Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/1fdf04-8b4e-4332-a4de-7793b9efb1bd/1/d16u2xRq_X5hZCERB1e61dcDSoc.roa
File:                     d16u2xRq_X5hZCERB1e61dcDSoc.roa (raw, json)
Hash identifier:          BxsLs0/S23vVdEl1K1TW3kMiEXM7uR7fwRQuXoxvYiM=
Subject key identifier:   77:5E:AE:DB:14:6A:FD:7E:61:64:21:11:07:57:BA:D5:D7:03:4A:87
Certificate issuer:       /CN=ae1eb280d1722846a44124c4c62d0059f61af242
Certificate serial:       018D06DAD33F2DFAE2355FD50FE6786BC9D4
Authority key identifier: AE:1E:B2:80:D1:72:28:46:A4:41:24:C4:C6:2D:00:59:F6:1A:F2:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rh6ygNFyKEakQSTExi0AWfYa8kI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/1fdf04-8b4e-4332-a4de-7793b9efb1bd/1/d16u2xRq_X5hZCERB1e61dcDSoc.roa
Signing time:             Sun 14 Jan 2024 07:23:40 +0000
ROA not before:           Sun 14 Jan 2024 07:23:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42428
IP address blocks:        212.11.164.0/24 maxlen: 24
                          212.11.165.0/24 maxlen: 24
                          212.11.162.0/24 maxlen: 24
                          212.11.163.0/24 maxlen: 24
                          212.11.166.0/24 maxlen: 24
                          212.11.160.0/23 maxlen: 23
                          212.11.167.0/24 maxlen: 24
                          212.11.168.0/23 maxlen: 23
                          212.11.171.0/24 maxlen: 24
                          212.11.172.0/24 maxlen: 24
                          212.11.170.0/24 maxlen: 24
                          212.11.178.0/23 maxlen: 23
                          212.11.176.0/24 maxlen: 24
                          212.11.177.0/24 maxlen: 24
                          212.11.174.0/23 maxlen: 23
                          212.11.173.0/24 maxlen: 24
                          87.230.160.0/19 maxlen: 19
                          212.11.181.0/24 maxlen: 24
                          212.11.182.0/24 maxlen: 24
                          212.11.180.0/24 maxlen: 24
                          212.11.185.0/24 maxlen: 24
                          212.11.186.0/23 maxlen: 23
                          212.11.183.0/24 maxlen: 24
                          212.11.184.0/24 maxlen: 24
                          212.11.188.0/22 maxlen: 22
                          87.230.128.0/19 maxlen: 19
                          88.84.112.0/20 maxlen: 20
                          87.230.192.0/18 maxlen: 18
                          88.84.96.0/22 maxlen: 22
                          88.84.96.0/19 maxlen: 19
                          88.84.96.0/20 maxlen: 20
                          88.84.100.0/22 maxlen: 22
                          88.84.104.0/21 maxlen: 21
                          185.90.16.0/22 maxlen: 22
                          2a02:fc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/1fdf04-8b4e-4332-a4de-7793b9efb1bd/1/rh6ygNFyKEakQSTExi0AWfYa8kI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/1fdf04-8b4e-4332-a4de-7793b9efb1bd/1/rh6ygNFyKEakQSTExi0AWfYa8kI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rh6ygNFyKEakQSTExi0AWfYa8kI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:06:da:d3:3f:2d:fa:e2:35:5f:d5:0f:e6:78:6b:c9:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae1eb280d1722846a44124c4c62d0059f61af242
        Validity
            Not Before: Jan 14 07:23:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=775eaedb146afd7e616421110757bad5d7034a87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:36:f2:3e:61:e1:ad:e4:52:96:52:00:af:22:
                    d8:36:95:00:f5:96:ee:4d:36:4a:05:6a:d1:41:e6:
                    c7:8b:95:84:8c:93:1c:1c:82:69:60:52:c2:cc:d0:
                    01:19:0f:50:04:df:18:3f:a9:f4:60:6f:b6:e7:1a:
                    14:6f:01:38:7e:90:df:0f:9c:ed:23:15:a3:2a:0c:
                    bd:37:65:a4:28:cb:f1:96:0e:5c:85:e8:f0:81:fc:
                    61:6e:1c:4f:83:a3:96:ab:7f:d8:5b:25:0a:e9:60:
                    f5:3e:7d:d9:9b:0c:55:ae:24:9c:03:b9:02:1e:b6:
                    78:04:dd:c5:ec:03:1a:a6:bd:bd:27:ef:38:0a:85:
