Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/hfsefRxnGudqHbW6y0bHRLVNl_o.roa
File:                     hfsefRxnGudqHbW6y0bHRLVNl_o.roa (raw, json)
Hash identifier:          /CfY/vE3/Z1Hgy+qr3ur72G646E8LquABGB9MwW4l04=
Subject key identifier:   85:FB:1E:7D:1C:67:1A:E7:6A:1D:B5:BA:CB:46:C7:44:B5:4D:97:FA
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018CCA2A427C14F5FAD192312099F2C00649
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/hfsefRxnGudqHbW6y0bHRLVNl_o.roa
Signing time:             Tue 02 Jan 2024 12:33:36 +0000
ROA not before:           Tue 02 Jan 2024 12:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48592
IP address blocks:        128.65.160.0/22 maxlen: 22
                          77.81.78.0/24 maxlen: 24
                          77.81.76.0/24 maxlen: 24
                          77.81.83.0/24 maxlen: 24
                          77.81.82.0/24 maxlen: 24
                          185.39.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:42:7c:14:f5:fa:d1:92:31:20:99:f2:c0:06:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: Jan  2 12:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85fb1e7d1c671ae76a1db5bacb46c744b54d97fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2f:7a:03:fa:e7:9b:7b:9a:9e:b5:3a:c5:64:
                    9f:58:38:60:fd:0c:41:17:ed:0a:e1:09:57:ee:9c:
                    b6:d0:59:1e:f3:2c:42:62:bd:e1:40:ab:67:8b:f9:
                    f4:7e:39:c5:b3:44:98:f0:7a:30:b8:e1:cf:90:11:
                    98:0a:29:dc:40:fc:ba:6e:04:36:47:6b:77:44:62:
                    d8:d1:67:c1:a8:d1:18:03:09:5e:27:e3:cc:16:58:
                    7c:2d:7e:1e:26:04:a9:10:5c:1a:0c:e8:b8:ca:fb:
                    35:0e:de:15:86:ca:e6:a5:e6:f9:f8:ef:5b:0c:27:
                    02:a6:ed:e9:27:86:e1:0b:42:d0:a3:b4:6d:aa:44:
                    97:0a:12:d5:d6:4a:4c:13:f4:5f:8d:60:c2:a6:dd:
                    49:15:60:2d:7a:55:cc:13:5b:e6:cd:66:2f:96:ad:
                    a1:c3:e7:47:ea:a3:e4:57:ac:f4:f1:46:89:f6:7b:
                    06:0c:84:7b:62:65:67:15:67:2b:78:a4:cf:36:e6:
                    5b:55:2e:6e:82:62:14:ff:4f:3e:27:f7:70:2f:58:
                    8f:93:4b:9c:73:6b:f6:b1:ce:cd:75:44:3d:45:c4:
                    03:5f:9a:21:ae:b7:66:c9:79:50:9f:50:1e:c9:a7:
                    13:f4:85:24:6e:ea:b4:aa:15:bc:37:b1:80:80:cd:
                    aa:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:FB:1E:7D:1C:67:1A:E7:6A:1D:B5:BA:CB:46:C7:44:B5:4D:97:FA
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/hfsefRxnGudqHbW6y0bHRLVNl_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.76.0/24
                  77.81.78.0/24
                  77.81.82.0/23
                  128.65.160.0/22
                  185.39.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:03:46:b8:d3:03:6e:36:d6:3c:67:3d:52:04:12:c2:00:12:
         01:ad:c2:77:32:be:19:67:dc:c9:a8:f9:4e:04:3c:8d:66:0c:
         2d:ca:c7:c0:85:85:58:6c:70:9a:17:c0:c7:9b:ac:21:fd:e4:
         c9:89:04:9f:7d:7c:03:0a:6a:01:91:17:a7:71:e3:10:7c:ac:
         f4:d0:70:6d:da:f3:52:ed:2e:1a:95:24:03:a0:26:db:9c:42:
         9b:4a:d8:e4:2d:38:e7:d4:77:76:55:fd:71:57:01:15:8a:53:
         49:81:58:35:82:98:d0:07:d2:76:1e:d1:87:12:ae:a1:58:27:
         70:1a:bf:bd:14:fa:9e:9e:2a:02:ce:15:61:33:2a:1d:c4:cd:
         0a:18:15:8f:d0:74:a4:a0:34:d9:6c:97:b3:3f:1d:57:6b:9c:
         67:d3:95:5f:da:85:ae:2f:1e:92:77:08:ad:21:51:00:5d:6c:
         40:de:46:79:f2:a7:ad:8f:04:85:25:8c:ee:f7:c1:f1:50:06:
         fc:cb:b9:29:60:5a:33:ef:88:f9:56:07:ad:8c:c8:87:a6:44:
         b7:7d:c1:23:10:01:9c:d4:e3:94:47:7c:21:f8:59:35:5f:84:
         be:99:55:73:01:ff:53:d2:91:ec:53:ac:41:e8:5d:ac:84:26:
         fd:0e:da:41
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzKKkJ8FPX60ZIxIJnywAZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjQwMTAyMTIzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWZiMWU3ZDFjNjcxYWU3NmExZGI1YmFjYjQ2Yzc0NGI1NGQ5N2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlC96A/rnm3uanrU6xWSfWDhg/QxB
F+0K4QlX7py20Fke8yxCYr3hQKtni/n0fjnFs0SY8HowuOHPkBGYCincQPy6bgQ2
R2t3RGLY0WfBqNEYAwleJ+PMFlh8LX4eJgSpEFwaDOi4yvs1Dt4Vhsrmpeb5+O9b
DCcCpu3pJ4bhC0LQo7RtqkSXChLV1kpME/RfjWDCpt1JFWAtelXME1vmzWYvlq2h
w+dH6qPkV6z08UaJ9nsGDIR7YmVnFWcreKTPNuZbVS5ugmIU/08+J/dwL1iPk0uc
c2v2sc7NdUQ9RcQDX5ohrrdmyXlQn1AeyacT9IUkbuq0qhW8N7GAgM2qmwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIX7Hn0cZxrnah21ustGx0S1TZf6MB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvaGZzZWZSeG5HdWRxSGJXNnkwYkhSTFZObF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQATVFMAwQA
TVFOAwQBTVFSAwQCgEGgAwQCuSe0MA0GCSqGSIb3DQEBCwUAA4IBAQAlA0a40wNu
NtY8Zz1SBBLCABIBrcJ3Mr4ZZ9zJqPlOBDyNZgwtysfAhYVYbHCaF8DHm6wh/eTJ
iQSffXwDCmoBkRenceMQfKz00HBt2vNS7S4alSQDoCbbnEKbStjkLTjn1Hd2Vf1x
VwEVilNJgVg1gpjQB9J2HtGHEq6hWCdwGr+9FPqenioCzhVhMyodxM0KGBWP0HSk
oDTZbJezPx1Xa5xn05Vf2oWuLx6SdwitIVEAXWxA3kZ58qetjwSFJYzu98HxUAb8
y7kpYFoz74j5VgetjMiHpkS3fcEjEAGc1OOUR3wh+Fk1X4S+mVVzAf9T0pHsU6xB
6F2shCb9DtpB
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:50:29 2024 by rpki-client on console-ams.rpki-client.org