Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/mApTfZeMKpXZyApSN_EyRr0WTBU.roa
File:                     mApTfZeMKpXZyApSN_EyRr0WTBU.roa (raw, json)
Hash identifier:          Do8828YtqP1xUd/bHTQtOApp2nCMLCy3sv+jWKhAWmM=
Subject key identifier:   98:0A:53:7D:97:8C:2A:95:D9:C8:0A:52:37:F1:32:46:BD:16:4C:15
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01929FCEB5C410FBEA01DC5FCF00CF822B49
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/mApTfZeMKpXZyApSN_EyRr0WTBU.roa
Signing time:             Fri 18 Oct 2024 13:26:16 +0000
ROA not before:           Fri 18 Oct 2024 13:26:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200740
IP address blocks:        45.9.72.0/24 maxlen: 24
                          45.138.73.0/24 maxlen: 24
                          46.17.105.0/24 maxlen: 24
                          80.76.32.0/23 maxlen: 23
                          80.76.34.0/23 maxlen: 23
                          91.217.76.0/24 maxlen: 24
                          92.118.8.0/23 maxlen: 23
                          94.142.136.0/23 maxlen: 23
                          94.142.136.0/24 maxlen: 24
                          94.142.137.0/24 maxlen: 24
                          95.214.9.0/24 maxlen: 24
                          95.214.10.0/23 maxlen: 23
                          95.214.10.0/24 maxlen: 24
                          95.214.11.0/24 maxlen: 24
                          185.40.7.0/24 maxlen: 24
                          185.58.204.0/24 maxlen: 24
                          185.94.164.0/23 maxlen: 23
                          185.94.164.0/24 maxlen: 24
                          185.94.165.0/24 maxlen: 24
                          185.102.136.0/24 maxlen: 24
                          185.103.252.0/23 maxlen: 23
                          185.103.252.0/24 maxlen: 24
                          185.103.253.0/24 maxlen: 24
                          185.103.254.0/23 maxlen: 23
                          185.103.254.0/24 maxlen: 24
                          185.103.255.0/24 maxlen: 24
                          185.112.81.0/24 maxlen: 24
                          185.114.72.0/23 maxlen: 23
                          185.114.72.0/24 maxlen: 24
                          185.114.73.0/24 maxlen: 24
                          185.117.116.0/24 maxlen: 24
                          185.117.119.0/24 maxlen: 24
                          185.200.190.0/24 maxlen: 24
                          185.232.170.0/23 maxlen: 23
                          185.233.80.0/23 maxlen: 23
                          185.233.82.0/24 maxlen: 24
                          185.233.202.0/23 maxlen: 23
                          185.252.144.0/24 maxlen: 24
                          193.124.182.0/24 maxlen: 24
                          193.124.183.0/24 maxlen: 24
                          193.124.188.0/23 maxlen: 23
                          193.124.190.0/24 maxlen: 24
                          193.239.160.0/23 maxlen: 23
                          193.239.166.0/23 maxlen: 23
                          194.36.178.0/23 maxlen: 23
