Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/I7kRS98TWlLCpdxkZBJ1Ghb8vEo.roa
File:                     I7kRS98TWlLCpdxkZBJ1Ghb8vEo.roa (raw, json)
Hash identifier:          pMswfMPqF7jqU8BWibFY90ZZ9yo1kLeHnDWRYRgreMo=
Subject key identifier:   23:B9:11:4B:DF:13:5A:52:C2:A5:DC:64:64:12:75:1A:16:FC:BC:4A
Certificate issuer:       /CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
Certificate serial:       019421B1FB37AB84043A3CDB1E3DDEBA92FF
Authority key identifier: FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/I7kRS98TWlLCpdxkZBJ1Ghb8vEo.roa
Signing time:             Wed 01 Jan 2025 11:48:19 +0000
ROA not before:           Wed 01 Jan 2025 11:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204196
IP address blocks:        80.209.252.0/23 maxlen: 23
                          185.145.128.0/22 maxlen: 22
                          185.207.204.0/22 maxlen: 22
                          185.217.92.0/22 maxlen: 22
                          185.221.200.0/22 maxlen: 22
                          185.224.80.0/22 maxlen: 22
                          185.235.176.0/22 maxlen: 22
                          185.243.188.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:fb:37:ab:84:04:3a:3c:db:1e:3d:de:ba:92:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
        Validity
            Not Before: Jan  1 11:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23b9114bdf135a52c2a5dc646412751a16fcbc4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1e:a8:33:eb:36:56:5f:7e:cc:34:16:55:18:
                    f7:cb:4d:f8:64:09:06:c4:35:a7:f5:dc:2d:ac:11:
                    9a:19:69:58:ac:af:cd:3f:33:1e:08:f5:f0:92:0f:
                    35:39:8e:73:43:a8:69:bc:12:71:f6:c5:db:ba:23:
                    6f:83:b2:5a:24:5d:05:2c:56:98:d4:15:49:2b:1c:
                    9e:d0:2d:15:72:60:1d:7c:e8:d0:7c:a1:52:66:8e:
                    8b:67:ab:60:42:af:f9:c0:e2:72:99:fc:f2:99:20:
                    ba:2d:f3:09:42:d2:f9:6c:12:c3:d1:f1:67:f7:4a:
                    db:2f:e2:74:9c:f7:9f:d5:b6:42:48:bc:bd:40:72:
                    b0:40:79:cf:05:7b:3a:60:da:65:42:d1:3a:91:74:
                    5d:e1:0a:df:01:b5:c6:0a:8c:7f:70:4e:dd:ee:29:
                    b4:d2:1b:97:d2:a8:ad:56:96:14:88:ae:bd:01:59:
                    ec:b6:9d:d2:da:ca:89:48:59:cf:ba:f8:1a:88:41:
                    af:3e:09:f6:f0:99:1e:dd:ec:d2:68:fb:90:d3:ab:
                    84:91:53:bc:7f:b0:03:95:07:9f:af:f3:c2:b6:ae:
                    31:28:48:31:f9:34:8f:26:a0:56:99:f3:24:bf:ac:
                    03:8d:97:20:52:c3:f1:d1:24:75:e4:94:b8:9d:06:
                    ce:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B9:11:4B:DF:13:5A:52:C2:A5:DC:64:64:12:75:1A:16:FC:BC:4A
            X509v3 Authority Key Identifier:
                keyid:FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/I7kRS98TWlLCpdxkZBJ1Ghb8vEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.209.252.0/23
