Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/KV1CuLs-TuRkP0aqS5IeSJMaGYQ.roa
File:                     KV1CuLs-TuRkP0aqS5IeSJMaGYQ.roa (raw, json)
Hash identifier:          ogZmzrdsdzK3IggjFNZovnD74N47IX4cwCNErgyTVSo=
Subject key identifier:   29:5D:42:B8:BB:3E:4E:E4:64:3F:46:AA:4B:92:1E:48:93:1A:19:84
Certificate issuer:       /CN=dbb653bbd1704c47bada62ab6ce3502307f244b6
Certificate serial:       018CC64B0F824C26AF585EFFE9330F468B44
Authority key identifier: DB:B6:53:BB:D1:70:4C:47:BA:DA:62:AB:6C:E3:50:23:07:F2:44:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27ZTu9FwTEe62mKrbONQIwfyRLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/KV1CuLs-TuRkP0aqS5IeSJMaGYQ.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34785
IP address blocks:        193.186.80.0/22 maxlen: 22
                          193.186.84.0/23 maxlen: 23
                          193.228.112.0/21 maxlen: 21
                          193.228.122.0/24 maxlen: 24
                          193.228.120.0/23 maxlen: 23
                          185.72.137.0/24 maxlen: 24
                          185.72.138.0/24 maxlen: 24
                          80.80.240.0/20 maxlen: 20
                          185.72.136.0/24 maxlen: 24
                          193.186.72.0/21 maxlen: 21
                          2a01:af80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/27ZTu9FwTEe62mKrbONQIwfyRLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/27ZTu9FwTEe62mKrbONQIwfyRLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27ZTu9FwTEe62mKrbONQIwfyRLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0f:82:4c:26:af:58:5e:ff:e9:33:0f:46:8b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb653bbd1704c47bada62ab6ce3502307f244b6
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=295d42b8bb3e4ee4643f46aa4b921e48931a1984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:da:93:af:4a:e7:ca:ef:4d:d7:3a:a4:4b:ec:
                    3b:fe:25:04:f4:5a:48:6f:c4:87:a3:b3:4c:79:1e:
                    05:14:ea:01:c1:4d:45:78:17:c0:71:f4:79:dd:30:
                    4c:b3:63:df:b2:e6:75:be:b0:e7:d6:fd:64:3a:2c:
                    ac:66:8e:fd:41:08:7e:78:66:b1:76:7a:7b:8f:9e:
                    c4:3f:5a:e7:2a:d8:c0:62:cd:71:56:86:ae:cc:f8:
                    aa:41:f1:27:c4:b4:10:41:17:06:a0:50:f2:c4:ba:
                    87:6a:4c:f4:98:6b:55:3d:32:82:de:ec:14:12:95:
                    20:05:b2:de:15:96:73:cb:e1:6f:45:51:d2:00:4a:
                    d7:b6:f1:d4:44:33:2f:79:1a:fe:71:fb:45:b0:95:
                    2d:d0:09:c7:b0:c2:e5:2c:5e:79:14:d6:67:45:e3:
                    36:4b:2c:86:68:ba:a7:5f:4d:1b:05:db:ec:24:ff:
                    f4:f6:70:31:cf:c8:c5:9b:73:41:8e:f7:f3:09:71:
                    f2:75:b7:c4:47:66:fa:e5:fa:d7:c7:78:02:40:dd:
                    4c:a2:61:e4:68:e8:b2:6b:b9:0d:36:57:17:b7:a7:
                    a1:2e:56:6d:69:44:42:22:02:5e:a3:9b:41:79:2d:
                    06:4c:cb:c4:54:72:38:ab:16:18:63:3c:91:82:e8:
                    0f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5D:42:B8:BB:3E:4E:E4:64:3F:46:AA:4B:92:1E:48:93:1A:19:84
            X509v3 Authority Key Identifier:
