Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/t7Rz42dce0i5zAzJYPL5lASxwxk.roa
File:                     t7Rz42dce0i5zAzJYPL5lASxwxk.roa (raw, json)
Hash identifier:          KeMMOhaC1ZVvpzUfJEcGrQDqSdgEthZUxyBkAL8jV0s=
Subject key identifier:   B7:B4:73:E3:67:5C:7B:48:B9:CC:0C:C9:60:F2:F9:94:04:B1:C3:19
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801D7A8C14358103955F7E23168ABA5
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/t7Rz42dce0i5zAzJYPL5lASxwxk.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41717
IP address blocks:        80.66.199.0/24 maxlen: 24
                          5.183.117.0/24 maxlen: 24
                          5.183.116.0/23 maxlen: 23
                          5.183.116.0/24 maxlen: 24
                          5.183.118.0/24 maxlen: 24
                          5.183.119.0/24 maxlen: 24
                          5.183.121.0/24 maxlen: 24
                          5.183.123.0/24 maxlen: 24
                          5.183.120.0/23 maxlen: 23
                          5.183.120.0/24 maxlen: 24
                          5.183.122.0/24 maxlen: 24
                          45.139.194.0/24 maxlen: 24
                          45.141.44.0/22 maxlen: 24
                          45.8.35.0/24 maxlen: 24
                          45.8.32.0/24 maxlen: 24
                          45.8.34.0/24 maxlen: 24
                          2.58.245.0/24 maxlen: 24
                          2.58.244.0/24 maxlen: 24
                          2.58.246.0/24 maxlen: 24
                          2.58.247.0/24 maxlen: 24
                          2.58.249.0/24 maxlen: 24
                          2.58.251.0/24 maxlen: 24
                          2.58.248.0/24 maxlen: 24
                          2.58.250.0/24 maxlen: 24
                          194.104.144.0/24 maxlen: 24
                          95.214.166.0/24 maxlen: 24
                          95.214.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d7:a8:c1:43:58:10:39:55:f7:e2:31:68:ab:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7b473e3675c7b48b9cc0cc960f2f99404b1c319
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:03:53:f9:e0:6f:99:7c:15:40:01:d0:c8:a6:
                    f6:d9:6a:45:84:ff:d8:e7:fc:c2:4a:eb:6a:f3:7e:
                    fe:20:5f:47:cb:04:49:60:6e:d6:61:77:3a:de:98:
                    d9:99:4a:c5:1c:aa:c9:cd:37:db:6a:e1:d2:12:1c:
                    f6:a7:0b:ac:7e:77:cf:6b:4b:46:af:03:a0:67:ec:
                    5d:06:af:9c:2a:53:69:4f:e0:97:11:f2:b0:6a:92:
                    d5:cf:17:07:ad:ca:58:1a:77:46:06:32:5a:69:1e:
                    0f:25:f1:08:b0:7a:01:5f:ba:f1:ca:4d:78:25:0c:
                    a4:7e:ad:fd:10:1b:60:7e:7d:23:90:09:4e:93:be:
                    42:07:13:2e:03:9a:92:e8:1d:43:bc:e8:dc:04:47:
                    ac:1e:5a:c8:93:82:bf:36:65:03:4e:26:32:30:f0:
                    b6:7f:89:fe:3c:5b:14:39:3c:08:85:ed:0b:99:ed:
                    62:7f:30:fa:90:fc:93:fe:a0:e8:ab:5b:cd:c8:00:
                    4f:61:7a:6f:cc:d1:53:d9:fa:6f:7d:3f:63:bb:0d:
