Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/M3avZySBAZ7TpMMqkyv7guSD7mY.roa
File:                     M3avZySBAZ7TpMMqkyv7guSD7mY.roa (raw, json)
Hash identifier:          CfBKyd1W22ODo5XyKNSD6jflCQopOzec/xAechy9+WQ=
Subject key identifier:   33:76:AF:67:24:81:01:9E:D3:A4:C3:2A:93:2B:FB:82:E4:83:EE:66
Certificate issuer:       /CN=a79bba2805a988954e4fec42570530f16f9e7093
Certificate serial:       018CC3B6E0EC9811DA2B9C82BDF1C86DEA2E
Authority key identifier: A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/M3avZySBAZ7TpMMqkyv7guSD7mY.roa
Signing time:             Mon 01 Jan 2024 06:29:51 +0000
ROA not before:           Mon 01 Jan 2024 06:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33438
IP address blocks:        81.171.61.0/24 maxlen: 24
                          81.171.68.0/24 maxlen: 24
                          81.171.66.0/24 maxlen: 24
                          81.171.70.0/23 maxlen: 23
                          81.171.70.64/26 maxlen: 26
                          81.171.105.0/24 maxlen: 24
                          81.171.106.0/24 maxlen: 24
                          81.171.106.64/26 maxlen: 26
                          81.171.116.0/24 maxlen: 24
                          2001:4de0:2105::/48 maxlen: 48
                          2001:4de0:700::/40 maxlen: 40
                          2001:4de0:2300::/40 maxlen: 40
                          2001:4de0:6000::/40 maxlen: 40
                          2001:4de0:6300::/40 maxlen: 40
                          2001:4de0:500::/40 maxlen: 40
                          2001:4de0:600::/40 maxlen: 40
                          2001:4de0:4100::/40 maxlen: 40
                          2001:4de0:3100::/40 maxlen: 40
                          2001:4de0:3000::/40 maxlen: 40
                          2001:4de0:2200::/40 maxlen: 40
                          2001:4de0:6200::/40 maxlen: 40
                          2001:4de0:400::/40 maxlen: 40
                          2001:4de0:4300::/40 maxlen: 40
                          2001:4de0:4000::/40 maxlen: 40
                          2001:4de0:200::/40 maxlen: 40
                          2001:4de0:2100::/40 maxlen: 40
                          2001:4de0:2000::/40 maxlen: 40
                          2001:4de0:1000::/48 maxlen: 48
                          2001:4de0:7003::/48 maxlen: 48
                          2001:4de0:402::/48 maxlen: 48
                          2001:4de0:2202::/48 maxlen: 48
                          2001:4de0:6102::/48 maxlen: 48
                          2001:4de0:7002::/48 maxlen: 48
                          2001:4de0:5010::/48 maxlen: 48
                          2001:4de0:ac13::/48 maxlen: 48
                          2001:4de0:3004::/48 maxlen: 48
                          2001:4de0:7001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e0:ec:98:11:da:2b:9c:82:bd:f1:c8:6d:ea:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a79bba2805a988954e4fec42570530f16f9e7093
        Validity
            Not Before: Jan  1 06:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3376af672481019ed3a4c32a932bfb82e483ee66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:78:ff:99:bb:b9:ab:18:92:1b:b7:68:67:59:
                    a9:1c:2c:c1:2f:5a:3b:9f:45:c6:8d:77:e0:ce:5d:
                    c3:c9:91:38:fc:7f:00:59:95:ab:82:5a:b8:0b:0a:
                    ff:51:4c:c7:d5:b4:e2:48:8f:d5:a2:05:39:72:47:
                    d9:61:2b:7e:14:34:20:46:81:d3:10:54:48:a5:5d:
                    1e:fd:b6:78:24:b2:c0:6d:4b:ec:21:60:ec:36:eb:
                    93:d4:c0:bd:8c:c7:70:63:08:b0:5b:ff:c6:86:31:
                    5c:fd:bc:d6:95:ba:52:ea:cd:33:92:80:68:cb:f7:
                    35:ad:ae:dc:ae:79:c2:4c:21:e7:8d:f4:4a:87:6d:
                    5b:8e:eb:23:80:ff:98:b8:a4:ae:a5:7e:f6:a4:86:
                    69:98:bb:4b:d0:df:82:fa:99:f5:82:27:0d:79:7d:
                    e7:ba:dd:fc:f9:e8:56:ff:20:bb:16:af:02:4b:5f:
                    69:10:f5:ab:5e:13:79:23:4c:14:0e:a7:d1:64:0a:
                    24:84:1c:c6:66:3c:dd:97:cf:6d:a8:1e:24:5f:36:
                    fd:4a:30:3a:e6:a3:2d:d6:cf:17:5d:89:df:0d:96:
                    57:6a:3d:4b:e5:7f:22:f8:9a:fc:99:8c:7a:8b:ce:
                    c9:20:c9:0d:0e:98:84:18:c6:77:ed:5f:34:b7:96:
                    7e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:76:AF:67:24:81:01:9E:D3:A4:C3:2A:93:2B:FB:82:E4:83:EE:66
            X509v3 Authority Key Identifier:
                keyid:A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/M3avZySBAZ7TpMMqkyv7guSD7mY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.171.61.0/24
                  81.171.66.0/24
                  81.171.68.0/24
                  81.171.70.0/23
                  81.171.105.0-81.171.106.255
                  81.171.116.0/24
                IPv6:
                  2001:4de0:200::/40
                  2001:4de0:400::/38
                  2001:4de0:1000::/48
                  2001:4de0:2000::/38
                  2001:4de0:3000::/39
                  2001:4de0:4000::/39
                  2001:4de0:4300::/40
                  2001:4de0:5010::/48
                  2001:4de0:6000::/40
                  2001:4de0:6102::/48
                  2001:4de0:6200::/39
                  2001:4de0:7001::-2001:4de0:7003:ffff:ffff:ffff:ffff:ffff
                  2001:4de0:ac13::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:58:1c:b4:1e:11:ed:27:ae:fe:b7:c8:4f:8b:f9:0e:6a:ea:
         30:22:6c:31:7d:2a:4c:07:80:4a:a6:24:01:75:70:fa:dc:27:
         8f:dc:80:02:db:c3:85:87:50:8c:63:18:63:d5:c8:5a:c4:3b:
         57:d5:0d:5a:95:67:5a:1e:58:ba:0b:93:6c:ef:0d:5e:4b:e6:
         04:4f:c8:2c:c7:5f:ef:25:da:a6:34:e1:36:24:22:f8:57:6e:
         84:a8:0c:1c:f9:38:43:9f:64:24:18:29:64:82:34:7b:4b:db:
         ba:df:20:0a:57:83:b9:89:21:39:b7:5e:cd:c3:2e:4e:ef:da:
         b1:90:57:98:1e:56:ec:7c:ea:73:1d:38:1d:fc:72:03:7c:61:
         b3:ab:74:05:e2:0b:92:67:f7:a2:fc:28:d0:37:31:8c:a3:6c:
         dc:12:07:02:52:e8:88:ad:f6:e5:f9:b4:cf:a9:29:6f:be:08:
         c1:ce:f0:69:ed:ab:0b:f2:14:c9:be:8d:d0:6f:b6:83:51:9d:
         01:7b:11:bc:ba:bc:2b:6b:3f:e9:60:42:f0:a5:2e:8d:5c:0a:
         a0:f1:68:1f:7a:c9:43:1b:09:bf:5f:b5:4c:bb:67:d7:1b:5e:
         a2:c3:78:7f:36:97:37:7a:c3:c8:1f:87:0e:fa:3d:22:01:39:
         18:8f:ed:c4
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAYzDtuDsmBHaK5yCvfHIbeouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3OWJiYTI4MDVhOTg4OTU0ZTRmZWM0MjU3MDUzMGYxNmY5
ZTcwOTMwHhcNMjQwMTAxMDYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzc2YWY2NzI0ODEwMTllZDNhNGMzMmE5MzJiZmI4MmU0ODNlZTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3j/mbu5qxiSG7doZ1mpHCzBL1o7
n0XGjXfgzl3DyZE4/H8AWZWrglq4Cwr/UUzH1bTiSI/VogU5ckfZYSt+FDQgRoHT
EFRIpV0e/bZ4JLLAbUvsIWDsNuuT1MC9jMdwYwiwW//GhjFc/bzWlbpS6s0zkoBo
y/c1ra7crnnCTCHnjfRKh21bjusjgP+YuKSupX72pIZpmLtL0N+C+pn1gicNeX3n
ut38+ehW/yC7Fq8CS19pEPWrXhN5I0wUDqfRZAokhBzGZjzdl89tqB4kXzb9SjA6
5qMt1s8XXYnfDZZXaj1L5X8i+Jr8mYx6i87JIMkNDpiEGMZ37V80t5Z+TQIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFDN2r2ckgQGe06TDKpMr+4Lkg+5mMB8GA1UdIwQY
MBaAFKebuigFqYiVTk/sQlcFMPFvnnCTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMt
ZTFlZDlkZDJhMDJhLzEvTTNhdlp5U0JBWjdUcE1NcWt5djdndVNEN21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMtZTFlZDlkZDJhMDJh
LzEvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDAyBAIAATAsAwQAUas9
AwQAUatCAwQAUatEAwQBUatGMAwDBABRq2kDBABRq2oDBABRq3QwfgQCAAIweAMG
ACABTeACAwYCIAFN4AQDBwAgAU3gEAADBgIgAU3gIAMGASABTeAwAwYBIAFN4EAD
BgAgAU3gQwMHACABTeBQEAMGACABTeBgAwcAIAFN4GECAwYBIAFN4GIwEgMHACAB
TeBwAQMHAiABTeBwAAMHACABTeCsEzANBgkqhkiG9w0BAQsFAAOCAQEAflgctB4R
7Seu/rfIT4v5DmrqMCJsMX0qTAeASqYkAXVw+twnj9yAAtvDhYdQjGMYY9XIWsQ7
V9UNWpVnWh5YuguTbO8NXkvmBE/ILMdf7yXapjThNiQi+FduhKgMHPk4Q59kJBgp
ZII0e0vbut8gCleDuYkhObdezcMuTu/asZBXmB5W7Hzqcx04HfxyA3xhs6t0BeIL
kmf3ovwo0DcxjKNs3BIHAlLoiK325fm0z6kpb74Iwc7wae2rC/IUyb6N0G+2g1Gd
AXsRvLq8K2s/6WBC8KUujVwKoPFoH3rJQxsJv1+1TLtn1xteosN4fzaXN3rDyB+H
Dvo9IgE5GI/txA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:53:26 2024 by rpki-client on console-fra.rpki-client.org