Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/Y_naCEEHCfma3i8pNfmDWkQcbmU.roa
File:                     Y_naCEEHCfma3i8pNfmDWkQcbmU.roa (raw, json)
Hash identifier:          gqZFQBMTm7vi6cwzZXQQX5Rv5FwZdIgkFy8LrrXY6pQ=
Subject key identifier:   63:F9:DA:08:41:07:09:F9:9A:DE:2F:29:35:F9:83:5A:44:1C:6E:65
Certificate issuer:       /CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Certificate serial:       019026D7CA07B3EDDC750DC50FCF8723DFA6
Authority key identifier: C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/Y_naCEEHCfma3i8pNfmDWkQcbmU.roa
Signing time:             Mon 17 Jun 2024 15:36:34 +0000
ROA not before:           Mon 17 Jun 2024 15:36:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39405
IP address blocks:        45.153.92.0/22 maxlen: 24
                          93.93.40.0/21 maxlen: 24
                          141.0.200.0/21 maxlen: 24
                          185.116.128.0/22 maxlen: 24
                          185.117.16.0/22 maxlen: 24
                          185.224.32.0/24 maxlen: 24
                          185.224.33.0/24 maxlen: 24
                          185.224.34.0/24 maxlen: 24
                          185.244.72.0/22 maxlen: 24
                          185.246.24.0/24 maxlen: 24
                          185.246.25.0/24 maxlen: 24
                          185.247.86.0/23 maxlen: 24
                          185.249.184.0/22 maxlen: 24
                          185.253.92.0/22 maxlen: 24
                          193.84.73.0/24 maxlen: 24
                          2a01:6600::/32 maxlen: 32
                          2a0c:4400::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:26:d7:ca:07:b3:ed:dc:75:0d:c5:0f:cf:87:23:df:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8acf59abd4abbfbf830a060225a96a2179a2694
        Validity
            Not Before: Jun 17 15:36:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63f9da08410709f99ade2f2935f9835a441c6e65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:51:b4:cf:da:db:5e:d1:50:53:37:7d:66:d4:
                    da:44:40:aa:f4:b3:a4:44:90:66:c3:3d:0c:8d:9e:
                    40:fb:f7:51:11:eb:51:69:31:9d:53:0e:bf:a2:38:
                    1d:92:3a:85:b4:82:7d:42:17:67:c3:93:fc:2d:f5:
                    21:ac:6b:74:a9:f3:6f:3d:0c:ee:84:81:b9:6e:ff:
                    06:73:94:a7:6f:2d:89:1d:5a:84:2c:6e:89:09:d7:
                    26:6a:02:9e:fb:fc:88:df:7b:ad:a8:d9:d4:92:e7:
                    69:6f:66:1d:36:b0:9e:ea:11:24:a2:bf:f0:f4:0a:
                    1f:97:db:90:61:f6:e8:73:67:28:fc:0a:12:74:7b:
                    78:7e:b2:8f:54:96:60:48:b9:57:b5:21:d9:4f:1e:
                    ba:e2:0f:5a:eb:61:14:a5:0d:17:cc:78:63:1b:1b:
                    15:47:6e:8d:ac:86:7e:19:75:76:67:d1:dd:c2:67:
                    72:8b:ca:f5:0a:b9:5b:f3:14:23:1a:84:b4:45:3d:
                    9a:22:b4:8f:17:0b:46:ed:17:ed:70:55:00:c5:40:
                    fa:90:5a:83:db:ae:74:32:e1:01:47:a3:19:3c:dd:
                    1b:40:77:dd:1b:6f:08:5f:e9:91:26:98:6c:20:28:
                    2a:9e:f0:b3:64:65:6f:9d:6f:a9:3c:0f:65:3a:69:
                    84:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F9:DA:08:41:07:09:F9:9A:DE:2F:29:35:F9:83:5A:44:1C:6E:65
            X509v3 Authority Key Identifier:
                keyid:C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/Y_naCEEHCfma3i8pNfmDWkQcbmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.92.0/22
                  93.93.40.0/21
                  141.0.200.0/21
                  185.116.128.0/22
                  185.117.16.0/22
                  185.224.32.0-185.224.34.255
                  185.244.72.0/22
                  185.246.24.0/23
                  185.247.86.0/23
                  185.249.184.0/22
                  185.253.92.0/22
                  193.84.73.0/24
                IPv6:
                  2a01:6600::/32
                  2a0c:4400::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:f8:9f:02:fb:91:f5:77:07:c7:b5:bb:bd:2d:bb:3d:0f:9a:
         59:b4:b5:3d:34:20:5c:5f:86:d3:d6:06:8c:0e:f0:5c:2e:cc:
         7c:03:9f:46:7f:ca:f3:3d:c7:fb:cb:aa:c2:a2:52:d7:cf:c1:
         a6:c9:6a:5b:98:a0:9a:dd:86:80:b6:a5:fc:11:a3:59:3d:df:
         24:70:12:f6:b9:6f:87:1d:49:89:d0:f0:22:0b:0e:a8:b7:b7:
         42:6d:94:1e:cc:8a:05:e7:c6:1e:1c:b5:30:ba:ec:66:8b:18:
         11:c8:ba:59:09:6c:a0:cd:08:cc:d1:ec:91:aa:dd:25:60:bf:
         b8:d2:4e:fe:4d:44:43:0a:ac:4d:68:52:c5:db:9c:97:4b:a0:
         c1:3b:93:9e:5a:ce:6d:5f:10:24:33:35:ca:da:a7:d2:f0:4d:
         a7:c4:21:f8:2a:4a:f6:16:e6:79:b3:2f:cc:15:82:6f:db:2d:
         11:a4:80:ef:00:aa:32:28:55:41:fe:40:51:85:38:b9:45:ab:
         a5:7a:af:bf:6e:18:f4:ae:64:35:03:20:25:be:c4:e6:56:aa:
         30:ad:28:ea:91:f5:d1:86:8a:d6:b2:96:c4:2c:e8:96:63:e1:
         a0:58:4a:80:26:fd:c0:9b:e7:2e:7e:6b:2c:30:37:2b:5b:af:
         15:a5:be:92
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAZAm18oHs+3cdQ3FD8+HI9+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YWNmNTlhYmQ0YWJiZmJmODMwYTA2MDIyNWE5NmEyMTc5
YTI2OTQwHhcNMjQwNjE3MTUzNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Y5ZGEwODQxMDcwOWY5OWFkZTJmMjkzNWY5ODM1YTQ0MWM2ZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FG0z9rbXtFQUzd9ZtTaRECq9LOk
RJBmwz0MjZ5A+/dREetRaTGdUw6/ojgdkjqFtIJ9Qhdnw5P8LfUhrGt0qfNvPQzu
hIG5bv8Gc5Snby2JHVqELG6JCdcmagKe+/yI33utqNnUkudpb2YdNrCe6hEkor/w
9Aofl9uQYfboc2co/AoSdHt4frKPVJZgSLlXtSHZTx664g9a62EUpQ0XzHhjGxsV
R26NrIZ+GXV2Z9Hdwmdyi8r1Crlb8xQjGoS0RT2aIrSPFwtG7RftcFUAxUD6kFqD
2650MuEBR6MZPN0bQHfdG28IX+mRJphsICgqnvCzZGVvnW+pPA9lOmmEKQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFGP52ghBBwn5mt4vKTX5g1pEHG5lMB8GA1UdIwQY
MBaAFMis9Zq9Srv7+DCgYCJalqIXmiaUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQt
ODM4ZWJmNDEyYTYxLzEvWV9uYUNFRUhDZm1hM2k4cE5mbURXa1FjYm1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQtODM4ZWJmNDEyYTYx
LzEveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBWBAIAATBQAwQCLZlcAwQD
XV0oAwQDjQDIAwQCuXSAAwQCuXUQMAwDBAW54CADBAC54CIDBAK59EgDBAG59hgD
BAG591YDBAK5+bgDBAK5/VwDBADBVEkwFAQCAAIwDgMFACoBZgADBQAqDEQAMA0G
CSqGSIb3DQEBCwUAA4IBAQBu+J8C+5H1dwfHtbu9Lbs9D5pZtLU9NCBcX4bT1gaM
DvBcLsx8A59Gf8rzPcf7y6rColLXz8GmyWpbmKCa3YaAtqX8EaNZPd8kcBL2uW+H
HUmJ0PAiCw6ot7dCbZQezIoF58YeHLUwuuxmixgRyLpZCWygzQjM0eyRqt0lYL+4
0k7+TURDCqxNaFLF25yXS6DBO5OeWs5tXxAkMzXK2qfS8E2nxCH4Kkr2FuZ5sy/M
FYJv2y0RpIDvAKoyKFVB/kBRhTi5Rauleq+/bhj0rmQ1AyAlvsTmVqowrSjqkfXR
horWspbELOiWY+GgWEqAJv3Am+cufmssMDcrW68Vpb6S
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:13:07 2024 by rpki-client on console-fra.rpki-client.org