Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/7SdPJFRfxzDyNZtGTABV0VtXypk.roa
File:                     7SdPJFRfxzDyNZtGTABV0VtXypk.roa (raw, json)
Hash identifier:          IMgWZt9j6n0XOwifr3ZuDh1jscpHIXUbryF1IhA1OS4=
Subject key identifier:   ED:27:4F:24:54:5F:C7:30:F2:35:9B:46:4C:00:55:D1:5B:57:CA:99
Certificate issuer:       /CN=b59909ed171b38c1fdc4362229e78d69851de11c
Certificate serial:       018F0E324DCD623F25099CA8ED468D23B2D2
Authority key identifier: B5:99:09:ED:17:1B:38:C1:FD:C4:36:22:29:E7:8D:69:85:1D:E1:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/7SdPJFRfxzDyNZtGTABV0VtXypk.roa
Signing time:             Wed 24 Apr 2024 03:42:08 +0000
ROA not before:           Wed 24 Apr 2024 03:42:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60447
IP address blocks:        77.246.216.0/22 maxlen: 22
                          77.246.216.0/24 maxlen: 24
                          77.246.217.0/24 maxlen: 24
                          77.246.218.0/24 maxlen: 24
                          77.246.219.0/24 maxlen: 24
                          95.214.104.0/22 maxlen: 22
                          95.214.104.0/23 maxlen: 23
                          95.214.106.0/23 maxlen: 23
                          185.97.72.0/22 maxlen: 22
                          185.97.72.0/24 maxlen: 24
                          185.97.73.0/24 maxlen: 24
                          185.97.74.0/24 maxlen: 24
                          185.97.75.0/24 maxlen: 24
                          195.170.166.0/24 maxlen: 24
                          2a06:4c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0e:32:4d:cd:62:3f:25:09:9c:a8:ed:46:8d:23:b2:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b59909ed171b38c1fdc4362229e78d69851de11c
        Validity
            Not Before: Apr 24 03:42:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed274f24545fc730f2359b464c0055d15b57ca99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9b:ae:f7:c1:63:2d:54:4c:2f:20:11:ab:a5:
                    0e:02:ee:ac:eb:a0:62:93:16:19:7b:a7:e4:2f:ba:
                    ba:34:2e:e3:4f:4f:34:4f:f1:50:1d:71:2a:53:1e:
                    73:c6:34:ff:f0:bb:9f:b3:8a:22:03:6f:44:b3:d8:
                    99:0c:c7:99:bb:84:78:06:7d:ee:b4:28:03:a0:be:
                    10:98:a0:41:ba:96:04:00:74:28:05:10:1b:c5:6a:
                    46:fb:fa:61:46:75:e6:ad:2a:f1:8f:78:3e:ae:d4:
                    d9:03:68:e0:d6:9d:03:d7:8a:7c:c6:fa:c0:4d:1a:
                    08:9f:d1:f1:b2:78:89:72:d9:e5:89:7b:bb:39:d4:
                    47:b0:81:0b:c3:c1:b7:8c:a0:d0:2d:2e:8e:fa:19:
                    5e:8c:14:ce:29:9a:f1:0b:c3:b1:b3:91:3c:12:b5:
                    30:43:7a:a4:20:07:5a:4a:d4:87:ac:20:d1:08:b6:
                    7f:5c:a6:4c:2e:b1:24:e0:9d:f9:22:08:2d:f2:1d:
                    aa:4d:c4:b8:98:c5:1d:ad:6a:27:b0:65:00:62:ac:
                    38:f0:0e:80:f7:86:8b:8c:84:43:31:de:f3:5e:c6:
                    e4:73:37:6f:9d:de:d3:dc:5f:ba:77:be:b9:b6:73:
                    b3:39:ac:0d:05:96:66:bd:9f:47:79:48:1b:71:15:
                    64:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:27:4F:24:54:5F:C7:30:F2:35:9B:46:4C:00:55:D1:5B:57:CA:99
            X509v3 Authority Key Identifier:
                keyid:B5:99:09:ED:17:1B:38:C1:FD:C4:36:22:29:E7:8D:69:85:1D:E1:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/7SdPJFRfxzDyNZtGTABV0VtXypk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9ee980-67a2-4d3c-b6ca-fde073588f0f/1/tZkJ7RcbOMH9xDYiKeeNaYUd4Rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.216.0/22
                  95.214.104.0/22
                  185.97.72.0/22
                  195.170.166.0/24
                IPv6:
                  2a06:4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:f8:d1:41:03:ef:7c:8f:1f:83:d3:42:32:fa:12:47:9b:78:
         da:6b:b2:d5:cb:59:18:b9:a5:d8:22:97:eb:ff:b1:a5:b0:2d:
         f4:a2:8b:a5:06:fe:7e:0c:b6:75:0a:59:88:56:1c:d5:cd:28:
         64:25:c8:26:60:46:73:01:5c:09:4e:25:05:75:96:aa:58:51:
         9c:48:5a:9c:b1:fa:99:6c:5f:56:3e:67:62:84:5d:cb:74:63:
         69:7e:a1:f4:bb:a8:64:68:e4:d0:5b:52:70:7c:58:a0:74:75:
         84:c1:b4:71:78:82:44:8b:f0:3b:a8:28:3a:dc:1d:1b:e2:61:
         ac:06:2f:64:91:d0:14:58:ad:98:8b:6f:89:bc:09:d2:13:34:
         2e:9a:21:05:c8:13:9d:0c:b3:3e:df:47:73:ce:9b:7d:06:2a:
         90:51:7d:c6:4c:4a:5d:55:df:28:1a:1f:55:a2:5d:5b:15:71:
         06:bb:4c:8a:84:74:9c:97:19:83:96:88:37:c5:a8:09:4e:09:
         bb:e1:39:5a:a5:12:fb:f1:7e:5b:57:df:eb:df:be:26:c2:90:
         64:1b:be:2d:0b:c7:a5:fa:85:a1:a1:a0:36:d6:17:64:95:8d:
         27:ca:be:19:7f:5c:73:9e:f1:ad:77:08:92:27:57:f7:95:61:
         8d:43:f2:69
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY8OMk3NYj8lCZyo7UaNI7LSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1OTkwOWVkMTcxYjM4YzFmZGM0MzYyMjI5ZTc4ZDY5ODUx
ZGUxMWMwHhcNMjQwNDI0MDM0MjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDI3NGYyNDU0NWZjNzMwZjIzNTliNDY0YzAwNTVkMTViNTdjYTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypuu98FjLVRMLyARq6UOAu6s66Bi
kxYZe6fkL7q6NC7jT080T/FQHXEqUx5zxjT/8Lufs4oiA29Es9iZDMeZu4R4Bn3u
tCgDoL4QmKBBupYEAHQoBRAbxWpG+/phRnXmrSrxj3g+rtTZA2jg1p0D14p8xvrA
TRoIn9HxsniJctnliXu7OdRHsIELw8G3jKDQLS6O+hlejBTOKZrxC8Oxs5E8ErUw
Q3qkIAdaStSHrCDRCLZ/XKZMLrEk4J35Iggt8h2qTcS4mMUdrWonsGUAYqw48A6A
94aLjIRDMd7zXsbkczdvnd7T3F+6d765tnOzOawNBZZmvZ9HeUgbcRVkeQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFO0nTyRUX8cw8jWbRkwAVdFbV8qZMB8GA1UdIwQY
MBaAFLWZCe0XGzjB/cQ2IinnjWmFHeEcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFprSjdSY2JPTUg5eERZaUtlZU5hWVVkNFJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZWU5ODAtNjdhMi00ZDNjLWI2Y2Et
ZmRlMDczNTg4ZjBmLzEvN1NkUEpGUmZ4ekR5Tlp0R1RBQlYwVnRYeXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZWU5ODAtNjdhMi00ZDNjLWI2Y2EtZmRlMDczNTg4ZjBm
LzEvdFprSjdSY2JPTUg5eERZaUtlZU5hWVVkNFJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCTfbYAwQC
X9ZoAwQCuWFIAwQAw6qmMA0EAgACMAcDBQAqBgTAMA0GCSqGSIb3DQEBCwUAA4IB
AQBB+NFBA+98jx+D00Iy+hJHm3jaa7LVy1kYuaXYIpfr/7GlsC30ooulBv5+DLZ1
ClmIVhzVzShkJcgmYEZzAVwJTiUFdZaqWFGcSFqcsfqZbF9WPmdihF3LdGNpfqH0
u6hkaOTQW1JwfFigdHWEwbRxeIJEi/A7qCg63B0b4mGsBi9kkdAUWK2Yi2+JvAnS
EzQumiEFyBOdDLM+30dzzpt9BiqQUX3GTEpdVd8oGh9Vol1bFXEGu0yKhHSclxmD
log3xagJTgm74TlapRL78X5bV9/r374mwpBkG74tC8el+oWhoaA21hdklY0nyr4Z
f1xznvGtdwiSJ1f3lWGNQ/Jp
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:53:07 2024 by rpki-client on console-ams.rpki-client.org