                    9e:3d:e0:05:68:df:18:b0:6e:43:07:01:d2:29:d8:
                    6b:ee:8e:1a:12:b5:69:01:d6:e8:9f:69:33:83:6e:
                    38:1d:83:16:86:2d:22:3a:70:83:a2:56:6e:3b:89:
                    90:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:B4:73:E3:67:5C:7B:48:B9:CC:0C:C9:60:F2:F9:94:04:B1:C3:19
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/t7Rz42dce0i5zAzJYPL5lASxwxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.244.0-2.58.251.255
                  5.183.116.0-5.183.123.255
                  45.8.32.0/24
                  45.8.34.0/23
                  45.139.194.0/24
                  45.141.44.0/22
                  80.66.199.0/24
                  95.214.166.0/23
                  194.104.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:51:57:30:47:bb:cb:01:1f:39:ca:1b:f4:b5:e2:d6:20:c8:
         e7:4d:ee:ce:91:eb:c1:76:51:78:87:94:ef:d2:db:76:b5:89:
         f6:86:e7:9e:aa:17:30:10:a1:82:2d:1e:d7:c4:38:59:b4:58:
         7d:24:0b:e9:97:33:1a:ef:83:1f:ed:ea:87:bd:43:8b:73:14:
         1c:c2:6a:06:75:72:94:bf:ed:dc:2c:69:bb:c2:01:e6:fb:73:
         4f:be:cb:10:bd:c4:22:ec:8a:f7:d8:be:df:fa:39:fc:cd:5f:
         82:af:cb:f9:ab:88:14:af:ec:80:0b:ec:65:8d:fe:ff:fd:05:
         d2:7f:b0:25:39:64:7f:3d:eb:50:b9:88:55:c4:9d:24:37:e6:
         5b:b3:0c:c5:60:cb:c4:41:7a:27:7e:c8:36:8d:6e:c5:a1:34:
         32:d6:27:be:2a:d3:32:e3:7b:ae:b2:45:97:8c:3a:79:9b:bf:
         45:0f:0c:db:37:2d:9d:d1:43:c3:1a:61:06:d8:ff:c6:08:fd:
         55:3f:96:79:8f:98:d1:91:fb:6e:f4:41:51:a7:25:9c:5a:47:
         19:59:57:39:77:fb:b3:c8:a8:6f:94:20:f9:75:6c:d9:23:71:
         6c:a6:9f:a7:56:96:ad:51:5f:e4:75:8e:c6:79:d9:87:34:12:
         aa:02:1a:d8
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzIAdeowUNYEDlV9+IxaKulMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2I0NzNlMzY3NWM3YjQ4YjljYzBjYzk2MGYyZjk5NDA0YjFjMzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgNT+eBvmXwVQAHQyKb22WpFhP/Y
5/zCSutq837+IF9HywRJYG7WYXc63pjZmUrFHKrJzTfbauHSEhz2pwusfnfPa0tG
rwOgZ+xdBq+cKlNpT+CXEfKwapLVzxcHrcpYGndGBjJaaR4PJfEIsHoBX7rxyk14
JQykfq39EBtgfn0jkAlOk75CBxMuA5qS6B1DvOjcBEesHlrIk4K/NmUDTiYyMPC2
f4n+PFsUOTwIhe0Lme1ifzD6kPyT/qDoq1vNyABPYXpvzNFT2fpvfT9juw2ePeAF
aN8YsG5DBwHSKdhr7o4aErVpAdbon2kzg244HYMWhi0iOnCDolZuO4mQbwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFLe0c+NnXHtIucwMyWDy+ZQEscMZMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvdDdSejQyZGNlMGk1ekF6SllQTDVsQVN4d3hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBAICOvQD
BAICOvgwDAMEAgW3dAMEAgW3eAMEAC0IIAMEAS0IIgMEAC2LwgMEAi2NLAMEAFBC
xwMEAV/WpgMEAMJokDANBgkqhkiG9w0BAQsFAAOCAQEAn1FXMEe7ywEfOcob9LXi
1iDI503uzpHrwXZReIeU79LbdrWJ9obnnqoXMBChgi0e18Q4WbRYfSQL6ZczGu+D
H+3qh71Di3MUHMJqBnVylL/t3Cxpu8IB5vtzT77LEL3EIuyK99i+3/o5/M1fgq/L
+auIFK/sgAvsZY3+//0F0n+wJTlkfz3rULmIVcSdJDfmW7MMxWDLxEF6J37INo1u
xaE0MtYnvirTMuN7rrJFl4w6eZu/RQ8M2zctndFDwxphBtj/xgj9VT+WeY+Y0ZH7
bvRBUaclnFpHGVlXOXf7s8iob5Qg+XVs2SNxbKafp1aWrVFf5HWOxnnZhzQSqgIa
2A==
-----END CERTIFICATE-----
Generated at Thu Nov 21 21:55:50 2024 by rpki-client on console-ams.rpki-client.org