Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/KugZ15a-FjlP95bkKHA5-v_5FRs.roa
File:                     KugZ15a-FjlP95bkKHA5-v_5FRs.roa (raw, json)
Hash identifier:          QvmqQHbT9twPMged2Sgv48jAdjW5AlnirBGdVAqo5sA=
Subject key identifier:   2A:E8:19:D7:96:BE:16:39:4F:F7:96:E4:28:70:39:FA:FF:F9:15:1B
Certificate issuer:       /CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
Certificate serial:       018EA3EA3FF24D24B8181EABA1C861750119
Authority key identifier: 6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/KugZ15a-FjlP95bkKHA5-v_5FRs.roa
Signing time:             Wed 03 Apr 2024 12:23:41 +0000
ROA not before:           Wed 03 Apr 2024 12:23:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201017
IP address blocks:        145.219.0.0/21 maxlen: 21
                          145.219.6.0/24 maxlen: 24
                          145.219.8.0/21 maxlen: 21
                          145.219.8.0/24 maxlen: 24
                          145.219.9.0/24 maxlen: 24
                          145.219.10.0/24 maxlen: 24
                          145.219.11.0/24 maxlen: 24
                          145.219.12.0/24 maxlen: 24
                          145.219.13.0/24 maxlen: 24
                          145.219.14.0/24 maxlen: 24
                          145.219.15.0/24 maxlen: 24
                          145.219.16.0/23 maxlen: 23
                          145.219.16.0/24 maxlen: 24
                          145.219.17.0/24 maxlen: 24
                          2a04:b0c0::/44 maxlen: 44
                          2a04:b0c0::/45 maxlen: 45
                          2a04:b0c0:8::/45 maxlen: 45
                          2a04:b0c0:31::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:ea:3f:f2:4d:24:b8:18:1e:ab:a1:c8:61:75:01:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
        Validity
            Not Before: Apr  3 12:23:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ae819d796be16394ff796e4287039fafff9151b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:72:a0:42:e3:6e:db:ff:75:bd:d1:8a:00:01:
                    e9:8b:46:cc:24:ba:fa:30:bf:51:0a:32:cc:d4:94:
                    45:73:91:e1:b0:d0:60:81:cf:06:aa:1f:ae:67:82:
                    76:50:60:c8:95:08:46:15:ae:a8:59:9a:f8:2f:b5:
                    61:f8:10:f8:84:fe:af:87:ba:63:51:10:dd:6b:66:
                    6a:51:ea:d9:fb:61:d2:65:91:21:89:2d:74:8e:71:
                    9a:1d:c3:44:d9:f6:0b:71:bb:80:59:c5:a0:18:02:
                    d6:b3:3f:4c:be:6c:75:23:4b:5b:3a:b7:5d:d2:fc:
                    41:47:97:97:fb:5f:c8:57:52:d9:a7:b0:35:d8:ba:
                    35:24:1e:b5:cb:68:76:69:46:e9:d1:86:6d:3b:13:
                    38:fb:f8:a5:ed:4c:fc:14:09:18:38:d6:85:89:6b:
                    b2:af:4d:6a:b2:8e:c2:8c:3a:f1:f5:f3:c2:5e:c1:
                    85:ca:d9:48:4e:dc:78:d1:46:a3:66:ae:a4:4c:bd:
                    6a:e7:ad:0e:b8:c8:4f:fe:26:18:e9:2a:88:35:92:
                    2d:82:a7:25:3a:72:e5:61:cd:2a:8a:6f:97:98:e1:
                    b8:b0:39:be:96:9a:a8:95:8b:2a:b3:c7:9d:96:03:
