Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/67f631-7f07-4d8e-9e96-1f471428b363/1/ZUauh0EqxNGadxiI-UTcMEyjQGQ.roa
File:                     ZUauh0EqxNGadxiI-UTcMEyjQGQ.roa (raw, json)
Hash identifier:          dOmGLxc86hJ/0GIAviVDr7N7kRm4l6s19CQUT3YJCbE=
Subject key identifier:   65:46:AE:87:41:2A:C4:D1:9A:77:18:88:F9:44:DC:30:4C:A3:40:64
Certificate issuer:       /CN=8a304af55353c03146f7f3a60c6ab5804dda5ce1
Certificate serial:       018CC64B53E7D12C51CF3F87228A3C173602
Authority key identifier: 8A:30:4A:F5:53:53:C0:31:46:F7:F3:A6:0C:6A:B5:80:4D:DA:5C:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ijBK9VNTwDFG9_OmDGq1gE3aXOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/67f631-7f07-4d8e-9e96-1f471428b363/1/ZUauh0EqxNGadxiI-UTcMEyjQGQ.roa
Signing time:             Mon 01 Jan 2024 18:31:14 +0000
ROA not before:           Mon 01 Jan 2024 18:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13105
IP address blocks:        82.118.134.0/24 maxlen: 24
                          82.118.148.0/24 maxlen: 24
                          82.118.149.0/24 maxlen: 24
                          82.118.146.0/23 maxlen: 23
                          82.118.158.0/23 maxlen: 23
                          95.171.224.0/24 maxlen: 24
                          212.38.102.0/24 maxlen: 24
                          95.171.227.0/24 maxlen: 24
                          82.118.128.0/23 maxlen: 23
                          95.171.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/67f631-7f07-4d8e-9e96-1f471428b363/1/ijBK9VNTwDFG9_OmDGq1gE3aXOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/67f631-7f07-4d8e-9e96-1f471428b363/1/ijBK9VNTwDFG9_OmDGq1gE3aXOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ijBK9VNTwDFG9_OmDGq1gE3aXOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:53:e7:d1:2c:51:cf:3f:87:22:8a:3c:17:36:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a304af55353c03146f7f3a60c6ab5804dda5ce1
        Validity
            Not Before: Jan  1 18:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6546ae87412ac4d19a771888f944dc304ca34064
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8b:6d:9f:fa:fb:59:14:65:a7:9b:0f:78:56:
                    df:ab:3b:52:c0:3e:69:d9:69:f1:ef:64:76:6d:3e:
                    55:b2:f6:49:4e:18:c8:eb:f8:7e:74:36:6e:c5:fb:
                    ba:06:5f:93:27:f3:96:2f:59:1c:75:57:47:ad:19:
                    c0:c3:f9:b2:a5:b7:a8:36:b2:e4:29:8c:41:f8:a9:
                    c6:e1:05:3a:98:b4:56:95:15:76:81:fb:92:af:b3:
                    df:0a:2a:62:bd:70:5a:93:a2:a7:88:59:50:55:ad:
                    37:f8:4f:96:7c:f5:4c:ed:b7:37:27:38:cd:b2:c3:
                    db:65:c0:1d:8d:26:ca:53:17:2a:08:74:db:5b:ca:
                    d1:f2:aa:79:00:0a:97:2c:4b:3c:c0:5b:cc:ac:19:
                    2c:36:2e:ec:b1:d8:09:31:84:59:1d:cc:69:6f:ae:
                    b9:6e:f7:da:4d:1b:c4:19:7c:ed:28:ee:b4:b8:ef:
                    ec:df:94:07:dc:fe:cf:c0:a8:a4:6a:83:cc:36:64:
                    96:f3:07:07:f4:66:31:d8:32:c4:f0:77:6d:d3:40:
                    97:a9:d3:2a:18:7f:65:9f:f1:cb:48:f5:6a:a3:55:
                    b5:7f:0a:70:64:01:96:32:69:50:04:49:d5:f0:d1:
                    52:51:1a:0d:59:66:ef:96:48:ee:64:69:c9:88:74:
                    24:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:46:AE:87:41:2A:C4:D1:9A:77:18:88:F9:44:DC:30:4C:A3:40:64
            X509v3 Authority Key Identifier:
