Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/dd3fc8-47dc-4a36-8734-45d84da39874/1/XMxj-_vGRo1cP1FdykQmMlQsZNo.roa
File:                     XMxj-_vGRo1cP1FdykQmMlQsZNo.roa (raw, json)
Hash identifier:          U77Klp6QozRj4GmXaEu2v+gCGo3OJpYWJliQammC7WE=
Subject key identifier:   5C:CC:63:FB:FB:C6:46:8D:5C:3F:51:5D:CA:44:26:32:54:2C:64:DA
Certificate issuer:       /CN=6c91d7d5f5ce57926c903973ecbf112bfae1530d
Certificate serial:       018CC6B79EC99C6810F5AE52C16D4A3E784D
Authority key identifier: 6C:91:D7:D5:F5:CE:57:92:6C:90:39:73:EC:BF:11:2B:FA:E1:53:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bJHX1fXOV5JskDlz7L8RK_rhUw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/dd3fc8-47dc-4a36-8734-45d84da39874/1/XMxj-_vGRo1cP1FdykQmMlQsZNo.roa
Signing time:             Mon 01 Jan 2024 20:29:31 +0000
ROA not before:           Mon 01 Jan 2024 20:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196881
IP address blocks:        185.135.36.0/24 maxlen: 24
                          185.135.36.0/22 maxlen: 22
                          185.135.37.0/24 maxlen: 24
                          185.135.38.0/24 maxlen: 24
                          93.190.112.0/24 maxlen: 24
                          93.190.113.0/24 maxlen: 24
                          93.190.114.0/24 maxlen: 24
                          93.190.115.0/24 maxlen: 24
                          93.190.116.0/24 maxlen: 24
                          93.190.117.0/24 maxlen: 24
                          93.190.118.0/24 maxlen: 24
                          93.190.112.0/21 maxlen: 21
                          93.190.119.0/24 maxlen: 24
                          185.135.39.0/24 maxlen: 24
                          2a05:5b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/dd3fc8-47dc-4a36-8734-45d84da39874/1/bJHX1fXOV5JskDlz7L8RK_rhUw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/dd3fc8-47dc-4a36-8734-45d84da39874/1/bJHX1fXOV5JskDlz7L8RK_rhUw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bJHX1fXOV5JskDlz7L8RK_rhUw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:9e:c9:9c:68:10:f5:ae:52:c1:6d:4a:3e:78:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c91d7d5f5ce57926c903973ecbf112bfae1530d
        Validity
            Not Before: Jan  1 20:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ccc63fbfbc6468d5c3f515dca442632542c64da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0b:4d:23:b2:89:1f:8e:bb:73:98:5b:c0:de:
                    40:1e:2d:9a:7d:2f:94:f9:c2:9c:2c:a8:07:eb:5e:
                    3f:3b:b0:4f:50:66:6f:2f:1a:23:14:7f:0e:3c:ac:
                    dd:5f:de:eb:8a:1e:fb:6b:a2:46:97:8c:c5:fd:7e:
                    f7:5d:9c:5b:3c:cb:42:44:62:05:da:3f:9d:17:63:
                    5b:49:28:f1:8d:5a:39:35:cb:e4:b4:de:f7:dc:8a:
                    40:df:9d:f9:d0:4e:89:a7:95:10:13:75:00:40:32:
                    5b:a7:23:1e:e1:ed:e0:a0:8a:b7:14:fc:e4:22:d9:
                    65:42:8b:79:27:ff:22:40:3f:a0:2c:2a:55:a4:a7:
                    3d:c9:29:bf:e5:0f:ee:36:33:f8:a9:c2:7e:b7:02:
                    d9:a8:51:20:0a:02:48:08:9e:09:1d:c7:12:3d:e2:
                    e1:e4:80:a0:a1:4a:68:8b:09:e4:a8:99:bd:87:09:
                    6e:65:e8:42:d8:48:ae:cd:a9:54:44:f7:0a:4d:d8:
                    2d:ac:51:7b:2f:5d:70:59:37:6d:de:d5:b9:6a:85:
                    45:6a:06:30:9e:1a:e5:60:fa:75:b4:99:29:f9:ad:
                    67:24:d8:8e:82:d1:16:59:14:74:28:de:36:24:b0:
                    4c:f4:bc:28:c4:19:97:ed:ee:e4:7a:9d:dc:1e:6a:
                    36:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:CC:63:FB:FB:C6:46:8D:5C:3F:51:5D:CA:44:26:32:54:2C:64:DA
            X509v3 Authority Key Identifier:
                keyid:6C:91:D7:D5:F5:CE:57:92:6C:90:39:73:EC:BF:11:2B:FA:E1:53:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bJHX1fXOV5JskDlz7L8RK_rhUw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/dd3fc8-47dc-4a36-8734-45d84da39874/1/XMxj-_vGRo1cP1FdykQmMlQsZNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/dd3fc8-47dc-4a36-8734-45d84da39874/1/bJHX1fXOV5JskDlz7L8RK_rhUw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.112.0/21
                  185.135.36.0/22
                IPv6:
                  2a05:5b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:18:af:ce:81:72:d9:a5:c2:10:11:b9:30:cf:18:48:0d:40:
         14:47:2d:b1:1f:38:b7:c2:0c:c3:ff:c7:6f:f0:be:1e:84:0c:
         e0:47:3e:60:68:b1:1f:74:ca:32:03:ca:f9:de:96:34:94:0c:
         ff:fe:d3:99:98:e7:28:83:4b:ac:99:16:00:ed:6c:16:e6:43:
         51:d6:d6:b2:a3:52:00:a1:21:07:34:b1:46:34:c0:5b:10:84:
         be:22:7b:64:19:f6:26:82:33:3b:4e:7c:c8:23:13:1d:1e:2b:
         4a:21:88:32:fe:48:88:79:9b:32:72:54:69:28:78:82:fd:c4:
         63:48:84:a7:cd:09:2e:af:3c:c8:5a:47:ec:ca:b2:46:7a:4c:
         e7:72:14:d7:01:89:92:69:22:97:0a:1d:ed:fb:00:5d:e6:71:
         5b:fe:1d:ad:7a:a0:92:e3:b0:67:2f:f0:82:ed:08:0f:5f:46:
         72:93:35:18:0e:06:f6:59:3c:24:8c:7c:25:08:a5:de:39:fd:
         8f:d0:96:bd:8a:12:bf:c8:6e:26:9d:29:f9:ef:20:73:8c:1f:
         8a:7f:a9:8e:ef:74:de:45:bf:59:2e:73:1e:3e:a5:89:0e:db:
         00:ba:d2:7c:4a:b3:fd:6b:1a:60:ee:34:a5:5e:6d:11:90:41:
         33:dd:d2:75
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGt57JnGgQ9a5SwW1KPnhNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOTFkN2Q1ZjVjZTU3OTI2YzkwMzk3M2VjYmYxMTJiZmFl
MTUzMGQwHhcNMjQwMTAxMjAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2NjNjNmYmZiYzY0NjhkNWMzZjUxNWRjYTQ0MjYzMjU0MmM2NGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwtNI7KJH467c5hbwN5AHi2afS+U
+cKcLKgH614/O7BPUGZvLxojFH8OPKzdX97rih77a6JGl4zF/X73XZxbPMtCRGIF
2j+dF2NbSSjxjVo5NcvktN733IpA35350E6Jp5UQE3UAQDJbpyMe4e3goIq3FPzk
ItllQot5J/8iQD+gLCpVpKc9ySm/5Q/uNjP4qcJ+twLZqFEgCgJICJ4JHccSPeLh
5ICgoUpoiwnkqJm9hwluZehC2EiuzalURPcKTdgtrFF7L11wWTdt3tW5aoVFagYw
nhrlYPp1tJkp+a1nJNiOgtEWWRR0KN42JLBM9LwoxBmX7e7kep3cHmo29QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFzMY/v7xkaNXD9RXcpEJjJULGTaMB8GA1UdIwQY
MBaAFGyR19X1zleSbJA5c+y/ESv64VMNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkpIWDFmWE9WNUpza0RsejdMOFJLX3JoVXcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9kZDNmYzgtNDdkYy00YTM2LTg3MzQt
NDVkODRkYTM5ODc0LzEvWE14ai1fdkdSbzFjUDFGZHlrUW1NbFFzWk5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9kZDNmYzgtNDdkYy00YTM2LTg3MzQtNDVkODRkYTM5ODc0
LzEvYkpIWDFmWE9WNUpza0RsejdMOFJLX3JoVXcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXb5wAwQC
uYckMA0EAgACMAcDBQMqBVsAMA0GCSqGSIb3DQEBCwUAA4IBAQACGK/OgXLZpcIQ
EbkwzxhIDUAURy2xHzi3wgzD/8dv8L4ehAzgRz5gaLEfdMoyA8r53pY0lAz//tOZ
mOcog0usmRYA7WwW5kNR1tayo1IAoSEHNLFGNMBbEIS+IntkGfYmgjM7TnzIIxMd
HitKIYgy/kiIeZsyclRpKHiC/cRjSISnzQkurzzIWkfsyrJGekznchTXAYmSaSKX
Ch3t+wBd5nFb/h2teqCS47BnL/CC7QgPX0ZykzUYDgb2WTwkjHwlCKXeOf2P0Ja9
ihK/yG4mnSn57yBzjB+Kf6mO73TeRb9ZLnMePqWJDtsAutJ8SrP9axpg7jSlXm0R
kEEz3dJ1
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:25:45 2024 by rpki-client on console-ams.rpki-client.org