Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/pLxraMGdusqRgDUPmIqQpTjC5rg.roa
File:                     pLxraMGdusqRgDUPmIqQpTjC5rg.roa (raw, json)
Hash identifier:          oQP9uooU1SmBPrFPPbMEGdSjQ4ZgaWwwD2HyEpBZRok=
Subject key identifier:   A4:BC:6B:68:C1:9D:BA:CA:91:80:35:0F:98:8A:90:A5:38:C2:E6:B8
Certificate issuer:       /CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Certificate serial:       018CC64AAF53C9CD5A96AAFDE398A7F6C414
Authority key identifier: 0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/pLxraMGdusqRgDUPmIqQpTjC5rg.roa
Signing time:             Mon 01 Jan 2024 18:30:32 +0000
ROA not before:           Mon 01 Jan 2024 18:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199967
IP address blocks:        45.66.133.0/24 maxlen: 24
                          185.159.70.0/24 maxlen: 24
                          185.159.69.0/24 maxlen: 24
                          185.159.68.0/24 maxlen: 24
                          185.187.239.0/24 maxlen: 24
                          185.187.238.0/24 maxlen: 24
                          185.187.237.0/24 maxlen: 24
                          45.12.205.0/24 maxlen: 24
                          45.12.204.0/24 maxlen: 24
                          45.134.19.0/24 maxlen: 24
                          81.90.191.0/24 maxlen: 24
                          188.119.101.0/24 maxlen: 24
                          188.119.100.0/24 maxlen: 24
                          185.126.70.0/24 maxlen: 24
                          185.126.69.0/24 maxlen: 24
                          185.126.71.0/24 maxlen: 24
                          185.105.189.0/24 maxlen: 24
                          185.105.190.0/24 maxlen: 24
                          185.168.23.0/24 maxlen: 24
                          185.168.22.0/24 maxlen: 24
                          185.168.21.0/24 maxlen: 24
                          185.171.121.0/24 maxlen: 24
                          185.126.139.0/24 maxlen: 24
                          185.126.138.0/24 maxlen: 24
                          91.217.121.0/24 maxlen: 24
                          91.217.120.0/24 maxlen: 24
                          194.156.228.0/24 maxlen: 24
                          185.175.141.0/24 maxlen: 24
                          185.175.140.0/24 maxlen: 24
                          45.144.240.0/24 maxlen: 24
                          45.144.241.0/24 maxlen: 24
                          45.82.166.0/24 maxlen: 24
                          5.183.178.0/24 maxlen: 24
                          185.160.27.0/24 maxlen: 24
                          185.160.25.0/24 maxlen: 24
                          185.126.118.0/24 maxlen: 24
                          185.126.119.0/24 maxlen: 24
                          5.181.6.0/24 maxlen: 24
                          5.181.7.0/24 maxlen: 24
                          45.66.132.0/24 maxlen: 24
                          185.120.19.0/24 maxlen: 24
                          185.120.18.0/24 maxlen: 24