                keyid:8A:30:4A:F5:53:53:C0:31:46:F7:F3:A6:0C:6A:B5:80:4D:DA:5C:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ijBK9VNTwDFG9_OmDGq1gE3aXOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/67f631-7f07-4d8e-9e96-1f471428b363/1/ZUauh0EqxNGadxiI-UTcMEyjQGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/67f631-7f07-4d8e-9e96-1f471428b363/1/ijBK9VNTwDFG9_OmDGq1gE3aXOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.128.0/23
                  82.118.134.0/24
                  82.118.146.0-82.118.149.255
                  82.118.158.0/23
                  95.171.224.0/24
                  95.171.227.0/24
                  95.171.248.0/24
                  212.38.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:01:97:d5:2a:fa:39:3c:b9:d1:1a:86:af:a4:a2:32:6e:3b:
         d4:7c:8b:57:4c:53:69:fd:a1:5e:21:ae:61:91:c0:d1:66:f5:
         d4:0f:e6:20:97:d1:a9:67:6a:1e:30:40:ba:ea:c1:78:02:49:
         49:71:eb:6f:83:c7:05:2c:4c:63:2b:a4:ee:e1:32:fc:bc:28:
         92:06:a7:78:87:61:54:e9:c2:8c:9e:b2:a1:e0:88:10:c1:f7:
         93:2f:ad:01:19:34:39:13:3e:19:8c:1a:a1:ae:e0:48:6a:32:
         f3:79:4f:6a:e4:72:a2:59:27:3b:b0:f5:18:d7:13:b3:bf:46:
         28:9b:3b:44:79:da:d7:00:c6:a1:59:e9:ab:25:cf:bc:87:27:
         03:12:db:44:67:11:fd:99:52:43:f5:c2:d2:e2:0d:63:f5:2e:
         4b:1c:76:e0:cd:28:39:f3:64:51:e9:3e:18:a4:7d:95:de:c1:
         84:57:49:ed:72:28:73:40:7d:10:20:00:c5:f9:18:2e:0f:d1:
         b0:6b:f6:c0:10:c2:bc:51:2d:cb:9a:70:30:f6:0f:1c:b3:6b:
         fe:09:3a:35:81:8e:8a:0a:bb:6c:b5:d2:a4:be:eb:b9:af:53:
         72:2d:40:0e:b7:25:a1:4e:d4:e9:9b:1d:a4:0c:9d:76:49:ae:
         a4:cc:3a:a5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzGS1Pn0SxRzz+HIoo8FzYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMzA0YWY1NTM1M2MwMzE0NmY3ZjNhNjBjNmFiNTgwNGRk
YTVjZTEwHhcNMjQwMTAxMTgzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQ2YWU4NzQxMmFjNGQxOWE3NzE4ODhmOTQ0ZGMzMDRjYTM0MDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIttn/r7WRRlp5sPeFbfqztSwD5p
2Wnx72R2bT5VsvZJThjI6/h+dDZuxfu6Bl+TJ/OWL1kcdVdHrRnAw/mypbeoNrLk
KYxB+KnG4QU6mLRWlRV2gfuSr7PfCipivXBak6KniFlQVa03+E+WfPVM7bc3JzjN
ssPbZcAdjSbKUxcqCHTbW8rR8qp5AAqXLEs8wFvMrBksNi7ssdgJMYRZHcxpb665
bvfaTRvEGXztKO60uO/s35QH3P7PwKikaoPMNmSW8wcH9GYx2DLE8Hdt00CXqdMq
GH9ln/HLSPVqo1W1fwpwZAGWMmlQBEnV8NFSURoNWWbvlkjuZGnJiHQk4QIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGVGrodBKsTRmncYiPlE3DBMo0BkMB8GA1UdIwQY
MBaAFIowSvVTU8AxRvfzpgxqtYBN2lzhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWpCSzlWTlR3REZHOV9PbURHcTFnRTNhWE9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC82N2Y2MzEtN2YwNy00ZDhlLTllOTYt
MWY0NzE0MjhiMzYzLzEvWlVhdWgwRXF4TkdhZHhpSS1VVGNNRXlqUUdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC82N2Y2MzEtN2YwNy00ZDhlLTllOTYtMWY0NzE0MjhiMzYz
LzEvaWpCSzlWTlR3REZHOV9PbURHcTFnRTNhWE9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBUnaAAwQA
UnaGMAwDBAFSdpIDBAFSdpQDBAFSdp4DBABfq+ADBABfq+MDBABfq/gDBADUJmYw
DQYJKoZIhvcNAQELBQADggEBAGcBl9Uq+jk8udEahq+kojJuO9R8i1dMU2n9oV4h
rmGRwNFm9dQP5iCX0alnah4wQLrqwXgCSUlx62+DxwUsTGMrpO7hMvy8KJIGp3iH
YVTpwoyesqHgiBDB95MvrQEZNDkTPhmMGqGu4EhqMvN5T2rkcqJZJzuw9RjXE7O/
RiibO0R52tcAxqFZ6aslz7yHJwMS20RnEf2ZUkP1wtLiDWP1LkscduDNKDnzZFHp
PhikfZXewYRXSe1yKHNAfRAgAMX5GC4P0bBr9sAQwrxRLcuacDD2Dxyza/4JOjWB
jooKu2y10qS+67mvU3ItQA63JaFO1OmbHaQMnXZJrqTMOqU=
-----END CERTIFICATE-----
Generated at Sun Jun 16 16:51:26 2024 by rpki-client on console-fra.rpki-client.org