Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/B0vcGrU2H1UrEQvxOUGn_vaEMgo.roa
File:                     B0vcGrU2H1UrEQvxOUGn_vaEMgo.roa (raw, json)
Hash identifier:          77K46Xyl8N1IpWQcw5GnwgpcI9JLNsW3LfTNem2aI0U=
Subject key identifier:   07:4B:DC:1A:B5:36:1F:55:2B:11:0B:F1:39:41:A7:FE:F6:84:32:0A
Certificate issuer:       /CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
Certificate serial:       018CC6B8EF1063A801FEE0EA57A30B5B744E
Authority key identifier: 8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/B0vcGrU2H1UrEQvxOUGn_vaEMgo.roa
Signing time:             Mon 01 Jan 2024 20:30:57 +0000
ROA not before:           Mon 01 Jan 2024 20:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208722
IP address blocks:        5.45.192.0/18 maxlen: 24
                          92.255.127.0/24 maxlen: 24
                          178.154.128.0/19 maxlen: 24
                          84.252.160.0/19 maxlen: 24
                          37.9.64.0/18 maxlen: 24
                          141.8.128.0/18 maxlen: 24
                          93.158.128.0/18 maxlen: 24
                          95.108.128.0/17 maxlen: 24
                          37.140.128.0/18 maxlen: 24
                          185.32.187.0/24 maxlen: 24
                          87.250.224.0/19 maxlen: 24
                          77.88.0.0/18 maxlen: 24
                          213.180.192.0/19 maxlen: 24
                          178.154.160.0/19 maxlen: 24
                          5.255.192.0/18 maxlen: 24
                          2a02:6b8::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ef:10:63:a8:01:fe:e0:ea:57:a3:0b:5b:74:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
        Validity
            Not Before: Jan  1 20:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=074bdc1ab5361f552b110bf13941a7fef684320a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:48:f6:a6:81:bd:bd:65:2f:bf:4e:9b:2d:36:
                    5e:62:8e:a7:ee:1e:14:81:e2:e6:5b:98:74:ab:b8:
                    8d:78:08:8a:80:cc:7f:3b:d6:7d:06:93:cd:8b:9a:
                    00:79:14:b7:58:2e:24:46:2a:5d:04:94:3c:2c:2d:
                    61:e3:96:1d:bb:10:99:f7:c5:9c:35:fe:5e:02:95:
                    32:50:07:c9:a1:60:28:4b:5b:0f:ec:60:ce:d1:96:
                    40:ae:03:14:59:45:d7:d6:b0:b6:20:da:79:15:bc:
                    57:eb:37:ee:31:87:46:2e:23:52:f3:9a:41:26:af:
                    5f:f8:c6:5d:af:b2:37:18:8c:b3:22:dc:3c:7f:bf:
                    d4:87:e2:86:13:11:28:bf:c1:6b:1c:10:b5:5d:e7:
                    9c:24:a6:ee:90:a4:60:ac:fc:df:4b:86:4b:2a:be:
                    14:9b:8f:c2:9a:f8:96:01:3b:f8:6a:ec:3c:5c:43:
                    e6:09:83:e8:e3:9f:28:7d:71:5a:fb:9c:fd:c7:ae:
                    0c:9d:a9:ae:db:48:1f:87:20:84:e7:84:27:71:41:
                    d3:c2:16:b3:e3:fe:52:4d:1e:dc:28:bb:66:d5:da:
                    2c:86:a9:91:8f:02:de:11:3e:1f:af:80:e1:a8:55:
                    2f:16:b0:eb:08:d9:79:eb:16:a5:d5:89:26:14:49:
                    20:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:4B:DC:1A:B5:36:1F:55:2B:11:0B:F1:39:41:A7:FE:F6:84:32:0A
            X509v3 Authority Key Identifier:
                keyid:8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/B0vcGrU2H1UrEQvxOUGn_vaEMgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.192.0/18
                  5.255.192.0/18
                  37.9.64.0/18
                  37.140.128.0/18
                  77.88.0.0/18
                  84.252.160.0/19
                  87.250.224.0/19
                  92.255.127.0/24
                  93.158.128.0/18
                  95.108.128.0/17
                  141.8.128.0/18
                  178.154.128.0/18
                  185.32.187.0/24
                  213.180.192.0/19
                IPv6:
                  2a02:6b8::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:72:8c:7b:92:11:0e:73:54:5b:8e:6c:4a:90:c4:83:0f:0a:
         f4:c1:54:ec:b7:72:9c:1d:4c:83:32:19:62:e5:ef:c1:4f:3d:
         76:de:86:a3:24:28:7a:af:ab:85:7d:38:a4:10:6d:38:86:21:
         c6:be:d8:59:80:b4:0e:e3:f3:ca:5d:f0:94:da:0b:d8:98:a0:
         8e:aa:ac:96:8e:d1:27:c2:ef:11:32:3b:ff:23:7b:2f:a7:ec:
         94:c9:f7:30:7b:a5:dd:1f:3d:bb:90:b4:53:26:5a:63:95:bb:
         d5:14:da:35:e7:8d:54:99:4c:cd:4f:cf:94:ed:fb:91:f2:75:
         bc:06:b1:84:48:cb:ad:5e:dc:1b:ba:4a:cd:9e:b8:67:0d:6e:
         7a:40:f1:14:5b:01:f3:3d:6f:02:a1:a9:82:f6:ab:65:f1:23:
         9f:d8:a9:29:71:e3:30:d2:f7:15:57:60:5a:be:95:45:c7:a6:
         9a:48:c2:b3:32:16:b2:0b:dc:f6:30:87:fb:c3:38:ec:b6:6f:
         7c:fe:be:56:8e:04:25:63:4f:ed:c6:fc:5f:e4:6d:5b:33:7a:
         2a:23:23:98:2d:ac:3b:1a:83:1f:73:c6:12:6b:d7:f4:93:4a:
         9c:77:b3:be:35:e3:57:1e:68:7a:b4:28:c9:f4:7f:e4:8f:72:
         3b:75:7e:d6
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAYzGuO8QY6gB/uDqV6MLW3ROMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQ0MDRlNWY4YTRiMTE3YWU0NGU3M2Q1M2M0NGVjZGQ1
NzgzNDIwHhcNMjQwMTAxMjAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzRiZGMxYWI1MzYxZjU1MmIxMTBiZjEzOTQxYTdmZWY2ODQzMjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUj2poG9vWUvv06bLTZeYo6n7h4U
geLmW5h0q7iNeAiKgMx/O9Z9BpPNi5oAeRS3WC4kRipdBJQ8LC1h45YduxCZ98Wc
Nf5eApUyUAfJoWAoS1sP7GDO0ZZArgMUWUXX1rC2INp5FbxX6zfuMYdGLiNS85pB
Jq9f+MZdr7I3GIyzItw8f7/Uh+KGExEov8FrHBC1XeecJKbukKRgrPzfS4ZLKr4U
m4/CmviWATv4auw8XEPmCYPo458ofXFa+5z9x64Mnamu20gfhyCE54QncUHTwhaz
4/5STR7cKLtm1doshqmRjwLeET4fr4DhqFUvFrDrCNl56xal1YkmFEkglQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFAdL3Bq1Nh9VKxEL8TlBp/72hDIKMB8GA1UdIwQY
MBaAFI2EQE5fiksReuROc9U8ROzdV4NCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjkt
MmNkOThlZTUzNTY5LzEvQjB2Y0dyVTJIMVVyRVF2eE9VR25fdmFFTWdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjktMmNkOThlZTUzNTY5
LzEvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQGBS3AAwQG
Bf/AAwQGJQlAAwQGJYyAAwQGTVgAAwQFVPygAwQFV/rgAwQAXP9/AwQGXZ6AAwQH
X2yAAwQGjQiAAwQGspqAAwQAuSC7AwQF1bTAMA0EAgACMAcDBQMqAga4MA0GCSqG
SIb3DQEBCwUAA4IBAQCNcox7khEOc1RbjmxKkMSDDwr0wVTst3KcHUyDMhli5e/B
Tz123oajJCh6r6uFfTikEG04hiHGvthZgLQO4/PKXfCU2gvYmKCOqqyWjtEnwu8R
Mjv/I3svp+yUyfcwe6XdHz27kLRTJlpjlbvVFNo1541UmUzNT8+U7fuR8nW8BrGE
SMutXtwbukrNnrhnDW56QPEUWwHzPW8CoamC9qtl8SOf2KkpceMw0vcVV2BavpVF
x6aaSMKzMhayC9z2MIf7wzjstm98/r5WjgQlY0/txvxf5G1bM3oqIyOYLaw7GoMf
c8YSa9f0k0qcd7O+NeNXHmh6tCjJ9H/kj3I7dX7W
-----END CERTIFICATE-----
Generated at Sun Jun 16 22:32:36 2024 by rpki-client on console-fra.rpki-client.org