Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/715835-bc1d-4cb8-9618-4ef283ce7ff1/1/Pdbg2ogjIToKAatDl8eeOS3H9Zc.roa
File:                     Pdbg2ogjIToKAatDl8eeOS3H9Zc.roa (raw, json)
Hash identifier:          PjQHnMdnb9+5GxZS9OQI8exJo5flvAI/GlpSNwuLxg8=
Subject key identifier:   3D:D6:E0:DA:88:23:21:3A:0A:01:AB:43:97:C7:9E:39:2D:C7:F5:97
Certificate issuer:       /CN=29921518c5da1b84c5971a79bc74e8ac0770fd49
Certificate serial:       018DD16C3EDFA0FCC0746D357D4C6F95ED7F
Authority key identifier: 29:92:15:18:C5:DA:1B:84:C5:97:1A:79:BC:74:E8:AC:07:70:FD:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KZIVGMXaG4TFlxp5vHTorAdw_Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/715835-bc1d-4cb8-9618-4ef283ce7ff1/1/Pdbg2ogjIToKAatDl8eeOS3H9Zc.roa
Signing time:             Thu 22 Feb 2024 15:25:48 +0000
ROA not before:           Thu 22 Feb 2024 15:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201603
IP address blocks:        91.217.32.0/23 maxlen: 23
                          91.217.32.0/24 maxlen: 24
                          91.217.33.0/24 maxlen: 24
                          94.177.20.0/24 maxlen: 24
                          185.69.104.0/22 maxlen: 22
                          185.69.104.0/24 maxlen: 24
                          185.69.105.0/24 maxlen: 24
                          185.69.106.0/24 maxlen: 24
                          185.69.107.0/24 maxlen: 24
                          188.214.108.0/24 maxlen: 24
                          2a05:2140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/715835-bc1d-4cb8-9618-4ef283ce7ff1/1/KZIVGMXaG4TFlxp5vHTorAdw_Uk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/715835-bc1d-4cb8-9618-4ef283ce7ff1/1/KZIVGMXaG4TFlxp5vHTorAdw_Uk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KZIVGMXaG4TFlxp5vHTorAdw_Uk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:6c:3e:df:a0:fc:c0:74:6d:35:7d:4c:6f:95:ed:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29921518c5da1b84c5971a79bc74e8ac0770fd49
        Validity
            Not Before: Feb 22 15:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dd6e0da8823213a0a01ab4397c79e392dc7f597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f1:6c:f3:f7:11:00:01:fa:c6:1b:05:89:4e:
                    f6:51:fb:e2:3d:4c:6b:e4:6f:51:fd:89:fc:b8:91:
                    14:51:ef:17:8a:28:8e:c1:cf:f4:47:f1:9a:01:e9:
                    8e:c4:f3:d8:8c:aa:4c:d2:d2:1d:42:f4:b4:78:f2:
                    2e:fd:34:8c:f7:88:0f:25:6e:64:2d:1e:64:45:d1:
                    a0:1e:ee:d4:4d:fd:ad:1c:76:ce:3c:43:f4:a5:d4:
                    98:1d:f9:4b:ca:e3:ed:88:4d:82:8b:d2:7d:6b:57:
                    51:c1:ea:ec:02:5d:9c:a8:ef:e2:aa:13:27:98:a3:
                    19:b0:33:1b:88:c5:c1:7b:b2:cc:e0:aa:59:cb:25:
                    32:47:3f:a7:39:95:78:df:ea:57:52:de:3f:fd:7b:
                    6f:0e:2e:ff:ae:d1:9a:5e:ef:24:95:66:04:1f:76:
                    b8:2c:9a:4d:22:d0:01:22:61:28:2f:ff:94:69:04:
                    ac:b5:c5:93:61:02:8d:87:16:21:10:1a:ce:89:78:
                    47:a0:7d:c8:10:da:88:5b:99:ac:ab:44:7b:c9:18:
                    f4:17:42:33:c6:2d:75:42:28:66:ff:d3:fc:aa:e0:
                    6a:a5:0c:1e:80:22:ab:65:ef:f7:c5:1c:73:a7:1d:
                    2c:94:45:b2:1c:8a:63:de:17:40:d2:a6:c3:7e:2d:
                    c7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D6:E0:DA:88:23:21:3A:0A:01:AB:43:97:C7:9E:39:2D:C7:F5:97
