Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/4H_0LDcB0uqiWR96COsCXUzjlmc.roa
File:                     4H_0LDcB0uqiWR96COsCXUzjlmc.roa (raw, json)
Hash identifier:          99ELlRZ8r0KzcCajERUtuHFA2JgDcldtUIOtMi9qSgQ=
Subject key identifier:   E0:7F:F4:2C:37:01:D2:EA:A2:59:1F:7A:08:EB:02:5D:4C:E3:96:67
Certificate issuer:       /CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Certificate serial:       018CC6B9106BFD3488EAD46FD3B1B3664FA6
Authority key identifier: 1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/4H_0LDcB0uqiWR96COsCXUzjlmc.roa
Signing time:             Mon 01 Jan 2024 20:31:06 +0000
ROA not before:           Mon 01 Jan 2024 20:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133499
IP address blocks:        77.95.116.0/22 maxlen: 32
                          89.44.245.0/24 maxlen: 32
                          89.34.7.0/24 maxlen: 32
                          94.177.52.0/22 maxlen: 32
                          185.221.221.0/24 maxlen: 32
                          94.176.216.0/22 maxlen: 32
                          78.138.30.0/24 maxlen: 32
                          185.243.108.0/22 maxlen: 32
                          185.223.58.0/23 maxlen: 32
                          103.204.212.0/22 maxlen: 32
                          94.176.163.0/24 maxlen: 32
                          89.44.115.0/24 maxlen: 32
                          188.241.146.0/24 maxlen: 32
                          78.138.16.0/24 maxlen: 32
                          89.41.62.0/24 maxlen: 32
                          188.214.93.0/24 maxlen: 32
                          89.32.129.0/24 maxlen: 32
                          31.14.219.0/24 maxlen: 32
                          185.225.104.0/22 maxlen: 32
                          31.14.236.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:10:6b:fd:34:88:ea:d4:6f:d3:b1:b3:66:4f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
        Validity
            Not Before: Jan  1 20:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e07ff42c3701d2eaa2591f7a08eb025d4ce39667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ea:ac:9c:60:69:66:cf:4a:ad:2e:d4:b2:47:
                    e3:3f:f9:e5:d5:09:ea:43:d0:d6:1f:35:c3:12:6a:
                    50:d7:a5:86:4f:ac:27:ac:06:0f:75:a9:3b:37:95:
                    5b:d5:54:eb:a7:84:6c:7b:bf:c8:29:61:b0:dc:e6:
                    27:07:c4:3d:fb:d3:4b:3f:95:a9:f8:99:89:51:71:
                    10:06:08:d9:e8:81:bc:0b:51:89:7f:19:53:17:15:
                    3d:4d:fd:3d:7f:17:ee:cc:25:3b:0d:3c:fc:c6:33:
                    15:e2:ff:f9:84:1e:67:d0:f2:fb:8c:c5:52:ba:93:
                    69:95:69:1b:89:6c:a9:37:5a:3e:36:4e:ac:69:af:
                    d2:ae:bd:22:e6:12:95:5a:de:a4:67:83:71:2a:4d:
                    8a:5b:a3:0a:d1:44:3d:1a:24:79:fe:89:69:89:be:
                    39:7e:d0:36:f7:68:71:bc:fa:85:9d:47:9a:a6:b9:
                    71:5e:ac:39:e4:c1:73:0a:bb:e8:45:52:ed:85:34:
                    71:02:4a:d2:18:89:54:b1:d1:ca:69:7a:fe:2e:a1:
                    21:7e:b2:5b:cc:20:7f:df:21:87:09:1c:c3:0d:53:
                    56:50:a0:7c:cb:3c:cc:02:86:26:03:fd:23:0f:6c:
                    f1:8c:aa:0c:10:e7:27:59:39:00:75:92:60:b4:20:
                    8d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:7F:F4:2C:37:01:D2:EA:A2:59:1F:7A:08:EB:02:5D:4C:E3:96:67
            X509v3 Authority Key Identifier:
