Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/p4nzSOzSJZwkCR5OhxObKeJtff8.roa
File:                     p4nzSOzSJZwkCR5OhxObKeJtff8.roa (raw, json)
Hash identifier:          BLOHxxxFX1/szISnrb8lMWcSL99PMalV8m0zR0Ic6jY=
Subject key identifier:   A7:89:F3:48:EC:D2:25:9C:24:09:1E:4E:87:13:9B:29:E2:6D:7D:FF
Certificate issuer:       /CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
Certificate serial:       018CC5004B97BCB561809D51AA8D62E7BBF3
Authority key identifier: 0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/p4nzSOzSJZwkCR5OhxObKeJtff8.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21277
IP address blocks:        109.127.107.0/24 maxlen: 24
                          109.127.64.0/20 maxlen: 20
                          109.127.64.0/21 maxlen: 21
                          109.127.64.0/18 maxlen: 18
                          109.127.72.0/21 maxlen: 21
                          109.127.80.0/24 maxlen: 24
                          109.127.91.0/24 maxlen: 24
                          109.127.90.0/24 maxlen: 24
                          109.127.89.0/24 maxlen: 24
                          109.127.88.0/24 maxlen: 24
                          109.127.86.0/24 maxlen: 24
                          130.193.240.0/20 maxlen: 20
                          130.193.176.0/20 maxlen: 20
                          130.193.176.0/21 maxlen: 21
                          130.193.184.0/21 maxlen: 21
                          130.193.192.0/20 maxlen: 20
                          130.193.208.0/20 maxlen: 20
                          130.193.224.0/20 maxlen: 20
                          95.170.192.0/24 maxlen: 24
                          95.170.192.0/19 maxlen: 19
                          95.170.193.0/24 maxlen: 24
                          95.170.196.0/24 maxlen: 24
                          95.170.194.0/24 maxlen: 24
                          95.170.199.0/24 maxlen: 24
                          95.170.203.0/24 maxlen: 24
                          95.170.202.0/24 maxlen: 24
                          95.170.201.0/24 maxlen: 24
                          95.170.206.0/24 maxlen: 24
                          95.170.205.0/24 maxlen: 24
                          95.170.204.0/24 maxlen: 24
                          95.170.200.0/24 maxlen: 24
                          95.170.208.0/24 maxlen: 24
                          95.170.207.0/24 maxlen: 24
                          95.170.217.0/24 maxlen: 24
                          95.170.216.0/24 maxlen: 24
                          95.170.215.0/24 maxlen: 24
                          95.170.214.0/24 maxlen: 24
                          95.170.219.0/24 maxlen: 24
                          95.170.218.0/24 maxlen: 24
                          95.170.220.0/24 maxlen: 24
                          95.170.222.0/24 maxlen: 24
                          95.170.221.0/24 maxlen: 24
                          93.91.204.0/24 maxlen: 24
                          93.91.201.0/24 maxlen: 24
                          93.91.200.0/24 maxlen: 24
                          130.193.128.0/19 maxlen: 19
                          130.193.131.0/24 maxlen: 24
                          130.193.132.0/22 maxlen: 22
                          130.193.128.0/17 maxlen: 17
                          130.193.145.0/24 maxlen: 24
                          130.193.144.0/24 maxlen: 24
                          130.193.150.0/24 maxlen: 24
                          130.193.150.0/23 maxlen: 23
                          130.193.149.0/24 maxlen: 24
                          130.193.148.0/24 maxlen: 24
                          130.193.151.0/24 maxlen: 24
                          130.193.166.0/24 maxlen: 24
                          130.193.165.0/24 maxlen: 24
                          130.193.160.0/24 maxlen: 24
                          130.193.160.0/20 maxlen: 20
                          93.91.192.0/24 maxlen: 24
                          93.91.192.0/20 maxlen: 20
                          93.91.193.0/24 maxlen: 24
                          93.91.197.0/24 maxlen: 24
                          93.91.196.0/24 maxlen: 24
                          93.91.195.0/24 maxlen: 24
