Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/OC54kXOm7I7tseRw5OHrOV1BJHw.roa
File:                     OC54kXOm7I7tseRw5OHrOV1BJHw.roa (raw, json)
Hash identifier:          sUSVlEMkWASI85R3VU1F/2tLZQqe7PQp+2Agz/OhLX4=
Subject key identifier:   38:2E:78:91:73:A6:EC:8E:ED:B1:E4:70:E4:E1:EB:39:5D:41:24:7C
Certificate issuer:       /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial:       018CC7940723CA13CE6EF51DF0AD5BF9D3E5
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/OC54kXOm7I7tseRw5OHrOV1BJHw.roa
Signing time:             Tue 02 Jan 2024 00:30:16 +0000
ROA not before:           Tue 02 Jan 2024 00:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12975
IP address blocks:        199.204.215.0/24 maxlen: 24
                          94.26.112.0/20 maxlen: 20
                          217.66.224.0/19 maxlen: 24
                          82.205.0.0/17 maxlen: 21
                          82.205.0.0/20 maxlen: 20
                          217.66.233.0/24 maxlen: 24
                          217.66.237.0/24 maxlen: 24
                          217.66.234.0/23 maxlen: 23
                          86.107.16.0/22 maxlen: 22
                          87.252.108.0/22 maxlen: 22
                          188.215.100.0/22 maxlen: 22
                          82.205.96.0/20 maxlen: 20
                          82.205.104.0/21 maxlen: 21
                          89.239.32.0/20 maxlen: 20
                          82.205.16.0/20 maxlen: 20
                          217.66.240.0/20 maxlen: 20
                          82.205.27.0/24 maxlen: 24
                          212.33.96.0/19 maxlen: 20
                          185.171.132.0/22 maxlen: 22
                          82.102.240.0/20 maxlen: 20
                          82.102.192.0/20 maxlen: 20
                          82.102.192.0/18 maxlen: 24
                          82.102.208.0/21 maxlen: 21
                          82.102.218.0/23 maxlen: 23
                          82.102.224.0/20 maxlen: 20
                          82.102.220.0/22 maxlen: 22
                          212.106.64.0/19 maxlen: 20
                          85.113.96.0/19 maxlen: 20
                          176.65.12.0/22 maxlen: 22
                          194.169.123.0/24 maxlen: 24
                          194.169.122.0/23 maxlen: 23
                          194.169.122.0/24 maxlen: 24
                          147.189.176.0/20 maxlen: 20
                          194.169.121.0/24 maxlen: 24
                          199.250.128.0/19 maxlen: 21
                          217.21.14.0/23 maxlen: 23
                          217.21.12.0/23 maxlen: 23
                          188.209.208.0/22 maxlen: 22
                          37.8.0.0/17 maxlen: 20
                          37.8.0.0/20 maxlen: 20
                          37.8.16.0/20 maxlen: 20
                          37.8.32.0/20 maxlen: 20
                          37.8.48.0/20 maxlen: 20
                          109.232.163.0/24 maxlen: 24
                          109.232.162.0/24 maxlen: 24
                          109.232.162.0/23 maxlen: 23
