Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/zGikwoIBZvGkRvvwM9IT58X4y3s.roa
File:                     zGikwoIBZvGkRvvwM9IT58X4y3s.roa (raw, json)
Hash identifier:          7mw6aXf9h8zAOLGZmVNyfwOCk6TOV29Vr9S9MXAF1kI=
Subject key identifier:   CC:68:A4:C2:82:01:66:F1:A4:46:FB:F0:33:D2:13:E7:C5:F8:CB:7B
Certificate issuer:       /CN=0a41a925f8d6684c86107d2756b4aa93881f02ae
Certificate serial:       018CC94CFBB743DF4BEF3B3C62D6AC6013BC
Authority key identifier: 0A:41:A9:25:F8:D6:68:4C:86:10:7D:27:56:B4:AA:93:88:1F:02:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/zGikwoIBZvGkRvvwM9IT58X4y3s.roa
Signing time:             Tue 02 Jan 2024 08:31:54 +0000
ROA not before:           Tue 02 Jan 2024 08:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12601
IP address blocks:        185.113.40.0/22 maxlen: 22
                          80.94.176.0/22 maxlen: 22
                          80.94.185.0/24 maxlen: 24
                          80.94.182.0/23 maxlen: 23
                          80.94.184.0/24 maxlen: 24
                          185.211.140.0/22 maxlen: 22
                          185.194.80.0/22 maxlen: 22
                          213.159.9.0/24 maxlen: 24
                          64.126.192.0/23 maxlen: 23
                          80.94.188.0/23 maxlen: 23
                          64.126.194.0/23 maxlen: 23
                          194.5.134.0/24 maxlen: 24
                          64.126.200.0/22 maxlen: 22
                          64.126.208.0/24 maxlen: 24
                          64.126.212.0/22 maxlen: 22
                          64.126.212.0/24 maxlen: 24
                          64.126.209.0/24 maxlen: 24
                          194.126.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/CkGpJfjWaEyGEH0nVrSqk4gfAq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/CkGpJfjWaEyGEH0nVrSqk4gfAq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:fb:b7:43:df:4b:ef:3b:3c:62:d6:ac:60:13:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a41a925f8d6684c86107d2756b4aa93881f02ae
        Validity
            Not Before: Jan  2 08:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc68a4c2820166f1a446fbf033d213e7c5f8cb7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e3:f2:0b:ba:6f:d7:24:7d:1f:eb:ab:25:f6:
                    f4:c9:96:0b:35:7a:33:37:55:8a:6f:3a:f6:17:f4:
                    24:d6:60:de:c1:e9:2d:1d:bd:c8:9b:1c:4d:01:5e:
                    c0:43:a2:0b:c4:1b:00:6a:99:7b:e6:56:a2:b2:84:
                    d5:00:48:d4:0e:52:61:dc:65:b5:67:7d:c6:d3:e7:
                    e4:c7:e9:24:21:5a:6a:88:5e:d0:3d:df:1e:81:57:
                    9b:23:ab:a1:49:98:52:bd:13:48:ce:a3:3a:08:38:
                    7d:b4:a7:14:93:70:5e:45:64:58:7d:13:d8:18:71:
                    f1:18:88:f7:70:80:81:e2:a9:51:75:c0:de:ea:f9:
                    e0:cb:e3:31:d4:2a:53:d1:7c:b8:bc:9e:fd:26:75:
                    7e:44:52:d1:64:8d:cf:fd:29:d4:d8:29:6a:7d:3f:
                    73:86:eb:4e:4a:5b:32:db:ec:74:94:79:8c:47:02:
                    66:b1:c9:e9:9d:45:7b:a8:81:6a:4a:ab:9e:7a:19:
                    a6:da:12:97:8b:fd:c6:ea:75:d5:12:ae:7f:8b:be:
                    de:cd:48:8a:db:ac:22:d1:1c:a1:a3:26:5c:b9:2b:
                    81:8d:0c:12:b9:66:02:9a:80:76:da:64:7d:ce:ea:
                    65:f4:73:66:8a:47:04:c6:60:76:07:30:d8:f1:8b:
                    15:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:68:A4:C2:82:01:66:F1:A4:46:FB:F0:33:D2:13:E7:C5:F8:CB:7B
            X509v3 Authority Key Identifier:
                keyid:0A:41:A9:25:F8:D6:68:4C:86:10:7D:27:56:B4:AA:93:88:1F:02:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkGpJfjWaEyGEH0nVrSqk4gfAq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/zGikwoIBZvGkRvvwM9IT58X4y3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e37d1d-d4fb-496c-af49-3420684c7e41/1/CkGpJfjWaEyGEH0nVrSqk4gfAq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.126.192.0/22
                  64.126.200.0/22
                  64.126.208.0/23
                  64.126.212.0/22
                  80.94.176.0/22
                  80.94.182.0-80.94.185.255
                  80.94.188.0/23
                  185.113.40.0/22
                  185.194.80.0/22
                  185.211.140.0/22
                  194.5.134.0/24
                  194.126.236.0/24
                  213.159.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:82:53:1c:9f:ee:12:e0:3c:5a:45:c0:f9:a2:dd:72:c6:3f:
         ce:c9:41:54:43:c3:5e:8f:bb:b5:10:d9:a3:ce:68:2f:a4:b6:
         0c:67:a4:44:a2:a8:84:99:62:9f:97:f4:b1:c7:03:fc:52:ba:
         1f:ed:8f:05:ea:dc:9b:ce:0f:c6:2b:11:44:2e:73:47:51:fd:
         b1:35:52:e8:76:4e:48:27:e8:33:65:91:31:e7:f1:27:74:9a:
         ee:21:85:65:93:20:cf:19:38:65:3b:96:53:de:16:e6:69:1f:
         c6:f9:96:b3:ed:3f:81:54:b4:aa:6f:4e:3f:bf:ba:c1:53:2f:
         4f:97:6a:72:13:96:e9:38:83:ed:57:13:a3:60:55:52:a3:6d:
         07:8d:f8:a8:2a:e3:9e:70:df:e9:63:e9:33:97:82:a2:17:ea:
         bd:b7:2c:d9:b1:0b:1c:cb:9a:47:b7:66:84:75:64:a2:83:33:
         71:83:e8:e5:04:6d:6d:25:fd:89:33:03:33:9d:e8:6f:81:94:
         fe:94:43:7c:d4:cb:75:bc:bb:fd:73:32:4c:60:c3:fe:87:18:
         5a:59:48:d5:15:7f:0c:0e:da:34:de:45:59:99:37:95:b3:83:
         27:3c:8b:2e:83:38:0d:f8:69:e8:ed:6a:5c:71:73:d9:6c:65:
         81:38:56:0a
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYzJTPu3Q99L7zs8YtasYBO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNDFhOTI1ZjhkNjY4NGM4NjEwN2QyNzU2YjRhYTkzODgx
ZjAyYWUwHhcNMjQwMTAyMDgzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzY4YTRjMjgyMDE2NmYxYTQ0NmZiZjAzM2QyMTNlN2M1ZjhjYjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzePyC7pv1yR9H+urJfb0yZYLNXoz
N1WKbzr2F/Qk1mDewektHb3ImxxNAV7AQ6ILxBsAapl75laisoTVAEjUDlJh3GW1
Z33G0+fkx+kkIVpqiF7QPd8egVebI6uhSZhSvRNIzqM6CDh9tKcUk3BeRWRYfRPY
GHHxGIj3cICB4qlRdcDe6vngy+Mx1CpT0Xy4vJ79JnV+RFLRZI3P/SnU2ClqfT9z
hutOSlsy2+x0lHmMRwJmscnpnUV7qIFqSqueehmm2hKXi/3G6nXVEq5/i77ezUiK
26wi0RyhoyZcuSuBjQwSuWYCmoB22mR9zupl9HNmikcExmB2BzDY8YsVRQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFMxopMKCAWbxpEb78DPSE+fF+Mt7MB8GA1UdIwQY
MBaAFApBqSX41mhMhhB9J1a0qpOIHwKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2tHcEpmaldhRXlHRUgwblZyU3FrNGdmQXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9lMzdkMWQtZDRmYi00OTZjLWFmNDkt
MzQyMDY4NGM3ZTQxLzEvekdpa3dvSUJadkdrUnZ2d005SVQ1OFg0eTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9lMzdkMWQtZDRmYi00OTZjLWFmNDktMzQyMDY4NGM3ZTQx
LzEvQ2tHcEpmaldhRXlHRUgwblZyU3FrNGdmQXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQCQH7AAwQC
QH7IAwQBQH7QAwQCQH7UAwQCUF6wMAwDBAFQXrYDBAFQXrgDBAFQXrwDBAK5cSgD
BAK5wlADBAK504wDBADCBYYDBADCfuwDBADVnwkwDQYJKoZIhvcNAQELBQADggEB
ACCCUxyf7hLgPFpFwPmi3XLGP87JQVRDw16Pu7UQ2aPOaC+ktgxnpESiqISZYp+X
9LHHA/xSuh/tjwXq3JvOD8YrEUQuc0dR/bE1Uuh2Tkgn6DNlkTHn8Sd0mu4hhWWT
IM8ZOGU7llPeFuZpH8b5lrPtP4FUtKpvTj+/usFTL0+XanITluk4g+1XE6NgVVKj
bQeN+Kgq455w3+lj6TOXgqIX6r23LNmxCxzLmke3ZoR1ZKKDM3GD6OUEbW0l/Ykz
AzOd6G+BlP6UQ3zUy3W8u/1zMkxgw/6HGFpZSNUVfwwO2jTeRVmZN5Wzgyc8iy6D
OA34aejtalxxc9lsZYE4Vgo=
-----END CERTIFICATE-----
Generated at Tue Nov 26 13:13:04 2024 by rpki-client on console-fra.rpki-client.org