Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/mevJRdOZ166MQUr_uRI7fI7Kruk.roa
File:                     mevJRdOZ166MQUr_uRI7fI7Kruk.roa (raw, json)
Hash identifier:          mak6S+xAs84BGBMmnKemSmK7J9U3dvKD3pVC9QlL9dU=
Subject key identifier:   99:EB:C9:45:D3:99:D7:AE:8C:41:4A:FF:B9:12:3B:7C:8E:CA:AE:E9
Certificate issuer:       /CN=33b9f91816dd4d8226a41e3b4c3b09c7bdcc64a9
Certificate serial:       018CC5DBE0F073155EAA2E5608E247D5C98F
Authority key identifier: 33:B9:F9:18:16:DD:4D:82:26:A4:1E:3B:4C:3B:09:C7:BD:CC:64:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M7n5GBbdTYImpB47TDsJx73MZKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/mevJRdOZ166MQUr_uRI7fI7Kruk.roa
Signing time:             Mon 01 Jan 2024 16:29:30 +0000
ROA not before:           Mon 01 Jan 2024 16:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39257
IP address blocks:        91.212.106.0/24 maxlen: 24
                          78.31.200.0/22 maxlen: 22
                          185.26.200.0/22 maxlen: 22
                          87.238.184.0/21 maxlen: 21
                          87.238.190.0/24 maxlen: 24
                          87.238.187.0/24 maxlen: 24
                          91.214.127.0/24 maxlen: 24
                          2a02:8c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/M7n5GBbdTYImpB47TDsJx73MZKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/M7n5GBbdTYImpB47TDsJx73MZKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M7n5GBbdTYImpB47TDsJx73MZKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e0:f0:73:15:5e:aa:2e:56:08:e2:47:d5:c9:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33b9f91816dd4d8226a41e3b4c3b09c7bdcc64a9
        Validity
            Not Before: Jan  1 16:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99ebc945d399d7ae8c414affb9123b7c8ecaaee9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0c:9a:f8:99:43:a2:db:ae:32:53:dd:26:78:
                    ed:14:55:33:d0:93:9e:00:40:e0:de:d3:cf:b7:42:
                    99:8a:be:ae:b2:22:ce:1f:c4:41:4b:e5:2d:6c:89:
                    8d:3a:45:5f:97:f4:d4:00:04:4a:9b:45:d2:5b:db:
                    9a:d5:6a:20:13:02:96:35:0e:ca:7a:24:c7:12:d3:
                    c3:4f:12:5f:5a:2f:35:00:18:a7:74:4f:e0:ba:b2:
                    76:53:65:7c:0d:9c:21:1e:c1:c5:3c:06:6e:4b:d0:
                    fd:c8:60:95:90:e4:8b:46:ee:11:54:15:51:35:e7:
                    14:7c:c4:c1:43:5e:fb:fe:1b:44:b6:ff:9d:e7:0f:
                    80:69:9b:43:f2:5f:b8:ca:41:ab:8f:7f:d5:84:cf:
                    d7:3f:7a:22:bc:8c:6a:4f:ce:0f:92:3e:8b:69:f1:
                    91:bf:7d:b2:0a:8b:31:ba:96:0d:d6:33:34:a9:3c:
                    a2:95:1c:dc:64:15:49:46:88:08:98:12:2f:4e:7a:
                    94:7c:4a:03:f7:7e:b5:3a:fa:a8:a7:4c:51:bf:90:
                    a3:90:49:f8:50:8f:c6:3e:d2:84:63:3e:7f:6c:0a:
                    1e:e4:72:05:f6:e0:93:fb:eb:1f:62:08:ab:c8:25:
                    d0:5b:55:29:10:9d:c2:8a:bb:ea:52:14:88:0a:af:
                    68:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:EB:C9:45:D3:99:D7:AE:8C:41:4A:FF:B9:12:3B:7C:8E:CA:AE:E9
            X509v3 Authority Key Identifier:
                keyid:33:B9:F9:18:16:DD:4D:82:26:A4:1E:3B:4C:3B:09:C7:BD:CC:64:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M7n5GBbdTYImpB47TDsJx73MZKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/mevJRdOZ166MQUr_uRI7fI7Kruk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/M7n5GBbdTYImpB47TDsJx73MZKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.200.0/22
                  87.238.184.0/21
                  91.212.106.0/24
                  91.214.127.0/24
                  185.26.200.0/22
                IPv6:
                  2a02:8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:a8:c8:74:f5:d3:d8:2c:b4:45:bb:61:dc:f3:fd:d4:0c:67:
         3d:c4:42:22:20:91:0a:3b:a7:1a:4a:10:96:e6:30:28:16:11:
         58:84:37:f5:f5:a7:2f:e0:8c:1a:29:85:09:bc:6f:ee:1f:bf:
         fb:78:5c:68:ca:4f:e7:91:93:ce:90:6a:6d:7c:37:59:87:50:
         ef:f7:65:4e:7e:15:36:db:a8:9e:d2:9d:11:76:06:f0:40:21:
         8a:45:e8:ed:5d:ef:91:a8:d5:ed:9d:f3:2d:64:ef:10:27:e4:
         24:02:b4:8d:34:fe:7e:b5:6b:47:a6:39:77:e3:96:12:1e:71:
         aa:49:56:bf:23:4a:80:a4:7a:fb:c2:2e:9b:d8:32:ab:9a:f8:
         78:5e:58:87:8d:39:93:51:d8:a6:9c:aa:22:1c:2e:ec:b8:07:
         06:b9:b6:c8:d9:e1:7e:42:6a:da:a9:cb:cb:09:0e:7e:8d:81:
         39:e4:65:1a:d4:d0:76:2b:78:d2:a3:31:f9:38:41:f4:df:a7:
         43:a4:32:1d:82:bd:c4:db:55:1b:5e:f5:2b:20:73:97:10:b5:
         aa:53:92:10:36:88:c2:ff:71:77:53:60:ec:ae:20:a9:5b:75:
         d6:95:34:b8:69:f6:08:b8:d1:59:e6:8a:47:d5:e0:76:00:c7:
         3d:77:07:a1
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzF2+DwcxVeqi5WCOJH1cmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYjlmOTE4MTZkZDRkODIyNmE0MWUzYjRjM2IwOWM3YmRj
YzY0YTkwHhcNMjQwMTAxMTYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWViYzk0NWQzOTlkN2FlOGM0MTRhZmZiOTEyM2I3YzhlY2FhZWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwya+JlDotuuMlPdJnjtFFUz0JOe
AEDg3tPPt0KZir6usiLOH8RBS+UtbImNOkVfl/TUAARKm0XSW9ua1WogEwKWNQ7K
eiTHEtPDTxJfWi81ABindE/gurJ2U2V8DZwhHsHFPAZuS9D9yGCVkOSLRu4RVBVR
NecUfMTBQ177/htEtv+d5w+AaZtD8l+4ykGrj3/VhM/XP3oivIxqT84Pkj6LafGR
v32yCosxupYN1jM0qTyilRzcZBVJRogImBIvTnqUfEoD9361Ovqop0xRv5CjkEn4
UI/GPtKEYz5/bAoe5HIF9uCT++sfYgiryCXQW1UpEJ3CirvqUhSICq9oVwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJnryUXTmdeujEFK/7kSO3yOyq7pMB8GA1UdIwQY
MBaAFDO5+RgW3U2CJqQeO0w7Cce9zGSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTduNUdCYmRUWUltcEI0N1REc0p4NzNNWktrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi84MTMyZjAtNzAyZS00MDQ0LWI2ZDYt
Y2E4Y2Y2YWNmYWViLzEvbWV2SlJkT1oxNjZNUVVyX3VSSTdmSTdLcnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi84MTMyZjAtNzAyZS00MDQ0LWI2ZDYtY2E4Y2Y2YWNmYWVi
LzEvTTduNUdCYmRUWUltcEI0N1REc0p4NzNNWktrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCTh/IAwQD
V+64AwQAW9RqAwQAW9Z/AwQCuRrIMA0EAgACMAcDBQAqAgjAMA0GCSqGSIb3DQEB
CwUAA4IBAQCvqMh09dPYLLRFu2Hc8/3UDGc9xEIiIJEKO6caShCW5jAoFhFYhDf1
9acv4IwaKYUJvG/uH7/7eFxoyk/nkZPOkGptfDdZh1Dv92VOfhU226ie0p0Rdgbw
QCGKRejtXe+RqNXtnfMtZO8QJ+QkArSNNP5+tWtHpjl345YSHnGqSVa/I0qApHr7
wi6b2DKrmvh4XliHjTmTUdimnKoiHC7suAcGubbI2eF+QmraqcvLCQ5+jYE55GUa
1NB2K3jSozH5OEH036dDpDIdgr3E21UbXvUrIHOXELWqU5IQNojC/3F3U2DsriCp
W3XWlTS4afYIuNFZ5opH1eB2AMc9dweh
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:53:07 2024 by rpki-client on console-ams.rpki-client.org