Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/44f5d2-b70e-4dae-82e3-1e4782be6445/1/MyLTn9nnBglUHNgRcsr2fy51Iz8.roa
File:                     MyLTn9nnBglUHNgRcsr2fy51Iz8.roa (raw, json)
Hash identifier:          9SHdyjZk2VbghIy31oKxUs7nZz2wJtSOl85f1J8aUKk=
Subject key identifier:   33:22:D3:9F:D9:E7:06:09:54:1C:D8:11:72:CA:F6:7F:2E:75:23:3F
Certificate issuer:       /CN=db6eff73efff81277c2d5d38f0e46d6d12a708d7
Certificate serial:       018CC348DDF540544BE952FDD298965FD6FE
Authority key identifier: DB:6E:FF:73:EF:FF:81:27:7C:2D:5D:38:F0:E4:6D:6D:12:A7:08:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/227_c-__gSd8LV048ORtbRKnCNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/44f5d2-b70e-4dae-82e3-1e4782be6445/1/MyLTn9nnBglUHNgRcsr2fy51Iz8.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33984
IP address blocks:        81.20.128.0/20 maxlen: 20
                          85.88.0.0/19 maxlen: 19
                          78.111.64.0/20 maxlen: 20
                          46.235.24.0/24 maxlen: 24
                          46.235.25.0/24 maxlen: 24
                          46.235.28.0/24 maxlen: 24
                          46.235.31.0/24 maxlen: 24
                          46.235.27.0/24 maxlen: 24
                          46.235.30.0/24 maxlen: 24
                          46.235.26.0/24 maxlen: 24
                          46.235.29.0/24 maxlen: 24
                          2a02:f98::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/44f5d2-b70e-4dae-82e3-1e4782be6445/1/227_c-__gSd8LV048ORtbRKnCNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/44f5d2-b70e-4dae-82e3-1e4782be6445/1/227_c-__gSd8LV048ORtbRKnCNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/227_c-__gSd8LV048ORtbRKnCNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dd:f5:40:54:4b:e9:52:fd:d2:98:96:5f:d6:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db6eff73efff81277c2d5d38f0e46d6d12a708d7
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3322d39fd9e70609541cd81172caf67f2e75233f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:87:5a:07:27:63:c0:f8:da:9e:29:93:13:55:
                    ac:81:2a:a8:c9:be:a1:d4:cf:63:1d:07:09:14:1c:
                    4d:b2:69:e4:93:0f:3b:3e:c1:7f:9c:66:13:51:78:
                    68:9d:cd:ef:a6:17:b9:66:55:82:1d:8b:bb:9a:88:
                    a6:67:42:fa:c5:ca:06:28:9c:15:cf:4f:6b:7f:0d:
                    5e:38:77:e5:b5:a4:af:8c:27:33:d7:3f:95:c4:20:
                    74:7d:e4:a2:48:4a:1d:b3:7c:67:41:61:80:a6:41:
                    d9:08:41:e2:17:9b:7e:57:6b:21:b9:14:d4:ce:9b:
                    88:04:26:91:d2:c0:e0:b0:dd:2d:b1:44:7e:be:ea:
                    e6:8c:87:5b:0c:d8:f3:b5:85:fe:ad:4e:bb:a8:46:
                    c6:87:01:a2:68:00:d0:cb:38:b6:39:86:a3:14:46:
                    09:cb:32:02:c5:31:93:8d:0d:59:db:fd:31:95:7d:
                    92:67:0f:2c:d0:98:63:8d:db:da:96:15:30:b1:e3:
                    72:45:bf:07:d8:f1:5a:01:61:e2:f3:cb:ae:27:d4:
                    7e:62:d9:f3:18:5e:ad:e8:c4:0b:3e:f0:a8:28:17:
                    60:dd:d7:32:a2:83:b8:3d:88:16:f3:9c:62:84:32:
                    d6:cd:3c:f8:df:77:09:32:9a:b1:4c:c6:08:7a:ab:
                    23:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:22:D3:9F:D9:E7:06:09:54:1C:D8:11:72:CA:F6:7F:2E:75:23:3F
            X509v3 Authority Key Identifier:
                keyid:DB:6E:FF:73:EF:FF:81:27:7C:2D:5D:38:F0:E4:6D:6D:12:A7:08:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/227_c-__gSd8LV048ORtbRKnCNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/44f5d2-b70e-4dae-82e3-1e4782be6445/1/MyLTn9nnBglUHNgRcsr2fy51Iz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/44f5d2-b70e-4dae-82e3-1e4782be6445/1/227_c-__gSd8LV048ORtbRKnCNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.24.0/21
                  78.111.64.0/20
                  81.20.128.0/20
                  85.88.0.0/19
                IPv6:
                  2a02:f98::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:f7:d6:d9:82:63:63:21:d6:df:8d:f2:72:1c:fd:36:ae:3d:
         5a:1f:de:03:ab:85:7a:14:e2:19:63:d0:26:47:3f:4a:58:1a:
         86:45:7c:fb:ac:fa:8e:36:f5:d2:f6:44:f2:e3:e9:03:80:88:
         bc:1a:a2:cd:21:7b:59:f9:27:d6:21:c8:03:3d:dc:5b:2b:3f:
         50:6c:d5:67:24:d1:88:78:25:bd:65:31:dd:56:cf:8f:a5:c7:
         90:fb:1c:e8:bf:12:64:ee:5b:ce:db:8b:f9:7c:85:e0:a1:a6:
         e5:2c:18:05:6a:1a:0b:05:a2:3d:ff:7f:1e:fe:2f:0e:5e:b7:
         a8:42:a7:cc:98:de:8d:06:1b:c4:4e:5c:bb:af:03:87:1d:e0:
         1a:68:6a:22:d1:b3:87:3e:57:e2:40:77:b5:0b:72:ec:f8:38:
         cc:ef:f0:a4:0b:e3:54:da:dc:d8:42:b3:6e:8d:1f:23:be:96:
         dc:e4:04:69:2d:8a:8d:59:8d:cf:87:78:ab:6e:5b:98:e9:5d:
         c3:13:ba:e0:67:ae:c4:74:2d:d1:55:37:21:7d:91:e5:f5:bf:
         3b:94:a4:f4:44:0d:c7:99:88:24:16:60:56:91:04:99:7c:6d:
         1c:89:a3:ca:a3:62:5b:07:dd:23:48:5a:bf:48:0c:f0:46:b1:
         80:06:83:00
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzDSN31QFRL6VL90piWX9b+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiNmVmZjczZWZmZjgxMjc3YzJkNWQzOGYwZTQ2ZDZkMTJh
NzA4ZDcwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzIyZDM5ZmQ5ZTcwNjA5NTQxY2Q4MTE3MmNhZjY3ZjJlNzUyMzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4daBydjwPjanimTE1WsgSqoyb6h
1M9jHQcJFBxNsmnkkw87PsF/nGYTUXhonc3vphe5ZlWCHYu7moimZ0L6xcoGKJwV
z09rfw1eOHfltaSvjCcz1z+VxCB0feSiSEods3xnQWGApkHZCEHiF5t+V2shuRTU
zpuIBCaR0sDgsN0tsUR+vurmjIdbDNjztYX+rU67qEbGhwGiaADQyzi2OYajFEYJ
yzICxTGTjQ1Z2/0xlX2SZw8s0JhjjdvalhUwseNyRb8H2PFaAWHi88uuJ9R+Ytnz
GF6t6MQLPvCoKBdg3dcyooO4PYgW85xihDLWzTz433cJMpqxTMYIeqsjCQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFDMi05/Z5wYJVBzYEXLK9n8udSM/MB8GA1UdIwQY
MBaAFNtu/3Pv/4EnfC1dOPDkbW0SpwjXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjI3X2MtX19nU2Q4TFYwNDhPUnRiUktuQ05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi80NGY1ZDItYjcwZS00ZGFlLTgyZTMt
MWU0NzgyYmU2NDQ1LzEvTXlMVG45bm5CZ2xVSE5nUmNzcjJmeTUxSXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi80NGY1ZDItYjcwZS00ZGFlLTgyZTMtMWU0NzgyYmU2NDQ1
LzEvMjI3X2MtX19nU2Q4TFYwNDhPUnRiUktuQ05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDLusYAwQE
Tm9AAwQEURSAAwQFVVgAMA0EAgACMAcDBQAqAg+YMA0GCSqGSIb3DQEBCwUAA4IB
AQAu99bZgmNjIdbfjfJyHP02rj1aH94Dq4V6FOIZY9AmRz9KWBqGRXz7rPqONvXS
9kTy4+kDgIi8GqLNIXtZ+SfWIcgDPdxbKz9QbNVnJNGIeCW9ZTHdVs+PpceQ+xzo
vxJk7lvO24v5fIXgoablLBgFahoLBaI9/38e/i8OXreoQqfMmN6NBhvETly7rwOH
HeAaaGoi0bOHPlfiQHe1C3Ls+DjM7/CkC+NU2tzYQrNujR8jvpbc5ARpLYqNWY3P
h3irbluY6V3DE7rgZ67EdC3RVTchfZHl9b87lKT0RA3HmYgkFmBWkQSZfG0ciaPK
o2JbB90jSFq/SAzwRrGABoMA
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:03:28 2024 by rpki-client on console-fra.rpki-client.org