Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/v6JJV5gqlEHjdSShRUsQlJamPJw.roa
File:                     v6JJV5gqlEHjdSShRUsQlJamPJw.roa (raw, json)
Hash identifier:          fXl9uTehmb1k4pE5taNpKk/nGnlKhEUq+Co960IkHsQ=
Subject key identifier:   BF:A2:49:57:98:2A:94:41:E3:75:24:A1:45:4B:10:94:96:A6:3C:9C
Certificate issuer:       /CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Certificate serial:       018CC6B91B694111383E68C392A1EF38B195
Authority key identifier: AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/v6JJV5gqlEHjdSShRUsQlJamPJw.roa
Signing time:             Mon 01 Jan 2024 20:31:09 +0000
ROA not before:           Mon 01 Jan 2024 20:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200000
IP address blocks:        185.124.8.0/22 maxlen: 22
                          185.39.224.0/22 maxlen: 22
                          89.19.128.0/19 maxlen: 19
                          185.235.168.0/22 maxlen: 22
                          109.205.96.0/21 maxlen: 21
                          45.154.218.0/24 maxlen: 24
                          173.242.48.0/20 maxlen: 20
                          185.104.44.0/22 maxlen: 22
                          185.104.45.0/24 maxlen: 24
                          185.65.244.0/22 maxlen: 22
                          217.173.208.0/20 maxlen: 20
                          185.25.116.0/22 maxlen: 22
                          185.130.120.0/22 maxlen: 22
                          185.69.152.0/22 maxlen: 22
                          185.234.176.0/22 maxlen: 22
                          185.233.120.0/22 maxlen: 22
                          185.233.136.0/22 maxlen: 22
                          37.139.64.0/21 maxlen: 21
                          185.233.152.0/22 maxlen: 23
                          185.149.40.0/22 maxlen: 22
                          185.233.116.0/22 maxlen: 22
                          91.105.208.0/21 maxlen: 21
                          46.247.80.0/21 maxlen: 21
                          185.226.24.0/22 maxlen: 22
                          185.225.212.0/22 maxlen: 22
                          185.68.16.0/24 maxlen: 24
                          185.68.16.0/22 maxlen: 22
                          185.233.36.0/22 maxlen: 22
                          185.233.40.0/22 maxlen: 22
                          185.233.44.0/22 maxlen: 22
                          185.209.168.0/22 maxlen: 22
                          185.239.180.0/22 maxlen: 22
                          2a0c:c80::/29 maxlen: 29
                          2a0c:6080::/29 maxlen: 29
                          2a0c:e80::/29 maxlen: 29
                          2a0c:680::/29 maxlen: 29
                          2a00:7a60::/32 maxlen: 32
                          2a0c:880::/29 maxlen: 29
                          2a0c:681::/32 maxlen: 32
                          2a0c:682::/31 maxlen: 31
                          2a0c:a80::/29 maxlen: 29
                          2a0c:684::/30 maxlen: 30
                          2a0c:d80::/29 maxlen: 29
                          2a04:8000::/29 maxlen: 29
                          2a0d:6500::/29 maxlen: 29