                          2a04:5200:68::/48 maxlen: 48
                          2a04:5201:2::/48 maxlen: 48
                          2a04:5201:4::/48 maxlen: 48
                          2a04:5201:6::/48 maxlen: 48
                          2a04:5201:7::/48 maxlen: 48
                          2a04:5201:9::/48 maxlen: 48
                          2a04:5201:10::/48 maxlen: 48
                          2a04:5201:8018::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 06:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9f:ce:b5:c4:10:fb:ea:01:dc:5f:cf:00:cf:82:2b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Oct 18 13:26:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=980a537d978c2a95d9c80a5237f13246bd164c15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:11:19:10:8d:b3:1e:77:0f:47:31:c3:fe:ef:
                    de:ca:14:32:00:0a:3c:51:ee:93:f0:2b:5c:36:ec:
                    f6:aa:2f:df:be:67:09:2b:2e:0a:ab:70:83:92:3f:
                    7e:b0:a4:7d:0d:ea:8b:17:24:9e:5e:9b:10:81:ec:
                    db:37:44:c8:0b:09:7e:01:e6:cf:bc:ed:38:2b:f9:
                    68:92:ed:14:0e:52:85:e5:a3:8a:f6:cc:9e:73:0c:
                    71:db:c7:a4:e7:f7:e1:f3:53:3e:c5:a5:ec:59:69:
                    3d:36:d3:c7:db:2e:8c:77:40:b6:bf:e1:4a:c6:a8:
                    cd:28:b1:7e:e7:c1:0c:b5:80:f8:ab:1c:9b:3b:3e:
                    af:32:d0:e9:cd:fc:6f:e1:fc:0e:ed:1d:3d:c9:0c:
                    88:b3:ff:b2:94:aa:79:b1:7f:11:66:1c:a3:49:fe:
                    93:98:b4:5f:52:0c:7d:83:66:ed:71:0f:5b:1f:64:
                    fa:40:08:1c:07:12:6b:a4:4e:0f:b1:12:12:6f:89:
                    f8:a7:37:7a:84:f2:97:39:be:51:95:be:11:9d:9f:
                    c0:54:4d:df:e9:91:83:f4:ae:5b:dd:98:fc:47:a2:
                    7a:38:a7:34:ef:52:87:a6:23:e5:16:ab:b4:37:14:
                    32:ce:c0:37:3b:d7:0c:39:d3:0d:03:88:8c:17:71:
                    4b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:0A:53:7D:97:8C:2A:95:D9:C8:0A:52:37:F1:32:46:BD:16:4C:15
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/mApTfZeMKpXZyApSN_EyRr0WTBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.72.0/24
                  45.138.73.0/24
                  46.17.105.0/24
                  80.76.32.0/22
                  91.217.76.0/24
                  92.118.8.0/23
                  94.142.136.0/23
                  95.214.9.0-95.214.11.255
                  185.40.7.0/24
                  185.58.204.0/24
                  185.94.164.0/23
                  185.102.136.0/24
                  185.103.252.0/22
                  185.112.81.0/24
                  185.114.72.0/23
                  185.117.116.0/24
                  185.117.119.0/24
                  185.200.190.0/24
                  185.232.170.0/23
                  185.233.80.0-185.233.82.255
                  185.233.202.0/23
                  185.252.144.0/24
                  193.124.182.0/23
                  193.124.188.0-193.124.190.255
                  193.239.160.0/23
