Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/p0pY8Od0JvfEazAbiKJO0JlAxFg.roa
File:                     p0pY8Od0JvfEazAbiKJO0JlAxFg.roa (raw, json)
Hash identifier:          oFixOfQ8DZ7xTyIBht0RmE0rocdMflkufAJtik1zfDE=
Subject key identifier:   A7:4A:58:F0:E7:74:26:F7:C4:6B:30:1B:88:A2:4E:D0:99:40:C4:58
Certificate issuer:       /CN=aebf394e2f1b251c88d988a87161084580786ef5
Certificate serial:       018DC7539E43B61B97405708AA06152FFB99
Authority key identifier: AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/p0pY8Od0JvfEazAbiKJO0JlAxFg.roa
Signing time:             Tue 20 Feb 2024 16:22:42 +0000
ROA not before:           Tue 20 Feb 2024 16:22:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30889
IP address blocks:        45.145.124.0/22 maxlen: 24
                          79.98.96.0/21 maxlen: 24
                          185.15.128.0/22 maxlen: 24
                          185.95.120.0/22 maxlen: 24
                          185.149.8.0/22 maxlen: 24
                          185.172.16.0/22 maxlen: 24
                          185.196.248.0/22 maxlen: 24
                          193.27.194.0/23 maxlen: 24
                          194.177.32.0/19 maxlen: 24
                          195.214.240.0/21 maxlen: 24
                          2a01:6d8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:53:9e:43:b6:1b:97:40:57:08:aa:06:15:2f:fb:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aebf394e2f1b251c88d988a87161084580786ef5
        Validity
            Not Before: Feb 20 16:22:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a74a58f0e77426f7c46b301b88a24ed09940c458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:49:7d:23:59:2b:2f:1b:bc:df:24:b5:e5:2c:
                    6f:03:3a:fa:6e:66:3c:a1:8b:3c:33:23:9c:94:f4:
                    be:11:6a:33:cf:55:b9:50:7c:69:92:7c:a7:4b:aa:
                    9f:8c:ff:43:6d:45:b3:57:4a:8e:78:9b:6e:d0:d9:
                    a6:80:b4:b6:90:ce:8f:28:ad:b2:bb:a2:d6:74:4a:
                    d4:8c:c9:1a:fd:46:92:03:2a:31:5e:1f:20:ef:f3:
                    56:28:d9:b4:bd:9c:d2:dd:c4:21:f1:dc:a4:cc:1b:
                    f1:54:28:35:c5:83:07:08:7b:95:63:40:ee:b8:90:
                    36:cc:35:d6:9d:1d:81:c9:44:9f:89:68:19:69:c1:
                    f3:65:a0:05:9f:2f:b4:b3:ef:1a:12:3e:06:b7:b4:
                    58:46:d8:e1:c7:d0:f4:ce:84:7c:d6:b7:23:13:ce:
                    02:a6:e7:f5:63:b6:3c:15:20:15:f9:a4:dd:1d:54:
                    2e:1c:8e:26:38:69:e5:bf:2c:09:66:98:26:6e:5c:
                    d0:b1:ab:d0:f1:be:97:c0:b4:94:19:85:27:fe:ba:
                    53:2a:a5:93:da:dc:a9:4b:fe:11:47:b6:fc:a0:d9:
                    e4:48:87:14:2e:3a:31:91:56:78:34:77:8a:e4:cc:
                    cf:20:c0:80:c5:81:36:ee:75:fa:65:9d:8e:78:69:
                    93:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:4A:58:F0:E7:74:26:F7:C4:6B:30:1B:88:A2:4E:D0:99:40:C4:58
            X509v3 Authority Key Identifier:
                keyid:AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/p0pY8Od0JvfEazAbiKJO0JlAxFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.124.0/22
