Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/V-H411zJ_LmjXis-BvxQ-rXcFpI.roa
File:                     V-H411zJ_LmjXis-BvxQ-rXcFpI.roa (raw, json)
Hash identifier:          FLS2Q/RhsN2TFIuW0KVY+hM8QcOFp6AUKQmcWTRHTmc=
Subject key identifier:   57:E1:F8:D7:5C:C9:FC:B9:A3:5E:2B:3E:06:FC:50:FA:B5:DC:16:92
Certificate issuer:       /CN=79101035d53377c5a72bedca522fc1456e0b8419
Certificate serial:       018F4E76253C53BA6769F9EC99AE89798012
Authority key identifier: 79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/V-H411zJ_LmjXis-BvxQ-rXcFpI.roa
Signing time:             Mon 06 May 2024 15:11:56 +0000
ROA not before:           Mon 06 May 2024 15:11:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28849
IP address blocks:        185.15.156.0/22 maxlen: 22
                          185.15.159.0/24 maxlen: 24
                          217.23.112.0/20 maxlen: 20
                          217.23.112.0/24 maxlen: 24
                          217.23.113.0/24 maxlen: 24
                          217.23.114.0/24 maxlen: 24
                          217.23.115.0/24 maxlen: 24
                          217.23.116.0/24 maxlen: 24
                          217.23.117.0/24 maxlen: 24
                          217.23.119.0/24 maxlen: 24
                          217.23.121.0/24 maxlen: 24
                          217.23.122.0/24 maxlen: 24
                          217.23.123.0/24 maxlen: 24
                          217.23.124.0/24 maxlen: 24
                          217.23.125.0/24 maxlen: 24
                          217.23.126.0/24 maxlen: 24
                          217.23.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4e:76:25:3c:53:ba:67:69:f9:ec:99:ae:89:79:80:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79101035d53377c5a72bedca522fc1456e0b8419
        Validity
            Not Before: May  6 15:11:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57e1f8d75cc9fcb9a35e2b3e06fc50fab5dc1692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:67:1f:0f:c6:c8:3d:45:00:ca:22:62:a8:8e:
                    85:bd:69:eb:4e:f7:45:b7:70:b7:21:f5:cb:1b:2b:
                    ab:70:45:2a:51:51:5d:4e:bf:06:df:3b:af:65:60:
                    1e:70:85:b1:3c:25:c3:46:26:ef:30:55:9e:76:cb:
                    6f:c3:97:41:60:59:53:c3:05:6f:59:88:30:b3:61:
                    ef:70:70:c8:e1:97:94:f7:8a:3d:7f:0e:2f:5b:73:
                    80:c1:eb:10:a6:52:96:68:f1:99:dd:2c:07:eb:04:
                    0d:25:81:ec:30:41:74:ae:96:8e:3c:09:aa:47:e3:
                    f6:44:65:77:7a:e8:50:2a:7a:ac:ed:7d:7a:c7:c3:
                    3c:76:0c:4d:5c:25:c2:40:4f:b7:fe:41:4b:eb:d6:
                    7b:18:57:17:10:e5:85:83:e5:3d:ab:c1:d5:03:07:
                    e3:0c:83:eb:df:a9:f1:9e:d3:3a:43:ff:4c:30:e1:
                    99:a8:ef:88:9a:17:1e:28:45:04:75:5f:96:01:a5:
                    94:1e:13:aa:6c:4b:32:a3:e2:ad:42:14:86:3d:bf:
                    83:80:e5:df:85:95:af:ad:1d:b0:1a:18:62:1d:d5:
