Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/ijXl-r-i7f2qR9QwcJk0kyGmKKo.roa
File:                     ijXl-r-i7f2qR9QwcJk0kyGmKKo.roa (raw, json)
Hash identifier:          Boly7fdLbsYvL9MXfjtJcuOrKaIeFFPlFUPvnUYW4Z8=
Subject key identifier:   8A:35:E5:FA:BF:A2:ED:FD:AA:47:D4:30:70:99:34:93:21:A6:28:AA
Certificate issuer:       /CN=cb20606de730456edd7335cc882cbdf4396f3460
Certificate serial:       018CC9BCA442299AEC49A2E8EDC32B8BAB29
Authority key identifier: CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/ijXl-r-i7f2qR9QwcJk0kyGmKKo.roa
Signing time:             Tue 02 Jan 2024 10:33:52 +0000
ROA not before:           Tue 02 Jan 2024 10:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44914
IP address blocks:        78.28.0.0/19 maxlen: 19
                          78.28.32.0/19 maxlen: 19
                          78.28.32.0/21 maxlen: 21
                          78.28.40.0/21 maxlen: 21
                          78.28.48.0/24 maxlen: 24
                          188.125.128.0/20 maxlen: 20
                          188.125.144.0/22 maxlen: 22
                          188.125.148.0/22 maxlen: 22
                          188.125.152.0/22 maxlen: 22
                          188.125.157.0/24 maxlen: 24
                          78.28.58.0/23 maxlen: 23
                          78.28.56.0/23 maxlen: 23
                          78.28.62.0/23 maxlen: 23
                          78.28.60.0/22 maxlen: 22
                          2a02:e88:8100::/48 maxlen: 48
                          2a02:e88:8000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a4:42:29:9a:ec:49:a2:e8:ed:c3:2b:8b:ab:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb20606de730456edd7335cc882cbdf4396f3460
        Validity
            Not Before: Jan  2 10:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a35e5fabfa2edfdaa47d4307099349321a628aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:92:b2:ef:44:b1:e5:cd:38:f4:fb:a8:17:c6:
                    85:19:0c:e9:05:5c:86:1a:5b:f6:24:4e:4d:33:b4:
                    24:31:96:d2:f5:85:92:ea:bb:f4:0c:ef:4d:f7:ed:
                    77:1c:a5:ff:02:e5:61:d6:b2:4d:1f:10:7e:44:9f:
                    84:a9:5c:d4:d1:27:ff:ff:21:b8:9d:c7:63:37:5a:
                    7a:4d:09:c7:d6:a1:9a:02:24:58:35:2f:9c:04:0e:
                    c1:0b:f2:e2:2a:45:0c:b1:79:a7:43:4c:d4:b0:f1:
                    5f:fe:7d:f9:79:45:f3:c9:77:df:a1:2b:c1:a4:d1:
                    d1:4c:3b:28:ad:9e:7c:3b:b7:63:11:be:7d:6e:1c:
                    b1:19:3f:ad:59:be:e8:cc:0b:99:00:02:57:44:60:
                    eb:65:d8:ef:8e:d4:7d:bd:11:27:fe:59:06:31:cf:
                    23:c6:5b:3f:58:97:24:88:62:e1:0d:e8:53:0d:94:
                    17:34:75:b6:c7:68:9f:e0:c8:29:83:78:7c:09:1a:
                    cd:5e:2a:c4:3c:5a:aa:3a:0a:c6:65:42:1f:9e:6f:
                    ba:2a:84:fe:d1:30:ff:2b:bd:56:59:2d:3f:ae:2c:
                    f8:88:dd:31:a4:24:e2:ac:96:22:c7:5f:35:d6:ad:
                    50:3e:a9:0c:1d:4a:6b:7b:48:74:26:84:a0:12:a2:
                    c7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:35:E5:FA:BF:A2:ED:FD:AA:47:D4:30:70:99:34:93:21:A6:28:AA
            X509v3 Authority Key Identifier:
                keyid:CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/ijXl-r-i7f2qR9QwcJk0kyGmKKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.28.0.0/18
                  188.125.128.0-188.125.155.255
                  188.125.157.0/24
                IPv6:
                  2a02:e88:8000::/48
                  2a02:e88:8100::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:b6:c9:98:6c:2f:ec:30:3b:a8:f1:63:17:bf:2a:b7:34:3f:
         05:8e:88:d0:a8:c4:af:f3:f7:95:23:a4:90:04:87:41:91:d3:
         3c:7f:a6:57:3a:53:dc:c8:88:99:0d:89:e9:e5:2a:a5:d7:27:
         a9:7b:d2:c3:c7:46:4d:0b:a1:b8:57:31:9a:f7:9c:52:e7:d1:
         a9:6e:25:a1:fb:27:38:cd:84:4a:ed:50:8c:a9:31:8a:ca:44:
         90:4f:61:b3:32:5c:1c:6c:d4:c4:61:fa:4e:4f:a1:aa:ae:c1:
         e5:44:c9:1b:65:c9:69:44:9e:cb:96:66:9c:1b:4e:55:7d:c3:
         52:f3:aa:1a:50:77:84:6a:49:2a:c0:b6:14:a6:40:fe:c6:f6:
         b6:14:f0:e2:61:41:83:e6:19:eb:c1:63:ce:db:da:e4:07:bb:
         1c:7c:39:55:28:cc:1e:c6:db:91:ee:2e:88:1b:e6:94:b2:78:
         e0:35:e6:2f:5c:05:cf:cc:61:5a:f4:5d:e4:46:73:b6:98:e8:
         b7:22:f8:a5:7e:a3:8d:95:8a:9d:70:d4:8c:aa:3a:8d:79:4d:
         1d:a0:56:4e:7b:b9:d5:76:fc:f0:81:4e:5e:cb:d2:92:bb:74:
         75:8f:be:ab:8c:88:54:d6:5c:ac:1f:9e:b9:e0:f8:5d:10:5f:
         c4:83:48:4c
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzJvKRCKZrsSaLo7cMri6spMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjA2MDZkZTczMDQ1NmVkZDczMzVjYzg4MmNiZGY0Mzk2
ZjM0NjAwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTM1ZTVmYWJmYTJlZGZkYWE0N2Q0MzA3MDk5MzQ5MzIxYTYyOGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJKy70Sx5c049PuoF8aFGQzpBVyG
Glv2JE5NM7QkMZbS9YWS6rv0DO9N9+13HKX/AuVh1rJNHxB+RJ+EqVzU0Sf//yG4
ncdjN1p6TQnH1qGaAiRYNS+cBA7BC/LiKkUMsXmnQ0zUsPFf/n35eUXzyXffoSvB
pNHRTDsorZ58O7djEb59bhyxGT+tWb7ozAuZAAJXRGDrZdjvjtR9vREn/lkGMc8j
xls/WJckiGLhDehTDZQXNHW2x2if4Mgpg3h8CRrNXirEPFqqOgrGZUIfnm+6KoT+
0TD/K71WWS0/riz4iN0xpCTirJYix1811q1QPqkMHUpre0h0JoSgEqLHpQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFIo15fq/ou39qkfUMHCZNJMhpiiqMB8GA1UdIwQY
MBaAFMsgYG3nMEVu3XM1zIgsvfQ5bzRgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQt
YjNkODZhYTQzYmM1LzEvaWpYbC1yLWk3ZjJxUjlRd2NKazBreUdtS0tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQtYjNkODZhYTQzYmM1
LzEveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAgBAIAATAaAwQGThwAMAwD
BAe8fYADBAK8fZgDBAC8fZ0wGAQCAAIwEgMHACoCDoiAAAMHACoCDoiBADANBgkq
hkiG9w0BAQsFAAOCAQEAcrbJmGwv7DA7qPFjF78qtzQ/BY6I0KjEr/P3lSOkkASH
QZHTPH+mVzpT3MiImQ2J6eUqpdcnqXvSw8dGTQuhuFcxmvecUufRqW4lofsnOM2E
Su1QjKkxispEkE9hszJcHGzUxGH6Tk+hqq7B5UTJG2XJaUSey5ZmnBtOVX3DUvOq
GlB3hGpJKsC2FKZA/sb2thTw4mFBg+YZ68Fjztva5Ae7HHw5VSjMHsbbke4uiBvm
lLJ44DXmL1wFz8xhWvRd5EZztpjotyL4pX6jjZWKnXDUjKo6jXlNHaBWTnu51Xb8
8IFOXsvSkrt0dY++q4yIVNZcrB+eueD4XRBfxINITA==
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:12:28 2024 by rpki-client on console-ams.rpki-client.org