                  79.98.96.0/21
                  185.15.128.0/22
                  185.95.120.0/22
                  185.149.8.0/22
                  185.172.16.0/22
                  185.196.248.0/22
                  193.27.194.0/23
                  194.177.32.0/19
                  195.214.240.0/21
                IPv6:
                  2a01:6d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:7d:63:5c:e0:a6:3f:2a:0f:72:a5:68:40:98:c9:f1:de:62:
         a9:9b:42:b8:70:16:ea:9a:ad:13:f0:4b:f7:4d:5f:22:63:0c:
         00:d7:d1:d8:4a:e4:8d:07:b1:c1:b9:14:31:40:5f:7c:ea:0d:
         aa:2a:65:0d:70:a9:30:3b:b4:f9:fe:6b:ad:e3:c8:3f:f8:62:
         c1:a9:4d:62:c8:2c:ea:6e:14:51:30:b5:b3:89:d3:9f:a8:08:
         bf:93:19:d9:c7:65:2d:45:cd:7f:ab:5a:2e:ea:39:48:95:c6:
         0e:94:c2:21:11:b6:88:0a:67:49:4a:51:b6:ff:a8:11:69:bf:
         15:04:eb:bb:37:89:18:1c:c9:d2:20:57:70:f7:4a:32:6c:8f:
         13:89:57:43:74:9d:48:cd:12:08:0a:bc:d3:13:3a:a9:a2:a7:
         9b:45:99:af:cb:08:a4:09:62:05:54:44:a9:75:b6:b4:e8:54:
         66:36:67:09:cb:44:36:18:9e:f5:d1:7c:1c:db:72:e1:83:82:
         33:f1:55:fd:79:f3:d4:a6:09:9c:5f:a8:33:98:e6:a8:58:95:
         73:78:c0:17:56:8f:c7:46:c7:65:6b:bb:da:27:d6:6f:3c:f4:
         f3:56:91:5d:15:ad:e0:69:38:a5:3e:d9:5c:b7:87:4e:0e:85:
         27:1f:c7:b2
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAY3HU55DthuXQFcIqgYVL/uZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYmYzOTRlMmYxYjI1MWM4OGQ5ODhhODcxNjEwODQ1ODA3
ODZlZjUwHhcNMjQwMjIwMTYyMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzRhNThmMGU3NzQyNmY3YzQ2YjMwMWI4OGEyNGVkMDk5NDBjNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEl9I1krLxu83yS15SxvAzr6bmY8
oYs8MyOclPS+EWozz1W5UHxpknynS6qfjP9DbUWzV0qOeJtu0NmmgLS2kM6PKK2y
u6LWdErUjMka/UaSAyoxXh8g7/NWKNm0vZzS3cQh8dykzBvxVCg1xYMHCHuVY0Du
uJA2zDXWnR2ByUSfiWgZacHzZaAFny+0s+8aEj4Gt7RYRtjhx9D0zoR81rcjE84C
puf1Y7Y8FSAV+aTdHVQuHI4mOGnlvywJZpgmblzQsavQ8b6XwLSUGYUn/rpTKqWT
2typS/4RR7b8oNnkSIcULjoxkVZ4NHeK5MzPIMCAxYE27nX6ZZ2OeGmTDwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFKdKWPDndCb3xGswG4iiTtCZQMRYMB8GA1UdIwQY
MBaAFK6/OU4vGyUciNmIqHFhCEWAeG71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2It
NjFlN2Y0MGQ1ZGQ2LzEvcDBwWThPZDBKdmZFYXpBYmlLSk8wSmxBeEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2ItNjFlN2Y0MGQ1ZGQ2
LzEvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCLZF8AwQD
T2JgAwQCuQ+AAwQCuV94AwQCuZUIAwQCuawQAwQCucT4AwQBwRvCAwQFwrEgAwQD
w9bwMA0EAgACMAcDBQAqAQbYMA0GCSqGSIb3DQEBCwUAA4IBAQAZfWNc4KY/Kg9y
pWhAmMnx3mKpm0K4cBbqmq0T8Ev3TV8iYwwA19HYSuSNB7HBuRQxQF986g2qKmUN
cKkwO7T5/mut48g/+GLBqU1iyCzqbhRRMLWzidOfqAi/kxnZx2UtRc1/q1ou6jlI
lcYOlMIhEbaICmdJSlG2/6gRab8VBOu7N4kYHMnSIFdw90oybI8TiVdDdJ1IzRII
CrzTEzqpoqebRZmvywikCWIFVESpdba06FRmNmcJy0Q2GJ710Xwc23Lhg4Iz8VX9
efPUpgmcX6gzmOaoWJVzeMAXVo/HRsdla7vaJ9ZvPPTzVpFdFa3gaTilPtlct4dO
DoUnH8ey
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:13:58 2024 by rpki-client on console-fra.rpki-client.org