Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/l1x488I_srvfGE92bVfWcUw5PNE.roa
File:                     l1x488I_srvfGE92bVfWcUw5PNE.roa (raw, json)
Hash identifier:          C8WoZdybVL9xHmKmXAh08zthUkfzApHjtxX0JZ0Pbl8=
Subject key identifier:   97:5C:78:F3:C2:3F:B2:BB:DF:18:4F:76:6D:57:D6:71:4C:39:3C:D1
Certificate issuer:       /CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
Certificate serial:       0190495B8B14F7A3CD6E9718F69B4F54F534
Authority key identifier: 6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/l1x488I_srvfGE92bVfWcUw5PNE.roa
Signing time:             Mon 24 Jun 2024 08:27:34 +0000
ROA not before:           Mon 24 Jun 2024 08:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        145.219.32.0/22 maxlen: 22
                          145.219.36.0/22 maxlen: 22
                          145.219.40.0/21 maxlen: 21
                          145.219.48.0/21 maxlen: 21
                          145.219.56.0/21 maxlen: 21
                          145.219.64.0/18 maxlen: 18
                          145.219.128.0/17 maxlen: 17
                          193.176.255.0/24 maxlen: 24
                          2a04:b0c4::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:49:5b:8b:14:f7:a3:cd:6e:97:18:f6:9b:4f:54:f5:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
        Validity
            Not Before: Jun 24 08:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=975c78f3c23fb2bbdf184f766d57d6714c393cd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b3:20:46:f3:7e:ae:65:7b:82:71:30:e9:50:
                    b9:84:f3:ee:cc:17:09:e3:6a:bd:b7:35:cf:b1:17:
                    b8:43:d3:ab:ca:74:46:af:23:bd:68:58:04:9e:9e:
                    fe:84:20:6d:6f:e7:83:51:db:33:f0:d4:49:23:a8:
                    1c:78:df:d4:d8:9d:8a:01:c7:53:eb:d4:e2:87:38:
                    2d:b7:7e:c5:ef:f2:ac:38:d3:db:64:c5:10:e6:48:
                    1b:2e:02:20:d7:be:8e:77:75:00:66:5e:c9:a9:93:
                    74:72:ea:03:17:63:9c:67:d6:cd:bf:da:57:65:80:
                    c2:a0:eb:39:45:fa:1b:e9:2b:a1:2e:40:f3:ce:18:
                    05:0a:e2:a5:ab:a1:bb:6a:17:da:d4:29:14:c4:7d:
                    db:fc:c1:a9:af:71:57:07:2c:51:1b:14:70:90:75:
                    24:b5:58:08:ff:97:6c:d5:e4:d9:87:80:e1:22:b5:
                    3f:dc:8f:86:00:3e:73:3e:98:8b:31:0f:30:06:49:
                    57:d2:3a:ae:70:d4:a1:c0:97:07:88:b6:91:49:6f:
                    04:eb:08:0e:38:3d:41:0e:a3:da:77:f4:03:c6:fd:
                    cd:c5:28:a4:63:f3:67:22:f2:6a:d2:86:18:c9:ca:
                    a8:3b:80:ed:9c:c0:e8:ab:c7:ba:08:27:be:8a:a7:
                    75:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:5C:78:F3:C2:3F:B2:BB:DF:18:4F:76:6D:57:D6:71:4C:39:3C:D1
            X509v3 Authority Key Identifier:
                keyid:6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/l1x488I_srvfGE92bVfWcUw5PNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.219.32.0-145.219.255.255
                  193.176.255.0/24
                IPv6:
                  2a04:b0c4::/30

    Signature Algorithm: sha256WithRSAEncryption
         66:85:41:f9:70:d6:49:db:f9:cb:6f:4d:6a:f4:59:8d:3e:34:
         2c:95:26:35:1b:89:ae:d4:23:d1:19:e6:40:a2:6a:d4:42:a8:
         6d:73:c5:75:bd:de:e2:89:fc:ba:d6:e9:1c:f5:a4:de:7d:23:
         7c:c1:81:a1:5d:1c:9a:cc:94:e7:06:5e:59:40:e3:a3:40:8a:
         76:58:64:cd:57:53:96:3a:72:5a:45:16:bb:56:09:c6:be:f7:
         42:f2:c7:28:f0:0b:18:24:73:ae:df:99:28:ba:28:b0:a6:d8:
         ce:08:07:2c:0a:53:a2:cf:b3:e4:52:2f:0a:8e:b9:c0:5b:fc:
         5d:27:22:ff:cd:be:91:02:90:62:20:9d:5d:b0:e8:6b:8d:f3:
         4f:e6:99:06:f4:b5:67:f1:c3:6f:1c:5d:e8:f8:ee:53:29:e0:
         79:82:f5:b2:d1:52:88:2b:2d:28:59:95:48:41:2a:fc:b8:09:
         1d:3f:52:6f:0e:87:8e:ad:89:4b:61:c3:d4:38:6b:7e:94:b8:
         de:c9:46:6b:95:18:a2:26:3d:02:0f:e9:4b:b9:3a:eb:c5:8b:
         b4:d5:f5:73:71:af:6a:55:a2:2d:75:b2:af:9d:f8:0d:c9:e9:
         bc:f7:6c:de:5a:9f:a0:d2:05:fb:78:38:15:45:8c:31:fe:a2:
         95:7d:32:e1
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZBJW4sU96PNbpcY9ptPVPU0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNmQ3YmNhYmZjYzMwOGQ0MjAwNTNjNDgyYTBkNTlmYjEy
ODJlMzAwHhcNMjQwNjI0MDgyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzVjNzhmM2MyM2ZiMmJiZGYxODRmNzY2ZDU3ZDY3MTRjMzkzY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLMgRvN+rmV7gnEw6VC5hPPuzBcJ
42q9tzXPsRe4Q9OrynRGryO9aFgEnp7+hCBtb+eDUdsz8NRJI6gceN/U2J2KAcdT
69Tihzgtt37F7/KsONPbZMUQ5kgbLgIg176Od3UAZl7JqZN0cuoDF2OcZ9bNv9pX
ZYDCoOs5Rfob6SuhLkDzzhgFCuKlq6G7ahfa1CkUxH3b/MGpr3FXByxRGxRwkHUk
tVgI/5ds1eTZh4DhIrU/3I+GAD5zPpiLMQ8wBklX0jqucNShwJcHiLaRSW8E6wgO
OD1BDqPad/QDxv3NxSikY/NnIvJq0oYYycqoO4DtnMDoq8e6CCe+iqd11QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFJdcePPCP7K73xhPdm1X1nFMOTzRMB8GA1UdIwQY
MBaAFG5te8q/zDCNQgBTxIKg1Z+xKC4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDIt
OTMxOTRlYjYxMDhkLzEvbDF4NDg4SV9zcnZmR0U5MmJWZldjVXc1UE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDItOTMxOTRlYjYxMDhk
LzEvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAZBAIAATATMAsDBAWR2yAD
AwKR2AMEAMGw/zANBAIAAjAHAwUCKgSwxDANBgkqhkiG9w0BAQsFAAOCAQEAZoVB
+XDWSdv5y29NavRZjT40LJUmNRuJrtQj0RnmQKJq1EKobXPFdb3e4on8utbpHPWk
3n0jfMGBoV0cmsyU5wZeWUDjo0CKdlhkzVdTljpyWkUWu1YJxr73QvLHKPALGCRz
rt+ZKLoosKbYzggHLApTos+z5FIvCo65wFv8XSci/82+kQKQYiCdXbDoa43zT+aZ
BvS1Z/HDbxxd6PjuUyngeYL1stFSiCstKFmVSEEq/LgJHT9Sbw6Hjq2JS2HD1Dhr
fpS43slGa5UYoiY9Ag/pS7k668WLtNX1c3GvalWiLXWyr534DcnpvPds3lqfoNIF
+3g4FUWMMf6ilX0y4Q==
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:04:58 2024 by rpki-client on console-ams.rpki-client.org