Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/kQ5yRwTUMffUn-57_rCna6ff3sI.roa
File:                     kQ5yRwTUMffUn-57_rCna6ff3sI.roa (raw, json)
Hash identifier:          VoojJa6myjzN5C3xIahHNlsSjYskbbel1ejzSWEWH9U=
Subject key identifier:   91:0E:72:47:04:D4:31:F7:D4:9F:EE:7B:FE:B0:A7:6B:A7:DF:DE:C2
Certificate issuer:       /CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
Certificate serial:       018CC725C304700EB325EAB6ECE01324BF9A
Authority key identifier: 8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/kQ5yRwTUMffUn-57_rCna6ff3sI.roa
Signing time:             Mon 01 Jan 2024 22:29:49 +0000
ROA not before:           Mon 01 Jan 2024 22:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206119
IP address blocks:        194.0.207.0/24 maxlen: 24
                          185.213.169.0/24 maxlen: 24
                          185.213.171.0/24 maxlen: 24
                          185.213.170.0/24 maxlen: 24
                          2a0b:8b41::/32 maxlen: 32
                          2a0b:8b46::/32 maxlen: 32
                          2a0b:8b43::/32 maxlen: 32
                          2a0b:8b44::/32 maxlen: 32
                          2a0b:8b47::/32 maxlen: 32
                          2a0b:8b40::/32 maxlen: 32
                          2a0b:8b45::/32 maxlen: 32
                          2a0b:8b42::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:c3:04:70:0e:b3:25:ea:b6:ec:e0:13:24:bf:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
        Validity
            Not Before: Jan  1 22:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=910e724704d431f7d49fee7bfeb0a76ba7dfdec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5f:50:bc:82:de:45:f8:48:d5:68:99:1d:36:
                    92:12:29:01:22:6e:f2:e7:4e:ac:f5:a1:ae:0a:ed:
                    4e:2b:ea:84:e9:0e:c4:a0:59:4d:60:49:c1:ac:dd:
                    98:55:b5:6a:84:49:0e:c1:88:c4:89:6a:ee:8f:94:
                    4b:d4:7e:08:73:09:2d:a1:67:30:e8:f5:86:7c:6e:
                    98:b5:eb:fe:bb:a4:78:3e:76:6f:67:3d:f8:c6:e8:
                    31:75:a0:72:ef:07:0a:8f:5a:41:fa:44:81:94:a7:
                    27:25:1c:cb:ed:93:ec:93:2d:96:37:f6:de:26:b9:
                    98:88:aa:4d:64:77:dc:7a:f8:a3:2e:b2:17:99:8e:
                    d8:f3:5b:a3:18:01:b0:12:e8:f1:13:0e:c4:0c:04:
                    a2:fd:43:9f:a7:78:c3:74:38:69:95:9e:0b:1b:ce:
                    26:ea:05:7d:9b:16:63:10:23:6f:b5:8d:06:7d:1f:
                    89:b6:fa:62:91:2e:b4:dc:52:50:99:02:dd:be:19:
                    e9:36:8b:0b:07:41:02:18:d0:59:51:80:68:f6:b1:
                    1a:d3:c8:5d:33:7a:f9:e3:9c:be:69:96:ee:4a:e3:
                    c9:b3:7b:bc:bc:72:ff:d0:41:da:d0:a7:2e:0a:54:
                    71:c1:a5:3b:d5:25:ff:fb:50:77:00:1f:03:3e:a2:
                    b6:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:0E:72:47:04:D4:31:F7:D4:9F:EE:7B:FE:B0:A7:6B:A7:DF:DE:C2
