Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/YR08NTa6W0IioxBXIyf6vyQZi_c.roa
File:                     YR08NTa6W0IioxBXIyf6vyQZi_c.roa (raw, json)
Hash identifier:          z3p04h/KoWf4Z8x138w8dCGbW0Vj1yrOUbLbuXZbuUs=
Subject key identifier:   61:1D:3C:35:36:BA:5B:42:22:A3:10:57:23:27:FA:BF:24:19:8B:F7
Certificate issuer:       /CN=acf910f36291c3c224ddb596d956543197f163de
Certificate serial:       018CC7272107363CF0C852AB330548DB9AD2
Authority key identifier: AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/YR08NTa6W0IioxBXIyf6vyQZi_c.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        217.147.124.0/22 maxlen: 22
                          217.147.124.0/24 maxlen: 24
                          217.147.125.0/24 maxlen: 24
                          217.147.121.0/24 maxlen: 24
                          217.147.127.0/24 maxlen: 24
                          217.147.126.0/24 maxlen: 24
                          92.249.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:21:07:36:3c:f0:c8:52:ab:33:05:48:db:9a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acf910f36291c3c224ddb596d956543197f163de
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=611d3c3536ba5b4222a310572327fabf24198bf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:72:dd:6d:a7:e5:18:fc:f5:93:de:a2:5e:a1:
                    bd:a2:e8:61:09:be:46:ec:80:86:4b:ea:e1:da:3e:
                    d6:cd:04:95:1f:9d:57:d2:95:e1:8a:9d:97:8f:4b:
                    31:61:96:c1:bf:d8:38:8a:7e:4a:07:4c:c8:53:04:
                    43:00:90:7d:86:70:26:2b:ca:45:eb:07:f1:1d:16:
                    12:0e:31:a3:5d:5a:3c:3f:69:84:18:b0:6a:5b:8f:
                    f5:5a:55:df:59:96:fa:8f:e2:5c:dd:fc:16:12:19:
                    2b:d6:7c:05:34:18:30:df:b5:b9:26:89:41:76:b9:
                    c9:7a:66:9e:cf:e6:5c:c0:85:f6:59:74:77:f5:c9:
                    d2:4f:82:e8:60:9e:26:8f:b7:dc:9f:10:57:14:65:
                    f6:e2:fd:52:89:8e:d6:40:f2:75:85:e5:d3:d7:a6:
                    1b:8a:01:5f:0b:1e:11:c5:47:1a:46:b4:42:16:fa:
                    7f:0e:d7:c6:33:97:39:4c:fe:49:fb:57:b8:32:26:
                    45:a0:10:1f:b2:2b:21:e4:ec:00:d9:68:c8:6b:1d:
                    8d:cc:37:34:3c:47:65:6b:5d:34:da:16:70:5a:17:
                    1f:6a:5e:25:f7:cb:d2:0f:2e:1d:45:63:9a:fb:a5:
                    7b:6d:be:89:9d:7b:ef:a2:26:0b:ca:21:1b:6c:09:
                    7c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:1D:3C:35:36:BA:5B:42:22:A3:10:57:23:27:FA:BF:24:19:8B:F7
            X509v3 Authority Key Identifier:
                keyid:AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/YR08NTa6W0IioxBXIyf6vyQZi_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.5.0/24
                  217.147.121.0/24
                  217.147.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:0b:86:f4:e4:50:c8:09:50:85:18:2d:2c:0d:e9:a2:f1:cf:
         80:d2:db:47:ba:10:08:ed:29:ec:a8:4e:f8:7c:10:44:37:e2:
         8d:d3:ef:1f:4f:b9:3c:b4:b1:80:63:0b:80:e3:64:d5:73:e2:
         a1:a7:7b:cc:7d:73:50:de:26:48:52:99:f1:73:59:6b:d2:94:
         60:5b:eb:92:32:a8:06:8f:f1:19:32:06:73:3d:0e:46:28:4e:
         04:36:12:84:d5:47:f6:74:8f:d8:8a:0f:16:a1:b4:19:49:6d:
         f7:15:c1:2d:3d:6f:bb:e8:a5:a2:f3:2c:78:34:61:c8:cb:db:
         07:7c:39:3f:92:df:27:d4:2f:fa:31:ea:ea:ad:3a:f4:2c:00:
         78:38:3b:75:66:6e:11:c0:fd:21:d0:19:86:22:a6:4e:27:08:
         2c:2f:5e:6d:46:c9:94:a8:f3:c1:f7:17:3b:fa:44:d3:76:e7:
         2e:24:94:9b:91:83:e2:1d:ea:5c:93:f8:ab:6d:64:de:ac:7c:
         63:01:0b:2a:66:a6:f0:27:5d:4c:2a:f6:2b:e2:3a:f6:5c:f3:
         a3:51:ad:e0:ae:5d:7c:43:6d:c8:42:09:be:fd:0d:73:de:e1:
         60:c6:74:e4:73:81:5b:5f:3f:96:92:c5:90:58:ba:81:6c:ae:
         88:7e:99:78
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJyEHNjzwyFKrMwVI25rSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZjkxMGYzNjI5MWMzYzIyNGRkYjU5NmQ5NTY1NDMxOTdm
MTYzZGUwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTFkM2MzNTM2YmE1YjQyMjJhMzEwNTcyMzI3ZmFiZjI0MTk4YmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinLdbaflGPz1k96iXqG9ouhhCb5G
7ICGS+rh2j7WzQSVH51X0pXhip2Xj0sxYZbBv9g4in5KB0zIUwRDAJB9hnAmK8pF
6wfxHRYSDjGjXVo8P2mEGLBqW4/1WlXfWZb6j+Jc3fwWEhkr1nwFNBgw37W5JolB
drnJemaez+ZcwIX2WXR39cnST4LoYJ4mj7fcnxBXFGX24v1SiY7WQPJ1heXT16Yb
igFfCx4RxUcaRrRCFvp/DtfGM5c5TP5J+1e4MiZFoBAfsish5OwA2WjIax2NzDc0
PEdla1002hZwWhcfal4l98vSDy4dRWOa+6V7bb6JnXvvoiYLyiEbbAl8DQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGEdPDU2ultCIqMQVyMn+r8kGYv3MB8GA1UdIwQY
MBaAFKz5EPNikcPCJN21ltlWVDGX8WPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQt
ZDNiNThmNjk4MTQ4LzEvWVIwOE5UYTZXMElpb3hCWEl5ZjZ2eVFaaV9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQtZDNiNThmNjk4MTQ4
LzEvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXPkFAwQA
2ZN5AwQC2ZN8MA0GCSqGSIb3DQEBCwUAA4IBAQC/C4b05FDICVCFGC0sDemi8c+A
0ttHuhAI7SnsqE74fBBEN+KN0+8fT7k8tLGAYwuA42TVc+Khp3vMfXNQ3iZIUpnx
c1lr0pRgW+uSMqgGj/EZMgZzPQ5GKE4ENhKE1Uf2dI/Yig8WobQZSW33FcEtPW+7
6KWi8yx4NGHIy9sHfDk/kt8n1C/6MerqrTr0LAB4ODt1Zm4RwP0h0BmGIqZOJwgs
L15tRsmUqPPB9xc7+kTTducuJJSbkYPiHepck/irbWTerHxjAQsqZqbwJ11MKvYr
4jr2XPOjUa3grl18Q23IQgm+/Q1z3uFgxnTkc4FbXz+WksWQWLqBbK6Ifpl4
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:57:33 2024 by rpki-client on console-fra.rpki-client.org