                  193.239.166.0/23
                  194.36.178.0/23
                IPv6:
                  2a04:5200:68::/48
                  2a04:5201:2::/48
                  2a04:5201:4::/48
                  2a04:5201:6::/47
                  2a04:5201:9::/48
                  2a04:5201:10::/48
                  2a04:5201:8018::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:d2:5b:bc:84:88:30:1c:11:9b:f3:54:4f:a5:e8:57:19:8a:
         90:6e:c8:8a:86:39:80:78:a3:e2:30:e2:be:14:4a:14:6a:e0:
         83:7a:16:b2:6f:e2:77:b6:50:bf:05:7b:c9:67:b2:6e:02:7d:
         b4:2a:d1:8f:13:3d:f2:e1:cc:91:4a:51:46:8e:05:78:92:77:
         ed:ad:b0:8c:85:c2:8d:59:7c:3b:7a:a6:df:bb:57:47:78:80:
         1f:c7:6e:72:f0:6d:8b:00:82:1d:24:9c:4f:72:e7:cb:9e:92:
         2d:2a:58:9d:f4:28:1e:a1:4a:26:a6:59:09:b2:e9:b3:1e:ee:
         83:34:eb:95:ce:b1:71:c5:fa:64:6c:c1:3a:17:36:c3:d2:d8:
         19:ee:b6:56:05:47:eb:ab:c8:d1:04:e3:b5:58:7c:e1:9f:3f:
         5a:14:91:60:c2:50:7c:bc:59:4f:a5:e7:55:57:dc:bc:a4:81:
         3e:7c:65:b3:20:9e:55:fa:d5:07:91:e4:93:ef:9b:ca:fd:25:
         5a:d6:a0:21:a9:f9:5d:63:69:2d:d7:7f:85:3d:ec:f2:37:57:
         18:aa:5b:f9:ee:63:ff:1c:70:1e:e3:38:f9:8e:c5:8a:78:d1:
         16:1f:a2:42:5e:bb:25:59:a6:a7:14:79:0e:ed:72:0c:98:38:
         27:b5:49:22
-----BEGIN CERTIFICATE-----
MIIGADCCBOigAwIBAgISAZKfzrXEEPvqAdxfzwDPgitJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQxMDE4MTMyNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODBhNTM3ZDk3OGMyYTk1ZDljODBhNTIzN2YxMzI0NmJkMTY0YzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxEZEI2zHncPRzHD/u/eyhQyAAo8
Ue6T8CtcNuz2qi/fvmcJKy4Kq3CDkj9+sKR9DeqLFySeXpsQgezbN0TICwl+AebP
vO04K/loku0UDlKF5aOK9syecwxx28ek5/fh81M+xaXsWWk9NtPH2y6Md0C2v+FK
xqjNKLF+58EMtYD4qxybOz6vMtDpzfxv4fwO7R09yQyIs/+ylKp5sX8RZhyjSf6T
mLRfUgx9g2btcQ9bH2T6QAgcBxJrpE4PsRISb4n4pzd6hPKXOb5Rlb4RnZ/AVE3f
6ZGD9K5b3Zj8R6J6OKc071KHpiPlFqu0NxQyzsA3O9cMOdMNA4iMF3FLpwIDAQAB
o4IDDDCCAwgwHQYDVR0OBBYEFJgKU32XjCqV2cgKUjfxMka9FkwVMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvbUFwVGZaZU1LcFhaeUFwU05fRXlScjBXVEJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIAYIKwYBBQUHAQcBAf8EggEPMIIBCzCBwQQCAAEwgboD
BAAtCUgDBAAtikkDBAAuEWkDBAJQTCADBABb2UwDBAFcdggDBAFejogwDAMEAF/W
CQMEAl/WCAMEALkoBwMEALk6zAMEAblepAMEALlmiAMEArln/AMEALlwUQMEAbly
SAMEALl1dAMEALl1dwMEALnIvgMEAbnoqjAMAwQEuelQAwQAuelSAwQBuenKAwQA
ufyQAwQBwXy2MAwDBALBfLwDBADBfL4DBAHB76ADBAHB76YDBAHCJLIwRQQCAAIw
PwMHACoEUgAAaAMHACoEUgEAAgMHACoEUgEABAMHASoEUgEABgMHACoEUgEACQMH
ACoEUgEAEAMHACoEUgGAGDANBgkqhkiG9w0BAQsFAAOCAQEACtJbvISIMBwRm/NU
T6XoVxmKkG7IioY5gHij4jDivhRKFGrgg3oWsm/id7ZQvwV7yWeybgJ9tCrRjxM9
8uHMkUpRRo4FeJJ37a2wjIXCjVl8O3qm37tXR3iAH8ducvBtiwCCHSScT3Lny56S
LSpYnfQoHqFKJqZZCbLpsx7ugzTrlc6xccX6ZGzBOhc2w9LYGe62VgVH66vI0QTj
tVh84Z8/WhSRYMJQfLxZT6XnVVfcvKSBPnxlsyCeVfrVB5Hkk++byv0lWtagIan5
XWNpLdd/hT3s8jdXGKpb+e5j/xxwHuM4+Y7FinjRFh+iQl67JVmmpxR5Du1yDJg4
J7VJIg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:33:24 2024 by rpki-client on console-fra.rpki-client.org