Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/NlI9WiQJdSYBSfNnSvKHpLzoXmM.roa
File:                     NlI9WiQJdSYBSfNnSvKHpLzoXmM.roa (raw, json)
Hash identifier:          2IxPjS1fx+1UMUaF/aCaeCMu4YJJYTGwdmLPsHhlyBM=
Subject key identifier:   36:52:3D:5A:24:09:75:26:01:49:F3:67:4A:F2:87:A4:BC:E8:5E:63
Certificate issuer:       /CN=c755702467770ed69b367b77bbe640bc6db4153e
Certificate serial:       018CC8DF212646AF4C0B1B51C697143C5884
Authority key identifier: C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/NlI9WiQJdSYBSfNnSvKHpLzoXmM.roa
Signing time:             Tue 02 Jan 2024 06:31:55 +0000
ROA not before:           Tue 02 Jan 2024 06:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40306
IP address blocks:        213.209.176.0/24 maxlen: 24
                          213.209.177.0/24 maxlen: 24
                          213.209.178.0/24 maxlen: 24
                          213.209.181.128/26 maxlen: 26
                          213.209.180.0/24 maxlen: 24
                          213.209.181.0/24 maxlen: 24
                          213.209.182.0/24 maxlen: 24
                          213.209.183.0/24 maxlen: 24
                          213.209.191.0/24 maxlen: 24
                          213.209.188.0/24 maxlen: 24
                          213.209.189.0/24 maxlen: 24
                          213.209.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:21:26:46:af:4c:0b:1b:51:c6:97:14:3c:58:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c755702467770ed69b367b77bbe640bc6db4153e
        Validity
            Not Before: Jan  2 06:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36523d5a240975260149f3674af287a4bce85e63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:12:bf:a1:98:5e:bd:4a:fb:7f:87:3d:6f:72:
                    19:2f:9f:2f:b5:51:98:e5:12:99:fb:fd:b0:89:03:
                    6f:a4:83:b8:27:ec:cb:40:3d:75:c4:f6:0a:94:88:
                    68:d1:6a:0c:99:0d:f0:6e:62:f8:f3:d5:00:8f:2b:
                    1b:30:57:f5:a2:66:94:01:8e:87:5e:7d:b8:26:39:
                    30:ff:24:1a:eb:57:85:7c:aa:09:fc:ac:ee:2a:08:
                    ab:ec:8d:ac:a3:50:5b:06:d5:28:09:9a:42:eb:65:
                    05:22:47:3f:36:3c:05:02:87:59:15:c4:0a:c1:dc:
                    e2:46:dc:18:a5:90:32:ef:8c:5c:22:11:0e:62:4e:
                    c8:55:1d:53:02:d9:e5:79:39:3b:8c:d6:17:0e:d1:
                    28:7a:27:56:b4:27:3f:6c:47:36:9a:ae:dd:fd:b2:
                    ee:74:83:4d:e9:46:66:53:15:6e:fc:85:61:a1:97:
                    cd:ee:23:c0:8d:e6:d8:8a:05:9e:a2:2d:cf:af:a7:
                    bb:4a:68:d6:3a:39:41:dd:36:a4:60:a3:aa:52:10:
                    09:66:9f:f0:c3:4d:f2:f9:52:69:21:83:47:94:fe:
                    c7:4a:51:19:fb:f3:a8:fe:10:d1:a7:a9:8c:c1:d4:
                    1d:57:c3:c6:29:ff:3c:61:5d:ff:2f:6a:44:c0:3f:
                    2d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:52:3D:5A:24:09:75:26:01:49:F3:67:4A:F2:87:A4:BC:E8:5E:63
            X509v3 Authority Key Identifier:
                keyid:C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/NlI9WiQJdSYBSfNnSvKHpLzoXmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.176.0-213.209.178.255
                  213.209.180.0/22
                  213.209.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:f5:54:d8:0b:de:84:da:f6:b0:ba:a7:c6:25:c6:b4:06:46:
         40:53:70:be:ff:87:23:a6:11:16:64:21:93:57:85:e2:74:d7:
         86:b1:3b:93:a7:4f:4c:91:2a:f6:37:ab:7b:40:56:d5:59:45:
         05:91:11:f2:f0:42:c2:1c:f7:0f:07:39:7a:15:44:34:c6:7d:
         fb:64:f0:74:75:10:a2:4b:da:41:78:01:17:3d:b6:de:f8:70:
         8f:81:b7:c7:b0:a9:c2:01:7b:64:88:8d:2b:2d:d2:ba:ce:fc:
         1d:f2:27:3e:b7:61:da:5c:fa:93:aa:b2:54:2d:bf:fe:71:21:
         7f:2a:b7:3f:47:d8:83:23:b9:e7:53:85:c8:27:9f:5a:70:05:
         42:f6:8b:0d:62:d7:12:83:7d:f6:27:d7:33:29:a6:73:c7:f1:
         68:03:4a:01:34:84:60:b6:ad:75:88:f0:24:f4:5f:46:bd:8f:
         41:cd:e0:7b:25:c2:d3:ff:1c:22:62:15:d5:fa:a2:a1:05:4f:
         b0:55:f8:6b:f2:cb:b7:fd:8e:19:ec:52:d7:c4:fa:70:92:9b:
         3c:97:90:ea:d8:b5:47:09:e5:44:52:a0:92:fd:fb:73:d3:21:
         cc:9a:f1:1a:62:97:79:ce:54:b4:44:7e:8b:18:b1:f8:af:fc:
         4b:11:7c:33
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzI3yEmRq9MCxtRxpcUPFiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU3MDI0Njc3NzBlZDY5YjM2N2I3N2JiZTY0MGJjNmRi
NDE1M2UwHhcNMjQwMTAyMDYzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjUyM2Q1YTI0MDk3NTI2MDE0OWYzNjc0YWYyODdhNGJjZTg1ZTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RK/oZhevUr7f4c9b3IZL58vtVGY
5RKZ+/2wiQNvpIO4J+zLQD11xPYKlIho0WoMmQ3wbmL489UAjysbMFf1omaUAY6H
Xn24Jjkw/yQa61eFfKoJ/KzuKgir7I2so1BbBtUoCZpC62UFIkc/NjwFAodZFcQK
wdziRtwYpZAy74xcIhEOYk7IVR1TAtnleTk7jNYXDtEoeidWtCc/bEc2mq7d/bLu
dINN6UZmUxVu/IVhoZfN7iPAjebYigWeoi3Pr6e7SmjWOjlB3TakYKOqUhAJZp/w
w03y+VJpIYNHlP7HSlEZ+/Oo/hDRp6mMwdQdV8PGKf88YV3/L2pEwD8tLQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDZSPVokCXUmAUnzZ0ryh6S86F5jMB8GA1UdIwQY
MBaAFMdVcCRndw7WmzZ7d7vmQLxttBU+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYt
MWQzNzM0OTk5MjRlLzEvTmxJOVdpUUpkU1lCU2ZOblN2S0hwTHpvWG1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYtMWQzNzM0OTk5MjRl
LzEveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBATV0bAD
BADV0bIDBALV0bQDBALV0bwwDQYJKoZIhvcNAQELBQADggEBAIL1VNgL3oTa9rC6
p8YlxrQGRkBTcL7/hyOmERZkIZNXheJ014axO5OnT0yRKvY3q3tAVtVZRQWREfLw
QsIc9w8HOXoVRDTGfftk8HR1EKJL2kF4ARc9tt74cI+Bt8ewqcIBe2SIjSst0rrO
/B3yJz63Ydpc+pOqslQtv/5xIX8qtz9H2IMjuedThcgnn1pwBUL2iw1i1xKDffYn
1zMppnPH8WgDSgE0hGC2rXWI8CT0X0a9j0HN4HslwtP/HCJiFdX6oqEFT7BV+Gvy
y7f9jhnsUtfE+nCSmzyXkOrYtUcJ5URSoJL9+3PTIcya8Rpil3nOVLREfosYsfiv
/EsRfDM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:42:07 2024 by rpki-client on console-ams.rpki-client.org