                    3e:ae:7b:71:b5:19:ef:70:d2:70:fa:57:9b:b0:fb:
                    20:bd:f0:fa:72:97:bb:78:d4:6c:0a:dc:6d:04:74:
                    8f:94:b3:38:42:c3:83:ef:eb:92:75:95:3e:1d:b7:
                    71:c9:a0:9c:60:68:70:74:ba:bc:04:d3:7c:0d:9f:
                    86:b4:68:62:11:5a:dd:f6:1a:2c:df:af:7c:a7:8f:
                    c7:71:59:2a:01:89:10:af:57:73:5f:c4:29:e1:93:
                    17:13:8f:cd:ea:65:57:20:4d:e3:28:f7:1f:91:df:
                    a9:fb:cb:c1:8f:77:d9:8b:6c:b7:d9:56:5d:e2:7f:
                    16:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:5E:AE:DB:14:6A:FD:7E:61:64:21:11:07:57:BA:D5:D7:03:4A:87
            X509v3 Authority Key Identifier:
                keyid:AE:1E:B2:80:D1:72:28:46:A4:41:24:C4:C6:2D:00:59:F6:1A:F2:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rh6ygNFyKEakQSTExi0AWfYa8kI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/1fdf04-8b4e-4332-a4de-7793b9efb1bd/1/d16u2xRq_X5hZCERB1e61dcDSoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/1fdf04-8b4e-4332-a4de-7793b9efb1bd/1/rh6ygNFyKEakQSTExi0AWfYa8kI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.230.128.0/17
                  88.84.96.0/19
                  185.90.16.0/22
                  212.11.160.0/19
                IPv6:
                  2a02:fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:b1:0a:3a:82:cb:f2:df:f6:bb:26:8a:1a:85:11:4c:09:38:
         7b:16:c9:ec:be:91:7a:51:63:dc:c1:74:4b:06:ec:a4:28:e6:
         8a:f3:a4:63:f8:31:42:b2:96:ba:c0:a3:28:2c:20:2e:c9:36:
         5f:bd:15:4b:56:69:c8:86:18:9e:33:a8:45:6e:b9:8b:7e:9e:
         dc:e2:bd:10:46:0a:e4:4d:de:b9:04:8b:19:ad:29:5c:4b:5d:
         6b:79:85:82:81:1c:f6:32:00:74:d1:25:ad:cf:2c:af:05:a9:
         2e:13:0f:db:2e:f8:0f:71:0e:be:4b:fb:45:55:84:8a:a6:d4:
         e7:78:0b:91:b6:f0:df:19:61:b1:a4:e4:52:78:0d:48:7b:78:
         be:9e:a1:c3:77:6e:4a:14:41:ce:66:11:69:18:d5:f2:96:85:
         0f:d1:30:4e:fd:24:6a:a8:07:50:ef:bb:f5:22:c3:47:b6:df:
         f0:f8:b5:e6:15:e1:6e:8f:09:71:eb:f2:7c:59:1f:ed:b6:2f:
         4b:c1:05:b3:99:b4:fb:ea:67:70:5b:f4:d6:51:b1:02:cd:ad:
         c8:1f:33:d0:64:b9:c9:87:35:af:dc:49:d7:e4:60:9c:be:35:
         12:bb:b8:1b:77:e7:01:4b:34:e5:cc:a0:ec:b2:b7:dd:d1:90:
         89:42:6a:3b
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY0G2tM/LfriNV/VD+Z4a8nUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMWViMjgwZDE3MjI4NDZhNDQxMjRjNGM2MmQwMDU5ZjYx
YWYyNDIwHhcNMjQwMTE0MDcyMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzVlYWVkYjE0NmFmZDdlNjE2NDIxMTEwNzU3YmFkNWQ3MDM0YTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzbyPmHhreRSllIAryLYNpUA9Zbu
TTZKBWrRQebHi5WEjJMcHIJpYFLCzNABGQ9QBN8YP6n0YG+25xoUbwE4fpDfD5zt
IxWjKgy9N2WkKMvxlg5chejwgfxhbhxPg6OWq3/YWyUK6WD1Pn3ZmwxVriScA7kC
HrZ4BN3F7AMapr29J+84CoU+rntxtRnvcNJw+lebsPsgvfD6cpe7eNRsCtxtBHSP
lLM4QsOD7+uSdZU+HbdxyaCcYGhwdLq8BNN8DZ+GtGhiEVrd9hos3698p4/HcVkq
AYkQr1dzX8Qp4ZMXE4/N6mVXIE3jKPcfkd+p+8vBj3fZi2y32VZd4n8WdwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFHdertsUav1+YWQhEQdXutXXA0qHMB8GA1UdIwQY
MBaAFK4esoDRcihGpEEkxMYtAFn2GvJCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmg2eWdORnlLRWFrUVNURXhpMEFXZllhOGtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8xZmRmMDQtOGI0ZS00MzMyLWE0ZGUt
Nzc5M2I5ZWZiMWJkLzEvZDE2dTJ4UnFfWDVoWkNFUkIxZTYxZGNEU29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8xZmRmMDQtOGI0ZS00MzMyLWE0ZGUtNzc5M2I5ZWZiMWJk
LzEvcmg2eWdORnlLRWFrUVNURXhpMEFXZllhOGtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQHV+aAAwQF
WFRgAwQCuVoQAwQF1AugMA0EAgACMAcDBQMqAg/AMA0GCSqGSIb3DQEBCwUAA4IB
AQBOsQo6gsvy3/a7JooahRFMCTh7FsnsvpF6UWPcwXRLBuykKOaK86Rj+DFCspa6
wKMoLCAuyTZfvRVLVmnIhhieM6hFbrmLfp7c4r0QRgrkTd65BIsZrSlcS11reYWC
gRz2MgB00SWtzyyvBakuEw/bLvgPcQ6+S/tFVYSKptTneAuRtvDfGWGxpORSeA1I
e3i+nqHDd25KFEHOZhFpGNXyloUP0TBO/SRqqAdQ77v1IsNHtt/w+LXmFeFujwlx
6/J8WR/tti9LwQWzmbT76mdwW/TWUbECza3IHzPQZLnJhzWv3EnX5GCcvjUSu7gb
d+cBSzTlzKDssrfd0ZCJQmo7
-----END CERTIFICATE-----
Generated at Sun Jun 16 12:19:18 2024 by rpki-client on console-ams.rpki-client.org