Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/S7lDiKRDO7mEOsNbvMeG9_DaFXs.roa
File:                     S7lDiKRDO7mEOsNbvMeG9_DaFXs.roa (raw, json)
Hash identifier:          AGs/JITjd+YenZ8VSSu6nwYtXP3pqQyzIVhGXRfI5J0=
Subject key identifier:   4B:B9:43:88:A4:43:3B:B9:84:3A:C3:5B:BC:C7:86:F7:F0:DA:15:7B
Certificate issuer:       /CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
Certificate serial:       018CC72609234280391D307120952E81BBA2
Authority key identifier: 9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/S7lDiKRDO7mEOsNbvMeG9_DaFXs.roa
Signing time:             Mon 01 Jan 2024 22:30:07 +0000
ROA not before:           Mon 01 Jan 2024 22:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209711
IP address blocks:        45.145.20.0/24 maxlen: 24
                          193.53.87.0/24 maxlen: 24
                          193.53.98.0/24 maxlen: 24
                          37.156.246.0/24 maxlen: 24
                          193.53.103.0/24 maxlen: 24
                          109.230.196.0/24 maxlen: 24
                          193.53.245.0/24 maxlen: 24
                          45.139.222.0/24 maxlen: 24
                          31.214.152.0/24 maxlen: 24
                          31.14.52.0/24 maxlen: 24
                          89.45.94.0/24 maxlen: 24
                          185.111.245.0/24 maxlen: 24
                          185.111.244.0/24 maxlen: 24
                          185.111.246.0/24 maxlen: 24
                          185.111.247.0/24 maxlen: 24
                          93.113.96.0/24 maxlen: 24
                          31.214.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/nNB1iCXdic_uX97MfctlHwpdEBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/nNB1iCXdic_uX97MfctlHwpdEBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:09:23:42:80:39:1d:30:71:20:95:2e:81:bb:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
        Validity
            Not Before: Jan  1 22:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bb94388a4433bb9843ac35bbcc786f7f0da157b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5d:56:0f:d1:26:03:97:bd:ae:1d:3d:96:3d:
                    2d:8c:3f:c0:5c:96:85:8b:16:c4:93:92:a0:30:5e:
                    96:52:a8:06:6b:95:7a:a8:0b:11:99:21:0e:69:6a:
                    9a:c5:df:70:de:35:fb:b9:e0:dc:52:6d:3c:7b:b8:
                    81:55:53:f5:a8:be:32:59:cc:aa:6d:46:d0:74:6a:
                    06:4d:12:b2:c7:a7:c4:d9:6b:bc:bf:8e:66:19:8e:
                    99:d5:af:06:09:a5:53:c0:e8:51:89:04:88:31:7f:
                    6f:4b:81:4f:83:f2:a3:37:28:f3:66:f1:04:98:20:
                    9e:5b:09:26:ea:eb:dc:dd:2b:3f:d4:9b:c1:00:70:
                    90:f6:69:de:89:6b:65:c4:2a:b5:62:04:87:fc:bc:
                    42:96:c8:89:9b:1c:ff:3e:30:bb:a9:af:9b:5d:0d:
                    e9:b8:79:52:38:04:83:8b:d9:a6:12:88:12:30:94:
                    19:86:fc:6e:4e:3b:62:7f:f9:6c:ca:69:d3:d2:fa:
                    bf:d0:20:a3:7a:24:19:d6:2c:c0:69:77:47:e1:7e:
                    d6:3f:60:a9:55:86:03:10:ed:48:34:14:76:f7:18:
                    b4:f2:0e:ad:03:76:1b:42:7e:25:bc:4b:ad:46:90:
                    65:75:09:d8:30:99:45:60:28:9e:a8:8d:3a:f1:df:
                    ef:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:B9:43:88:A4:43:3B:B9:84:3A:C3:5B:BC:C7:86:F7:F0:DA:15:7B
