Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/wod9IJxJVpChaZCWnkJo7-bJYzc.roa
File:                     wod9IJxJVpChaZCWnkJo7-bJYzc.roa (raw, json)
Hash identifier:          uqsAMP0Mw8hUJAtQ+oyzS0FYk8UeBZoUZTO6PuCFr1g=
Subject key identifier:   C2:87:7D:20:9C:49:56:90:A1:69:90:96:9E:42:68:EF:E6:C9:63:37
Certificate issuer:       /CN=2347aaab2206c08128f543730064a145a3effa14
Certificate serial:       018CC26D746CEAB48316919A3FB95D45D4EF
Authority key identifier: 23:47:AA:AB:22:06:C0:81:28:F5:43:73:00:64:A1:45:A3:EF:FA:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0eqqyIGwIEo9UNzAGShRaPv-hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/wod9IJxJVpChaZCWnkJo7-bJYzc.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        195.58.96.0/19 maxlen: 19
                          62.119.0.0/16 maxlen: 16
                          212.75.64.0/19 maxlen: 19
                          178.28.0.0/14 maxlen: 14
                          78.82.0.0/16 maxlen: 16
                          62.13.0.0/17 maxlen: 17
                          212.73.160.0/19 maxlen: 19
                          213.214.192.0/18 maxlen: 18
                          213.112.0.0/14 maxlen: 14
                          79.102.0.0/16 maxlen: 16
                          80.68.96.0/20 maxlen: 20
                          94.234.0.0/16 maxlen: 16
                          81.26.224.0/19 maxlen: 19
                          213.242.128.0/18 maxlen: 18
                          195.43.192.0/18 maxlen: 18
                          62.65.64.0/18 maxlen: 18
                          213.238.192.0/18 maxlen: 18
                          85.224.0.0/13 maxlen: 13
                          83.226.0.0/15 maxlen: 15
                          46.194.0.0/15 maxlen: 15
                          92.32.0.0/14 maxlen: 14
                          213.163.128.0/19 maxlen: 19
                          82.182.0.0/15 maxlen: 15
                          62.127.0.0/16 maxlen: 16
                          213.204.128.0/18 maxlen: 18
                          217.174.64.0/19 maxlen: 19
                          195.66.32.0/19 maxlen: 19
                          195.54.96.0/19 maxlen: 19
                          84.216.0.0/14 maxlen: 14
                          212.73.0.0/19 maxlen: 19
                          212.105.0.0/17 maxlen: 17
                          213.150.128.0/19 maxlen: 19
                          2a02:1400::/26 maxlen: 26

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/I0eqqyIGwIEo9UNzAGShRaPv-hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/I0eqqyIGwIEo9UNzAGShRaPv-hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0eqqyIGwIEo9UNzAGShRaPv-hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:74:6c:ea:b4:83:16:91:9a:3f:b9:5d:45:d4:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2347aaab2206c08128f543730064a145a3effa14
