Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FYAwcsICtH_F1mmvuzYTwVdnao0.roa
File:                     FYAwcsICtH_F1mmvuzYTwVdnao0.roa (raw, json)
Hash identifier:          BSFaaft4YEJ/75pArKH+UKX8uoafnE+oE7ilDdlEB9Q=
Subject key identifier:   15:80:30:72:C2:02:B4:7F:C5:D6:69:AF:BB:36:13:C1:57:67:6A:8D
Certificate issuer:       /CN=1690970ddbb7619cc82186ddb536eb4e8985d2de
Certificate serial:       018CC7936BA3A825DF219BCA79C5FF1F5D57
Authority key identifier: 16:90:97:0D:DB:B7:61:9C:C8:21:86:DD:B5:36:EB:4E:89:85:D2:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FYAwcsICtH_F1mmvuzYTwVdnao0.roa
Signing time:             Tue 02 Jan 2024 00:29:36 +0000
ROA not before:           Tue 02 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42697
IP address blocks:        109.200.64.0/20 maxlen: 20
                          185.29.78.0/23 maxlen: 23
                          185.29.77.0/24 maxlen: 24
                          77.243.48.0/20 maxlen: 20
                          2a03:dc86::/32 maxlen: 32
                          2a03:dc80::/29 maxlen: 32
                          2a03:dc84::/32 maxlen: 32
                          2a03:dc82::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:6b:a3:a8:25:df:21:9b:ca:79:c5:ff:1f:5d:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1690970ddbb7619cc82186ddb536eb4e8985d2de
        Validity
            Not Before: Jan  2 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15803072c202b47fc5d669afbb3613c157676a8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8a:f5:e5:24:27:48:c6:cc:1c:19:dd:27:02:
                    04:76:04:48:64:3e:f4:82:10:ef:84:13:9b:3e:f3:
                    33:16:2b:94:7a:4b:c6:ea:8c:df:9b:86:76:53:61:
                    aa:3e:d1:4a:1c:24:4e:7c:2c:80:6d:43:12:3a:3c:
                    7b:05:62:5f:29:f6:52:30:4b:5c:37:b8:30:d9:8b:
                    ba:08:21:8a:3d:cc:41:3a:2e:a1:37:5c:63:eb:4a:
                    ee:1a:46:36:9a:b6:fc:34:45:a0:66:2d:b2:33:38:
                    69:58:0d:fb:af:b2:f6:c8:11:80:19:c6:7d:ca:3d:
                    b4:e9:be:d1:cd:8e:df:fd:ad:e9:19:8e:7d:ea:f4:
                    fb:c0:bb:90:37:9a:c7:ab:93:37:9b:6c:70:dc:45:
                    e4:28:2b:1c:8f:27:67:48:3a:b1:cf:ce:8f:2d:5a:
                    70:57:bf:1b:94:26:0f:91:cb:8c:5a:33:ed:0c:87:
                    f9:bf:b0:c1:7e:f1:07:04:62:09:08:0b:8c:2a:bd:
                    72:25:80:cd:f4:df:e9:b7:32:9d:56:67:5d:41:91:
                    2e:5a:ef:b8:22:26:cf:a2:90:09:1c:8b:d0:75:09:
                    d2:3f:cd:a1:9b:81:5d:d2:b4:fc:28:8e:2d:e7:c4:
                    5d:7d:2f:34:34:80:44:81:eb:f1:b3:f2:b0:04:8b:
                    ee:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:80:30:72:C2:02:B4:7F:C5:D6:69:AF:BB:36:13:C1:57:67:6A:8D
            X509v3 Authority Key Identifier:
                keyid:16:90:97:0D:DB:B7:61:9C:C8:21:86:DD:B5:36:EB:4E:89:85:D2:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FpCXDdu3YZzIIYbdtTbrTomF0t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FYAwcsICtH_F1mmvuzYTwVdnao0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e8537-36be-498f-8155-cc03bd315ff9/1/FpCXDdu3YZzIIYbdtTbrTomF0t4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.243.48.0/20
