Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/vXuZX5DXJXIRQJ0VJYMLbjr3vd8.roa
File:                     vXuZX5DXJXIRQJ0VJYMLbjr3vd8.roa (raw, json)
Hash identifier:          kbaOwiTJT+gxwJLuS0bGQANywJNgFVGEnGDFcw6OJzQ=
Subject key identifier:   BD:7B:99:5F:90:D7:25:72:11:40:9D:15:25:83:0B:6E:3A:F7:BD:DF
Certificate issuer:       /CN=19f1a9dd126f37237ce200fb8616ff937bca966c
Certificate serial:       018CC5007F23178DC426AF8CFB792312BF13
Authority key identifier: 19:F1:A9:DD:12:6F:37:23:7C:E2:00:FB:86:16:FF:93:7B:CA:96:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GfGp3RJvNyN84gD7hhb_k3vKlmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/vXuZX5DXJXIRQJ0VJYMLbjr3vd8.roa
Signing time:             Mon 01 Jan 2024 12:29:53 +0000
ROA not before:           Mon 01 Jan 2024 12:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49467
IP address blocks:        85.95.224.0/24 maxlen: 24
                          85.95.225.0/24 maxlen: 24
                          85.95.226.0/24 maxlen: 24
                          85.95.227.0/24 maxlen: 24
                          85.95.230.0/24 maxlen: 24
                          85.95.231.0/24 maxlen: 24
                          85.95.228.0/24 maxlen: 24
                          85.95.229.0/24 maxlen: 24
                          85.95.232.0/24 maxlen: 24
                          85.95.233.0/24 maxlen: 24
                          85.95.234.0/24 maxlen: 24
                          85.95.235.0/24 maxlen: 24
                          85.95.236.0/24 maxlen: 24
                          85.95.245.0/24 maxlen: 24
                          85.95.246.0/24 maxlen: 24
                          85.95.251.0/24 maxlen: 24
                          85.95.252.0/24 maxlen: 24
                          85.95.249.0/24 maxlen: 24
                          85.95.250.0/24 maxlen: 24
                          85.95.253.0/24 maxlen: 24
                          85.95.248.0/24 maxlen: 24
                          85.95.247.0/24 maxlen: 24
                          85.95.254.0/24 maxlen: 24
                          92.42.32.0/24 maxlen: 24
                          92.42.33.0/24 maxlen: 24
                          92.42.36.0/24 maxlen: 24
                          92.42.37.0/24 maxlen: 24
                          92.42.34.0/24 maxlen: 24
                          92.42.35.0/24 maxlen: 24
                          92.42.38.0/24 maxlen: 24
                          92.42.39.0/24 maxlen: 24
                          37.152.72.0/24 maxlen: 24
                          37.152.75.0/24 maxlen: 24
                          37.152.76.0/24 maxlen: 24
                          37.152.73.0/24 maxlen: 24
                          37.152.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/GfGp3RJvNyN84gD7hhb_k3vKlmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/GfGp3RJvNyN84gD7hhb_k3vKlmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GfGp3RJvNyN84gD7hhb_k3vKlmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:7f:23:17:8d:c4:26:af:8c:fb:79:23:12:bf:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19f1a9dd126f37237ce200fb8616ff937bca966c
        Validity
            Not Before: Jan  1 12:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd7b995f90d7257211409d1525830b6e3af7bddf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:bc:90:13:b2:23:74:8a:e2:01:f0:71:84:bd:
                    88:c4:6e:9c:a2:f0:43:6d:35:7f:08:79:fc:5a:77:
                    ce:5e:66:8c:af:cd:43:25:8a:a8:b4:8e:a1:dd:d1:
                    9f:e4:29:2e:38:33:44:b1:e6:04:3f:95:a7:ac:b5:
                    c2:0f:74:17:f0:d0:5c:0d:02:55:20:cf:5f:4b:26:
                    0d:f7:7b:bf:c7:e6:5a:6a:e1:0b:8d:1e:56:c9:e6:
                    71:9c:18:76:6b:24:3f:10:e0:38:e9:fc:a2:de:0f:
                    94:2c:cc:43:e8:35:45:00:68:a9:14:fb:ed:73:b2:
                    3c:47:38:bd:fe:cb:c5:d7:70:42:7e:0a:f5:9a:36:
                    09:49:3f:61:8e:ff:49:2f:a3:63:75:17:24:13:53:
