Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/7Rytr_jA6cU8NQ1dBRqi099mGgg.roa
File:                     7Rytr_jA6cU8NQ1dBRqi099mGgg.roa (raw, json)
Hash identifier:          +i6RfAOwXJUCM1W2tdkE7Nw2r4b/ymgZfsAZ9ZTXHAE=
Subject key identifier:   ED:1C:AD:AF:F8:C0:E9:C5:3C:35:0D:5D:05:1A:A2:D3:DF:66:1A:08
Certificate issuer:       /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial:       018CC424709631E16EFF51A2C2E350B87B8B
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/7Rytr_jA6cU8NQ1dBRqi099mGgg.roa
Signing time:             Mon 01 Jan 2024 08:29:31 +0000
ROA not before:           Mon 01 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199883
IP address blocks:        89.36.220.0/22 maxlen: 24
                          89.38.144.0/22 maxlen: 24
                          94.177.252.0/22 maxlen: 24
                          94.177.248.0/22 maxlen: 24
                          185.58.224.0/22 maxlen: 24
                          217.61.16.0/21 maxlen: 24
                          89.40.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:70:96:31:e1:6e:ff:51:a2:c2:e3:50:b8:7b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
        Validity
            Not Before: Jan  1 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed1cadaff8c0e9c53c350d5d051aa2d3df661a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:18:35:e5:91:bb:65:c2:1f:69:82:0e:ad:96:
                    1e:cf:c2:03:28:a9:40:8f:70:b1:de:15:e4:01:b6:
                    61:bd:12:78:84:fa:aa:0e:28:96:ef:67:4e:be:93:
                    55:be:84:04:d0:ab:f0:37:ac:6d:e3:79:bf:81:f0:
                    6f:80:a4:60:3b:8b:b9:37:45:91:e9:4f:bd:94:7b:
                    a5:69:2b:e7:ae:69:1b:ec:74:18:11:8b:c8:8a:5c:
                    d9:c9:95:c6:de:78:6f:b0:53:62:99:ac:d6:25:f0:
                    be:d6:b0:ed:aa:92:97:93:51:9f:d9:4c:97:aa:b9:
                    0c:ff:e0:eb:1f:de:34:27:df:6f:a5:28:42:ac:ca:
                    f2:f4:03:97:c9:83:dd:c8:0d:a3:00:f4:b3:e9:a2:
                    67:a3:a0:f4:28:4e:85:9a:90:0d:80:32:09:6a:cc:
                    0e:4c:33:e8:a0:df:14:a5:75:cd:0c:5f:f6:3d:0b:
                    eb:bd:b8:a5:83:27:3a:d9:76:aa:7f:80:45:6d:03:
                    ef:39:e6:24:b8:90:c1:a4:2b:cb:c4:d7:54:05:03:
                    77:f0:53:43:f9:b3:10:8f:b3:25:73:b9:b8:20:c3:
                    c7:da:94:6c:85:3f:c7:44:e2:42:cc:79:dc:db:a6:
                    04:52:33:7f:94:af:02:bc:e7:f8:82:83:6b:6f:83:
                    20:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:1C:AD:AF:F8:C0:E9:C5:3C:35:0D:5D:05:1A:A2:D3:DF:66:1A:08
            X509v3 Authority Key Identifier:
                keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/7Rytr_jA6cU8NQ1dBRqi099mGgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.220.0/22
                  89.38.144.0/22
                  89.40.120.0/22
                  94.177.248.0/21
                  185.58.224.0/22
                  217.61.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7d:c8:5d:cd:53:bc:38:71:1f:f0:3c:2d:49:17:4b:06:d5:65:
         b4:14:96:0f:f7:5f:fb:88:c0:eb:87:61:bf:57:a1:22:10:33:
         a6:33:fd:7e:30:d8:ea:12:32:c3:99:77:8e:3f:c2:85:cd:85:
         56:62:eb:0e:e5:68:db:39:a9:e7:2a:28:77:8f:74:8f:50:e6:
         ef:36:af:40:27:cb:ab:36:8a:99:49:4f:37:2f:f4:0d:77:70:
         18:12:d8:30:2d:50:22:00:17:65:c3:6d:23:f5:05:54:30:db:
         34:9b:56:ee:cf:be:70:9b:05:91:d6:20:48:55:93:c1:72:1a:
         a7:2a:94:f5:b6:6c:1c:11:d5:8b:f6:74:93:d9:e5:7d:47:b5:
         a7:8a:e2:9f:c1:02:8f:78:34:e9:3e:ae:55:cb:5a:63:33:0d:
         bf:24:8b:8e:5d:93:58:81:61:b0:3a:ed:b4:ff:7b:92:73:c9:
         14:16:c8:ef:c9:71:5b:ef:14:b9:72:a8:86:dc:23:74:b2:81:
         64:76:de:34:9e:f7:16:3e:48:59:12:a1:e0:90:97:95:d6:cc:
         60:d1:55:39:38:90:d1:c3:88:f0:f2:7c:6f:eb:8e:71:26:3c:
         ee:ee:aa:fd:cd:7d:58:3c:ff:ff:29:93:f1:db:54:09:14:16:
         dd:00:ea:4d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzEJHCWMeFu/1GiwuNQuHuLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDFjYWRhZmY4YzBlOWM1M2MzNTBkNWQwNTFhYTJkM2RmNjYxYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxg15ZG7ZcIfaYIOrZYez8IDKKlA
j3Cx3hXkAbZhvRJ4hPqqDiiW72dOvpNVvoQE0KvwN6xt43m/gfBvgKRgO4u5N0WR
6U+9lHulaSvnrmkb7HQYEYvIilzZyZXG3nhvsFNimazWJfC+1rDtqpKXk1Gf2UyX
qrkM/+DrH940J99vpShCrMry9AOXyYPdyA2jAPSz6aJno6D0KE6FmpANgDIJaswO
TDPooN8UpXXNDF/2PQvrvbilgyc62Xaqf4BFbQPvOeYkuJDBpCvLxNdUBQN38FND
+bMQj7Mlc7m4IMPH2pRshT/HROJCzHnc26YEUjN/lK8CvOf4goNrb4MgIwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFO0cra/4wOnFPDUNXQUaotPfZhoIMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvN1J5dHJfakE2Y1U4TlExZEJScWkwOTltR2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCWSTcAwQC
WSaQAwQCWSh4AwQDXrH4AwQCuTrgAwQD2T0QMA0GCSqGSIb3DQEBCwUAA4IBAQB9
yF3NU7w4cR/wPC1JF0sG1WW0FJYP91/7iMDrh2G/V6EiEDOmM/1+MNjqEjLDmXeO
P8KFzYVWYusO5WjbOannKih3j3SPUObvNq9AJ8urNoqZSU83L/QNd3AYEtgwLVAi
ABdlw20j9QVUMNs0m1buz75wmwWR1iBIVZPBchqnKpT1tmwcEdWL9nST2eV9R7Wn
iuKfwQKPeDTpPq5Vy1pjMw2/JIuOXZNYgWGwOu20/3uSc8kUFsjvyXFb7xS5cqiG
3CN0soFkdt40nvcWPkhZEqHgkJeV1sxg0VU5OJDRw4jw8nxv645xJjzu7qr9zX1Y
PP//KZPx21QJFBbdAOpN
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:13:26 2024 by rpki-client on console-fra.rpki-client.org