                    5f:d4:e2:ef:3d:a1:25:83:e9:17:37:7b:90:52:c9:
                    d5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E8:19:D7:96:BE:16:39:4F:F7:96:E4:28:70:39:FA:FF:F9:15:1B
            X509v3 Authority Key Identifier:
                keyid:6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/KugZ15a-FjlP95bkKHA5-v_5FRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.219.0.0-145.219.17.255
                IPv6:
                  2a04:b0c0::/44
                  2a04:b0c0:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:d5:33:5f:5a:94:dd:09:7e:9c:51:c8:0f:ae:85:12:62:f9:
         fe:75:ac:e3:09:68:1a:f4:1c:04:88:9b:45:37:18:25:25:a2:
         50:63:bd:e9:0d:de:39:bb:dc:3d:6c:52:1c:3a:7c:bb:15:95:
         f9:4c:ce:22:a7:37:09:80:2e:3d:2f:ba:08:55:2d:5e:e4:5c:
         e1:44:ac:66:18:3e:fa:c9:4c:37:e1:44:43:47:d4:e9:83:60:
         62:e1:ee:8e:b6:77:9d:d2:d8:21:6a:e3:ef:99:1d:0b:af:e2:
         19:d7:f3:c3:96:ab:83:5d:e7:5e:6d:04:de:34:50:f4:6c:06:
         9f:2f:19:6e:6a:95:75:58:25:85:8d:47:4f:4b:7f:95:9b:0d:
         49:21:7c:5a:88:a7:e1:0e:fd:54:03:e5:da:89:5e:8f:ba:57:
         dc:fb:f4:cc:e8:2c:0b:b4:01:ab:0f:3f:b0:12:b1:fc:21:fc:
         9b:92:74:fd:f6:69:cd:98:3e:70:81:b8:24:f6:19:38:a4:e3:
         3b:9f:80:c0:5f:cd:04:e8:d1:64:1b:92:a0:20:09:77:d9:b9:
         9e:5e:7e:fa:3c:3b:81:c3:bd:fe:ee:07:c7:4c:34:88:8a:e6:
         0c:f2:cf:24:83:81:e6:d9:09:40:d9:f5:28:c6:4f:76:15:40:
         e6:00:13:0a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY6j6j/yTSS4GB6rochhdQEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNmQ3YmNhYmZjYzMwOGQ0MjAwNTNjNDgyYTBkNTlmYjEy
ODJlMzAwHhcNMjQwNDAzMTIyMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWU4MTlkNzk2YmUxNjM5NGZmNzk2ZTQyODcwMzlmYWZmZjkxNTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3KgQuNu2/91vdGKAAHpi0bMJLr6
ML9RCjLM1JRFc5HhsNBggc8Gqh+uZ4J2UGDIlQhGFa6oWZr4L7Vh+BD4hP6vh7pj
URDda2ZqUerZ+2HSZZEhiS10jnGaHcNE2fYLcbuAWcWgGALWsz9Mvmx1I0tbOrdd
0vxBR5eX+1/IV1LZp7A12Lo1JB61y2h2aUbp0YZtOxM4+/il7Uz8FAkYONaFiWuy
r01qso7CjDrx9fPCXsGFytlITtx40UajZq6kTL1q560OuMhP/iYY6SqINZItgqcl
OnLlYc0qim+XmOG4sDm+lpqolYsqs8edlgNf1OLvPaElg+kXN3uQUsnVaQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFCroGdeWvhY5T/eW5ChwOfr/+RUbMB8GA1UdIwQY
MBaAFG5te8q/zDCNQgBTxIKg1Z+xKC4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDIt
OTMxOTRlYjYxMDhkLzEvS3VnWjE1YS1GamxQOTVia0tIQTUtdl81RlJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDItOTMxOTRlYjYxMDhk
LzEvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzATBAIAATANMAsDAwCR2wME
AZHbEDAYBAIAAjASAwcEKgSwwAAAAwcAKgSwwAAxMA0GCSqGSIb3DQEBCwUAA4IB
AQCS1TNfWpTdCX6cUcgProUSYvn+dazjCWga9BwEiJtFNxglJaJQY73pDd45u9w9
bFIcOny7FZX5TM4ipzcJgC49L7oIVS1e5FzhRKxmGD76yUw34URDR9Tpg2Bi4e6O
tned0tghauPvmR0Lr+IZ1/PDlquDXedebQTeNFD0bAafLxluapV1WCWFjUdPS3+V
mw1JIXxaiKfhDv1UA+XaiV6Pulfc+/TM6CwLtAGrDz+wErH8IfybknT99mnNmD5w
gbgk9hk4pOM7n4DAX80E6NFkG5KgIAl32bmeXn76PDuBw73+7gfHTDSIiuYM8s8k
g4Hm2QlA2fUoxk92FUDmABMK
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:54:28 2024 by rpki-client on console-ams.rpki-client.org