Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/kQ2QfEGh3AcUd1-IbYJdmCvvZaU.roa
File:                     kQ2QfEGh3AcUd1-IbYJdmCvvZaU.roa (raw, json)
Hash identifier:          xkghHpC2/1RChbQmXyAVeSCC+wvdiSg7IqxiCBJNAks=
Subject key identifier:   91:0D:90:7C:41:A1:DC:07:14:77:5F:88:6D:82:5D:98:2B:EF:65:A5
Certificate issuer:       /CN=d9d0318f2685e32d2dba923f6662771427359738
Certificate serial:       018CC3B70321A176300FBBCA1C1BB9DFEB52
Authority key identifier: D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/kQ2QfEGh3AcUd1-IbYJdmCvvZaU.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8728
IP address blocks:        84.52.0.0/18 maxlen: 32
                          212.7.0.0/19 maxlen: 32
                          82.147.160.0/19 maxlen: 32
                          82.147.160.0/21 maxlen: 32
                          185.200.68.0/22 maxlen: 32
                          82.147.168.0/21 maxlen: 32
                          212.7.30.0/24 maxlen: 32
                          89.235.192.0/18 maxlen: 32
                          109.235.240.0/21 maxlen: 32
                          2001:1b28::/32 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:03:21:a1:76:30:0f:bb:ca:1c:1b:b9:df:eb:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d0318f2685e32d2dba923f6662771427359738
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=910d907c41a1dc0714775f886d825d982bef65a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:69:a8:e6:09:93:c8:e8:44:60:92:af:68:60:
                    a3:f9:96:81:c5:23:9c:1f:de:03:86:e1:69:16:ba:
                    05:68:b8:12:c8:2e:80:c6:a8:d7:bd:c1:ee:4a:80:
                    c1:a4:86:fd:40:65:4d:8b:37:33:fc:b7:4a:f4:e3:
                    67:1f:54:da:d3:06:4d:cf:9a:1e:19:24:67:89:0c:
                    20:ca:aa:26:34:6a:a9:10:55:7a:a9:52:a7:8c:e9:
                    8f:03:1e:58:2c:d5:ce:e7:0a:94:8b:3a:56:bf:18:
                    12:eb:fb:b4:8b:63:f2:60:f0:8b:70:c9:d5:4c:1c:
                    12:9d:8b:b3:73:b9:68:7f:2f:5b:27:69:1a:24:c3:
                    40:6d:af:af:69:54:4c:96:3f:2a:01:10:69:b7:53:
                    5e:20:5b:22:93:a3:82:8c:87:71:e2:ae:9b:da:56:
                    44:49:ca:66:81:08:09:a4:f2:04:e6:ed:5e:fc:f0:
                    18:bd:22:73:50:75:06:b1:45:8d:0e:4b:56:33:b6:
                    26:05:6b:2d:73:e2:90:ad:5e:f4:14:b3:3c:4b:38:
                    cf:2e:1f:b3:e1:42:44:6a:7e:38:ac:73:16:cc:c4:
                    f4:d8:38:39:b7:f8:4d:ab:0e:49:a0:8e:2a:88:e4:
                    26:ac:9b:06:4b:1e:c9:27:c3:dd:c0:46:93:1a:7e:
                    ce:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:0D:90:7C:41:A1:DC:07:14:77:5F:88:6D:82:5D:98:2B:EF:65:A5
            X509v3 Authority Key Identifier:
                keyid:D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/kQ2QfEGh3AcUd1-IbYJdmCvvZaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.147.160.0/19
