Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YzlhqxTXlZJt_ccJL_8xYEo3RpQ.roa
File:                     YzlhqxTXlZJt_ccJL_8xYEo3RpQ.roa (raw, json)
Hash identifier:          VMynD3IVNA2HmWLE0yQohNn0wYN+CXXLpPiN6FXb1zA=
Subject key identifier:   63:39:61:AB:14:D7:95:92:6D:FD:C7:09:2F:FF:31:60:4A:37:46:94
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EEEB17A4638D6638C60995A482BF7
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YzlhqxTXlZJt_ccJL_8xYEo3RpQ.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203380
IP address blocks:        82.118.245.0/24 maxlen: 24
                          79.124.7.0/24 maxlen: 24
                          77.76.13.0/24 maxlen: 24
                          91.148.141.0/24 maxlen: 24
                          78.128.99.0/24 maxlen: 24
                          94.72.141.0/24 maxlen: 24
                          94.72.143.0/24 maxlen: 24
                          94.72.140.0/23 maxlen: 24
                          82.118.227.0/24 maxlen: 24
                          82.118.230.0/24 maxlen: 24
                          82.118.234.0/24 maxlen: 24
                          82.118.235.0/24 maxlen: 24
                          130.185.251.0/24 maxlen: 24
                          79.124.77.0/24 maxlen: 24
                          78.128.127.0/24 maxlen: 24
                          2a01:8740:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ee:b1:7a:46:38:d6:63:8c:60:99:5a:48:2b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=633961ab14d795926dfdc7092fff31604a374694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:70:3f:72:5a:0d:68:7d:99:d2:cb:34:57:a6:
                    15:9d:06:fc:85:63:5e:40:81:52:b3:54:e6:71:27:
                    87:d6:1d:6e:4b:b3:ba:3c:42:a9:0f:63:3b:eb:ec:
                    f0:f5:a7:70:d3:ba:f8:eb:92:1a:ea:16:70:45:07:
                    9b:65:23:80:4d:39:e6:82:96:72:42:b3:52:3c:19:
                    f9:62:42:2a:eb:c0:f4:d6:7a:3c:50:31:02:73:a4:
                    b2:ee:25:e5:c2:ce:18:52:34:c9:ab:48:55:27:2a:
                    39:99:87:57:be:b7:de:fb:e1:71:e4:37:37:dc:19:
                    4d:ac:ca:d4:ac:06:a8:bb:2b:ba:3f:dd:5c:1e:69:
                    bb:97:6e:f8:e1:c1:42:76:62:a9:92:35:00:c5:e7:
                    0a:61:6b:22:ec:cf:d5:9b:93:4f:14:3e:dd:14:16:
                    f8:92:1b:8e:7a:7b:36:89:06:eb:75:6d:8c:1b:43:
                    83:20:01:62:d6:e4:9a:48:1b:0d:30:3a:a5:67:80:
                    c4:9b:3f:7d:da:80:15:a2:fa:f2:fe:3a:f3:20:55:
                    ea:94:fd:18:2f:97:9d:56:49:f0:03:e9:d6:4f:92:
                    60:35:6a:40:0d:ca:d6:66:5c:5b:50:26:60:2d:48:
                    19:9f:9b:e3:72:a2:24:d8:e1:db:b0:80:01:92:e6:
                    5c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:39:61:AB:14:D7:95:92:6D:FD:C7:09:2F:FF:31:60:4A:37:46:94
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YzlhqxTXlZJt_ccJL_8xYEo3RpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.76.13.0/24
