:a4:97:68:32:88:b3:06:
                    38:ef:18:f5:d8:4f:82:55:a5:06:00:a6:e5:e6:6a:
                    a6:4e:65:ec:05:e4:b1:a9:8d:9b:bf:cb:fe:22:74:
                    bc:99:e3:17:35:42:73:24:15:cb:e6:1f:b1:ef:ff:
                    29:7f:2a:40:74:63:17:7d:ae:94:7a:7c:f8:6e:9a:
                    59:8d:1e:1f:55:02:a8:7e:3a:22:2f:50:ea:98:69:
                    65:74:dd:5c:60:ed:86:63:cf:77:36:0f:72:ca:61:
                    a4:4b:66:cd:6a:a3:ee:c7:b8:81:30:90:ba:76:25:
                    99:5a:a1:4d:fd:d8:a1:e6:4e:dd:ec:5d:ca:1d:b4:
                    4b:03:3d:bc:0d:39:6d:08:70:f7:d4:7b:04:ba:95:
                    44:d4:66:f9:65:ac:04:e3:63:00:e4:62:73:f6:91:
                    89:7d:9e:99:68:b6:58:e3:1d:5e:8d:dc:13:4c:5b:
                    1b:fb:a1:b2:03:89:56:8f:74:a8:fb:96:53:ab:3d:
                    03:a0:62:1d:db:be:f8:7f:32:76:5c:8a:c1:33:37:
                    f2:32:99:ec:dc:3f:d9:f3:9c:61:d3:28:ad:37:b5:
                    cf:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D1:EF:31:E7:E3:50:89:2E:61:0C:DB:1F:58:57:0C:B5:79:A6:D1
            X509v3 Authority Key Identifier:
                keyid:91:16:DC:BF:78:C6:2D:51:DA:90:76:A0:D0:6A:DA:D3:6E:E3:B7:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kRbcv3jGLVHakHag0Gra027jt1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/12f5d1-e760-4101-af25-7fc49da53d13/1/3dHvMefjUIkuYQzbH1hXDLV5ptE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/12f5d1-e760-4101-af25-7fc49da53d13/1/kRbcv3jGLVHakHag0Gra027jt1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.247.248.0/21
                  185.177.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:a7:8c:5e:08:9e:40:d3:e8:10:57:e4:7d:a7:29:b3:fb:fc:
         e2:20:4c:c5:0c:bb:47:87:07:cc:9b:40:52:a6:0b:15:2e:cf:
         99:8e:5a:a9:ca:fa:f3:70:17:48:08:50:b3:f5:6c:66:5a:5b:
         20:b0:b8:2a:fe:40:96:d9:1e:94:5e:44:69:60:30:84:52:83:
         a8:04:5e:6a:27:ec:14:0c:a5:ad:8f:f3:8f:d8:b7:0a:fa:7b:
         8d:4f:75:15:5a:8d:16:7c:02:21:46:0c:fd:dc:50:e6:46:42:
         c2:41:6f:16:1b:f9:49:fb:da:2b:fb:9c:18:0f:e8:e0:46:c3:
         4c:84:f8:a5:ff:f9:79:f7:1f:8f:2d:cf:d7:ae:64:fc:b0:83:
         e9:e2:3e:d5:7f:a8:26:e7:a6:7f:9c:7b:87:ba:f1:48:27:af:
         dd:c3:8a:f8:ca:69:e0:41:22:8e:a2:e4:76:c4:9e:5b:2d:d4:
         15:e3:fb:a9:5a:3a:31:3e:e9:88:73:9f:71:06:6e:7b:58:96:
         de:89:ee:2f:66:3b:d6:97:88:8b:b8:ab:84:bf:06:91:29:2c:
         07:99:22:7d:02:9b:19:59:c8:fd:17:12:77:46:25:94:6a:4c:
         ea:3d:d1:94:3c:64:9c:de:56:90:d1:d8:c3:f3:39:f5:3d:8e:
         7f:8b:20:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJThv8W9UZ2m+CBMK1mS17MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMTZkY2JmNzhjNjJkNTFkYTkwNzZhMGQwNmFkYWQzNmVl
M2I3NTUwHhcNMjQwMTAyMDgzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQxZWYzMWU3ZTM1MDg5MmU2MTBjZGIxZjU4NTcwY2I1NzlhNmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCo4zOjc1Lp8EH83w1Hsufb80QGW
SC7RrQagQ2NMUkBRjT/M4aSXaDKIswY47xj12E+CVaUGAKbl5mqmTmXsBeSxqY2b
v8v+InS8meMXNUJzJBXL5h+x7/8pfypAdGMXfa6Uenz4bppZjR4fVQKofjoiL1Dq
mGlldN1cYO2GY893Ng9yymGkS2bNaqPux7iBMJC6diWZWqFN/dih5k7d7F3KHbRL
Az28DTltCHD31HsEupVE1Gb5ZawE42MA5GJz9pGJfZ6ZaLZY4x1ejdwTTFsb+6Gy
A4lWj3So+5ZTqz0DoGId2774fzJ2XIrBMzfyMpns3D/Z85xh0yitN7XPZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN3R7zHn41CJLmEM2x9YVwy1eabRMB8GA1UdIwQY
MBaAFJEW3L94xi1R2pB2oNBq2tNu47dVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1JiY3YzakdMVkhha0hhZzBHcmEwMjdqdDFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8xMmY1ZDEtZTc2MC00MTAxLWFmMjUt
N2ZjNDlkYTUzZDEzLzEvM2RIdk1lZmpVSWt1WVF6YkgxaFhETFY1cHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8xMmY1ZDEtZTc2MC00MTAxLWFmMjUtN2ZjNDlkYTUzZDEz
LzEva1JiY3YzakdMVkhha0hhZzBHcmEwMjdqdDFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDTff4AwQC
ubEcMA0GCSqGSIb3DQEBCwUAA4IBAQBtp4xeCJ5A0+gQV+R9pymz+/ziIEzFDLtH
hwfMm0BSpgsVLs+ZjlqpyvrzcBdICFCz9WxmWlsgsLgq/kCW2R6UXkRpYDCEUoOo
BF5qJ+wUDKWtj/OP2LcK+nuNT3UVWo0WfAIhRgz93FDmRkLCQW8WG/lJ+9or+5wY
D+jgRsNMhPil//l59x+PLc/XrmT8sIPp4j7Vf6gm56Z/nHuHuvFIJ6/dw4r4ymng
QSKOouR2xJ5bLdQV4/upWjoxPumIc59xBm57WJbeie4vZjvWl4iLuKuEvwaRKSwH
mSJ9ApsZWcj9FxJ3RiWUakzqPdGUPGSc3laQ0djD8zn1PY5/iyBd
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:43:32 2024 by rpki-client on console-ams.rpki-client.org