                  84.52.0.0/18
                  89.235.192.0/18
                  109.235.240.0/21
                  185.200.68.0/22
                  212.7.0.0/19
                IPv6:
                  2001:1b28::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:45:18:3d:92:52:a5:2c:fb:c0:8e:0e:11:16:8d:40:44:92:
         43:b2:ef:67:be:73:66:55:b9:74:b5:41:e6:94:60:e2:67:c6:
         36:2b:13:7d:74:28:89:21:62:bd:24:71:29:e9:18:a7:6f:96:
         ab:7f:36:3e:8f:be:0f:87:3a:53:c4:18:0f:70:2e:5a:5c:9e:
         b4:73:c8:f9:4d:eb:13:67:97:ec:89:41:f9:84:6a:7b:27:10:
         26:d5:99:b2:d7:21:0c:28:51:52:7b:4c:00:12:bf:a2:a9:0c:
         f4:75:3f:ae:5c:07:a6:be:0e:fd:d1:00:36:44:7f:1c:2b:98:
         06:34:96:fb:57:6b:cc:ab:3d:5f:95:2b:93:a7:d9:01:61:d0:
         9c:77:20:b5:83:f8:ce:1c:d9:3d:d6:5d:38:86:1f:fd:35:e5:
         55:c2:6b:fc:24:26:6c:1f:08:96:2b:b8:cb:03:1a:81:cc:3a:
         fc:e3:d8:1f:50:cd:cc:5e:f6:5b:8d:b4:42:67:8a:12:78:ba:
         f2:80:8e:04:70:aa:35:a4:f7:cb:6e:64:3c:17:cb:82:e2:53:
         d6:b7:81:56:07:a3:41:c7:08:68:b6:83:79:72:9f:be:52:8a:
         7f:aa:9a:13:b6:94:23:f8:7c:81:ec:db:c7:3d:b4:06:41:ef:
         0b:59:4d:cb
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzDtwMhoXYwD7vKHBu53+tSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDAzMThmMjY4NWUzMmQyZGJhOTIzZjY2NjI3NzE0Mjcz
NTk3MzgwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTBkOTA3YzQxYTFkYzA3MTQ3NzVmODg2ZDgyNWQ5ODJiZWY2NWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGmo5gmTyOhEYJKvaGCj+ZaBxSOc
H94DhuFpFroFaLgSyC6AxqjXvcHuSoDBpIb9QGVNizcz/LdK9ONnH1Ta0wZNz5oe
GSRniQwgyqomNGqpEFV6qVKnjOmPAx5YLNXO5wqUizpWvxgS6/u0i2PyYPCLcMnV
TBwSnYuzc7lofy9bJ2kaJMNAba+vaVRMlj8qARBpt1NeIFsik6OCjIdx4q6b2lZE
ScpmgQgJpPIE5u1e/PAYvSJzUHUGsUWNDktWM7YmBWstc+KQrV70FLM8SzjPLh+z
4UJEan44rHMWzMT02Dg5t/hNqw5JoI4qiOQmrJsGSx7JJ8PdwEaTGn7OgQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFJENkHxBodwHFHdfiG2CXZgr72WlMB8GA1UdIwQY
MBaAFNnQMY8mheMtLbqSP2ZidxQnNZc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEt
OTZkZGQ1YTAyMzlkLzEva1EyUWZFR2gzQWNVZDEtSWJZSmRtQ3Z2WmFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEtOTZkZGQ1YTAyMzlk
LzEvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFUpOgAwQG
VDQAAwQGWevAAwQDbevwAwQCuchEAwQF1AcAMA0EAgACMAcDBQAgARsoMA0GCSqG
SIb3DQEBCwUAA4IBAQCCRRg9klKlLPvAjg4RFo1ARJJDsu9nvnNmVbl0tUHmlGDi
Z8Y2KxN9dCiJIWK9JHEp6Rinb5arfzY+j74PhzpTxBgPcC5aXJ60c8j5TesTZ5fs
iUH5hGp7JxAm1Zmy1yEMKFFSe0wAEr+iqQz0dT+uXAemvg790QA2RH8cK5gGNJb7
V2vMqz1flSuTp9kBYdCcdyC1g/jOHNk91l04hh/9NeVVwmv8JCZsHwiWK7jLAxqB
zDr849gfUM3MXvZbjbRCZ4oSeLrygI4EcKo1pPfLbmQ8F8uC4lPWt4FWB6NBxwho
toN5cp++Uop/qpoTtpQj+HyB7NvHPbQGQe8LWU3L
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:04:32 2024 by rpki-client on console-fra.rpki-client.org