Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/1-KrtgJ5q6aaFBGP8OSPbXCqof7s.roa
File:                     1-KrtgJ5q6aaFBGP8OSPbXCqof7s.roa (raw, json)
Hash identifier:          XMsU5I1Qc91QtgrXx32HeOrNSxjQbJQTF+T+sertJYg=
Subject key identifier:   F8:AA:ED:80:9E:6A:E9:A6:85:04:63:FC:39:23:DB:5C:2A:A8:7F:BB
Certificate issuer:       /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial:       018CC7268D19ADD46B36975D3201C27ED519
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/1-KrtgJ5q6aaFBGP8OSPbXCqof7s.roa
Signing time:             Mon 01 Jan 2024 22:30:41 +0000
ROA not before:           Mon 01 Jan 2024 22:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15542
IP address blocks:        217.102.240.0/20 maxlen: 24
                          213.34.224.0/19 maxlen: 24
                          212.115.192.0/19 maxlen: 24
                          185.200.96.0/22 maxlen: 24
                          82.176.0.0/16 maxlen: 24
                          212.92.64.0/19 maxlen: 24
                          217.63.64.0/19 maxlen: 24
                          62.238.0.0/16 maxlen: 24
                          2a02:f68::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:8d:19:ad:d4:6b:36:97:5d:32:01:c2:7e:d5:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
        Validity
            Not Before: Jan  1 22:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8aaed809e6ae9a6850463fc3923db5c2aa87fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:48:e2:22:09:5e:02:3c:35:e4:e3:90:53:0c:
                    2f:f1:7e:52:ea:f8:46:8d:1a:89:4b:54:ac:29:a2:
                    f7:85:cf:a0:01:55:07:ad:a0:10:0b:79:ab:6e:e3:
                    3e:39:71:45:24:b2:54:22:23:5b:3d:e5:a1:46:62:
                    5a:06:3f:47:37:6e:3c:0e:c8:65:51:15:27:06:41:
                    74:00:02:38:46:71:58:10:52:04:b6:66:ec:16:b9:
                    35:0a:21:5c:41:ce:71:2f:4c:c4:54:ef:51:09:ef:
                    e8:a6:83:e0:2f:de:57:44:5a:f9:0d:f3:d7:8e:f2:
                    0b:8d:f1:0a:7a:b7:f9:73:a8:30:d2:ed:9c:49:f9:
                    f8:4e:21:ab:61:39:33:eb:cb:51:48:ff:16:55:ed:
                    f6:5a:b6:df:35:2c:70:a7:ec:89:08:a8:72:52:a3:
                    d5:bd:c3:e7:10:e2:b4:ff:e4:f1:80:cf:1d:80:97:
                    e7:61:f1:95:48:d5:a1:00:67:85:4f:dd:93:97:34:
                    b7:fe:f0:80:3a:b1:7e:30:86:7c:a5:b7:cd:bf:3b:
                    db:02:7d:c1:09:7e:bf:06:cf:9e:a4:e0:17:41:73:
                    a8:e2:bb:83:fd:7e:02:65:90:37:a5:47:be:4a:9c:
                    dc:88:d4:2d:7a:c7:63:55:a0:92:a0:98:6b:6f:fa:
                    e2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:AA:ED:80:9E:6A:E9:A6:85:04:63:FC:39:23:DB:5C:2A:A8:7F:BB
            X509v3 Authority Key Identifier:
                keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/1-KrtgJ5q6aaFBGP8OSPbXCqof7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.238.0.0/16
                  82.176.0.0/16