                          152.89.209.0/24 maxlen: 24
                          152.89.208.0/24 maxlen: 24
                          217.197.163.0/24 maxlen: 24
                          147.78.15.0/24 maxlen: 24
                          45.128.154.0/24 maxlen: 24
                          2a0c:8a40:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:af:53:c9:cd:5a:96:aa:fd:e3:98:a7:f6:c4:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
        Validity
            Not Before: Jan  1 18:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4bc6b68c19dbaca9180350f988a90a538c2e6b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0b:2f:19:fb:1f:9e:b0:e5:e8:4e:d6:cc:e2:
                    c4:58:98:b2:d1:0d:4c:be:c5:f1:ad:30:86:b0:5b:
                    be:c1:01:a7:f2:f9:95:7c:2d:95:8b:6f:09:af:8a:
                    4f:34:21:45:07:07:e4:80:65:16:f6:42:21:34:6e:
                    24:aa:04:62:ee:c3:a6:58:54:13:ba:43:19:00:d6:
                    c0:af:ec:75:4d:14:6d:0a:6b:1b:43:a4:10:4c:83:
                    40:ad:07:e7:b0:48:41:ff:54:a8:54:cb:34:79:1f:
                    f5:bd:16:af:91:fd:d5:98:89:73:39:50:89:06:f8:
                    16:e2:5c:a4:9b:b2:08:49:aa:ea:5e:8e:76:f1:07:
                    7b:92:c5:5d:48:9c:d4:2b:d6:51:95:c9:35:3d:31:
                    f1:8e:9a:00:cf:55:6f:ec:a2:ad:5a:86:c1:62:73:
                    2a:cd:cd:9b:3b:72:f4:ea:f2:43:01:46:30:8c:3f:
                    56:3f:ec:07:a9:27:88:29:5c:24:e5:33:71:9a:6f:
                    21:1f:0f:33:47:92:82:70:00:4f:b2:8c:da:39:24:
                    bd:6e:98:3f:53:7a:56:f6:89:41:fb:da:28:7d:a1:
                    a5:41:7e:d0:d8:95:65:9a:07:9c:d8:af:a0:ab:de:
                    a9:91:a8:75:26:48:cb:d2:bf:ad:79:76:36:fb:5f:
                    fd:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:BC:6B:68:C1:9D:BA:CA:91:80:35:0F:98:8A:90:A5:38:C2:E6:B8
            X509v3 Authority Key Identifier:
                keyid:0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/pLxraMGdusqRgDUPmIqQpTjC5rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.6.0/23
                  5.183.178.0/24
                  45.12.204.0/23
                  45.66.132.0/23
                  45.82.166.0/24
                  45.128.154.0/24
                  45.134.19.0/24
                  45.144.240.0/23
                  81.90.191.0/24
                  91.217.120.0/23
                  147.78.15.0/24
                  152.89.208.0/23
                  185.105.189.0-185.105.190.255
                  185.120.18.0/23
                  185.126.69.0-185.126.71.255
                  185.126.118.0/23
                  185.126.138.0/23
                  185.159.68.0-185.159.70.255
                  185.160.25.0/24
                  185.160.27.0/24
                  185.168.21.0-185.168.23.255
                  185.171.121.0/24
                  185.175.140.0/23
                  185.187.237.0-185.187.239.255
                  188.119.100.0/23