                          2a0d:1100::/29 maxlen: 29
                          2a05:480::/29 maxlen: 29
                          2a0c:780::/29 maxlen: 29
                          2a06:6440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:1b:69:41:11:38:3e:68:c3:92:a1:ef:38:b1:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
        Validity
            Not Before: Jan  1 20:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfa24957982a9441e37524a1454b109496a63c9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f7:c0:2b:90:87:58:c6:11:7e:3b:24:99:98:
                    0c:82:54:5f:d5:f6:30:15:fc:c3:0f:92:f7:8e:07:
                    30:2f:de:c9:fb:98:da:41:5b:e1:99:92:0c:9f:45:
                    05:74:92:52:e4:fd:ec:fc:70:c6:13:b6:f0:82:6c:
                    97:59:24:d7:05:21:d1:fc:89:72:d2:c9:0e:b8:1e:
                    e2:df:99:e9:ac:3e:45:08:fd:70:60:9c:54:30:4d:
                    8a:db:13:7b:29:5f:e1:0a:61:1b:28:a9:3c:01:c6:
                    f0:f7:37:40:dd:7d:89:b9:34:4a:53:4d:df:7f:13:
                    7d:19:2d:5a:4c:d6:a4:52:1d:99:d9:50:6d:44:a3:
                    8b:9f:4e:15:1e:8f:cc:a2:73:d9:51:28:46:de:63:
                    13:8f:0f:41:a7:52:90:55:62:47:35:b2:83:46:7d:
                    34:47:83:26:7f:20:cf:e3:67:cb:0f:d6:27:e4:ce:
                    2d:91:5c:89:c1:bd:37:9a:67:cd:bb:03:1a:bf:93:
                    df:04:bc:ab:8d:b5:8a:f0:7c:a1:88:6b:82:26:5e:
                    67:f9:8a:eb:ce:d0:42:d6:a5:0e:aa:d3:91:e7:d0:
                    d9:e7:41:1f:d3:0a:25:2c:a0:f9:2d:ad:a8:78:70:
                    33:47:4f:8c:e1:97:27:3e:53:6c:26:ed:64:04:81:
                    fd:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:A2:49:57:98:2A:94:41:E3:75:24:A1:45:4B:10:94:96:A6:3C:9C
            X509v3 Authority Key Identifier:
                keyid:AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/v6JJV5gqlEHjdSShRUsQlJamPJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.64.0/21
                  45.154.218.0/24
                  46.247.80.0/21
                  89.19.128.0/19
                  91.105.208.0/21
                  109.205.96.0/21
                  173.242.48.0/20
                  185.25.116.0/22
                  185.39.224.0/22
                  185.65.244.0/22
                  185.68.16.0/22
                  185.69.152.0/22
                  185.104.44.0/22
                  185.124.8.0/22
                  185.130.120.0/22
                  185.149.40.0/22
                  185.209.168.0/22
                  185.225.212.0/22
                  185.226.24.0/22
                  185.233.36.0-185.233.47.255
                  185.233.116.0-185.233.123.255
                  185.233.136.0/22
                  185.233.152.0/22
                  185.234.176.0/22
                  185.235.168.0/22
                  185.239.180.0/22
                  217.173.208.0/20
                IPv6:
                  2a00:7a60::/32
                  2a04:8000::/29
                  2a05:480::/29
                  2a06:6440::/29
                  2a0c:680::/29
                  2a0c:780::/29
                  2a0c:880::/29