            X509v3 Authority Key Identifier:
                keyid:9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/S7lDiKRDO7mEOsNbvMeG9_DaFXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/nNB1iCXdic_uX97MfctlHwpdEBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.52.0/24
                  31.214.129.0/24
                  31.214.152.0/24
                  37.156.246.0/24
                  45.139.222.0/24
                  45.145.20.0/24
                  89.45.94.0/24
                  93.113.96.0/24
                  109.230.196.0/24
                  185.111.244.0/22
                  193.53.87.0/24
                  193.53.98.0/24
                  193.53.103.0/24
                  193.53.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:e0:46:1f:47:16:65:75:0d:55:de:2d:f3:b1:16:9d:c8:f9:
         23:be:ad:53:99:3f:7f:46:c6:31:6e:fa:19:42:29:a1:c8:c7:
         9d:ba:83:a6:9b:88:0a:17:da:89:7d:8d:70:ef:eb:16:f1:dd:
         db:45:9b:27:96:05:3c:5d:92:1c:56:71:f2:ef:71:cb:24:eb:
         43:87:5e:1f:86:06:98:9a:c6:c3:fb:ec:f4:fd:35:67:a4:a8:
         d0:f5:ec:66:ad:62:0b:6e:1b:5f:9e:98:43:87:81:7d:97:5a:
         54:ad:bb:f8:04:64:2e:6c:4e:6c:4a:c6:8b:54:68:87:f4:90:
         b3:93:ba:d4:2c:ed:cf:52:4e:e9:08:19:0b:0b:e9:7e:a5:15:
         01:58:9e:92:65:50:1d:39:79:75:20:29:49:57:4b:be:06:1c:
         f8:ef:af:13:4d:0f:0e:33:21:e5:dc:da:83:06:1c:0c:cc:f9:
         5b:25:4a:98:8e:df:65:85:00:e8:7c:b1:99:7b:c1:aa:7f:7d:
         5e:1d:e6:2f:9f:4a:46:67:3a:79:8a:d5:34:45:2e:bc:2b:9b:
         99:9f:f4:5c:5a:ac:4f:11:26:91:74:39:62:e3:20:66:34:dd:
         db:f0:7f:bc:55:da:0a:89:4d:82:90:85:f4:a9:32:c0:04:78:
         d3:1f:ad:2d
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYzHJgkjQoA5HTBxIJUugbuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZDA3NTg4MjVkZDg5Y2ZlZTVmZGVjYzdkY2I2NTFmMGE1
ZDEwMTgwHhcNMjQwMTAxMjIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmI5NDM4OGE0NDMzYmI5ODQzYWMzNWJiY2M3ODZmN2YwZGExNTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn11WD9EmA5e9rh09lj0tjD/AXJaF
ixbEk5KgMF6WUqgGa5V6qAsRmSEOaWqaxd9w3jX7ueDcUm08e7iBVVP1qL4yWcyq
bUbQdGoGTRKyx6fE2Wu8v45mGY6Z1a8GCaVTwOhRiQSIMX9vS4FPg/KjNyjzZvEE
mCCeWwkm6uvc3Ss/1JvBAHCQ9mneiWtlxCq1YgSH/LxClsiJmxz/PjC7qa+bXQ3p
uHlSOASDi9mmEogSMJQZhvxuTjtif/lsymnT0vq/0CCjeiQZ1izAaXdH4X7WP2Cp
VYYDEO1INBR29xi08g6tA3YbQn4lvEutRpBldQnYMJlFYCieqI068d/vbQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFEu5Q4ikQzu5hDrDW7zHhvfw2hV7MB8GA1UdIwQY
MBaAFJzQdYgl3YnP7l/ezH3LZR8KXRAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3Yjkt
YTU0ZjhlNDgxM2U3LzEvUzdsRGlLUkRPN21FT3NOYnZNZUc5X0RhRlhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3YjktYTU0ZjhlNDgxM2U3
LzEvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAHw40AwQA
H9aBAwQAH9aYAwQAJZz2AwQALYveAwQALZEUAwQAWS1eAwQAXXFgAwQAbebEAwQC
uW/0AwQAwTVXAwQAwTViAwQAwTVnAwQAwTX1MA0GCSqGSIb3DQEBCwUAA4IBAQCg
4EYfRxZldQ1V3i3zsRadyPkjvq1TmT9/RsYxbvoZQimhyMeduoOmm4gKF9qJfY1w
7+sW8d3bRZsnlgU8XZIcVnHy73HLJOtDh14fhgaYmsbD++z0/TVnpKjQ9exmrWIL
bhtfnphDh4F9l1pUrbv4BGQubE5sSsaLVGiH9JCzk7rULO3PUk7pCBkLC+l+pRUB
WJ6SZVAdOXl1IClJV0u+Bhz4768TTQ8OMyHl3NqDBhwMzPlbJUqYjt9lhQDofLGZ
e8Gqf31eHeYvn0pGZzp5itU0RS68K5uZn/RcWqxPESaRdDli4yBmNN3b8H+8VdoK
iU2CkIX0qTLABHjTH60t
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:27:37 2024 by rpki-client on console-fra.rpki-client.org