Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/j17T50-XIH3-7R7kEYfNbnlEr1E.roa
File:                     j17T50-XIH3-7R7kEYfNbnlEr1E.roa (raw, json)
Hash identifier:          JBgAaa/0HILQP91bs7dVth9lkFOShJK12GPHw7C+5/U=
Subject key identifier:   8F:5E:D3:E7:4F:97:20:7D:FE:ED:1E:E4:11:87:CD:6E:79:44:AF:51
Certificate issuer:       /CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
Certificate serial:       018CC8DEEF3476BE409A08C39AE72DBE15F4
Authority key identifier: D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/j17T50-XIH3-7R7kEYfNbnlEr1E.roa
Signing time:             Tue 02 Jan 2024 06:31:42 +0000
ROA not before:           Tue 02 Jan 2024 06:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        95.140.0.0/20 maxlen: 20
                          178.251.80.0/21 maxlen: 21
                          79.141.0.0/20 maxlen: 24
                          141.101.48.0/21 maxlen: 21
                          185.14.120.0/22 maxlen: 22
                          217.15.80.0/20 maxlen: 20
                          37.122.200.0/21 maxlen: 21
                          185.4.20.0/22 maxlen: 23
                          171.33.152.0/21 maxlen: 21
                          95.170.8.0/22 maxlen: 22
                          83.167.128.0/19 maxlen: 24
                          46.254.224.0/21 maxlen: 21
                          2a01:6380::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ef:34:76:be:40:9a:08:c3:9a:e7:2d:be:15:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
        Validity
            Not Before: Jan  2 06:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f5ed3e74f97207dfeed1ee41187cd6e7944af51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7a:58:b7:2a:32:21:c9:eb:76:fb:bc:c5:65:
                    86:7d:c3:cd:05:74:cd:ff:4a:11:bf:11:46:8d:b1:
                    4c:fd:40:3b:a4:d3:18:4a:c7:41:8f:81:2e:4f:95:
                    e8:3d:fd:d4:c2:99:0d:c9:f1:50:ca:30:4d:0b:a0:
                    a9:90:ad:50:53:91:57:0e:46:b1:e7:8f:13:1c:01:
                    83:6f:62:f3:02:fa:a4:0e:79:b0:22:84:8c:e4:aa:
                    46:de:db:1a:84:ce:c9:ba:2d:f1:82:f4:4e:a5:c0:
                    f1:04:e4:db:91:9a:c7:82:9f:bb:da:2f:f7:fb:03:
                    13:6c:61:c4:ff:bd:06:2c:05:51:9d:57:f2:92:42:
                    bc:db:52:f9:6b:57:0e:1d:f2:a4:2a:2a:78:f8:0e:
                    63:5c:e0:d3:56:01:a1:2b:46:db:a8:55:80:14:3a:
                    bb:c8:73:dd:1e:0c:aa:08:0d:78:a9:ac:18:de:5a:
                    cc:28:0e:70:39:0c:2a:1e:3d:54:a0:6e:f3:d9:fa:
                    39:d2:27:30:56:5d:56:f9:48:51:cb:20:b5:e3:d6:
                    2e:8a:57:be:8e:42:70:92:d6:7d:e4:4d:6c:ab:cd:
                    d5:1e:13:97:e4:37:5f:c0:21:b3:0c:68:a6:39:49:
                    55:3b:4d:c0:56:ff:91:97:82:4e:b6:52:e1:72:10:
                    45:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:5E:D3:E7:4F:97:20:7D:FE:ED:1E:E4:11:87:CD:6E:79:44:AF:51
            X509v3 Authority Key Identifier:
                keyid:D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/j17T50-XIH3-7R7kEYfNbnlEr1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.122.200.0/21