                  2a0c:a80::/29
                  2a0c:c80::/29
                  2a0c:d80::/29
                  2a0c:e80::/29
                  2a0c:6080::/29
                  2a0d:1100::/29
                  2a0d:6500::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:e0:8f:91:29:9c:f2:f3:b1:01:03:91:3d:2a:3a:84:df:b5:
         7e:e9:a4:b6:95:fe:98:cf:b0:a7:4b:bd:2f:82:22:16:ec:22:
         67:36:92:d7:11:14:2c:cd:ed:6d:a2:77:56:d2:5d:35:21:c3:
         6c:36:43:f3:9e:c2:de:e7:21:c3:e3:97:86:71:fe:3a:fd:d9:
         72:b5:ef:09:0f:58:95:74:e0:e2:05:42:7d:ca:7e:00:58:33:
         ee:40:79:6e:d7:d0:cc:87:4f:df:1a:47:e5:1c:66:d7:f7:d0:
         6d:5b:81:4e:c1:59:76:0e:ec:d6:66:a2:1f:3e:29:a7:99:df:
         62:3b:7b:9a:51:b4:22:cd:6c:d1:71:cf:f6:02:8a:56:58:c2:
         16:4e:fd:ff:71:41:f8:2c:96:77:a4:8c:f6:9b:e3:ad:4a:20:
         98:81:02:13:d0:e7:97:0a:c9:7e:37:33:66:20:4b:c3:0c:0a:
         e8:fa:90:c4:b9:6f:6d:db:3a:16:95:d8:7c:8a:eb:eb:cc:c6:
         c8:e1:d4:13:8a:1f:d7:6c:01:ad:11:d7:18:6d:0b:d1:74:f2:
         de:5e:54:a4:c7:b4:cd:ce:4a:92:f6:cf:5b:36:94:97:57:a8:
         19:c8:8c:04:cb:26:f0:da:2e:aa:26:6e:7c:57:e2:f0:35:19:
         c8:25:a1:76
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgISAYzGuRtpQRE4PmjDkqHvOLGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGEwZTBiMWIyMWYwOTMzMzNjMDc0ODE0NWIxNjI4NDE4
Y2YyYjUwHhcNMjQwMTAxMjAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmEyNDk1Nzk4MmE5NDQxZTM3NTI0YTE0NTRiMTA5NDk2YTYzYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkffAK5CHWMYRfjskmZgMglRf1fYw
FfzDD5L3jgcwL97J+5jaQVvhmZIMn0UFdJJS5P3s/HDGE7bwgmyXWSTXBSHR/Ily
0skOuB7i35nprD5FCP1wYJxUME2K2xN7KV/hCmEbKKk8Acbw9zdA3X2JuTRKU03f
fxN9GS1aTNakUh2Z2VBtRKOLn04VHo/MonPZUShG3mMTjw9Bp1KQVWJHNbKDRn00
R4MmfyDP42fLD9Yn5M4tkVyJwb03mmfNuwMav5PfBLyrjbWK8HyhiGuCJl5n+Yrr
ztBC1qUOqtOR59DZ50Ef0wolLKD5La2oeHAzR0+M4ZcnPlNsJu1kBIH9AQIDAQAB
o4IDJzCCAyMwHQYDVR0OBBYEFL+iSVeYKpRB43UkoUVLEJSWpjycMB8GA1UdIwQY
MBaAFKyKDgsbIfCTMzwHSBRbFihBjPK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMt
ZGI4ZWZmMWIxMWEwLzEvdjZKSlY1Z3FsRUhqZFNTaFJVc1FsSmFtUEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMtZGI4ZWZmMWIxMWEw
LzEvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOwYIKwYBBQUHAQcBAf8EggEqMIIBJjCBuQQCAAEwgbID
BAMli0ADBAAtmtoDBAMu91ADBAVZE4ADBANbadADBANtzWADBASt8jADBAK5GXQD
BAK5J+ADBAK5QfQDBAK5RBADBAK5RZgDBAK5aCwDBAK5fAgDBAK5gngDBAK5lSgD
BAK50agDBAK54dQDBAK54hgwDAMEArnpJAMEBLnpIDAMAwQCuel0AwQCuel4AwQC
uemIAwQCuemYAwQCueqwAwQCueuoAwQCue+0AwQE2a3QMGgEAgACMGIDBQAqAHpg
AwUDKgSAAAMFAyoFBIADBQMqBmRAAwUDKgwGgAMFAyoMB4ADBQMqDAiAAwUDKgwK
gAMFAyoMDIADBQMqDA2AAwUDKgwOgAMFAyoMYIADBQMqDREAAwUDKg1lADANBgkq
hkiG9w0BAQsFAAOCAQEAXuCPkSmc8vOxAQORPSo6hN+1fumktpX+mM+wp0u9L4Ii
FuwiZzaS1xEULM3tbaJ3VtJdNSHDbDZD857C3uchw+OXhnH+Ov3ZcrXvCQ9YlXTg
4gVCfcp+AFgz7kB5btfQzIdP3xpH5Rxm1/fQbVuBTsFZdg7s1maiHz4pp5nfYjt7
mlG0Is1s0XHP9gKKVljCFk79/3FB+CyWd6SM9pvjrUogmIECE9DnlwrJfjczZiBL
wwwK6PqQxLlvbds6FpXYfIrr68zGyOHUE4of12wBrRHXGG0L0XTy3l5UpMe0zc5K
kvbPWzaUl1eoGciMBMsm8NouqiZufFfi8DUZyCWhdg==
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:21:14 2024 by rpki-client on console-ams.rpki-client.org