Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/yOIJfnfQdFpLX5h90srBKksV-w0.roa
File:                     yOIJfnfQdFpLX5h90srBKksV-w0.roa (raw, json)
Hash identifier:          aI41zLiaG5Jhq2185ePoxz0yYe+cW4VCyvkqvnrM/eA=
Subject key identifier:   C8:E2:09:7E:77:D0:74:5A:4B:5F:98:7D:D2:CA:C1:2A:4B:15:FB:0D
Certificate issuer:       /CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
Certificate serial:       018CC9BB0AD48A26174F2E5FEE4831A5129A
Authority key identifier: 72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/yOIJfnfQdFpLX5h90srBKksV-w0.roa
Signing time:             Tue 02 Jan 2024 10:32:07 +0000
ROA not before:           Tue 02 Jan 2024 10:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25291
IP address blocks:        185.46.136.0/22 maxlen: 24
                          37.44.0.0/21 maxlen: 24
                          151.252.40.0/21 maxlen: 24
                          45.153.82.0/23 maxlen: 24
                          185.56.128.0/21 maxlen: 24
                          176.74.56.0/21 maxlen: 24
                          185.54.232.0/22 maxlen: 24
                          109.68.224.0/21 maxlen: 24
                          37.49.152.0/21 maxlen: 24
                          185.56.104.0/23 maxlen: 24
                          37.123.104.0/21 maxlen: 24
                          195.192.128.0/18 maxlen: 24
                          77.247.80.0/21 maxlen: 24
                          2a00:13c8::/32 maxlen: 48
                          2a00:7fc0::/32 maxlen: 48
                          2a00:7fc0::/33 maxlen: 48
                          2a04:d480::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:0a:d4:8a:26:17:4f:2e:5f:ee:48:31:a5:12:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
        Validity
            Not Before: Jan  2 10:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8e2097e77d0745a4b5f987dd2cac12a4b15fb0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:56:7a:14:91:19:46:5b:a8:c3:81:7d:ed:d7:
                    3c:9f:8f:38:6b:bf:63:4d:c2:eb:56:c9:c5:6d:19:
                    48:94:04:2b:38:09:1d:11:a8:0d:5d:89:20:9c:96:
                    eb:f7:1e:83:76:75:c6:d6:e7:04:30:e6:47:3f:5d:
                    fd:34:25:1a:2d:6c:bf:17:43:1e:cd:2a:5c:89:fa:
                    10:3d:0f:70:0a:72:c8:17:1d:2b:3d:5d:a1:46:af:
                    93:23:b1:e8:ac:c1:77:55:ab:5f:ac:2b:91:a2:74:
                    15:f9:37:16:08:60:0f:63:bb:cf:f8:91:bc:b6:3d:
                    6f:a4:b2:82:d6:33:0f:55:f3:c2:bb:22:2b:e0:e8:
                    1c:18:21:80:09:ba:17:2c:79:37:f8:a6:25:e9:4c:
                    6b:46:ab:59:60:57:3e:3f:d8:a8:b1:05:bd:21:7a:
                    96:10:55:75:96:e3:96:bd:7a:dd:b9:49:2d:91:29:
                    ae:4c:f5:dc:f5:d1:be:2d:7f:7a:d8:94:8b:94:ec:
                    22:96:e4:4a:ec:21:37:93:38:af:01:35:87:9b:ef:
                    2e:c6:e7:c1:76:db:52:e3:05:5f:22:1b:3b:85:55:
                    73:78:c1:44:d1:fb:f9:e1:ed:e2:b9:75:f0:4f:57:
                    32:86:88:05:9b:b0:fb:74:4a:a3:ea:4e:ac:6a:1e:
                    65:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:E2:09:7E:77:D0:74:5A:4B:5F:98:7D:D2:CA:C1:2A:4B:15:FB:0D
            X509v3 Authority Key Identifier:
                keyid:72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/yOIJfnfQdFpLX5h90srBKksV-w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.0.0/21
                  37.49.152.0/21
                  37.123.104.0/21
                  45.153.82.0/23
                  77.247.80.0/21
                  109.68.224.0/21
                  151.252.40.0/21
                  176.74.56.0/21
                  185.46.136.0/22
                  185.54.232.0/22
                  185.56.104.0/23
                  185.56.128.0/21
                  195.192.128.0/18
                IPv6:
                  2a00:13c8::/32
                  2a00:7fc0::/32
                  2a04:d480::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:e8:b7:fa:42:8d:ae:00:ae:1c:30:bb:dd:d9:3b:91:39:48:
         06:f3:28:ec:9d:6f:ab:05:89:f6:d1:8f:94:b2:5a:4a:d4:89:
         3c:7b:87:62:9d:49:53:11:8d:1e:cb:34:3b:c6:69:76:05:92:
         ba:f2:15:63:18:71:17:fa:4a:a3:4d:f6:4b:7a:b7:63:1a:48:
         23:cd:20:c0:da:37:5d:83:07:44:16:57:51:7f:7b:b2:43:e0:
         0e:db:78:3b:6e:1c:a7:26:7a:0c:bd:bf:1a:11:c9:a6:86:16:
         22:25:ee:a4:d4:f7:99:48:12:76:7d:55:1a:39:b3:70:0e:f3:
         f8:71:ab:cd:cc:aa:f5:aa:5e:7d:40:ce:5d:5c:9f:29:dd:bd:
         e0:bd:d5:e0:93:0d:a9:61:33:b6:2e:e9:93:8e:17:60:6d:c4:
         63:7a:c4:28:6c:9f:b6:8d:6e:04:86:c7:b4:b4:f6:3a:28:bc:
         6a:3d:17:69:25:de:3b:f6:9a:82:99:53:59:40:4f:21:89:c3:
         a8:c2:b8:4d:f1:3c:32:f6:d4:42:45:ff:72:d3:3e:3e:c3:7d:
         e1:18:40:ba:da:66:cc:a8:e6:93:f6:70:5c:4d:da:2e:c9:9a:
         1e:83:ae:02:97:19:63:ff:2a:ad:b3:0c:67:5f:d3:05:74:12:
         5a:d9:df:18
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAYzJuwrUiiYXTy5f7kgxpRKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYzI2YWJjOWUwNmMxYWZlZjliNWZkMmRhNDA0MTJlN2Fl
ZTZiNDcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGUyMDk3ZTc3ZDA3NDVhNGI1Zjk4N2RkMmNhYzEyYTRiMTVmYjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VZ6FJEZRluow4F97dc8n484a79j
TcLrVsnFbRlIlAQrOAkdEagNXYkgnJbr9x6DdnXG1ucEMOZHP139NCUaLWy/F0Me
zSpcifoQPQ9wCnLIFx0rPV2hRq+TI7HorMF3VatfrCuRonQV+TcWCGAPY7vP+JG8
tj1vpLKC1jMPVfPCuyIr4OgcGCGACboXLHk3+KYl6UxrRqtZYFc+P9iosQW9IXqW
EFV1luOWvXrduUktkSmuTPXc9dG+LX962JSLlOwiluRK7CE3kzivATWHm+8uxufB
dttS4wVfIhs7hVVzeMFE0fv54e3iuXXwT1cyhogFm7D7dEqj6k6sah5lEwIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFMjiCX530HRaS1+YfdLKwSpLFfsNMB8GA1UdIwQY
MBaAFHLCaryeBsGv75tf0tpAQS567mtHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMt
Y2Q3ZDYxOTEzMjg4LzEveU9JSmZuZlFkRnBMWDVoOTBzckJLa3NWLXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMtY2Q3ZDYxOTEzMjg4
LzEvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwVAQCAAEwTgMEAyUsAAME
AyUxmAMEAyV7aAMEAS2ZUgMEA033UAMEA21E4AMEA5f8KAMEA7BKOAMEArkuiAME
Ark26AMEAbk4aAMEA7k4gAMEBsPAgDAbBAIAAjAVAwUAKgATyAMFACoAf8ADBQMq
BNSAMA0GCSqGSIb3DQEBCwUAA4IBAQAO6Lf6Qo2uAK4cMLvd2TuROUgG8yjsnW+r
BYn20Y+UslpK1Ik8e4dinUlTEY0eyzQ7xml2BZK68hVjGHEX+kqjTfZLerdjGkgj
zSDA2jddgwdEFldRf3uyQ+AO23g7bhynJnoMvb8aEcmmhhYiJe6k1PeZSBJ2fVUa
ObNwDvP4cavNzKr1ql59QM5dXJ8p3b3gvdXgkw2pYTO2LumTjhdgbcRjesQobJ+2
jW4Ehse0tPY6KLxqPRdpJd479pqCmVNZQE8hicOowrhN8Twy9tRCRf9y0z4+w33h
GEC62mbMqOaT9nBcTdouyZoeg64Clxlj/yqtswxnX9MFdBJa2d8Y
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:09:44 2024 by rpki-client on console-ams.rpki-client.org