                          185.40.192.0/22 maxlen: 22
                          185.138.132.0/22 maxlen: 22
                          185.90.242.0/24 maxlen: 24
                          82.205.120.0/21 maxlen: 21
                          217.78.48.0/21 maxlen: 21
                          217.78.48.0/20 maxlen: 20
                          217.78.60.0/22 maxlen: 22
                          217.21.4.0/24 maxlen: 24
                          217.21.3.0/24 maxlen: 24
                          217.21.2.0/24 maxlen: 24
                          217.21.0.0/20 maxlen: 20
                          217.21.10.0/23 maxlen: 23
                          217.21.8.0/23 maxlen: 23
                          217.21.6.0/23 maxlen: 23
                          217.21.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:07:23:ca:13:ce:6e:f5:1d:f0:ad:5b:f9:d3:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
        Validity
            Not Before: Jan  2 00:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=382e789173a6ec8eedb1e470e4e1eb395d41247c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3e:08:e0:54:b7:60:d6:c4:2b:d9:76:74:ae:
                    96:34:4a:42:39:69:1a:50:e9:57:43:f8:69:21:06:
                    e5:c8:76:70:ce:68:cd:46:77:c3:42:74:fe:ec:f2:
                    a8:f7:fa:73:bf:41:ed:5b:79:94:99:e1:fb:63:cf:
                    3e:0c:96:35:8d:9f:a4:47:db:d3:58:86:92:bc:59:
                    e4:5b:56:36:ed:9a:75:26:d4:fa:38:31:ec:f1:af:
                    dd:70:a6:eb:3e:04:2f:32:30:88:78:48:0f:55:b7:
                    24:d6:3c:a8:66:65:ed:88:0c:07:a1:2a:fc:75:75:
                    b2:b8:a6:13:db:04:91:24:b4:54:de:3a:03:57:88:
                    9d:b1:6d:61:a9:e5:ca:57:4d:04:cd:7a:4b:3a:d2:
                    10:a6:8b:18:4c:ba:0e:4c:d9:fe:55:2e:1e:f6:2d:
                    11:dc:dc:39:75:d7:66:ec:42:ec:40:c8:f3:37:bb:
                    42:8e:53:d5:bb:82:91:56:9f:8c:9a:9a:fb:5b:a2:
                    31:4e:7e:72:8f:78:c7:ab:b2:30:16:91:8a:f2:a4:
                    67:4a:b6:e6:58:27:6d:dc:c1:79:3d:6e:23:20:fb:
                    a6:3b:6e:7f:ba:c4:d0:97:3d:fc:e7:89:c9:d4:5b:
                    be:a7:13:06:47:2b:49:9f:53:61:d2:e3:95:e3:71:
                    29:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:2E:78:91:73:A6:EC:8E:ED:B1:E4:70:E4:E1:EB:39:5D:41:24:7C
            X509v3 Authority Key Identifier:
                keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/OC54kXOm7I7tseRw5OHrOV1BJHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.8.0.0/17
                  82.102.192.0/18
                  82.205.0.0/17
                  85.113.96.0/19
                  86.107.16.0/22
                  87.252.108.0/22
                  89.239.32.0/20
                  94.26.112.0/20
                  109.232.162.0/23
                  147.189.176.0/20
                  176.65.12.0/22
                  185.40.192.0/22
                  185.90.242.0/24
                  185.138.132.0/22
                  185.171.132.0/22
                  188.209.208.0/22
