Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/f0MhiJq0tWVRNE4P9AykxzWjENY.roa
File:                     f0MhiJq0tWVRNE4P9AykxzWjENY.roa (raw, json)
Hash identifier:          YFTBrUuFEAPBazzD4yNseBHgf/rzsircPbPo5lnzCJI=
Subject key identifier:   7F:43:21:88:9A:B4:B5:65:51:34:4E:0F:F4:0C:A4:C7:35:A3:10:D6
Certificate issuer:       /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial:       018EC72D351BA2FA0C275A2E538FF7D56F92
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/f0MhiJq0tWVRNE4P9AykxzWjENY.roa
Signing time:             Wed 10 Apr 2024 08:43:32 +0000
ROA not before:           Wed 10 Apr 2024 08:43:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31586
IP address blocks:        81.21.136.0/21 maxlen: 24
                          141.255.180.0/22 maxlen: 24
                          185.69.232.0/22 maxlen: 24
                          185.84.72.0/22 maxlen: 24
                          185.105.204.0/22 maxlen: 24
                          185.105.216.0/22 maxlen: 24
                          217.21.241.0/24 maxlen: 24
                          2a05:2500::/32 maxlen: 32
                          2a05:a282::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:2d:35:1b:a2:fa:0c:27:5a:2e:53:8f:f7:d5:6f:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
        Validity
            Not Before: Apr 10 08:43:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f4321889ab4b56551344e0ff40ca4c735a310d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:00:4d:82:b9:a6:ac:72:4b:f3:8a:aa:44:49:
                    ac:ae:eb:26:02:ae:b3:c6:dd:6e:92:e3:72:93:d6:
                    81:7c:ba:90:5d:63:05:5d:6a:d6:1b:a3:97:a3:86:
                    39:c6:5e:ff:d6:4b:7d:cc:0a:da:fd:94:3a:fa:30:
                    0c:a0:40:12:4b:80:55:ea:9a:ae:80:51:7a:a4:b5:
                    f4:8b:97:1a:a0:c1:1f:fc:05:64:a3:d7:08:88:d1:
                    76:e5:2b:3b:b3:3e:d0:3d:1f:e9:7b:16:b8:10:c2:
                    4f:f2:73:93:60:5b:0a:5b:d2:09:ba:e2:b6:3f:9c:
                    1d:5c:5a:39:2a:06:49:bf:55:ad:b1:fb:23:ee:6c:
                    c3:c9:7e:48:ed:7d:79:bb:29:e8:97:95:ab:6d:56:
                    a4:1e:95:7d:07:b5:3b:63:fe:f1:a3:70:08:19:8c:
                    a7:41:b0:71:d5:1a:22:e3:22:35:37:5f:23:28:9c:
                    a6:88:1f:dd:66:02:a2:0b:fb:55:ec:57:41:f6:cb:
                    00:c7:78:3d:f4:0a:da:06:bb:a2:07:9a:34:0b:c7:
                    03:46:e7:d9:22:06:66:6e:6c:75:f8:88:24:75:4d:
                    e2:13:df:6f:a5:a0:b6:6b:9c:c3:62:8f:f3:9b:29:
                    17:37:d1:80:2b:9f:93:e7:95:0b:a9:5e:b4:f1:31:
                    55:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:43:21:88:9A:B4:B5:65:51:34:4E:0F:F4:0C:A4:C7:35:A3:10:D6
            X509v3 Authority Key Identifier:
                keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/f0MhiJq0tWVRNE4P9AykxzWjENY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.21.136.0/21
                  141.255.180.0/22
                  185.69.232.0/22
                  185.84.72.0/22
                  185.105.204.0/22
                  185.105.216.0/22
                  217.21.241.0/24
                IPv6:
                  2a05:2500::/32
                  2a05:a282::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:78:0c:8f:eb:24:e6:86:be:b2:4b:2d:5f:5f:23:7d:88:b4:
         58:52:13:a9:83:a4:c5:f1:d9:ed:54:ed:81:d4:fc:3f:e4:0d:
         80:a6:24:cb:c2:ff:dd:5b:a2:e4:6c:aa:76:07:55:1b:ca:3e:
         58:c5:a1:5a:a0:cd:7c:e2:02:ec:cd:36:43:56:97:3c:b6:3d:
         5c:6d:b3:1e:9c:60:88:72:07:70:e5:84:40:9a:ce:ac:67:3a:
         2e:cb:63:a2:46:64:35:41:4c:43:4b:ad:1a:ff:66:89:c4:5a:
         74:f4:3e:c3:76:db:b4:f1:01:5a:0a:63:29:e9:bf:53:d1:74:
         45:4d:bb:a5:67:b4:6d:ab:51:20:69:08:da:ac:c7:99:68:e4:
         27:ec:2b:12:f2:5a:48:d5:12:3e:18:ab:38:11:b3:86:42:6c:
         5e:8f:fa:cb:26:22:f6:d6:a7:8a:4c:f3:8f:66:fb:c1:06:3e:
         4e:d8:9b:76:c6:cc:aa:ec:41:6d:6f:0b:58:6f:ca:2a:b8:2b:
         b9:9a:62:52:ef:fc:6b:28:6d:a5:53:db:06:d8:be:c5:0d:5b:
         78:be:03:c6:44:ce:b9:d6:6b:c6:c3:ea:cf:c5:5d:8c:24:07:
         fd:8c:6d:1f:86:6a:4e:c2:a9:17:cc:5d:3a:5c:fa:47:fe:a0:
         20:b9:4e:66
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAY7HLTUbovoMJ1ouU4/31W+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjQwNDEwMDg0MzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjQzMjE4ODlhYjRiNTY1NTEzNDRlMGZmNDBjYTRjNzM1YTMxMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxABNgrmmrHJL84qqREmsrusmAq6z
xt1ukuNyk9aBfLqQXWMFXWrWG6OXo4Y5xl7/1kt9zAra/ZQ6+jAMoEASS4BV6pqu
gFF6pLX0i5caoMEf/AVko9cIiNF25Ss7sz7QPR/pexa4EMJP8nOTYFsKW9IJuuK2
P5wdXFo5KgZJv1Wtsfsj7mzDyX5I7X15uynol5WrbVakHpV9B7U7Y/7xo3AIGYyn
QbBx1Roi4yI1N18jKJymiB/dZgKiC/tV7FdB9ssAx3g99AraBruiB5o0C8cDRufZ
IgZmbmx1+IgkdU3iE99vpaC2a5zDYo/zmykXN9GAK5+T55ULqV608TFV+QIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFH9DIYiatLVlUTROD/QMpMc1oxDWMB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvZjBNaGlKcTB0V1ZSTkU0UDlBeWt4eldqRU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQDURWIAwQC
jf+0AwQCuUXoAwQCuVRIAwQCuWnMAwQCuWnYAwQA2RXxMBQEAgACMA4DBQAqBSUA
AwUAKgWigjANBgkqhkiG9w0BAQsFAAOCAQEAt3gMj+sk5oa+skstX18jfYi0WFIT
qYOkxfHZ7VTtgdT8P+QNgKYky8L/3Vui5GyqdgdVG8o+WMWhWqDNfOIC7M02Q1aX
PLY9XG2zHpxgiHIHcOWEQJrOrGc6LstjokZkNUFMQ0utGv9micRadPQ+w3bbtPEB
WgpjKem/U9F0RU27pWe0batRIGkI2qzHmWjkJ+wrEvJaSNUSPhirOBGzhkJsXo/6
yyYi9tanikzzj2b7wQY+TtibdsbMquxBbW8LWG/KKrgruZpiUu/8ayhtpVPbBti+
xQ1beL4DxkTOudZrxsPqz8VdjCQH/YxtH4ZqTsKpF8xdOlz6R/6gILlOZg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:22:34 2024 by rpki-client on console-ams.rpki-client.org