            X509v3 Authority Key Identifier:
                keyid:8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/kQ5yRwTUMffUn-57_rCna6ff3sI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.169.0-185.213.171.255
                  194.0.207.0/24
                IPv6:
                  2a0b:8b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:37:31:8f:22:6a:2f:c8:5a:be:ca:30:9b:6a:b4:24:37:cf:
         33:47:0d:12:b6:84:aa:3f:de:20:c2:8d:ca:22:5d:24:72:2f:
         4d:84:b6:17:8f:1f:f1:33:c7:7c:6c:bf:81:a8:81:f3:74:0e:
         3a:8c:80:cd:42:f8:95:24:f3:30:56:c9:9e:bf:fa:e4:a2:1d:
         f1:ac:7d:59:27:20:da:cd:99:fc:e7:a8:50:7c:57:e2:87:ad:
         c5:a1:3a:04:dd:ce:ca:00:9d:7b:94:90:94:18:6e:a1:88:75:
         06:ae:d3:5c:89:90:0f:a5:1a:91:9b:39:8b:c5:73:c8:63:1b:
         2c:98:2c:cd:15:6a:b8:bf:5b:fb:a7:c4:b5:9b:9a:38:94:47:
         8c:af:a4:05:6a:d4:be:b7:cc:2a:88:b5:e1:6a:e6:ab:8c:de:
         6b:84:10:e6:63:1d:f9:9c:88:b0:52:07:b5:68:7f:f9:a2:dd:
         05:e3:32:3d:2a:1e:33:1b:dd:ac:10:b8:a5:7f:3d:13:7e:68:
         7a:82:c7:75:cd:da:77:99:69:5d:14:b0:76:b7:41:d2:75:90:
         a6:a6:ab:16:4f:ad:2e:b9:1e:b3:d1:8a:22:68:b0:48:49:f0:
         ec:99:d8:e8:08:94:b1:f7:21:6c:9e:a4:48:e6:51:f6:e1:12:
         18:9b:40:54
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzHJcMEcA6zJeq27OATJL+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODkyMjNjMWYzMzVjMGNjNTY5MzU5ZmEyZGRhMzQ5YTIy
MzZjY2IwHhcNMjQwMTAxMjIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTBlNzI0NzA0ZDQzMWY3ZDQ5ZmVlN2JmZWIwYTc2YmE3ZGZkZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgF9QvILeRfhI1WiZHTaSEikBIm7y
506s9aGuCu1OK+qE6Q7EoFlNYEnBrN2YVbVqhEkOwYjEiWruj5RL1H4IcwktoWcw
6PWGfG6Ytev+u6R4PnZvZz34xugxdaBy7wcKj1pB+kSBlKcnJRzL7ZPsky2WN/be
JrmYiKpNZHfcevijLrIXmY7Y81ujGAGwEujxEw7EDASi/UOfp3jDdDhplZ4LG84m
6gV9mxZjECNvtY0GfR+JtvpikS603FJQmQLdvhnpNosLB0ECGNBZUYBo9rEa08hd
M3r545y+aZbuSuPJs3u8vHL/0EHa0KcuClRxwaU71SX/+1B3AB8DPqK2OQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFJEOckcE1DH31J/ue/6wp2un397CMB8GA1UdIwQY
MBaAFI2JIjwfM1wMxWk1n6Ldo0miI2zLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAt
YTEwMjhlZGE2MzgzLzEva1E1eVJ3VFVNZmZVbi01N19yQ25hNmZmM3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAtYTEwMjhlZGE2Mzgz
LzEvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAC51akD
BAK51agDBADCAM8wDQQCAAIwBwMFAyoLi0AwDQYJKoZIhvcNAQELBQADggEBAHI3
MY8iai/IWr7KMJtqtCQ3zzNHDRK2hKo/3iDCjcoiXSRyL02EthePH/Ezx3xsv4Go
gfN0DjqMgM1C+JUk8zBWyZ6/+uSiHfGsfVknINrNmfznqFB8V+KHrcWhOgTdzsoA
nXuUkJQYbqGIdQau01yJkA+lGpGbOYvFc8hjGyyYLM0Vari/W/unxLWbmjiUR4yv
pAVq1L63zCqIteFq5quM3muEEOZjHfmciLBSB7Vof/mi3QXjMj0qHjMb3awQuKV/
PRN+aHqCx3XN2neZaV0UsHa3QdJ1kKamqxZPrS65HrPRiiJosEhJ8OyZ2OgIlLH3
IWyepEjmUfbhEhibQFQ=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:53:11 2024 by rpki-client on console-fra.rpki-client.org