                  78.128.99.0/24
                  78.128.127.0/24
                  79.124.7.0/24
                  79.124.77.0/24
                  82.118.227.0/24
                  82.118.230.0/24
                  82.118.234.0/23
                  82.118.245.0/24
                  91.148.141.0/24
                  94.72.140.0/23
                  94.72.143.0/24
                  130.185.251.0/24
                IPv6:
                  2a01:8740:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:97:b7:19:c1:41:33:30:c0:e6:52:a8:d4:0d:ed:dc:df:e4:
         a2:5d:ad:20:d1:2e:de:e4:56:c0:3f:86:80:ef:39:f7:2f:1d:
         cd:28:09:80:f1:84:bf:c3:04:db:b8:58:ce:6d:82:f5:11:60:
         65:01:9b:67:ff:4c:18:21:61:59:49:9d:4b:39:03:a7:8d:2e:
         ca:38:84:5b:ea:a4:0b:78:96:9e:31:44:9c:f9:c5:9e:b1:a1:
         3f:3a:1d:a2:2f:59:bb:3c:7f:1f:60:69:0f:59:4e:30:00:96:
         ed:f5:0e:8c:47:c8:39:34:6c:1b:c6:8d:fe:96:9f:69:de:94:
         12:16:37:40:15:6a:7a:e2:10:d1:9e:4a:8a:6f:d5:44:40:f5:
         95:3f:67:e8:76:48:25:a8:79:53:ec:8c:0f:9e:f2:24:37:63:
         2c:5f:2c:d4:79:51:24:34:d5:56:43:6b:3c:2c:e1:3c:18:a0:
         14:6c:bb:c2:b2:b8:a4:0c:9d:62:ca:e2:9e:18:6e:1c:06:25:
         5b:9c:f7:a3:00:80:da:86:e7:e3:e3:3a:3a:74:dc:2a:f1:3d:
         de:cc:9d:5a:78:b6:bc:87:0c:47:f1:3d:75:78:07:69:f8:c7:
         47:eb:78:c2:11:a6:a7:56:66:1b:dd:a6:41:7c:cd:1b:b0:b0:
         ae:69:f4:4a
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYzFbu6xekY41mOMYJlaSCv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzM5NjFhYjE0ZDc5NTkyNmRmZGM3MDkyZmZmMzE2MDRhMzc0Njk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XA/cloNaH2Z0ss0V6YVnQb8hWNe
QIFSs1TmcSeH1h1uS7O6PEKpD2M76+zw9adw07r465Ia6hZwRQebZSOATTnmgpZy
QrNSPBn5YkIq68D01no8UDECc6Sy7iXlws4YUjTJq0hVJyo5mYdXvrfe++Fx5Dc3
3BlNrMrUrAaouyu6P91cHmm7l2744cFCdmKpkjUAxecKYWsi7M/Vm5NPFD7dFBb4
khuOens2iQbrdW2MG0ODIAFi1uSaSBsNMDqlZ4DEmz992oAVovry/jrzIFXqlP0Y
L5edVknwA+nWT5JgNWpADcrWZlxbUCZgLUgZn5vjcqIk2OHbsIABkuZcMwIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFGM5YasU15WSbf3HCS//MWBKN0aUMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvWXpsaHF4VFhsWkp0X2NjSkxfOHhZRW8zUnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBUBAIAATBOAwQATUwNAwQA
ToBjAwQAToB/AwQAT3wHAwQAT3xNAwQAUnbjAwQAUnbmAwQBUnbqAwQAUnb1AwQA
W5SNAwQBXkiMAwQAXkiPAwQAgrn7MA8EAgACMAkDBwAqAYdAAAEwDQYJKoZIhvcN
AQELBQADggEBACaXtxnBQTMwwOZSqNQN7dzf5KJdrSDRLt7kVsA/hoDvOfcvHc0o
CYDxhL/DBNu4WM5tgvURYGUBm2f/TBghYVlJnUs5A6eNLso4hFvqpAt4lp4xRJz5
xZ6xoT86HaIvWbs8fx9gaQ9ZTjAAlu31DoxHyDk0bBvGjf6Wn2nelBIWN0AVanri
ENGeSopv1URA9ZU/Z+h2SCWoeVPsjA+e8iQ3YyxfLNR5USQ01VZDazws4TwYoBRs
u8KyuKQMnWLK4p4YbhwGJVuc96MAgNqG5+PjOjp03CrxPd7MnVp4tryHDEfxPXV4
B2n4x0freMIRpqdWZhvdpkF8zRuwsK5p9Eo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:59:42 2024 by rpki-client on console-ams.rpki-client.org