Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/jyBaZGcBr0sf-cLNTbVDeH6w6bc.roa
File:                     jyBaZGcBr0sf-cLNTbVDeH6w6bc.roa (raw, json)
Hash identifier:          ze8k7tr2Tjj6I2B0GrNlTfHgG5gx1itY214LQllbvAE=
Subject key identifier:   8F:20:5A:64:67:01:AF:4B:1F:F9:C2:CD:4D:B5:43:78:7E:B0:E9:B7
Certificate issuer:       /CN=5673fa6842973edf62d579b4efec2fa64fdbf8c8
Certificate serial:       018CC9BC7D46216E9AAAFACF7C04A595A3F5
Authority key identifier: 56:73:FA:68:42:97:3E:DF:62:D5:79:B4:EF:EC:2F:A6:4F:DB:F8:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/jyBaZGcBr0sf-cLNTbVDeH6w6bc.roa
Signing time:             Tue 02 Jan 2024 10:33:42 +0000
ROA not before:           Tue 02 Jan 2024 10:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        78.135.112.0/24 maxlen: 24
                          212.68.47.0/24 maxlen: 24
                          95.214.72.0/22 maxlen: 22
                          31.210.62.0/23 maxlen: 24
                          2a09:da81::/32 maxlen: 32
                          2a09:da80::/29 maxlen: 29
                          2a09:da80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:7d:46:21:6e:9a:aa:fa:cf:7c:04:a5:95:a3:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5673fa6842973edf62d579b4efec2fa64fdbf8c8
        Validity
            Not Before: Jan  2 10:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f205a646701af4b1ff9c2cd4db543787eb0e9b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:16:55:69:c2:00:6d:0e:68:96:03:c4:8f:5c:
                    f6:3e:b1:80:fe:2f:0a:72:e6:f3:43:dc:06:c0:b7:
                    36:35:30:9f:1b:84:da:ca:b9:82:f0:a8:07:d7:79:
                    7d:7a:1c:7e:e6:14:2c:a8:69:b1:c5:20:14:c1:d9:
                    05:0e:fc:1c:a0:7f:99:cd:30:80:c5:0a:dd:00:d3:
                    20:99:0e:44:7c:e9:b7:9a:6e:f7:5a:19:f1:6c:12:
                    f7:90:f9:cf:6d:29:5b:33:4f:eb:bf:a9:cf:06:e8:
                    01:5f:f3:ee:4f:6b:c9:f9:52:34:1f:49:7c:1c:58:
                    b9:6f:88:0a:77:6d:6e:59:eb:c8:e0:97:7a:71:eb:
                    ab:a0:72:10:f8:fb:0d:bd:eb:2d:fd:1f:b4:69:64:
                    8f:12:cd:58:86:b9:9b:33:31:00:41:7c:0b:b6:6e:
                    3e:06:54:61:f2:d7:45:66:4a:01:f1:bb:a4:5f:53:
                    f2:b8:98:61:ac:2a:6b:b6:81:c6:55:18:a3:2e:21:
                    a2:47:01:9e:eb:25:6f:0d:01:9c:8c:83:56:3d:38:
                    8a:cc:f9:98:d6:6f:ba:aa:fe:06:ba:d7:03:ea:a8:
                    8a:97:5b:87:e0:8b:1e:2f:1c:3d:87:a2:ff:bc:a2:
                    2d:f7:3e:27:49:26:55:de:2e:08:88:ae:8e:a3:7b:
                    12:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:20:5A:64:67:01:AF:4B:1F:F9:C2:CD:4D:B5:43:78:7E:B0:E9:B7
            X509v3 Authority Key Identifier:
                keyid:56:73:FA:68:42:97:3E:DF:62:D5:79:B4:EF:EC:2F:A6:4F:DB:F8:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/jyBaZGcBr0sf-cLNTbVDeH6w6bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.62.0/23