                  194.156.228.0/24
                  217.197.163.0/24
                IPv6:
                  2a0c:8a40:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:af:54:67:66:0e:a3:0e:5a:0d:ee:0a:ea:8e:17:e9:e8:ef:
         da:8e:48:49:25:b4:c7:a9:e1:4e:9a:0b:b9:72:ab:ad:62:0b:
         b0:b8:5c:ae:93:df:af:9b:cd:08:6f:d7:55:b7:37:89:7a:2c:
         e4:78:de:36:44:37:1d:cf:0d:ae:0b:12:56:cc:3f:e0:3d:79:
         fd:43:e7:1c:b8:83:ce:cc:cb:5e:9f:32:2a:63:83:1b:fa:8f:
         fd:59:6d:88:f7:50:ba:cf:99:6c:96:a9:8f:d6:a6:ec:e2:d2:
         02:21:8a:a8:da:30:37:b9:26:05:65:a3:91:cc:c6:40:6b:48:
         24:53:b2:aa:a1:8b:b1:a1:c7:8b:14:f7:09:24:25:7b:cb:dc:
         c1:92:55:11:c9:23:e4:ba:12:5c:2c:99:d5:a4:f2:21:0d:ec:
         34:8d:ac:8c:f9:17:08:5c:78:9c:d9:65:16:e1:af:8a:64:98:
         20:92:e3:9c:5f:f7:5c:ee:1d:e9:d5:f6:b4:3f:08:c0:a7:b6:
         b7:b0:49:8b:27:bd:ca:04:ab:7e:f8:f9:aa:65:3e:19:d1:10:
         c6:d9:1b:ca:42:a3:22:dd:bf:e8:cd:eb:8a:eb:39:2f:50:6a:
         cb:bb:01:ce:55:94:f2:87:a9:21:56:88:a6:7e:90:b9:2c:08:
         c7:09:7f:99
-----BEGIN CERTIFICATE-----
MIIF1zCCBL+gAwIBAgISAYzGSq9Tyc1alqr945in9sQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMjQ3ZTczMzkxZWM5ZDZhMmE0NmYyY2IwYjAyZmM5OTQy
ODhmMTMwHhcNMjQwMTAxMTgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGJjNmI2OGMxOWRiYWNhOTE4MDM1MGY5ODhhOTBhNTM4YzJlNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQsvGfsfnrDl6E7WzOLEWJiy0Q1M
vsXxrTCGsFu+wQGn8vmVfC2Vi28Jr4pPNCFFBwfkgGUW9kIhNG4kqgRi7sOmWFQT
ukMZANbAr+x1TRRtCmsbQ6QQTINArQfnsEhB/1SoVMs0eR/1vRavkf3VmIlzOVCJ
BvgW4lykm7IISarqXo528Qd7ksVdSJzUK9ZRlck1PTHxjpoAz1Vv7KKtWobBYnMq
zc2bO3L06vJDAUYwjD9WP+wHqSeIKVwk5TNxmm8hHw8zR5KCcABPsozaOSS9bpg/
U3pW9olB+9oofaGlQX7Q2JVlmgec2K+gq96pkah1JkjL0r+teXY2+1/9jQIDAQAB
o4IC4zCCAt8wHQYDVR0OBBYEFKS8a2jBnbrKkYA1D5iKkKU4wua4MB8GA1UdIwQY
MBaAFAskfnM5HsnWoqRvLLCwL8mUKI8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMt
NzM2Nzg5ZWU2ZmQwLzEvcEx4cmFNR2R1c3FSZ0RVUG1JcVFwVGpDNXJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMtNzM2Nzg5ZWU2ZmQw
LzEvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH4BggrBgEFBQcBBwEB/wSB6DCB5TCB0QQCAAEwgcoDBAEF
tQYDBAAFt7IDBAEtDMwDBAEtQoQDBAAtUqYDBAAtgJoDBAAthhMDBAEtkPADBABR
Wr8DBAFb2XgDBACTTg8DBAGYWdAwDAMEALlpvQMEALlpvgMEAbl4EjAMAwQAuX5F
AwQDuX5AAwQBuX52AwQBuX6KMAwDBAK5n0QDBAC5n0YDBAC5oBkDBAC5oBswDAME
ALmoFQMEA7moEAMEALmreQMEAbmvjDAMAwQAubvtAwQEubvgAwQBvHdkAwQAwpzk
AwQA2cWjMA8EAgACMAkDBwAqDIpAAAEwDQYJKoZIhvcNAQELBQADggEBAAavVGdm
DqMOWg3uCuqOF+no79qOSEkltMep4U6aC7lyq61iC7C4XK6T36+bzQhv11W3N4l6
LOR43jZENx3PDa4LElbMP+A9ef1D5xy4g87My16fMipjgxv6j/1ZbYj3ULrPmWyW
qY/Wpuzi0gIhiqjaMDe5JgVlo5HMxkBrSCRTsqqhi7Ghx4sU9wkkJXvL3MGSVRHJ
I+S6ElwsmdWk8iEN7DSNrIz5FwhceJzZZRbhr4pkmCCS45xf91zuHenV9rQ/CMCn
trewSYsnvcoEq374+aplPhnREMbZG8pCoyLdv+jN64rrOS9Qasu7Ac5VlPKHqSFW
iKZ+kLksCMcJf5k=
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:26:30 2024 by rpki-client on console-fra.rpki-client.org