                  185.145.128.0/22
                  185.207.204.0/22
                  185.217.92.0/22
                  185.221.200.0/22
                  185.224.80.0/22
                  185.235.176.0/22
                  185.243.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:0e:7c:de:6d:78:9b:fc:b8:2b:63:dd:dd:1d:f8:f6:07:6e:
         75:41:98:10:36:dd:2a:aa:e5:47:0a:88:1f:32:bb:01:d1:f5:
         12:25:8d:bb:6c:de:65:6a:46:95:9e:33:c8:a4:a9:e0:27:d1:
         e9:51:6c:6c:f2:9b:99:17:df:86:43:ba:e0:46:4d:6f:51:60:
         e6:d9:30:81:26:20:4a:cb:42:88:35:8a:96:15:74:24:ab:f3:
         f3:43:bd:3d:89:a6:ef:9a:c2:5d:1c:1f:d1:4d:0e:d3:c9:58:
         55:cc:30:ae:20:6e:eb:68:b3:94:18:45:ac:40:f2:af:74:d4:
         0d:55:13:37:7d:31:01:34:fa:e5:80:b8:b1:af:a8:96:e9:82:
         50:27:73:be:5c:ed:ef:8a:83:d2:a2:9d:a5:01:10:dc:74:81:
         30:c9:c0:76:43:30:9d:aa:75:7e:4d:32:34:d7:05:9e:a1:3e:
         c7:72:49:5f:c1:2e:6d:90:92:fb:b5:f1:8e:c5:bc:3e:48:bc:
         40:35:d8:a1:9d:12:f5:6d:e3:56:07:97:ae:91:6e:22:18:c1:
         91:d7:ab:13:9c:c5:b2:ae:18:26:b1:ae:b7:f7:7f:8f:93:33:
         65:d7:57:84:4e:7e:b3:a3:dc:7c:a2:ad:7e:4e:f4:db:20:97:
         0d:f7:8b:46
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZQhsfs3q4QEOjzbHj3eupL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMmU3MmFiZjdiMTcyOGZkYTZhYTBiMDQxM2Q4ODU0ODEy
ZWEzNjEwHhcNMjUwMTAxMTE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2I5MTE0YmRmMTM1YTUyYzJhNWRjNjQ2NDEyNzUxYTE2ZmNiYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyR6oM+s2Vl9+zDQWVRj3y034ZAkG
xDWn9dwtrBGaGWlYrK/NPzMeCPXwkg81OY5zQ6hpvBJx9sXbuiNvg7JaJF0FLFaY
1BVJKxye0C0VcmAdfOjQfKFSZo6LZ6tgQq/5wOJymfzymSC6LfMJQtL5bBLD0fFn
90rbL+J0nPef1bZCSLy9QHKwQHnPBXs6YNplQtE6kXRd4QrfAbXGCox/cE7d7im0
0huX0qitVpYUiK69AVnstp3S2sqJSFnPuvgaiEGvPgn28Jke3ezSaPuQ06uEkVO8
f7ADlQefr/PCtq4xKEgx+TSPJqBWmfMkv6wDjZcgUsPx0SR15JS4nQbOGQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFCO5EUvfE1pSwqXcZGQSdRoW/LxKMB8GA1UdIwQY
MBaAFPoucqv3sXKP2mqgsEE9iFSBLqNhMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1pNXlxX2V4Y29fYWFxQ3dRVDJJVklFdW8yRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlm
LWEzNjZkYTI1MWE4My8xL0k3a1JTOThUV2xMQ3BkeGtaQkoxR2hiOHZFby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlmLWEzNjZkYTI1MWE4
My8xLzEtaTV5cV9leGNvX2FhcUN3UVQySVZJRXVvMkUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwSQYIKwYBBQUHAQcBAf8EOjA4MDYEAgABMDADBAFQ0fwD
BAK5kYADBAK5z8wDBAK52VwDBAK53cgDBAK54FADBAK567ADBAK587wwDQYJKoZI
hvcNAQELBQADggEBAAgOfN5teJv8uCtj3d0d+PYHbnVBmBA23Sqq5UcKiB8yuwHR
9RIljbts3mVqRpWeM8ikqeAn0elRbGzym5kX34ZDuuBGTW9RYObZMIEmIErLQog1
ipYVdCSr8/NDvT2Jpu+awl0cH9FNDtPJWFXMMK4gbutos5QYRaxA8q901A1VEzd9
MQE0+uWAuLGvqJbpglAnc75c7e+Kg9KinaUBENx0gTDJwHZDMJ2qdX5NMjTXBZ6h
PsdySV/BLm2Qkvu18Y7FvD5IvEA12KGdEvVt41YHl66RbiIYwZHXqxOcxbKuGCax
rrf3f4+TM2XXV4ROfrOj3HyirX5O9Nsglw33i0Y=
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:40:14 2025 by rpki-client