                  46.254.224.0/21
                  79.141.0.0/20
                  83.167.128.0/19
                  95.140.0.0/20
                  95.170.8.0/22
                  141.101.48.0/21
                  171.33.152.0/21
                  178.251.80.0/21
                  185.4.20.0/22
                  185.14.120.0/22
                  217.15.80.0/20
                IPv6:
                  2a01:6380::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:d2:9f:6d:de:ab:4d:21:e8:61:f6:b5:b2:90:70:a6:f1:08:
         52:45:38:37:57:b4:60:8e:83:70:33:b6:9c:b8:c4:8d:16:10:
         d6:44:99:7c:09:ae:df:6a:bb:77:bd:80:37:99:c7:40:86:d2:
         37:86:e4:a6:34:96:1d:6d:f9:70:b7:83:1f:52:a7:b9:a8:a9:
         c7:10:fa:c6:b6:83:a8:b1:bd:e8:a5:bd:05:56:0d:1a:9f:be:
         4f:d8:ee:63:eb:d0:38:3f:13:5b:ff:42:ff:6e:a1:03:70:91:
         68:e2:eb:26:85:56:07:e2:22:d2:fd:b8:f1:e7:cf:db:39:85:
         d9:7e:18:a9:9a:2e:cd:84:50:9d:df:65:b2:ea:b5:c7:f2:d9:
         8e:81:1a:23:cb:b8:b7:47:8d:e0:45:f8:42:1e:0d:ff:16:40:
         b5:d8:3b:e7:cd:30:12:c4:28:2c:04:d0:85:25:81:eb:f2:af:
         b5:9e:eb:de:c2:3f:0d:7b:6c:3a:22:d5:c2:01:6d:2a:57:04:
         eb:0b:1e:d1:16:32:5e:b6:a3:5f:ee:e1:73:7c:5e:a0:8e:a3:
         f1:ab:c1:e6:7e:34:b2:0b:67:8d:05:f3:2c:77:4f:26:d7:8d:
         be:c5:ab:5e:71:4d:4d:a3:a5:08:4c:36:3a:18:ae:66:ca:c7:
         50:f3:69:fb
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYzI3u80dr5AmgjDmuctvhX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZWUwMzg5Njg3ZGJkNDQ1ZGU2ZjkyMzljMWQwMmMzNzcw
Y2Y1NzQwHhcNMjQwMTAyMDYzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjVlZDNlNzRmOTcyMDdkZmVlZDFlZTQxMTg3Y2Q2ZTc5NDRhZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXpYtyoyIcnrdvu8xWWGfcPNBXTN
/0oRvxFGjbFM/UA7pNMYSsdBj4EuT5XoPf3UwpkNyfFQyjBNC6CpkK1QU5FXDkax
548THAGDb2LzAvqkDnmwIoSM5KpG3tsahM7Jui3xgvROpcDxBOTbkZrHgp+72i/3
+wMTbGHE/70GLAVRnVfykkK821L5a1cOHfKkKip4+A5jXODTVgGhK0bbqFWAFDq7
yHPdHgyqCA14qawY3lrMKA5wOQwqHj1UoG7z2fo50icwVl1W+UhRyyC149Yuile+
jkJwktZ95E1sq83VHhOX5DdfwCGzDGimOUlVO03AVv+Rl4JOtlLhchBFkQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFI9e0+dPlyB9/u0e5BGHzW55RK9RMB8GA1UdIwQY
MBaAFNDuA4lofb1EXeb5I5wdAsN3DPV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEt
MWEyOWE0NDhkMzA5LzEvajE3VDUwLVhJSDMtN1I3a0VZZk5ibmxFcjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEtMWEyOWE0NDhkMzA5
LzEvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDJXrIAwQD
Lv7gAwQET40AAwQFU6eAAwQEX4wAAwQCX6oIAwQDjWUwAwQDqyGYAwQDsvtQAwQC
uQQUAwQCuQ54AwQE2Q9QMA0EAgACMAcDBQAqAWOAMA0GCSqGSIb3DQEBCwUAA4IB
AQCJ0p9t3qtNIehh9rWykHCm8QhSRTg3V7RgjoNwM7acuMSNFhDWRJl8Ca7fart3
vYA3mcdAhtI3huSmNJYdbflwt4MfUqe5qKnHEPrGtoOosb3opb0FVg0an75P2O5j
69A4PxNb/0L/bqEDcJFo4usmhVYH4iLS/bjx58/bOYXZfhipmi7NhFCd32Wy6rXH
8tmOgRojy7i3R43gRfhCHg3/FkC12DvnzTASxCgsBNCFJYHr8q+1nuvewj8Ne2w6
ItXCAW0qVwTrCx7RFjJetqNf7uFzfF6gjqPxq8HmfjSyC2eNBfMsd08m142+xate
cU1No6UITDY6GK5mysdQ82n7
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:13:03 2024 by rpki-client on console-fra.rpki-client.org