Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/aeyJfXG2JiP-yYpHChw9fhlGNnU.roa
File:                     aeyJfXG2JiP-yYpHChw9fhlGNnU.roa (raw, json)
Hash identifier:          +UBnKtO5Nh/1xhuiOU4F5toRBr6n+PwGAMzGr4Hrp4s=
Subject key identifier:   69:EC:89:7D:71:B6:26:23:FE:C9:8A:47:0A:1C:3D:7E:19:46:36:75
Certificate issuer:       /CN=84e1429a53e6463b3c74f5a3f17c5d4a51ebd0b8
Certificate serial:       018CC801155A9FD68F4AD1A43C8226980319
Authority key identifier: 84:E1:42:9A:53:E6:46:3B:3C:74:F5:A3:F1:7C:5D:4A:51:EB:D0:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/aeyJfXG2JiP-yYpHChw9fhlGNnU.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62000
IP address blocks:        45.147.98.0/24 maxlen: 24
                          45.147.96.0/23 maxlen: 24
                          45.147.99.0/24 maxlen: 24
                          193.168.144.0/24 maxlen: 24
                          193.168.145.0/24 maxlen: 24
                          193.168.147.0/24 maxlen: 24
                          193.168.146.0/24 maxlen: 24
                          45.155.168.0/22 maxlen: 24
                          45.155.168.0/24 maxlen: 24
                          185.157.245.0/24 maxlen: 24
                          185.157.244.0/24 maxlen: 24
                          185.216.24.0/24 maxlen: 24
                          185.216.25.0/24 maxlen: 24
                          185.216.27.0/24 maxlen: 24
                          185.216.26.0/24 maxlen: 24
                          2a07:abc0::/29 maxlen: 64
                          2a0b:b140::/29 maxlen: 64
                          2a09:6383::/32 maxlen: 64
                          2a09:6385::/32 maxlen: 64
                          2a09:6382::/32 maxlen: 64
                          2a09:6384::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:15:5a:9f:d6:8f:4a:d1:a4:3c:82:26:98:03:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84e1429a53e6463b3c74f5a3f17c5d4a51ebd0b8
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69ec897d71b62623fec98a470a1c3d7e19463675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:1f:c7:40:36:aa:97:d8:f3:e6:44:96:70:91:
                    8d:b7:6f:50:67:d6:ec:28:2b:51:6b:33:0a:45:6f:
                    59:3b:b5:a8:a4:f0:fe:71:b5:45:bf:4b:e2:64:6c:
                    74:75:f6:65:ef:19:14:7e:f5:fd:ea:46:db:a9:f5:
                    09:ea:ae:74:7c:47:8a:f4:95:a0:e1:b9:98:a8:a7:
                    1e:40:07:39:a0:f4:51:95:80:d4:47:77:b0:e1:7f:
                    85:d6:a7:bf:ad:4c:bc:00:63:c4:20:8e:cb:11:07:
                    91:56:55:2b:ce:d8:a0:05:0a:9b:ca:9e:4b:2d:ff:
                    bd:00:0f:93:85:b3:db:99:d2:5c:7a:cf:d1:6f:7d:
                    7a:4a:8d:d0:f0:2c:1d:bc:e2:17:24:2f:da:89:c8:
                    e9:d2:b8:cd:53:b4:3d:4c:f4:b7:1b:5a:2f:14:5c:
                    ce:74:22:a9:0b:49:8d:c7:e3:53:5d:52:0d:a7:a2:
                    d2:2f:c3:c7:73:23:81:6d:bc:f2:b2:e9:29:3c:3c:
                    7a:c1:6e:eb:b5:b1:45:8a:91:ea:ca:fa:ec:72:11:
                    24:e3:8e:38:bf:e4:0c:23:e4:ef:0b:ef:10:69:22:
                    9d:e6:76:70:e8:60:06:e2:dc:c4:47:b9:d0:0d:0f:
                    63:2f:e1:e4:fc:f5:10:2c:1e:50:1f:3f:39:ea:43:
                    c7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:EC:89:7D:71:B6:26:23:FE:C9:8A:47:0A:1C:3D:7E:19:46:36:75