                          2a04:a040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4b:97:bc:b5:61:80:9d:51:aa:8d:62:e7:bb:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a789f348ecd2259c24091e4e87139b29e26d7dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:94:42:bb:b2:5c:aa:c2:9a:7d:ee:fc:36:9e:
                    55:fa:87:c5:77:1e:60:24:f6:e2:3f:9e:fd:97:5b:
                    11:81:b1:e1:e6:82:b8:c2:3d:b5:01:e9:61:84:4b:
                    97:f5:90:64:c7:17:31:3f:80:c2:0f:02:d8:89:1f:
                    7c:75:ee:f8:56:92:e2:59:56:34:53:10:ac:a6:3f:
                    31:42:44:1a:bd:99:f4:c7:8c:2d:3d:57:94:ea:51:
                    b1:01:a5:be:4d:d7:48:e8:95:e1:95:27:1f:00:88:
                    65:94:2b:79:70:bc:2a:77:a9:7a:65:83:04:b3:84:
                    2b:38:fb:21:c4:0b:cc:02:bc:98:1c:10:bd:55:be:
                    36:41:02:dd:f0:cc:9e:8c:c6:ed:6a:fe:97:a5:9e:
                    31:61:d2:e8:73:34:95:c1:78:9c:db:ef:80:b7:6b:
                    2b:b3:0a:aa:04:e3:f8:d1:3e:bb:be:0d:69:7b:3d:
                    0b:9a:09:e2:01:af:d8:67:29:7b:e7:c7:47:d0:b9:
                    d0:6d:f4:5d:25:86:ce:42:c5:88:db:95:6a:50:31:
                    e5:f2:21:57:66:6c:ac:3e:91:19:72:1f:7a:a6:84:
                    04:70:f3:6d:65:cb:43:f4:ff:2d:c5:b7:03:aa:2e:
                    3c:ec:ff:93:aa:de:5e:64:bd:aa:9d:99:c2:fc:6a:
                    6a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:89:F3:48:EC:D2:25:9C:24:09:1E:4E:87:13:9B:29:E2:6D:7D:FF
            X509v3 Authority Key Identifier:
                keyid:0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/p4nzSOzSJZwkCR5OhxObKeJtff8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.91.192.0/20
                  95.170.192.0/19
                  109.127.64.0/18
                  130.193.128.0/17
                IPv6:
                  2a04:a040::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:5f:ba:f5:de:e6:f3:aa:d9:ef:f1:8e:12:d8:ee:3f:f8:a6:
         6b:b9:29:69:f8:fe:6a:59:63:6c:aa:bc:a0:1d:4b:b3:42:5d:
         e3:cf:8b:ae:81:a9:e6:e2:f4:7e:36:1a:12:90:78:de:f4:9a:
         1a:9f:db:88:98:d3:2c:58:cc:70:b2:90:66:df:46:89:66:72:
         6b:4b:73:71:65:1e:63:c6:46:c5:13:24:75:92:74:aa:f9:2a:
         4f:be:aa:f1:2a:45:49:7c:85:87:4c:cf:f4:97:8f:cd:44:be:
         34:9a:dc:b5:92:47:76:cb:94:dd:f3:b5:a9:6c:b6:5f:55:c8:
         db:37:77:f6:7d:e6:dd:33:25:d2:3c:84:df:c5:f6:e7:78:08:
         59:3b:a8:0b:58:19:bd:ff:92:c3:68:6a:76:dc:4f:80:b7:de:
         f7:57:89:e5:f2:7c:47:0c:6b:9b:86:6a:16:30:9a:f9:f0:7b:
         fc:8d:e2:79:4a:1e:8b:c9:a2:77:14:60:fe:c3:98:74:c3:3e:
         a3:15:91:39:65:1c:1e:e3:52:7c:96:5d:79:0f:5b:b7:4f:31:
         f6:03:ac:e5:b6:11:d9:3b:62:f2:58:8f:4b:9a:8f:0e:1e:60:
         41:b8:ea:a6:a2:99:2f:5b:b9:f0:b3:34:70:d4:ef:95:dc:4c:
         ed:ce:46:0f
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzFAEuXvLVhgJ1Rqo1i57vzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMGY3YTA0ZGQ3MjQ5YTVkMTRiN2RlMDU0MmE0MTk3Mzgw
MDA2Y2MwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzg5ZjM0OGVjZDIyNTljMjQwOTFlNGU4NzEzOWIyOWUyNmQ3ZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJRCu7JcqsKafe78Np5V+ofFdx5g
JPbiP579l1sRgbHh5oK4wj21AelhhEuX9ZBkxxcxP4DCDwLYiR98de74VpLiWVY0
UxCspj8xQkQavZn0x4wtPVeU6lGxAaW+TddI6JXhlScfAIhllCt5cLwqd6l6ZYME
s4QrOPshxAvMAryYHBC9Vb42QQLd8MyejMbtav6XpZ4xYdLoczSVwXic2++At2sr
swqqBOP40T67vg1pez0LmgniAa/YZyl758dH0LnQbfRdJYbOQsWI25VqUDHl8iFX
ZmysPpEZch96poQEcPNtZctD9P8txbcDqi487P+Tqt5eZL2qnZnC/GpqCwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKeJ80js0iWcJAkeTocTmynibX3/MB8GA1UdIwQY
MBaAFAwPegTdckml0Ut94FQqQZc4AAbMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTIt
YTNjYmVmZmY3Nzc3LzEvcDRuelNPelNKWndrQ1I1T2h4T2JLZUp0ZmY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTItYTNjYmVmZmY3Nzc3
LzEvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEXVvAAwQF
X6rAAwQGbX9AAwQHgsGAMA0EAgACMAcDBQMqBKBAMA0GCSqGSIb3DQEBCwUAA4IB
AQBHX7r13ubzqtnv8Y4S2O4/+KZruSlp+P5qWWNsqrygHUuzQl3jz4uuganm4vR+
NhoSkHje9Joan9uImNMsWMxwspBm30aJZnJrS3NxZR5jxkbFEyR1knSq+SpPvqrx
KkVJfIWHTM/0l4/NRL40mty1kkd2y5Td87WpbLZfVcjbN3f2febdMyXSPITfxfbn
eAhZO6gLWBm9/5LDaGp23E+At973V4nl8nxHDGubhmoWMJr58Hv8jeJ5Sh6LyaJ3
FGD+w5h0wz6jFZE5ZRwe41J8ll15D1u3TzH2A6zlthHZO2LyWI9Lmo8OHmBBuOqm
opkvW7nwszRw1O+V3EztzkYP
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:32:21 2024 by rpki-client on console-fra.rpki-client.org