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2877d209c495690a16990969e4268efe6c96337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c5:ed:78:76:12:67:56:32:f6:96:09:65:95:
                    18:3a:a1:4f:0e:78:ea:71:49:36:16:b3:a1:74:c8:
                    53:d1:c5:a7:25:1b:85:24:f6:cf:61:a8:19:65:7d:
                    20:64:9d:6b:13:11:7a:d3:ff:39:a6:27:cf:37:61:
                    b1:2a:24:0a:4d:e5:24:47:d8:fc:75:45:8c:c9:49:
                    c1:d0:61:c6:c9:55:95:c9:e5:e2:81:94:b8:6f:28:
                    c4:38:ae:d7:5f:01:40:ef:7b:ad:76:fe:90:97:91:
                    84:87:f2:4a:e2:dd:4c:57:9c:f8:d3:77:bc:b2:b8:
                    71:aa:5d:0c:ca:4d:37:76:64:ed:43:2c:ec:84:18:
                    5a:9f:6d:c1:1b:7b:78:0f:84:b2:35:b5:f8:17:22:
                    d9:f0:8a:e3:26:7c:af:34:c4:91:4b:47:0d:22:80:
                    26:ac:23:d1:82:4b:7e:8e:2d:a5:fc:fa:0f:aa:1a:
                    e0:3e:80:d9:ab:5b:a2:1b:75:bf:20:d2:db:0a:be:
                    12:b7:1d:c7:96:ad:64:34:69:72:5e:a6:15:e2:44:
                    69:a4:35:db:ce:3c:95:13:cf:c6:2f:14:13:d7:a5:
                    a0:a2:00:63:d3:25:4f:3f:66:ef:8a:da:f9:4b:f3:
                    7d:eb:f3:0c:ae:8d:3c:b5:df:fa:fb:c8:96:9f:cb:
                    5c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:87:7D:20:9C:49:56:90:A1:69:90:96:9E:42:68:EF:E6:C9:63:37
            X509v3 Authority Key Identifier:
                keyid:23:47:AA:AB:22:06:C0:81:28:F5:43:73:00:64:A1:45:A3:EF:FA:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0eqqyIGwIEo9UNzAGShRaPv-hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/wod9IJxJVpChaZCWnkJo7-bJYzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ef9f0d-d840-4371-adc4-75840661eaf5/1/I0eqqyIGwIEo9UNzAGShRaPv-hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.194.0.0/15
                  62.13.0.0/17
                  62.65.64.0/18
                  62.119.0.0/16
                  62.127.0.0/16
                  78.82.0.0/16
                  79.102.0.0/16
                  80.68.96.0/20
                  81.26.224.0/19
                  82.182.0.0/15
                  83.226.0.0/15
                  84.216.0.0/14
                  85.224.0.0/13
                  92.32.0.0/14
                  94.234.0.0/16
                  178.28.0.0/14
                  195.43.192.0/18
                  195.54.96.0/19
                  195.58.96.0/19
                  195.66.32.0/19
                  212.73.0.0/19
                  212.73.160.0/19
                  212.75.64.0/19
                  212.105.0.0/17
                  213.112.0.0/14
                  213.150.128.0/19
                  213.163.128.0/19
                  213.204.128.0/18
                  213.214.192.0/18
                  213.238.192.0/18
                  213.242.128.0/18
                  217.174.64.0/19
                IPv6:
                  2a02:1400::/26

    Signature Algorithm: sha256WithRSAEncryption
