Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/990747-3454-4412-8f06-6b3a47667ca8/1/1-VRPnJ1jvKWXHSLhMForVJoi27I.roa
File:                     1-VRPnJ1jvKWXHSLhMForVJoi27I.roa (raw, json)
Hash identifier:          j8HI06Cb3nQGwHEnK1h86ruO5rftGctU0GNbv7Kq6uM=
Subject key identifier:   F9:54:4F:9C:9D:63:BC:A5:97:1D:22:E1:30:5A:2B:54:9A:22:DB:B2
Certificate issuer:       /CN=2bb330942298f75823cbb980c8eb2acf0b7c0c1b
Certificate serial:       018EDD338D540FCB27CC5E37A4BC6732B500
Authority key identifier: 2B:B3:30:94:22:98:F7:58:23:CB:B9:80:C8:EB:2A:CF:0B:7C:0C:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K7MwlCKY91gjy7mAyOsqzwt8DBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/990747-3454-4412-8f06-6b3a47667ca8/1/1-VRPnJ1jvKWXHSLhMForVJoi27I.roa
Signing time:             Sun 14 Apr 2024 15:22:06 +0000
ROA not before:           Sun 14 Apr 2024 15:22:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200154
IP address blocks:        185.32.44.0/22 maxlen: 22
                          185.32.44.0/24 maxlen: 24
                          185.32.45.0/24 maxlen: 24
                          185.32.46.0/24 maxlen: 24
                          185.32.47.0/24 maxlen: 24
                          185.40.33.0/24 maxlen: 24
                          2a00:c0a0::/32 maxlen: 32
                          2a00:c0a0::/34 maxlen: 34
                          2a00:c0a0:4000::/34 maxlen: 34
                          2a00:c0a0:8000::/34 maxlen: 34
                          2a00:c0a0:c000::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/990747-3454-4412-8f06-6b3a47667ca8/1/K7MwlCKY91gjy7mAyOsqzwt8DBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/990747-3454-4412-8f06-6b3a47667ca8/1/K7MwlCKY91gjy7mAyOsqzwt8DBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K7MwlCKY91gjy7mAyOsqzwt8DBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:dd:33:8d:54:0f:cb:27:cc:5e:37:a4:bc:67:32:b5:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bb330942298f75823cbb980c8eb2acf0b7c0c1b
        Validity
            Not Before: Apr 14 15:22:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9544f9c9d63bca5971d22e1305a2b549a22dbb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4a:58:9b:d7:d4:d8:ef:01:24:8b:2c:da:47:
                    c5:ac:4a:1e:a7:da:96:fa:a5:91:9f:75:01:a2:11:
                    53:2a:71:5d:5a:50:2d:09:a7:cb:65:7c:16:1d:93:
                    9d:d1:29:37:93:40:fc:c2:88:2d:87:b6:7f:4e:b9:
                    c2:29:04:e7:a4:05:30:de:d3:eb:4c:81:39:6c:a0:
                    2a:f3:f0:7e:e3:9a:ec:74:96:69:23:c7:a2:42:24:
                    09:ca:d3:cf:5f:fb:54:92:20:af:d6:6e:c2:c0:29:
                    a1:e3:92:cd:65:b3:1d:da:c4:c7:6f:30:9a:b0:4f:
                    10:0f:76:03:a0:30:73:56:a1:23:77:20:d0:9b:0c:
                    49:f4:fc:a3:fc:eb:c5:38:14:10:fa:a0:e6:5b:0a:
                    80:09:e3:41:49:94:1b:ba:89:11:85:27:e0:54:c0:
                    ea:1b:33:d4:48:5d:ae:91:42:77:15:76:23:7a:83:
                    5c:94:68:b0:16:ec:16:33:9f:20:b1:3b:3f:93:78:
                    ca:f9:55:12:29:3d:38:ae:12:24:6f:28:fc:32:90:
                    a7:72:cb:66:ef:b6:09:95:a6:e7:e0:9d:3b:22:c6:
                    1a:de:c9:aa:1b:a9:e6:57:1b:df:45:7f:41:86:de:
                    b4:c0:51:4a:20:e1:cd:5d:fb:98:74:9a:a6:0c:e6:
                    f2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:54:4F:9C:9D:63:BC:A5:97:1D:22:E1:30:5A:2B:54:9A:22:DB:B2
