Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/H9ZXoMVAJnojFpLIoL7ciItSDaY.roa
File:                     H9ZXoMVAJnojFpLIoL7ciItSDaY.roa (raw, json)
Hash identifier:          t1aNXa3M/bJz8kDsyYprUTd/nGqjEo/sjKLaPBZopMA=
Subject key identifier:   1F:D6:57:A0:C5:40:26:7A:23:16:92:C8:A0:BE:DC:88:8B:52:0D:A6
Certificate issuer:       /CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
Certificate serial:       018F45EA095591E57BDCC8631B4F6905CF33
Authority key identifier: 32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/H9ZXoMVAJnojFpLIoL7ciItSDaY.roa
Signing time:             Sat 04 May 2024 23:21:56 +0000
ROA not before:           Sat 04 May 2024 23:21:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210025
IP address blocks:        88.218.204.0/24 maxlen: 24
                          88.218.207.0/24 maxlen: 24
                          2a09:b280::/48 maxlen: 48
                          2a09:b280:1000::/48 maxlen: 48
                          2a09:b280:1010::/48 maxlen: 48
                          2a09:b280:1020::/48 maxlen: 48
                          2a09:b280:1030::/48 maxlen: 48
                          2a09:b280:1100::/47 maxlen: 47
                          2a09:b280:ccc0::/48 maxlen: 48
                          2a09:b280:ccc1::/48 maxlen: 48
                          2a09:b280:cccc::/48 maxlen: 48
                          2a09:b280:ffb0::/48 maxlen: 48
                          2a09:b280:ffb1::/48 maxlen: 48
                          2a09:b280:ffb2::/48 maxlen: 48
                          2a09:b280:ffb5::/48 maxlen: 48
                          2a09:b280:ffb7::/48 maxlen: 48
                          2a09:b280:ffb8::/48 maxlen: 48
                          2a09:b280:ffb9::/48 maxlen: 48
                          2a09:b280:ffba::/48 maxlen: 48
                          2a09:b280:ffbb::/48 maxlen: 48
                          2a09:b280:ffbc::/48 maxlen: 48
                          2a09:b280:ffbd::/48 maxlen: 48
                          2a09:b280:ffbe::/48 maxlen: 48
                          2a09:b280:ffbf::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:45:ea:09:55:91:e5:7b:dc:c8:63:1b:4f:69:05:cf:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32508fb781ca6dbd8221f2c2f954a3a7446b2b42
        Validity
            Not Before: May  4 23:21:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fd657a0c540267a231692c8a0bedc888b520da6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:fb:7a:a5:0a:03:f1:97:a3:f3:b3:e5:a7:1d:
                    51:35:a4:93:54:51:56:14:bb:23:93:b0:63:10:69:
                    75:5c:f3:7e:1f:5f:2e:ea:65:5e:9d:ea:a6:67:48:
                    5e:db:1b:19:08:58:e8:27:ba:d6:dc:be:65:3d:ca:
                    b1:79:ff:1b:7d:56:bc:87:f7:01:e2:d4:fd:3a:0c:
                    3c:ed:09:09:51:80:09:19:ca:98:3c:0a:07:8f:45:
                    a2:2a:50:84:9e:7a:3e:c2:27:b7:5e:e6:de:32:07:
                    99:76:a1:b4:93:cb:fb:6a:a4:6d:29:e4:6a:b3:f8:
                    04:7b:b6:f1:3b:2f:bf:4b:86:6a:0e:96:dd:be:b1:
                    e1:fd:dc:3d:6d:35:23:fb:89:53:d1:57:52:35:6a:
                    b6:d0:39:e7:18:4d:7c:09:8d:02:1f:7b:f8:72:99:
                    93:72:05:94:65:91:cb:c3:6a:79:04:16:d0:8a:31:
                    2a:ec:50:09:10:05:8f:9c:e1:57:b5:0c:3b:30:de:
                    56:f7:ab:0e:fa:2d:aa:c5:65:50:cb:8d:36:7a:d2:
                    25:e6:ee:e2:78:e7:6e:87:7f:c1:04:93:80:35:a7:
                    5d:3e:42:2b:da:d0:18:d3:a2:98:8b:cb:1d:7a:60:
                    2b:ba:82:d1:ff:31:c0:b0:44:97:9e:b1:ba:0a:a0:
                    c0:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D6:57:A0:C5:40:26:7A:23:16:92:C8:A0:BE:DC:88:8B:52:0D:A6
            X509v3 Authority Key Identifier:
                keyid:32:50:8F:B7:81:CA:6D:BD:82:21:F2:C2:F9:54:A3:A7:44:6B:2B:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlCPt4HKbb2CIfLC-VSjp0RrK0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/H9ZXoMVAJnojFpLIoL7ciItSDaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6c203d-6221-460a-af49-c12218765154/1/MlCPt4HKbb2CIfLC-VSjp0RrK0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.204.0/24
                  88.218.207.0/24
                IPv6:
                  2a09:b280::/48
                  2a09:b280:1000::/48
                  2a09:b280:1010::/48
                  2a09:b280:1020::/48
                  2a09:b280:1030::/48
                  2a09:b280:1100::/47
                  2a09:b280:ccc0::/47
                  2a09:b280:cccc::/48
                  2a09:b280:ffb0::-2a09:b280:ffb2:ffff:ffff:ffff:ffff:ffff
                  2a09:b280:ffb5::/48
                  2a09:b280:ffb7::-2a09:b280:ffbf:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         76:70:76:41:89:45:cc:f4:fe:05:98:14:22:93:61:cb:ef:4e:
         73:07:df:30:30:ff:a9:83:57:31:1c:21:ae:6b:dd:01:2b:5e:
         39:9b:3f:03:95:00:b7:49:6b:b2:f2:91:2d:8d:87:f0:56:91:
         7a:ac:c3:9e:56:4d:79:9f:f9:e7:4c:db:f2:d4:df:e2:28:e3:
         28:2e:ba:61:55:43:e5:d0:6c:43:19:ec:84:0d:66:c9:c4:26:
         15:ef:cf:ec:7a:7d:04:cd:94:08:08:de:cb:4a:ad:a3:80:c0:
         94:79:d5:db:5a:f5:ba:ad:80:35:96:97:a8:13:93:7d:d5:31:
         05:a1:cf:ea:47:e1:1a:fa:fe:78:f5:05:b4:3e:bc:49:de:b4:
         4d:f5:af:58:ca:47:82:18:78:49:bb:a1:8f:33:ec:41:d8:36:
         f8:7f:89:05:00:49:1f:9d:c9:a5:38:8b:ee:fd:06:3b:96:26:
         25:00:ac:cd:26:31:6b:92:42:b4:ea:03:17:cf:c5:9e:d3:9f:
         e8:b9:be:4c:a2:53:35:01:3d:c5:98:9b:d6:70:4f:35:6b:57:
         88:cd:c8:9c:2c:c4:b2:02:32:87:cf:e0:09:69:47:d7:39:df:
         ec:27:8b:33:27:7e:2f:e0:02:f4:fa:29:05:f4:62:4e:f4:ef:
         bb:4f:1c:dc
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAY9F6glVkeV73MhjG09pBc8zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTA4ZmI3ODFjYTZkYmQ4MjIxZjJjMmY5NTRhM2E3NDQ2
YjJiNDIwHhcNMjQwNTA0MjMyMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmQ2NTdhMGM1NDAyNjdhMjMxNjkyYzhhMGJlZGM4ODhiNTIwZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyft6pQoD8Zej87Plpx1RNaSTVFFW
FLsjk7BjEGl1XPN+H18u6mVeneqmZ0he2xsZCFjoJ7rW3L5lPcqxef8bfVa8h/cB
4tT9Ogw87QkJUYAJGcqYPAoHj0WiKlCEnno+wie3XubeMgeZdqG0k8v7aqRtKeRq
s/gEe7bxOy+/S4ZqDpbdvrHh/dw9bTUj+4lT0VdSNWq20DnnGE18CY0CH3v4cpmT
cgWUZZHLw2p5BBbQijEq7FAJEAWPnOFXtQw7MN5W96sO+i2qxWVQy402etIl5u7i
eOduh3/BBJOANaddPkIr2tAY06KYi8sdemAruoLR/zHAsESXnrG6CqDA9QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFB/WV6DFQCZ6IxaSyKC+3IiLUg2mMB8GA1UdIwQY
MBaAFDJQj7eBym29giHywvlUo6dEaytCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDkt
YzEyMjE4NzY1MTU0LzEvSDlaWG9NVkFKbm9qRnBMSW9MN2NpSXRTRGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82YzIwM2QtNjIyMS00NjBhLWFmNDktYzEyMjE4NzY1MTU0
LzEvTWxDUHQ0SEtiYjJDSWZMQy1WU2pwMFJySzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGoBggrBgEFBQcBBwEB/wSBmDCBlTASBAIAATAMAwQAWNrM
AwQAWNrPMH8EAgACMHkDBwAqCbKAAAADBwAqCbKAEAADBwAqCbKAEBADBwAqCbKA
ECADBwAqCbKAEDADBwEqCbKAEQADBwEqCbKAzMADBwAqCbKAzMwwEgMHBCoJsoD/
sAMHACoJsoD/sgMHACoJsoD/tTASAwcAKgmygP+3AwcGKgmygP+AMA0GCSqGSIb3
DQEBCwUAA4IBAQB2cHZBiUXM9P4FmBQik2HL705zB98wMP+pg1cxHCGua90BK145
mz8DlQC3SWuy8pEtjYfwVpF6rMOeVk15n/nnTNvy1N/iKOMoLrphVUPl0GxDGeyE
DWbJxCYV78/sen0EzZQICN7LSq2jgMCUedXbWvW6rYA1lpeoE5N91TEFoc/qR+Ea
+v549QW0PrxJ3rRN9a9YykeCGHhJu6GPM+xB2Db4f4kFAEkfncmlOIvu/QY7liYl
AKzNJjFrkkK06gMXz8We05/oub5MolM1AT3FmJvWcE81a1eIzcicLMSyAjKHz+AJ
aUfXOd/sJ4szJ34v4AL0+ikF9GJO9O+7Txzc
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:22:44 2024 by rpki-client on console-fra.rpki-client.org