                keyid:DB:B6:53:BB:D1:70:4C:47:BA:DA:62:AB:6C:E3:50:23:07:F2:44:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27ZTu9FwTEe62mKrbONQIwfyRLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/KV1CuLs-TuRkP0aqS5IeSJMaGYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/8060df-a6f7-4166-a929-a980bed33ab0/1/27ZTu9FwTEe62mKrbONQIwfyRLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.80.240.0/20
                  185.72.136.0-185.72.138.255
                  193.186.72.0-193.186.85.255
                  193.228.112.0-193.228.122.255
                IPv6:
                  2a01:af80::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:ba:3d:28:6c:f2:18:da:a4:04:52:a9:47:95:cd:87:89:dc:
         a2:f0:e7:08:99:97:96:71:35:d9:a0:25:ea:23:dd:dc:16:11:
         da:16:5e:4f:19:a0:01:94:9b:39:b9:ae:89:0a:ce:5a:dd:16:
         20:6c:6e:32:f8:c2:ca:db:11:fb:d5:44:e3:46:28:81:f0:e6:
         c6:38:5f:e4:84:8c:e4:83:03:27:81:25:f1:82:70:67:4a:94:
         7f:b9:7f:2b:0d:a2:4b:e4:83:11:c0:d4:9d:80:fa:fe:e9:bf:
         6d:10:28:69:e4:35:7e:c0:82:86:7e:cf:0a:b0:98:0c:1b:21:
         f7:57:6c:bc:54:3f:dc:34:4a:6d:54:35:ef:6f:86:2e:a1:97:
         5f:4d:e4:29:a7:75:1d:4c:22:8c:65:47:1c:48:62:2b:f5:c6:
         78:9b:c2:6e:b9:43:3b:70:44:8b:8d:0e:87:21:03:3d:93:34:
         90:9e:64:65:65:1b:bc:5d:ba:14:30:6c:87:40:1c:a0:9c:77:
         4d:13:16:57:95:42:d5:a9:1f:a8:33:82:53:ce:a8:11:36:7a:
         39:e3:0c:3c:b7:d3:0e:10:05:bb:0c:20:b0:83:59:93:71:82:
         f2:58:fc:14:00:24:8f:9f:33:d3:5e:2f:eb:af:d0:f6:db:0d:
         2c:a2:b2:f3
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzGSw+CTCavWF7/6TMPRotEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjY1M2JiZDE3MDRjNDdiYWRhNjJhYjZjZTM1MDIzMDdm
MjQ0YjYwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTVkNDJiOGJiM2U0ZWU0NjQzZjQ2YWE0YjkyMWU0ODkzMWExOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNqTr0rnyu9N1zqkS+w7/iUE9FpI
b8SHo7NMeR4FFOoBwU1FeBfAcfR53TBMs2PfsuZ1vrDn1v1kOiysZo79QQh+eGax
dnp7j57EP1rnKtjAYs1xVoauzPiqQfEnxLQQQRcGoFDyxLqHakz0mGtVPTKC3uwU
EpUgBbLeFZZzy+FvRVHSAErXtvHURDMveRr+cftFsJUt0AnHsMLlLF55FNZnReM2
SyyGaLqnX00bBdvsJP/09nAxz8jFm3NBjvfzCXHydbfER2b65frXx3gCQN1MomHk
aOiya7kNNlcXt6ehLlZtaURCIgJeo5tBeS0GTMvEVHI4qxYYYzyRgugPcwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFCldQri7Pk7kZD9GqkuSHkiTGhmEMB8GA1UdIwQY
MBaAFNu2U7vRcExHutpiq2zjUCMH8kS2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdaVHU5RndURWU2Mm1LcmJPTlFJd2Z5UkxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84MDYwZGYtYTZmNy00MTY2LWE5Mjkt
YTk4MGJlZDMzYWIwLzEvS1YxQ3VMcy1UdVJrUDBhcVM1SWVTSk1hR1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84MDYwZGYtYTZmNy00MTY2LWE5MjktYTk4MGJlZDMzYWIw
LzEvMjdaVHU5RndURWU2Mm1LcmJPTlFJd2Z5UkxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEUFDwMAwD
BAO5SIgDBAC5SIowDAMEA8G6SAMEAcG6VDAMAwQEweRwAwQAweR6MA0EAgACMAcD
BQAqAa+AMA0GCSqGSIb3DQEBCwUAA4IBAQAluj0obPIY2qQEUqlHlc2Hidyi8OcI
mZeWcTXZoCXqI93cFhHaFl5PGaABlJs5ua6JCs5a3RYgbG4y+MLK2xH71UTjRiiB
8ObGOF/khIzkgwMngSXxgnBnSpR/uX8rDaJL5IMRwNSdgPr+6b9tEChp5DV+wIKG
fs8KsJgMGyH3V2y8VD/cNEptVDXvb4YuoZdfTeQpp3UdTCKMZUccSGIr9cZ4m8Ju
uUM7cESLjQ6HIQM9kzSQnmRlZRu8XboUMGyHQBygnHdNExZXlULVqR+oM4JTzqgR
Nno54ww8t9MOEAW7DCCwg1mTcYLyWPwUACSPnzPTXi/rr9D22w0sorLz
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:43:34 2024 by rpki-client on console-ams.rpki-client.org