            X509v3 Authority Key Identifier:
                keyid:29:92:15:18:C5:DA:1B:84:C5:97:1A:79:BC:74:E8:AC:07:70:FD:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZIVGMXaG4TFlxp5vHTorAdw_Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/715835-bc1d-4cb8-9618-4ef283ce7ff1/1/Pdbg2ogjIToKAatDl8eeOS3H9Zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/715835-bc1d-4cb8-9618-4ef283ce7ff1/1/KZIVGMXaG4TFlxp5vHTorAdw_Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.32.0/23
                  94.177.20.0/24
                  185.69.104.0/22
                  188.214.108.0/24
                IPv6:
                  2a05:2140::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:a3:dd:60:9a:92:89:fc:b3:d3:bc:d3:1b:23:65:5f:47:f9:
         65:eb:e0:0d:cf:5f:42:c8:43:99:17:e3:c0:5c:fc:9d:14:a0:
         ab:ac:f3:e8:91:36:f5:a9:94:b1:b9:0a:22:a4:e5:9f:c6:18:
         79:c7:03:a5:aa:32:52:8b:a4:f2:c9:9f:0f:37:a2:3b:3d:b8:
         64:ac:b4:64:28:f0:32:c9:03:76:69:06:1b:7f:68:cc:09:64:
         c0:a4:a4:91:f5:20:70:e8:e5:32:e7:ea:3f:ef:25:19:95:62:
         cc:a4:1b:7c:a6:5f:e3:c4:67:91:da:1a:73:6c:f3:42:f4:2c:
         f2:8f:40:28:3c:08:ec:50:cd:c2:16:3d:be:45:b6:a0:ff:a4:
         dc:0b:f7:f3:aa:bf:77:95:eb:b6:78:0d:5e:9b:1a:eb:8b:62:
         1a:df:00:09:cb:04:36:e9:6b:5a:c5:5a:3d:de:4b:cd:87:04:
         90:5a:ee:ad:03:33:c3:54:6e:fb:e3:8d:ee:53:8b:30:3f:a4:
         72:de:28:aa:6e:0d:20:cd:81:09:e0:07:70:aa:c5:57:e5:cf:
         82:50:96:ea:a3:a3:f8:df:69:ec:1a:80:38:96:0d:4b:ad:0d:
         30:f5:a7:80:4f:81:d0:d4:87:00:74:d6:9a:8b:2d:80:ea:92:
         ef:1e:63:88
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY3RbD7foPzAdG01fUxvle1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5OTIxNTE4YzVkYTFiODRjNTk3MWE3OWJjNzRlOGFjMDc3
MGZkNDkwHhcNMjQwMjIyMTUyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQ2ZTBkYTg4MjMyMTNhMGEwMWFiNDM5N2M3OWUzOTJkYzdmNTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/Fs8/cRAAH6xhsFiU72UfviPUxr
5G9R/Yn8uJEUUe8XiiiOwc/0R/GaAemOxPPYjKpM0tIdQvS0ePIu/TSM94gPJW5k
LR5kRdGgHu7UTf2tHHbOPEP0pdSYHflLyuPtiE2Ci9J9a1dRwersAl2cqO/iqhMn
mKMZsDMbiMXBe7LM4KpZyyUyRz+nOZV43+pXUt4//XtvDi7/rtGaXu8klWYEH3a4
LJpNItABImEoL/+UaQSstcWTYQKNhxYhEBrOiXhHoH3IENqIW5msq0R7yRj0F0Iz
xi11Qihm/9P8quBqpQwegCKrZe/3xRxzpx0slEWyHIpj3hdA0qbDfi3HbQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFD3W4NqIIyE6CgGrQ5fHnjktx/WXMB8GA1UdIwQY
MBaAFCmSFRjF2huExZcaebx06KwHcP1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1pJVkdNWGFHNFRGbHhwNXZIVG9yQWR3X1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy83MTU4MzUtYmMxZC00Y2I4LTk2MTgt
NGVmMjgzY2U3ZmYxLzEvUGRiZzJvZ2pJVG9LQWF0RGw4ZWVPUzNIOVpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy83MTU4MzUtYmMxZC00Y2I4LTk2MTgtNGVmMjgzY2U3ZmYx
LzEvS1pJVkdNWGFHNFRGbHhwNXZIVG9yQWR3X1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBW9kgAwQA
XrEUAwQCuUVoAwQAvNZsMA0EAgACMAcDBQMqBSFAMA0GCSqGSIb3DQEBCwUAA4IB
AQClo91gmpKJ/LPTvNMbI2VfR/ll6+ANz19CyEOZF+PAXPydFKCrrPPokTb1qZSx
uQoipOWfxhh5xwOlqjJSi6TyyZ8PN6I7PbhkrLRkKPAyyQN2aQYbf2jMCWTApKSR
9SBw6OUy5+o/7yUZlWLMpBt8pl/jxGeR2hpzbPNC9Czyj0AoPAjsUM3CFj2+Rbag
/6TcC/fzqr93leu2eA1emxrri2Ia3wAJywQ26WtaxVo93kvNhwSQWu6tAzPDVG77
443uU4swP6Ry3iiqbg0gzYEJ4AdwqsVX5c+CUJbqo6P432nsGoA4lg1LrQ0w9aeA
T4HQ1IcAdNaaiy2A6pLvHmOI
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:58:46 2024 by rpki-client on console-fra.rpki-client.org