                    f1:3a:94:3b:08:c5:9f:30:95:2b:fb:d7:1b:e5:80:
                    96:4d:4e:dc:c4:16:ff:10:d7:a0:8d:bd:ed:3e:50:
                    22:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E1:F8:D7:5C:C9:FC:B9:A3:5E:2B:3E:06:FC:50:FA:B5:DC:16:92
            X509v3 Authority Key Identifier:
                keyid:79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/V-H411zJ_LmjXis-BvxQ-rXcFpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.156.0/22
                  217.23.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         c4:f1:6d:7a:5c:d6:66:8e:a6:df:70:3c:1c:39:be:fe:d0:ed:
         ce:97:66:4b:f5:98:a2:d5:51:5d:6f:a3:2b:e0:13:bf:31:78:
         ca:2d:95:8c:a6:e2:1c:7c:c0:b0:7d:b9:87:c9:c8:27:b9:ba:
         2c:f3:a1:c4:01:42:a1:04:f8:55:22:d1:b8:47:3f:2b:42:e5:
         5b:e1:df:dc:5c:d7:99:46:60:67:9f:a9:1e:c9:1f:7b:d6:20:
         50:a1:d8:f0:7b:57:85:3a:60:dd:3d:a2:ce:e6:d3:ec:1a:64:
         d3:63:2c:50:3e:d1:d7:2a:26:ce:72:1f:09:9c:0d:7b:bf:e7:
         ea:a6:b1:35:a2:39:49:3e:62:e6:46:d5:93:0e:64:68:9f:e4:
         bb:59:53:f6:7a:7a:48:15:25:0d:95:ee:87:fc:bc:f2:08:bb:
         e4:a7:95:03:f2:7e:4a:e8:7e:75:56:90:51:3a:e9:ee:51:1a:
         9e:8d:ab:b3:7e:fa:42:84:68:0a:92:d3:03:02:27:38:51:42:
         9b:10:22:ad:ee:01:aa:db:4b:6a:aa:0f:5c:75:7e:64:11:43:
         44:c3:60:35:e1:54:32:ac:72:f3:58:fb:14:b9:d2:74:fd:d1:
         77:43:1f:c0:42:a5:ed:3b:4e:2b:b8:81:68:6d:73:de:99:26:
         ef:97:6c:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9OdiU8U7pnafnsma6JeYASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTAxMDM1ZDUzMzc3YzVhNzJiZWRjYTUyMmZjMTQ1NmUw
Yjg0MTkwHhcNMjQwNTA2MTUxMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2UxZjhkNzVjYzlmY2I5YTM1ZTJiM2UwNmZjNTBmYWI1ZGMxNjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mcfD8bIPUUAyiJiqI6FvWnrTvdF
t3C3IfXLGyurcEUqUVFdTr8G3zuvZWAecIWxPCXDRibvMFWedstvw5dBYFlTwwVv
WYgws2HvcHDI4ZeU94o9fw4vW3OAwesQplKWaPGZ3SwH6wQNJYHsMEF0rpaOPAmq
R+P2RGV3euhQKnqs7X16x8M8dgxNXCXCQE+3/kFL69Z7GFcXEOWFg+U9q8HVAwfj
DIPr36nxntM6Q/9MMOGZqO+ImhceKEUEdV+WAaWUHhOqbEsyo+KtQhSGPb+DgOXf
hZWvrR2wGhhiHdXxOpQ7CMWfMJUr+9cb5YCWTU7cxBb/ENegjb3tPlAiRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFfh+Ndcyfy5o14rPgb8UPq13BaSMB8GA1UdIwQY
MBaAFHkQEDXVM3fFpyvtylIvwUVuC4QZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEt
MGNjODNiMDBmYzU4LzEvVi1INDExekpfTG1qWGlzLUJ2eFEtclhjRnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEtMGNjODNiMDBmYzU4
LzEvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQ+cAwQE
2RdwMA0GCSqGSIb3DQEBCwUAA4IBAQDE8W16XNZmjqbfcDwcOb7+0O3Ol2ZL9Zii
1VFdb6Mr4BO/MXjKLZWMpuIcfMCwfbmHycgnubos86HEAUKhBPhVItG4Rz8rQuVb
4d/cXNeZRmBnn6keyR971iBQodjwe1eFOmDdPaLO5tPsGmTTYyxQPtHXKibOch8J
nA17v+fqprE1ojlJPmLmRtWTDmRon+S7WVP2enpIFSUNle6H/LzyCLvkp5UD8n5K
6H51VpBROunuURqejauzfvpChGgKktMDAic4UUKbECKt7gGq20tqqg9cdX5kEUNE
w2A14VQyrHLzWPsUudJ0/dF3Qx/AQqXtO04ruIFobXPemSbvl2zV
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:07:38 2024 by rpki-client on console-ams.rpki-client.org