                    6e:d3:5d:56:01:81:79:b8:e6:f6:a5:62:10:6d:d0:
                    ee:98:16:f4:de:29:a2:88:e3:3d:4b:8a:be:c1:13:
                    64:a0:33:1b:20:93:98:79:3d:6f:6b:cb:7d:9b:98:
                    c6:4d:cf:23:8d:99:76:f9:1a:c8:9f:c1:6e:84:20:
                    93:87:4a:6d:4d:2d:41:a8:58:bc:b4:c3:32:83:5c:
                    61:2d:14:a3:0f:27:70:c8:f7:fb:6e:34:60:2e:6c:
                    04:67:9b:e1:a9:3b:a4:6c:a9:60:0c:f4:07:8f:1d:
                    0d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:7B:99:5F:90:D7:25:72:11:40:9D:15:25:83:0B:6E:3A:F7:BD:DF
            X509v3 Authority Key Identifier:
                keyid:19:F1:A9:DD:12:6F:37:23:7C:E2:00:FB:86:16:FF:93:7B:CA:96:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GfGp3RJvNyN84gD7hhb_k3vKlmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/vXuZX5DXJXIRQJ0VJYMLbjr3vd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a63d-1730-4d88-ab38-3fd30988f677/1/GfGp3RJvNyN84gD7hhb_k3vKlmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.152.72.0-37.152.76.255
                  85.95.224.0-85.95.236.255
                  85.95.245.0-85.95.254.255
                  92.42.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         71:43:4f:62:c8:80:05:bd:a6:63:a8:e7:98:94:5a:5e:68:50:
         e0:72:fe:02:83:0e:c4:5e:e4:86:0c:93:1f:ab:fb:46:40:20:
         50:6c:f8:53:74:bd:22:13:ac:fc:bf:bb:dc:c7:11:c5:43:26:
         4a:d4:1c:0b:d5:91:18:cf:a8:b2:51:30:7d:18:b9:36:f7:48:
         a0:0f:41:8f:01:0c:81:fc:89:36:ff:ee:84:31:d6:99:19:68:
         f9:e1:12:0d:e3:68:bc:85:18:a7:ce:e8:11:9b:5d:e5:e0:41:
         ef:67:e7:17:83:a8:25:43:75:f7:8c:a9:6c:44:90:de:60:0b:
         9c:d9:ad:f8:39:09:38:7b:17:d1:e6:0f:2d:cc:4f:de:3b:28:
         90:fa:43:a4:f9:3c:ad:e1:76:aa:b9:68:92:ab:8f:f4:4c:e0:
         d9:f1:eb:0f:16:94:1f:76:ac:e2:6a:6f:44:7b:83:49:d1:76:
         1f:99:f3:58:b4:5b:32:32:b8:6e:40:1c:08:4a:b2:40:ff:8c:
         5f:e9:85:a2:08:46:7d:71:9c:cb:91:77:60:c3:58:dc:bd:0c:
         25:14:5c:e1:5a:05:7a:19:58:27:8a:05:6b:2e:b6:13:ac:9e:
         e0:61:b7:8d:36:df:92:ca:a2:b3:00:e5:8a:fd:0a:af:fe:f4:
         a6:0f:93:b5
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzFAH8jF43EJq+M+3kjEr8TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZjFhOWRkMTI2ZjM3MjM3Y2UyMDBmYjg2MTZmZjkzN2Jj
YTk2NmMwHhcNMjQwMTAxMTIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDdiOTk1ZjkwZDcyNTcyMTE0MDlkMTUyNTgzMGI2ZTNhZjdiZGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17yQE7IjdIriAfBxhL2IxG6covBD
bTV/CHn8WnfOXmaMr81DJYqotI6h3dGf5CkuODNEseYEP5WnrLXCD3QX8NBcDQJV
IM9fSyYN93u/x+ZaauELjR5WyeZxnBh2ayQ/EOA46fyi3g+ULMxD6DVFAGipFPvt
c7I8Rzi9/svF13BCfgr1mjYJST9hjv9JL6NjdRckE1Nu011WAYF5uOb2pWIQbdDu
mBb03imiiOM9S4q+wRNkoDMbIJOYeT1va8t9m5jGTc8jjZl2+RrIn8FuhCCTh0pt
TS1BqFi8tMMyg1xhLRSjDydwyPf7bjRgLmwEZ5vhqTukbKlgDPQHjx0NWQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFL17mV+Q1yVyEUCdFSWDC246973fMB8GA1UdIwQY
MBaAFBnxqd0SbzcjfOIA+4YW/5N7ypZsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2ZHcDNSSnZOeU44NGdEN2hoYl9rM3ZLbG13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE2M2QtMTczMC00ZDg4LWFiMzgt
M2ZkMzA5ODhmNjc3LzEvdlh1Wlg1RFhKWElSUUowVkpZTUxianIzdmQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE2M2QtMTczMC00ZDg4LWFiMzgtM2ZkMzA5ODhmNjc3
LzEvR2ZHcDNSSnZOeU44NGdEN2hoYl9rM3ZLbG13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwMAwDBAMlmEgD
BAAlmEwwDAMEBVVf4AMEAFVf7DAMAwQAVV/1AwQAVV/+AwQDXCogMA0GCSqGSIb3
DQEBCwUAA4IBAQBxQ09iyIAFvaZjqOeYlFpeaFDgcv4Cgw7EXuSGDJMfq/tGQCBQ
bPhTdL0iE6z8v7vcxxHFQyZK1BwL1ZEYz6iyUTB9GLk290igD0GPAQyB/Ik2/+6E
MdaZGWj54RIN42i8hRinzugRm13l4EHvZ+cXg6glQ3X3jKlsRJDeYAuc2a34OQk4
exfR5g8tzE/eOyiQ+kOk+Tyt4XaquWiSq4/0TODZ8esPFpQfdqziam9Ee4NJ0XYf
mfNYtFsyMrhuQBwISrJA/4xf6YWiCEZ9cZzLkXdgw1jcvQwlFFzhWgV6GVgnigVr
LrYTrJ7gYbeNNt+SyqKzAOWK/Qqv/vSmD5O1
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:53:17 2024 by rpki-client on console-fra.rpki-client.org