            X509v3 Authority Key Identifier:
                keyid:84:E1:42:9A:53:E6:46:3B:3C:74:F5:A3:F1:7C:5D:4A:51:EB:D0:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/aeyJfXG2JiP-yYpHChw9fhlGNnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.96.0/22
                  45.155.168.0/22
                  185.157.244.0/23
                  185.216.24.0/22
                  193.168.144.0/22
                IPv6:
                  2a07:abc0::/29
                  2a09:6382::-2a09:6385:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0b:b140::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:85:8c:b7:5f:b9:b5:56:47:b0:5a:1b:91:6d:94:34:b6:7d:
         ad:8a:e2:15:86:95:a3:87:b7:a7:f1:d4:93:bb:d3:75:44:5d:
         d4:4e:93:d1:35:e8:91:df:9d:af:29:f9:88:5e:bb:50:ad:e7:
         16:8d:d9:a1:07:3c:ff:96:f3:f7:49:05:cd:87:9c:3b:41:c8:
         90:f5:00:b6:2c:80:30:d6:4b:7a:6c:40:79:43:87:3b:95:63:
         31:94:b8:30:20:b2:45:90:b5:e2:3a:a5:37:48:12:83:61:48:
         a0:7c:35:85:9b:47:06:b6:71:34:60:1b:e3:d6:2c:bc:ce:16:
         e6:be:85:75:94:e3:0d:3c:53:6e:3e:8d:52:4e:b3:39:91:99:
         45:98:e8:e1:05:f6:9f:fb:6e:18:ab:e3:61:80:4b:6c:66:58:
         79:fa:0d:25:03:de:ef:42:ea:9b:11:87:f2:0a:1f:32:4b:cf:
         b3:00:a4:f1:9a:04:ec:26:d9:52:1e:c6:0b:ab:d6:bf:3f:ff:
         84:87:95:fc:aa:9e:28:3f:06:75:78:2e:e4:f7:bc:2a:0c:3f:
         8c:da:66:28:a7:8a:67:12:a5:5f:aa:d3:38:f2:88:6e:15:d4:
         bc:68:67:d7:48:e8:02:50:6b:1d:17:b2:44:2d:16:18:1a:3e:
         6a:28:70:97
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYzIARVan9aPStGkPIImmAMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZTE0MjlhNTNlNjQ2M2IzYzc0ZjVhM2YxN2M1ZDRhNTFl
YmQwYjgwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWVjODk3ZDcxYjYyNjIzZmVjOThhNDcwYTFjM2Q3ZTE5NDYzNjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1h/HQDaql9jz5kSWcJGNt29QZ9bs
KCtRazMKRW9ZO7WopPD+cbVFv0viZGx0dfZl7xkUfvX96kbbqfUJ6q50fEeK9JWg
4bmYqKceQAc5oPRRlYDUR3ew4X+F1qe/rUy8AGPEII7LEQeRVlUrztigBQqbyp5L
Lf+9AA+ThbPbmdJces/Rb316So3Q8CwdvOIXJC/aicjp0rjNU7Q9TPS3G1ovFFzO
dCKpC0mNx+NTXVINp6LSL8PHcyOBbbzysukpPDx6wW7rtbFFipHqyvrschEk4444
v+QMI+TvC+8QaSKd5nZw6GAG4tzER7nQDQ9jL+Hk/PUQLB5QHz856kPHWQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGnsiX1xtiYj/smKRwocPX4ZRjZ1MB8GA1UdIwQY
MBaAFIThQppT5kY7PHT1o/F8XUpR69C4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE9GQ21sUG1SanM4ZFBXajhYeGRTbEhyMExnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83MmRiZGYtYzcxZC00ZTU5LTgwNzYt
YzQxZGNjYThiNzc1LzEvYWV5SmZYRzJKaVAteVlwSENodzlmaGxHTm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83MmRiZGYtYzcxZC00ZTU5LTgwNzYtYzQxZGNjYThiNzc1
LzEvaE9GQ21sUG1SanM4ZFBXajhYeGRTbEhyMExnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAkBAIAATAeAwQCLZNgAwQC
LZuoAwQBuZ30AwQCudgYAwQCwaiQMCQEAgACMB4DBQMqB6vAMA4DBQEqCWOCAwUB
KgljhAMFAyoLsUAwDQYJKoZIhvcNAQELBQADggEBADaFjLdfubVWR7BaG5FtlDS2
fa2K4hWGlaOHt6fx1JO703VEXdROk9E16JHfna8p+Yheu1Ct5xaN2aEHPP+W8/dJ
Bc2HnDtByJD1ALYsgDDWS3psQHlDhzuVYzGUuDAgskWQteI6pTdIEoNhSKB8NYWb
Rwa2cTRgG+PWLLzOFua+hXWU4w08U24+jVJOszmRmUWY6OEF9p/7bhir42GAS2xm
WHn6DSUD3u9C6psRh/IKHzJLz7MApPGaBOwm2VIexgur1r8//4SHlfyqnig/BnV4
LuT3vCoMP4zaZiinimcSpV+q0zjyiG4V1LxoZ9dI6AJQax0XskQtFhgaPmoocJc=
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:23 2024 by rpki-client on console-ams.rpki-client.org