                  109.200.64.0/20
                  185.29.77.0-185.29.79.255
                IPv6:
                  2a03:dc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:f5:f4:41:c8:34:15:92:af:cc:cf:a6:32:ce:f4:56:e9:d4:
         e1:bf:3a:76:0f:24:1d:75:1d:07:95:30:80:fe:63:1a:94:4e:
         87:fa:8c:22:77:bb:32:37:ed:05:e2:46:07:c0:46:81:0b:38:
         0e:9a:0c:de:04:21:b1:fa:b2:9e:ae:21:e5:1f:2b:30:b1:4e:
         8f:67:fc:06:6b:01:87:21:53:6f:0f:50:8c:98:ab:08:03:32:
         2a:f3:05:bd:1c:e6:52:36:e1:d4:97:01:fd:27:69:19:d9:cd:
         91:63:b0:6a:6f:94:ab:a8:cf:67:ca:61:f6:e5:f2:a0:f5:35:
         4b:d0:57:b9:5e:be:76:8a:cb:8a:52:73:99:6b:c7:01:cc:0e:
         89:0f:e5:4b:c6:18:49:bf:d3:69:a8:8d:0f:16:9e:f7:c8:65:
         fe:f7:8e:6f:b9:d2:2a:a5:2f:a4:c7:3a:62:ff:08:29:aa:58:
         09:84:5e:b7:7a:0f:32:4b:11:71:03:fd:d7:2e:96:0e:64:e2:
         17:47:de:af:bc:6f:76:67:33:22:20:30:62:3c:96:bc:41:2e:
         78:91:da:67:90:c5:a8:93:85:c1:7b:12:3e:0b:2a:42:82:07:
         8c:17:51:fc:50:58:42:7a:91:74:b6:ca:b8:b9:b2:3b:f4:62:
         69:64:14:38
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzHk2ujqCXfIZvKecX/H11XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OTA5NzBkZGJiNzYxOWNjODIxODZkZGI1MzZlYjRlODk4
NWQyZGUwHhcNMjQwMTAyMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTgwMzA3MmMyMDJiNDdmYzVkNjY5YWZiYjM2MTNjMTU3Njc2YThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4r15SQnSMbMHBndJwIEdgRIZD70
ghDvhBObPvMzFiuUekvG6ozfm4Z2U2GqPtFKHCROfCyAbUMSOjx7BWJfKfZSMEtc
N7gw2Yu6CCGKPcxBOi6hN1xj60ruGkY2mrb8NEWgZi2yMzhpWA37r7L2yBGAGcZ9
yj206b7RzY7f/a3pGY596vT7wLuQN5rHq5M3m2xw3EXkKCscjydnSDqxz86PLVpw
V78blCYPkcuMWjPtDIf5v7DBfvEHBGIJCAuMKr1yJYDN9N/ptzKdVmddQZEuWu+4
IibPopAJHIvQdQnSP82hm4Fd0rT8KI4t58RdfS80NIBEgevxs/KwBIvuewIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFBWAMHLCArR/xdZpr7s2E8FXZ2qNMB8GA1UdIwQY
MBaAFBaQlw3bt2GcyCGG3bU2606JhdLeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnBDWERkdTNZWnpJSVliZHRUYnJUb21GMHQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yZTg1MzctMzZiZS00OThmLTgxNTUt
Y2MwM2JkMzE1ZmY5LzEvRllBd2NzSUN0SF9GMW1tdnV6WVR3VmRuYW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yZTg1MzctMzZiZS00OThmLTgxNTUtY2MwM2JkMzE1ZmY5
LzEvRnBDWERkdTNZWnpJSVliZHRUYnJUb21GMHQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQETfMwAwQE
bchAMAwDBAC5HU0DBAS5HUAwDQQCAAIwBwMFAyoD3IAwDQYJKoZIhvcNAQELBQAD
ggEBAJX19EHINBWSr8zPpjLO9Fbp1OG/OnYPJB11HQeVMID+YxqUTof6jCJ3uzI3
7QXiRgfARoELOA6aDN4EIbH6sp6uIeUfKzCxTo9n/AZrAYchU28PUIyYqwgDMirz
Bb0c5lI24dSXAf0naRnZzZFjsGpvlKuoz2fKYfbl8qD1NUvQV7levnaKy4pSc5lr
xwHMDokP5UvGGEm/02mojQ8WnvfIZf73jm+50iqlL6THOmL/CCmqWAmEXrd6DzJL
EXED/dculg5k4hdH3q+8b3ZnMyIgMGI8lrxBLniR2meQxaiThcF7Ej4LKkKCB4wX
UfxQWEJ6kXS2yri5sjv0YmlkFDg=
-----END CERTIFICATE-----
Generated at Fri Dec 27 23:20:28 2024 by rpki-client on console-ams.rpki-client.org