                keyid:1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/4H_0LDcB0uqiWR96COsCXUzjlmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.219.0/24
                  31.14.236.0/23
                  77.95.116.0/22
                  78.138.16.0/24
                  78.138.30.0/24
                  89.32.129.0/24
                  89.34.7.0/24
                  89.41.62.0/24
                  89.44.115.0/24
                  89.44.245.0/24
                  94.176.163.0/24
                  94.176.216.0/22
                  94.177.52.0/22
                  103.204.212.0/22
                  185.221.221.0/24
                  185.223.58.0/23
                  185.225.104.0/22
                  185.243.108.0/22
                  188.214.93.0/24
                  188.241.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ce:0f:cf:28:42:ff:40:ac:26:b7:e7:23:10:eb:4c:bc:66:
         37:03:bf:83:5e:60:76:94:0b:b5:03:f0:67:f5:83:54:54:f9:
         91:c9:f3:68:bc:9a:ba:9d:f5:d8:6c:e7:6c:e8:87:9c:81:34:
         9e:06:3e:e9:73:3d:88:ca:aa:08:b4:f6:9b:ea:0c:be:19:70:
         08:a1:c1:64:48:db:37:12:52:c3:fe:58:af:c2:21:4c:53:95:
         62:43:80:ad:7b:1c:42:6e:5b:83:37:5e:e7:bc:77:2b:57:99:
         dc:e2:32:c0:19:e5:79:a5:1e:c2:0c:51:f9:3c:08:ac:b7:68:
         c2:cc:59:ed:d2:d7:65:1b:15:e6:7b:af:02:00:29:06:f7:68:
         fb:74:05:6d:4f:16:28:6e:36:9a:aa:fb:97:df:84:f1:f1:14:
         88:55:51:39:30:09:ec:aa:0c:40:5d:a1:a8:f0:92:d6:3b:bb:
         65:cd:df:bc:0f:64:76:97:9a:7e:ef:97:42:55:51:48:ff:0a:
         98:e7:0d:75:84:ff:b9:3b:c1:25:37:12:d1:3b:1f:49:64:a9:
         ed:3e:3c:78:10:8f:97:c4:53:d7:d7:6f:a5:cb:61:51:b9:16:
         6d:49:f7:18:fb:8f:84:b9:0a:bf:c2:c3:81:6c:52:b4:05:d5:
         80:9f:6e:09
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYzGuRBr/TSI6tRv07GzZk+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYTUxYTBiYzBmMGFmZWJiZjZkNWQ5MjdmZTFmOTgxNmY1
MjM1MmQwHhcNMjQwMTAxMjAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDdmZjQyYzM3MDFkMmVhYTI1OTFmN2EwOGViMDI1ZDRjZTM5NjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuqsnGBpZs9KrS7UskfjP/nl1Qnq
Q9DWHzXDEmpQ16WGT6wnrAYPdak7N5Vb1VTrp4Rse7/IKWGw3OYnB8Q9+9NLP5Wp
+JmJUXEQBgjZ6IG8C1GJfxlTFxU9Tf09fxfuzCU7DTz8xjMV4v/5hB5n0PL7jMVS
upNplWkbiWypN1o+Nk6saa/Srr0i5hKVWt6kZ4NxKk2KW6MK0UQ9GiR5/olpib45
ftA292hxvPqFnUeaprlxXqw55MFzCrvoRVLthTRxAkrSGIlUsdHKaXr+LqEhfrJb
zCB/3yGHCRzDDVNWUKB8yzzMAoYmA/0jD2zxjKoMEOcnWTkAdZJgtCCNIQIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFOB/9Cw3AdLqolkfegjrAl1M45ZnMB8GA1UdIwQY
MBaAFBulGgvA8K/rv21dkn/h+YFvUjUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQt
ODcxZjllZDcwOGUwLzEvNEhfMExEY0IwdXFpV1I5NkNPc0NYVXpqbG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQtODcxZjllZDcwOGUw
LzEvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDB+BAIAATB4AwQAHw7b
AwQBHw7sAwQCTV90AwQATooQAwQATooeAwQAWSCBAwQAWSIHAwQAWSk+AwQAWSxz
AwQAWSz1AwQAXrCjAwQCXrDYAwQCXrE0AwQCZ8zUAwQAud3dAwQBud86AwQCueFo
AwQCufNsAwQAvNZdAwQAvPGSMA0GCSqGSIb3DQEBCwUAA4IBAQBczg/PKEL/QKwm
t+cjEOtMvGY3A7+DXmB2lAu1A/Bn9YNUVPmRyfNovJq6nfXYbOds6IecgTSeBj7p
cz2IyqoItPab6gy+GXAIocFkSNs3ElLD/livwiFMU5ViQ4CtexxCbluDN17nvHcr
V5nc4jLAGeV5pR7CDFH5PAist2jCzFnt0tdlGxXme68CACkG92j7dAVtTxYobjaa
qvuX34Tx8RSIVVE5MAnsqgxAXaGo8JLWO7tlzd+8D2R2l5p+75dCVVFI/wqY5w11
hP+5O8ElNxLROx9JZKntPjx4EI+XxFPX12+ly2FRuRZtSfcY+4+EuQq/wsOBbFK0
BdWAn24J
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:22:40 2024 by rpki-client on console-fra.rpki-client.org