                  78.135.112.0/24
                  95.214.72.0/22
                  212.68.47.0/24
                IPv6:
                  2a09:da80::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:e0:29:b7:41:a6:98:57:88:b1:13:13:3c:f5:4c:2c:ed:2c:
         b9:40:76:1a:9b:1f:10:d4:16:11:27:8d:c1:15:9f:54:0b:29:
         be:48:db:b7:c6:a1:e3:ae:d5:1a:65:76:22:21:a3:67:2a:ed:
         69:6c:c8:c3:d2:84:44:21:ad:df:69:b0:b6:58:07:69:db:87:
         83:08:9f:3a:f7:0e:3f:a5:18:ef:a5:3a:e1:fd:64:d9:20:7c:
         34:ec:fa:86:37:a0:6f:77:7f:c0:d0:94:06:88:85:93:5c:24:
         cc:c1:3a:89:d6:34:28:1b:d3:8c:43:1f:bd:21:e3:50:65:fa:
         8c:a7:07:e5:f8:fd:27:e4:42:ac:d2:70:30:aa:14:fa:b4:48:
         48:3a:33:53:8e:16:41:4c:51:dd:20:53:64:1b:33:70:3e:4f:
         73:66:0a:cf:4f:15:72:31:0d:3a:51:b7:92:79:b3:00:ff:ee:
         7a:6f:28:ec:01:77:50:67:40:29:77:7f:d7:5f:68:f4:ef:b7:
         e9:2f:ec:20:82:34:c9:18:bb:9a:6f:1d:3e:31:83:85:df:49:
         6c:ae:f3:e8:21:9d:c9:85:6e:29:1c:cd:58:dc:41:02:c1:b3:
         86:f3:4a:ee:e9:c6:d1:b5:de:01:ab:b5:98:81:70:ee:a4:03:
         8a:1f:bf:16
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzJvH1GIW6aqvrPfASllaP1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NzNmYTY4NDI5NzNlZGY2MmQ1NzliNGVmZWMyZmE2NGZk
YmY4YzgwHhcNMjQwMTAyMTAzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjIwNWE2NDY3MDFhZjRiMWZmOWMyY2Q0ZGI1NDM3ODdlYjBlOWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRZVacIAbQ5olgPEj1z2PrGA/i8K
cubzQ9wGwLc2NTCfG4TayrmC8KgH13l9ehx+5hQsqGmxxSAUwdkFDvwcoH+ZzTCA
xQrdANMgmQ5EfOm3mm73WhnxbBL3kPnPbSlbM0/rv6nPBugBX/PuT2vJ+VI0H0l8
HFi5b4gKd21uWevI4Jd6ceuroHIQ+PsNvest/R+0aWSPEs1YhrmbMzEAQXwLtm4+
BlRh8tdFZkoB8bukX1PyuJhhrCprtoHGVRijLiGiRwGe6yVvDQGcjINWPTiKzPmY
1m+6qv4GutcD6qiKl1uH4IseLxw9h6L/vKIt9z4nSSZV3i4IiK6Oo3sSowIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFI8gWmRnAa9LH/nCzU21Q3h+sOm3MB8GA1UdIwQY
MBaAFFZz+mhClz7fYtV5tO/sL6ZP2/jIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5QNmFFS1hQdDlpMVhtMDctd3Zwa19iLU1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83OGU1ZWItYzJhZi00NDYyLWI4NTkt
ODk4OTk2Yzg2MWRmLzEvanlCYVpHY0JyMHNmLWNMTlRiVkRlSDZ3NmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83OGU1ZWItYzJhZi00NDYyLWI4NTktODk4OTk2Yzg2MWRm
LzEvVm5QNmFFS1hQdDlpMVhtMDctd3Zwa19iLU1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBH9I+AwQA
TodwAwQCX9ZIAwQA1EQvMA0EAgACMAcDBQMqCdqAMA0GCSqGSIb3DQEBCwUAA4IB
AQCU4Cm3QaaYV4ixExM89Uws7Sy5QHYamx8Q1BYRJ43BFZ9UCym+SNu3xqHjrtUa
ZXYiIaNnKu1pbMjD0oREIa3fabC2WAdp24eDCJ869w4/pRjvpTrh/WTZIHw07PqG
N6Bvd3/A0JQGiIWTXCTMwTqJ1jQoG9OMQx+9IeNQZfqMpwfl+P0n5EKs0nAwqhT6
tEhIOjNTjhZBTFHdIFNkGzNwPk9zZgrPTxVyMQ06UbeSebMA/+56byjsAXdQZ0Ap
d3/XX2j077fpL+wggjTJGLuabx0+MYOF30lsrvPoIZ3JhW4pHM1Y3EECwbOG80ru
6cbRtd4Bq7WYgXDupAOKH78W
-----END CERTIFICATE-----
Generated at Sun Nov 24 22:40:36 2024 by rpki-client on console-fra.rpki-client.org