Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/6K_qLhpSQxpeIk1YtdGv_X3U2Tg.roa
File:                     6K_qLhpSQxpeIk1YtdGv_X3U2Tg.roa (raw, json)
Hash identifier:          RyGcAynXiPfKoh8TzwYjALhgv/uULsVOUmUsqTi2lpo=
Subject key identifier:   E8:AF:EA:2E:1A:52:43:1A:5E:22:4D:58:B5:D1:AF:FD:7D:D4:D9:38
Certificate issuer:       /CN=56c8a1713c7476e00ed2b77fd98fd89330365d87
Certificate serial:       018CC348FB9999F8835F0E5DD60411D43D45
Authority key identifier: 56:C8:A1:71:3C:74:76:E0:0E:D2:B7:7F:D9:8F:D8:93:30:36:5D:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VsihcTx0duAO0rd_2Y_YkzA2XYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/6K_qLhpSQxpeIk1YtdGv_X3U2Tg.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44901
IP address blocks:        185.206.145.0/24 maxlen: 24
                          185.206.144.0/24 maxlen: 24
                          185.206.147.0/24 maxlen: 24
                          185.206.146.0/24 maxlen: 24
                          212.73.150.0/24 maxlen: 24
                          94.156.35.0/24 maxlen: 24
                          91.92.111.0/24 maxlen: 24
                          91.92.108.0/24 maxlen: 24
                          91.92.120.0/24 maxlen: 24
                          91.92.128.0/24 maxlen: 24
                          91.92.136.0/24 maxlen: 24
                          91.92.137.0/24 maxlen: 24
                          94.156.144.0/24 maxlen: 24
                          91.92.144.0/24 maxlen: 24
                          185.203.117.0/24 maxlen: 24
                          185.203.116.0/24 maxlen: 24
                          185.203.118.0/24 maxlen: 24
                          185.203.119.0/24 maxlen: 24
                          88.80.145.0/24 maxlen: 24
                          88.80.151.0/24 maxlen: 24
                          88.80.150.0/24 maxlen: 24
                          88.80.148.0/24 maxlen: 24
                          88.80.147.0/24 maxlen: 24
                          88.80.149.0/24 maxlen: 24
                          88.80.146.0/24 maxlen: 24
                          185.141.63.0/24 maxlen: 24
                          185.141.62.0/24 maxlen: 24
                          185.141.61.0/24 maxlen: 24
                          185.205.210.0/24 maxlen: 24
                          185.205.209.0/24 maxlen: 24
                          85.217.170.0/24 maxlen: 24
                          85.217.171.0/24 maxlen: 24
                          94.156.189.0/24 maxlen: 24
                          193.37.213.0/24 maxlen: 24
                          193.37.212.0/24 maxlen: 24
                          193.37.215.0/24 maxlen: 24
                          193.37.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/VsihcTx0duAO0rd_2Y_YkzA2XYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/VsihcTx0duAO0rd_2Y_YkzA2XYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VsihcTx0duAO0rd_2Y_YkzA2XYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fb:99:99:f8:83:5f:0e:5d:d6:04:11:d4:3d:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56c8a1713c7476e00ed2b77fd98fd89330365d87
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8afea2e1a52431a5e224d58b5d1affd7dd4d938
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:87:c0:cc:0b:f0:4d:8b:15:b0:c0:58:3e:01:
                    af:14:21:ae:6b:b3:40:9b:82:88:cd:44:b9:8f:a5:
                    07:eb:4f:23:41:49:06:d4:2f:5a:f6:10:a7:9c:8c:
                    6d:46:07:0c:4c:c7:20:53:67:07:bf:22:1b:45:16:
                    6d:fc:1d:58:ac:bf:10:01:4f:77:e9:2a:18:0e:74:
                    38:63:e5:d4:c5:c4:6c:a2:a5:f7:aa:9e:a6:9a:7e:
                    c4:d1:6d:01:ca:e0:da:83:6d:8b:e0:80:60:d7:a1:
                    aa:34:fd:99:af:a3:6a:b0:b4:6a:3c:83:02:24:18:
                    ae:a8:49:d8:f1:61:bc:9a:f1:7b:a2:0b:e8:e7:37:
                    2b:96:04:1e:b2:7b:69:51:f1:ee:db:68:10:ae:ec:
                    f2:b5:e2:89:3a:c1:a1:4f:11:fb:3e:4e:b0:25:99:
                    9b:a6:9d:19:38:71:44:16:fd:e7:84:e4:a7:06:d0:
                    76:2e:b3:7d:7d:f0:09:1a:dc:b2:88:8b:35:8b:bd:
                    68:22:40:4f:6d:b7:06:84:97:ea:30:ec:1a:3d:28:
                    75:52:b1:60:81:39:0e:03:db:e8:8b:8b:6c:d2:6e:
                    23:0e:07:ef:4b:d3:79:fe:9b:66:77:f6:87:0e:1f:
                    cf:83:c9:b6:ed:b5:2e:1c:49:ab:83:57:62:02:89:
                    40:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:AF:EA:2E:1A:52:43:1A:5E:22:4D:58:B5:D1:AF:FD:7D:D4:D9:38
            X509v3 Authority Key Identifier:
                keyid:56:C8:A1:71:3C:74:76:E0:0E:D2:B7:7F:D9:8F:D8:93:30:36:5D:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VsihcTx0duAO0rd_2Y_YkzA2XYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/6K_qLhpSQxpeIk1YtdGv_X3U2Tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/23d525-8296-4f9c-9de4-91e32c517152/1/VsihcTx0duAO0rd_2Y_YkzA2XYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.217.170.0/23
                  88.80.145.0-88.80.151.255
                  91.92.108.0/24
                  91.92.111.0/24
                  91.92.120.0/24
                  91.92.128.0/24
                  91.92.136.0/23
                  91.92.144.0/24
                  94.156.35.0/24
                  94.156.144.0/24
                  94.156.189.0/24
                  185.141.61.0-185.141.63.255
                  185.203.116.0/22
                  185.205.209.0-185.205.210.255
                  185.206.144.0/22
                  193.37.212.0/22
                  212.73.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:57:16:55:0f:00:b5:56:7a:cf:57:b3:35:cb:be:8d:7b:66:
         fa:dc:2d:d3:7d:65:40:7e:1f:9d:3b:36:33:72:48:16:c4:03:
         2a:88:f5:85:55:ef:61:8b:43:90:2d:ac:93:41:55:f4:a7:7c:
         f0:38:69:26:d1:48:20:61:c9:f1:ed:35:45:dd:f4:2e:56:46:
         a4:c5:dc:fb:cf:c2:5b:09:f0:1d:07:b9:9a:10:d5:f0:ab:92:
         9a:6c:00:03:cb:69:0e:11:b1:fa:b7:f6:b4:72:07:ee:c9:93:
         b5:09:0e:8e:b6:26:73:e3:7d:02:5b:2f:9c:8d:fb:e8:c3:ed:
         9e:6a:e5:4e:b5:d1:d9:51:66:e6:b2:93:18:4f:f4:9e:31:78:
         37:2f:df:97:18:4f:4c:68:21:cd:ac:23:64:6e:93:ee:3a:0f:
         ab:da:84:76:60:4a:b9:9b:b8:28:4f:58:46:d8:57:2a:90:31:
         90:7a:8a:fd:d0:d3:3e:2e:24:1b:37:a0:0e:a6:41:22:8f:91:
         5a:8e:c7:c2:3d:a1:3a:ee:48:cd:d9:f4:eb:10:c3:a1:9b:5a:
         02:54:d4:33:df:6b:b8:05:7d:70:f3:49:be:34:55:21:1f:bc:
         d7:1c:00:8c:26:c5:af:3d:f8:c0:48:6f:d1:65:4e:5f:0d:cf:
         cd:be:a1:60
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYzDSPuZmfiDXw5d1gQR1D1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2YzhhMTcxM2M3NDc2ZTAwZWQyYjc3ZmQ5OGZkODkzMzAz
NjVkODcwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGFmZWEyZTFhNTI0MzFhNWUyMjRkNThiNWQxYWZmZDdkZDRkOTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIfAzAvwTYsVsMBYPgGvFCGua7NA
m4KIzUS5j6UH608jQUkG1C9a9hCnnIxtRgcMTMcgU2cHvyIbRRZt/B1YrL8QAU93
6SoYDnQ4Y+XUxcRsoqX3qp6mmn7E0W0ByuDag22L4IBg16GqNP2Zr6NqsLRqPIMC
JBiuqEnY8WG8mvF7ogvo5zcrlgQesntpUfHu22gQruzyteKJOsGhTxH7Pk6wJZmb
pp0ZOHFEFv3nhOSnBtB2LrN9ffAJGtyyiIs1i71oIkBPbbcGhJfqMOwaPSh1UrFg
gTkOA9voi4ts0m4jDgfvS9N5/ptmd/aHDh/Pg8m27bUuHEmrg1diAolALQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFOiv6i4aUkMaXiJNWLXRr/191Nk4MB8GA1UdIwQY
MBaAFFbIoXE8dHbgDtK3f9mP2JMwNl2HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnNpaGNUeDBkdUFPMHJkXzJZX1lrekEyWFljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8yM2Q1MjUtODI5Ni00ZjljLTlkZTQt
OTFlMzJjNTE3MTUyLzEvNktfcUxocFNReHBlSWsxWXRkR3ZfWDNVMlRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8yM2Q1MjUtODI5Ni00ZjljLTlkZTQtOTFlMzJjNTE3MTUy
LzEvVnNpaGNUeDBkdUFPMHJkXzJZX1lrekEyWFljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAVXZ
qjAMAwQAWFCRAwQDWFCQAwQAW1xsAwQAW1xvAwQAW1x4AwQAW1yAAwQBW1yIAwQA
W1yQAwQAXpwjAwQAXpyQAwQAXpy9MAwDBAC5jT0DBAa5jQADBAK5y3QwDAMEALnN
0QMEALnN0gMEArnOkAMEAsEl1AMEANRJljANBgkqhkiG9w0BAQsFAAOCAQEAj1cW
VQ8AtVZ6z1ezNcu+jXtm+twt031lQH4fnTs2M3JIFsQDKoj1hVXvYYtDkC2sk0FV
9Kd88DhpJtFIIGHJ8e01Rd30LlZGpMXc+8/CWwnwHQe5mhDV8KuSmmwAA8tpDhGx
+rf2tHIH7smTtQkOjrYmc+N9AlsvnI376MPtnmrlTrXR2VFm5rKTGE/0njF4Ny/f
lxhPTGghzawjZG6T7joPq9qEdmBKuZu4KE9YRthXKpAxkHqK/dDTPi4kGzegDqZB
Io+RWo7Hwj2hOu5Izdn06xDDoZtaAlTUM99ruAV9cPNJvjRVIR+81xwAjCbFrz34
wEhv0WVOXw3Pzb6hYA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:34:28 2024 by rpki-client on console-ams.rpki-client.org