                  185.200.96.0/22
                  212.92.64.0/19
                  212.115.192.0/19
                  213.34.224.0/19
                  217.63.64.0/19
                  217.102.240.0/20
                IPv6:
                  2a02:f68::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:7e:18:34:89:17:37:df:05:6b:22:8f:b4:d0:72:69:80:ec:
         6a:7f:2e:a9:00:74:eb:26:a7:9f:59:6d:cd:bd:f1:26:bf:16:
         55:00:5d:4f:33:23:3f:44:20:45:32:60:8a:6e:ae:8c:f9:1b:
         aa:33:8a:1f:39:91:fe:72:08:97:2c:fa:ba:7b:b7:86:95:86:
         4d:3a:3f:09:c6:c3:8d:ef:56:29:64:cb:45:76:26:fb:06:87:
         33:f6:02:84:81:bb:43:20:e7:ed:89:53:f8:bd:33:b2:9c:e3:
         e9:ad:3c:01:66:dc:af:99:bf:b5:a0:52:f9:0e:ee:1b:c5:74:
         74:79:3d:4a:91:7a:99:fd:be:5a:ba:2f:26:05:6c:e3:67:32:
         ef:43:a8:d3:68:45:40:df:82:dc:0e:15:6c:cc:43:a5:24:ea:
         e1:f8:e6:21:eb:fe:91:ee:72:59:d7:56:ad:47:f0:4a:67:9f:
         01:1a:a1:80:74:24:eb:93:9e:7d:43:60:fc:9d:5a:86:b6:8c:
         53:4c:71:e7:9d:30:db:82:d2:bd:be:52:d2:e4:a0:05:fa:f7:
         95:bd:34:2f:b8:47:5f:32:1e:84:4f:ca:54:fb:b6:88:0a:03:
         68:d5:ef:73:76:5c:36:f1:28:5d:5e:2c:43:a5:d6:00:f0:a6:
         31:e9:c1:96
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYzHJo0ZrdRrNpddMgHCftUZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTRhNjAxY2EzNWM2YzgzNzZiODlhYWY0NDNiNjNlYTQz
OWNkYjgwHhcNMjQwMTAxMjIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGFhZWQ4MDllNmFlOWE2ODUwNDYzZmMzOTIzZGI1YzJhYTg3ZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUjiIgleAjw15OOQUwwv8X5S6vhG
jRqJS1SsKaL3hc+gAVUHraAQC3mrbuM+OXFFJLJUIiNbPeWhRmJaBj9HN248Dshl
URUnBkF0AAI4RnFYEFIEtmbsFrk1CiFcQc5xL0zEVO9RCe/opoPgL95XRFr5DfPX
jvILjfEKerf5c6gw0u2cSfn4TiGrYTkz68tRSP8WVe32WrbfNSxwp+yJCKhyUqPV
vcPnEOK0/+TxgM8dgJfnYfGVSNWhAGeFT92TlzS3/vCAOrF+MIZ8pbfNvzvbAn3B
CX6/Bs+epOAXQXOo4ruD/X4CZZA3pUe+SpzciNQtesdjVaCSoJhrb/rifQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPiq7YCeaummhQRj/Dkj21wqqH+7MB8GA1UdIwQY
MBaAFLGkpgHKNcbIN2uJqvRDtj6kOc24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAt
M2E1NjI4Y2M4MWQ5LzEvMS1LcnRnSjVxNmFhRkJHUDhPU1BiWENxb2Y3cy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2QvZGZlYzQwLWI4NmUtNDk0Yy1iYTEwLTNhNTYyOGNjODFk
OS8xL3NhU21BY28xeHNnM2E0bXE5RU8yUHFRNXpiZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBWBggrBgEFBQcBBwEB/wRHMEUwNAQCAAEwLgMDAD7uAwMA
UrADBAK5yGADBAXUXEADBAXUc8ADBAXVIuADBAXZP0ADBATZZvAwDQQCAAIwBwMF
AyoCD2gwDQYJKoZIhvcNAQELBQADggEBAJx+GDSJFzffBWsij7TQcmmA7Gp/LqkA
dOsmp59Zbc298Sa/FlUAXU8zIz9EIEUyYIpuroz5G6ozih85kf5yCJcs+rp7t4aV
hk06PwnGw43vVilky0V2JvsGhzP2AoSBu0Mg5+2JU/i9M7Kc4+mtPAFm3K+Zv7Wg
UvkO7hvFdHR5PUqRepn9vlq6LyYFbONnMu9DqNNoRUDfgtwOFWzMQ6Uk6uH45iHr
/pHuclnXVq1H8EpnnwEaoYB0JOuTnn1DYPydWoa2jFNMceedMNuC0r2+UtLkoAX6
95W9NC+4R18yHoRPylT7togKA2jV73N2XDbxKF1eLEOl1gDwpjHpwZY=
-----END CERTIFICATE-----
Generated at Sun Jun 16 08:10:35 2024 by rpki-client on console-ams.rpki-client.org