                  188.215.100.0/22
                  194.169.121.0-194.169.123.255
                  199.204.215.0/24
                  199.250.128.0/19
                  212.33.96.0/19
                  212.106.64.0/19
                  217.21.0.0/20
                  217.66.224.0/19
                  217.78.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         20:68:85:52:51:d9:6b:a6:26:ff:3e:6f:23:12:96:d6:85:d2:
         57:b6:40:e1:7e:15:00:db:a1:db:96:7e:9b:4f:2c:70:09:e4:
         6b:1a:28:db:43:66:6f:1b:63:7c:eb:c1:b2:03:93:3a:52:c8:
         85:d2:57:90:d2:56:35:43:07:be:f8:d4:fe:de:b8:5f:72:94:
         e2:cd:d6:97:9b:ca:1c:df:df:30:05:f7:0d:d7:27:15:db:7e:
         5e:e6:5e:fe:88:58:33:c4:91:05:e9:d6:a5:73:79:69:2d:9f:
         5b:84:2a:d4:68:e7:f0:79:4d:96:54:f2:02:01:89:ed:95:51:
         26:92:a1:09:2e:1c:4c:e9:24:c6:15:9b:f8:f0:a0:41:1a:30:
         27:70:ce:5d:05:db:da:93:8e:14:d8:02:c5:2a:3f:dd:07:0c:
         a1:6c:5e:a7:c5:a5:c5:04:ba:93:14:1b:43:17:28:5e:be:a5:
         c0:83:a6:31:a3:55:b8:c5:34:da:4e:1b:24:12:46:3b:41:68:
         42:06:cd:9c:b5:98:b3:45:d3:4a:96:8f:8c:de:c8:02:8f:ad:
         59:6d:10:f1:6d:f9:65:bb:3e:f4:7c:bf:8a:fd:56:5f:26:61:
         8c:96:95:93:de:88:30:f5:9d:61:47:f7:77:e6:41:c0:66:29:
         aa:ee:b0:f1
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAYzHlAcjyhPObvUd8K1b+dPlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjM2E2MzNlZjJjMDgyNTFhNTg2MDM1NjJlNTZhYTZlZmE5
M2VjMjUwHhcNMjQwMTAyMDAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODJlNzg5MTczYTZlYzhlZWRiMWU0NzBlNGUxZWIzOTVkNDEyNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkz4I4FS3YNbEK9l2dK6WNEpCOWka
UOlXQ/hpIQblyHZwzmjNRnfDQnT+7PKo9/pzv0HtW3mUmeH7Y88+DJY1jZ+kR9vT
WIaSvFnkW1Y27Zp1JtT6ODHs8a/dcKbrPgQvMjCIeEgPVbck1jyoZmXtiAwHoSr8
dXWyuKYT2wSRJLRU3joDV4idsW1hqeXKV00EzXpLOtIQposYTLoOTNn+VS4e9i0R
3Nw5dddm7ELsQMjzN7tCjlPVu4KRVp+Mmpr7W6IxTn5yj3jHq7IwFpGK8qRnSrbm
WCdt3MF5PW4jIPumO25/usTQlz3854nJ1Fu+pxMGRytJn1Nh0uOV43EpPQIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFDgueJFzpuyO7bHkcOTh6zldQSR8MB8GA1UdIwQY
MBaAFOw6Yz7ywIJRpYYDVi5Wqm76k+wlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUt
ZjdjMmMyYTkxYmMyLzEvT0M1NGtYT203STd0c2VSdzVPSHJPVjFCSkh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUtZjdjMmMyYTkxYmMy
LzEvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG7BggrBgEFBQcBBwEB/wSBqzCBqDCBpQQCAAEwgZ4DBAcl
CAADBAZSZsADBAdSzQADBAVVcWADBAJWaxADBAJX/GwDBARZ7yADBAReGnADBAFt
6KIDBASTvbADBAKwQQwDBAK5KMADBAC5WvIDBAK5ioQDBAK5q4QDBAK80dADBAK8
12QwDAMEAMKpeQMEAsKpeAMEAMfM1wMEBcf6gAMEBdQhYAMEBdRqQAMEBNkVAAME
BdlC4AMEBNlOMDANBgkqhkiG9w0BAQsFAAOCAQEAIGiFUlHZa6Ym/z5vIxKW1oXS
V7ZA4X4VANuh25Z+m08scAnkaxoo20NmbxtjfOvBsgOTOlLIhdJXkNJWNUMHvvjU
/t64X3KU4s3Wl5vKHN/fMAX3DdcnFdt+XuZe/ohYM8SRBenWpXN5aS2fW4Qq1Gjn
8HlNllTyAgGJ7ZVRJpKhCS4cTOkkxhWb+PCgQRowJ3DOXQXb2pOOFNgCxSo/3QcM
oWxep8WlxQS6kxQbQxcoXr6lwIOmMaNVuMU02k4bJBJGO0FoQgbNnLWYs0XTSpaP
jN7IAo+tWW0Q8W35Zbs+9Hy/iv1WXyZhjJaVk96IMPWdYUf3d+ZBwGYpqu6w8Q==
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:22 2024 by rpki-client on console-fra.rpki-client.org