            X509v3 Authority Key Identifier:
                keyid:2B:B3:30:94:22:98:F7:58:23:CB:B9:80:C8:EB:2A:CF:0B:7C:0C:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K7MwlCKY91gjy7mAyOsqzwt8DBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/990747-3454-4412-8f06-6b3a47667ca8/1/1-VRPnJ1jvKWXHSLhMForVJoi27I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/990747-3454-4412-8f06-6b3a47667ca8/1/K7MwlCKY91gjy7mAyOsqzwt8DBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.44.0/22
                  185.40.33.0/24
                IPv6:
                  2a00:c0a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:db:7c:bb:9d:d7:43:07:b9:ea:c1:11:3d:9a:e7:0b:fc:f1:
         a3:91:aa:f5:70:bb:16:c9:cd:05:02:32:41:92:18:d0:9d:96:
         5d:b1:ba:d5:e2:3e:9a:e5:d6:09:4c:dd:6b:e0:c7:d2:0f:51:
         78:2d:f5:f9:2d:74:5d:53:b8:84:96:92:79:a5:63:b1:fa:dd:
         74:2b:57:90:46:29:3c:c4:af:b5:fc:49:fe:62:83:c1:0a:4c:
         8b:14:3d:65:9b:97:3f:db:84:b2:e4:bc:37:a6:8a:5c:ef:15:
         58:bc:46:90:46:ef:67:7a:ba:a2:5a:da:b5:d9:d0:60:5d:19:
         5c:12:f8:94:e4:0d:d4:da:9e:d1:bf:af:b3:54:47:a4:e0:61:
         c6:50:b8:b8:7e:ca:a2:e1:36:50:79:0e:1e:94:3d:9a:87:7a:
         57:bf:cc:b5:55:03:d5:67:5b:a4:70:59:08:58:a7:08:7b:dc:
         dd:6c:bd:ca:08:bc:c3:6c:a7:75:ce:73:43:96:bd:93:2a:ac:
         f1:17:65:f7:4f:88:9a:12:d2:dd:d2:65:42:cf:2e:4d:93:86:
         cc:fe:d2:27:6f:40:c2:b2:ac:ff:1e:d2:91:8c:ad:2c:38:cb:
         f5:31:c2:99:ba:3e:72:85:e5:13:46:11:f7:2d:5f:b3:0f:6a:
         ad:7c:7a:40
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAY7dM41UD8snzF43pLxnMrUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYjMzMDk0MjI5OGY3NTgyM2NiYjk4MGM4ZWIyYWNmMGI3
YzBjMWIwHhcNMjQwNDE0MTUyMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTU0NGY5YzlkNjNiY2E1OTcxZDIyZTEzMDVhMmI1NDlhMjJkYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUpYm9fU2O8BJIss2kfFrEoep9qW
+qWRn3UBohFTKnFdWlAtCafLZXwWHZOd0Sk3k0D8wogth7Z/TrnCKQTnpAUw3tPr
TIE5bKAq8/B+45rsdJZpI8eiQiQJytPPX/tUkiCv1m7CwCmh45LNZbMd2sTHbzCa
sE8QD3YDoDBzVqEjdyDQmwxJ9Pyj/OvFOBQQ+qDmWwqACeNBSZQbuokRhSfgVMDq
GzPUSF2ukUJ3FXYjeoNclGiwFuwWM58gsTs/k3jK+VUSKT04rhIkbyj8MpCncstm
77YJlabn4J07IsYa3smqG6nmVxvfRX9Bht60wFFKIOHNXfuYdJqmDObyGwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPlUT5ydY7yllx0i4TBaK1SaItuyMB8GA1UdIwQY
MBaAFCuzMJQimPdYI8u5gMjrKs8LfAwbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzdNd2xDS1k5MWdqeTdtQXlPc3F6d3Q4REJzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85OTA3NDctMzQ1NC00NDEyLThmMDYt
NmIzYTQ3NjY3Y2E4LzEvMS1WUlBuSjFqdktXWEhTTGhNRm9yVkpvaTI3SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzcvOTkwNzQ3LTM0NTQtNDQxMi04ZjA2LTZiM2E0NzY2N2Nh
OC8xL0s3TXdsQ0tZOTFnank3bUF5T3Nxend0OERCcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArkgLAME
ALkoITANBAIAAjAHAwUAKgDAoDANBgkqhkiG9w0BAQsFAAOCAQEAndt8u53XQwe5
6sERPZrnC/zxo5Gq9XC7FsnNBQIyQZIY0J2WXbG61eI+muXWCUzda+DH0g9ReC31
+S10XVO4hJaSeaVjsfrddCtXkEYpPMSvtfxJ/mKDwQpMixQ9ZZuXP9uEsuS8N6aK
XO8VWLxGkEbvZ3q6olratdnQYF0ZXBL4lOQN1Nqe0b+vs1RHpOBhxlC4uH7KouE2
UHkOHpQ9mod6V7/MtVUD1WdbpHBZCFinCHvc3Wy9ygi8w2yndc5zQ5a9kyqs8Rdl
90+ImhLS3dJlQs8uTZOGzP7SJ29AwrKs/x7SkYytLDjL9THCmbo+coXlE0YR9y1f
sw9qrXx6QA==
-----END CERTIFICATE-----
Generated at Mon Jun 17 01:04:56 2024 by rpki-client on console-fra.rpki-client.org