         95:b9:e3:ce:dd:ec:e4:bb:5f:c9:fe:2e:f4:3c:5b:1c:6f:4f:
         09:07:ce:a9:ce:df:81:1e:3f:6a:d1:fe:23:d4:4e:19:39:16:
         35:d3:6a:08:a4:43:0e:8e:8f:e9:06:07:cb:1d:8a:5c:7a:65:
         d8:89:16:55:81:a8:34:58:65:34:59:5a:e8:a3:e7:67:a0:51:
         90:d2:b8:6e:46:c6:70:4d:00:05:45:9f:03:ca:8d:82:de:ff:
         11:53:b4:cc:4b:9e:f4:5b:71:1e:a8:47:04:df:cc:09:83:8d:
         b5:d2:9f:ba:58:2d:2a:92:dd:a8:6a:62:22:f0:ac:c0:90:a6:
         70:c4:e0:51:76:e8:7f:42:0f:79:5f:24:88:98:07:5e:52:fd:
         b6:25:3c:cf:a1:70:6b:d1:82:99:de:82:29:b4:32:83:e5:9b:
         83:36:cc:ea:e3:09:f5:d1:22:f9:5d:c3:aa:6f:b5:c6:6d:68:
         78:c1:d5:2f:ae:07:5f:ed:0b:58:e1:5e:6d:0e:9c:33:a7:e2:
         ea:13:0e:cc:62:26:d1:3a:33:fb:f4:02:8b:6d:33:b1:b8:2b:
         ac:bf:b8:6d:ca:88:0f:d3:ef:e5:ad:5e:51:9b:3a:26:5b:cc:
         8f:2e:94:a4:dd:f6:63:3f:28:83:ac:d5:e3:9f:c8:ba:ed:77:
         9f:7b:30:c0
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAYzCbXRs6rSDFpGaP7ldRdTvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDdhYWFiMjIwNmMwODEyOGY1NDM3MzAwNjRhMTQ1YTNl
ZmZhMTQwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjg3N2QyMDljNDk1NjkwYTE2OTkwOTY5ZTQyNjhlZmU2Yzk2MzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8XteHYSZ1Yy9pYJZZUYOqFPDnjq
cUk2FrOhdMhT0cWnJRuFJPbPYagZZX0gZJ1rExF60/85pifPN2GxKiQKTeUkR9j8
dUWMyUnB0GHGyVWVyeXigZS4byjEOK7XXwFA73utdv6Ql5GEh/JK4t1MV5z403e8
srhxql0Myk03dmTtQyzshBhan23BG3t4D4SyNbX4FyLZ8IrjJnyvNMSRS0cNIoAm
rCPRgkt+ji2l/PoPqhrgPoDZq1uiG3W/INLbCr4Stx3Hlq1kNGlyXqYV4kRppDXb
zjyVE8/GLxQT16WgogBj0yVPP2bvitr5S/N96/MMro08td/6+8iWn8tcfwIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFMKHfSCcSVaQoWmQlp5CaO/myWM3MB8GA1UdIwQY
MBaAFCNHqqsiBsCBKPVDcwBkoUWj7/oUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBlcXF5SUd3SUVvOVVOekFHU2hSYVB2LWhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9lZjlmMGQtZDg0MC00MzcxLWFkYzQt
NzU4NDA2NjFlYWY1LzEvd29kOUlKeEpWcENoYVpDV25rSm83LWJKWXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9lZjlmMGQtZDg0MC00MzcxLWFkYzQtNzU4NDA2NjFlYWY1
LzEvSTBlcXF5SUd3SUVvOVVOekFHU2hSYVB2LWhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCBugQCAAEwgbMDAwEu
wgMEBz4NAAMEBj5BQAMDAD53AwMAPn8DAwBOUgMDAE9mAwQEUERgAwQFURrgAwMB
UrYDAwFT4gMDAlTYAwMDVeADAwJcIAMDAF7qAwMCshwDBAbDK8ADBAXDNmADBAXD
OmADBAXDQiADBAXUSQADBAXUSaADBAXUS0ADBAfUaQADAwLVcAMEBdWWgAMEBdWj
gAMEBtXMgAMEBtXWwAMEBtXuwAMEBtXygAMEBdmuQDANBAIAAjAHAwUGKgIUADAN
BgkqhkiG9w0BAQsFAAOCAQEAlbnjzt3s5Ltfyf4u9DxbHG9PCQfOqc7fgR4/atH+
I9ROGTkWNdNqCKRDDo6P6QYHyx2KXHpl2IkWVYGoNFhlNFla6KPnZ6BRkNK4bkbG
cE0ABUWfA8qNgt7/EVO0zEue9FtxHqhHBN/MCYONtdKfulgtKpLdqGpiIvCswJCm
cMTgUXbof0IPeV8kiJgHXlL9tiU8z6Fwa9GCmd6CKbQyg+WbgzbM6uMJ9dEi+V3D
qm+1xm1oeMHVL64HX+0LWOFebQ6cM6fi6hMOzGIm0Toz+/QCi20zsbgrrL+4bcqI
D9Pv5a1eUZs6JlvMjy6UpN32Yz8og6zV45/Iuu13n3swwA==
-----END CERTIFICATE-----
Generated at Mon Nov 4 21:10:26 2024 by rpki-client on console-fra.rpki-client.org