Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/VF8bfQg6w0asv6lm0nVK7YBkF9s.roa
File:                     VF8bfQg6w0asv6lm0nVK7YBkF9s.roa (raw, json)
Hash identifier:          0YfXvsqhVjiurgfIAuNgN4UNC1R/IUFaKXNk5fWRfDE=
Subject key identifier:   54:5F:1B:7D:08:3A:C3:46:AC:BF:A9:66:D2:75:4A:ED:80:64:17:DB
Certificate issuer:       /CN=aca77c708af0ba1f81549c9f87089559390167a5
Certificate serial:       018CC9BC2428ECE080C3E8D25B69EA44E705
Authority key identifier: AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/VF8bfQg6w0asv6lm0nVK7YBkF9s.roa
Signing time:             Tue 02 Jan 2024 10:33:19 +0000
ROA not before:           Tue 02 Jan 2024 10:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24989
IP address blocks:        217.79.208.0/20 maxlen: 24
                          88.84.136.0/21 maxlen: 24
                          89.202.0.0/17 maxlen: 24
                          217.68.144.0/20 maxlen: 24
                          193.110.116.0/22 maxlen: 24
                          2a02:20a8::/32 maxlen: 48
                          2001:4c68::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:24:28:ec:e0:80:c3:e8:d2:5b:69:ea:44:e7:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca77c708af0ba1f81549c9f87089559390167a5
        Validity
            Not Before: Jan  2 10:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=545f1b7d083ac346acbfa966d2754aed806417db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b3:2f:ab:86:83:46:ac:04:e8:cf:59:51:68:
                    de:aa:b5:c9:94:b2:e3:65:73:b4:86:8a:e0:f5:51:
                    2e:16:55:24:43:32:98:a6:9c:b6:ca:02:2f:d1:f4:
                    5e:da:0a:5a:85:b3:12:90:3d:c9:d6:f1:7b:c8:a6:
                    cb:9c:84:30:6d:e7:98:10:57:a4:4e:ff:1e:ae:41:
                    28:27:f2:b0:6f:74:1e:be:ce:19:61:51:60:fa:85:
                    ad:41:d9:78:eb:a1:d2:2b:fd:18:65:84:47:fa:72:
                    d8:ad:d8:cc:62:bd:1b:a7:fa:09:89:67:d0:83:b8:
                    b8:18:23:0a:17:86:08:72:bb:bf:fb:f3:52:8d:6d:
                    1d:64:26:5c:d3:40:c2:01:11:d2:c2:07:a9:e3:0c:
                    73:7e:bb:f4:32:10:5c:ab:9e:31:40:3e:0d:04:78:
                    9f:07:6b:69:05:a9:3e:7f:a9:e7:b1:20:0d:51:6f:
                    f5:43:4f:b3:1a:a0:63:ab:67:a5:ec:2d:22:9a:c1:
                    d1:49:0d:01:b4:26:1a:7b:05:27:11:08:7a:96:eb:
                    6b:a3:5f:89:49:dc:99:7b:fe:74:72:92:b5:6d:7a:
                    da:55:fe:f1:f9:e6:bb:e1:a9:57:5b:63:ad:39:73:
                    39:a4:ae:c1:94:1b:14:42:be:b9:43:5e:fd:74:5a:
                    9a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:5F:1B:7D:08:3A:C3:46:AC:BF:A9:66:D2:75:4A:ED:80:64:17:DB
            X509v3 Authority Key Identifier:
                keyid:AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/VF8bfQg6w0asv6lm0nVK7YBkF9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.136.0/21
                  89.202.0.0/17
                  193.110.116.0/22
                  217.68.144.0/20
                  217.79.208.0/20
                IPv6:
                  2001:4c68::/32
                  2a02:20a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:0c:bb:57:3a:e5:28:bb:34:c2:68:e2:34:28:37:1c:ca:b6:
         fd:bb:08:c0:b2:d5:4e:ac:21:f5:e7:be:49:b3:55:04:8f:6e:
         b8:f7:81:19:87:1b:b8:b0:38:fb:e9:c2:af:cd:05:37:9b:62:
         57:0d:e2:c4:77:3a:43:60:6a:0b:51:52:66:1e:2c:6a:c1:ad:
         05:fb:cd:54:7e:6b:19:d5:0c:b9:32:cb:a6:20:09:54:85:a6:
         98:ce:56:e0:6d:71:e7:93:ed:2d:3e:f2:ad:8d:9a:5f:5e:fa:
         2f:49:78:c8:0c:87:2a:ea:bf:63:69:3e:c5:fa:2d:d0:db:0e:
         8c:08:d0:c6:5f:bd:f7:17:ad:30:08:c1:bf:d7:40:57:06:ed:
         ad:9b:ea:ce:26:13:bf:94:45:a5:dc:c6:31:5a:00:95:6a:da:
         72:12:68:14:d1:84:48:52:01:2b:47:ee:0d:12:9d:a3:4d:79:
         cc:48:24:fc:2c:b2:01:5e:40:00:d8:53:10:a1:70:cf:47:94:
         9f:d1:8c:66:64:de:fc:9e:7b:73:89:75:5a:85:05:74:1f:30:
         68:5c:e8:db:6a:91:3b:29:19:d1:d1:ca:85:a3:32:84:9a:c4:
         9d:56:0a:65:9b:2c:bf:00:1e:65:41:58:16:b9:47:dd:88:c5:
         8b:d5:61:ac
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzJvCQo7OCAw+jSW2nqROcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTc3YzcwOGFmMGJhMWY4MTU0OWM5Zjg3MDg5NTU5Mzkw
MTY3YTUwHhcNMjQwMTAyMTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDVmMWI3ZDA4M2FjMzQ2YWNiZmE5NjZkMjc1NGFlZDgwNjQxN2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7Mvq4aDRqwE6M9ZUWjeqrXJlLLj
ZXO0horg9VEuFlUkQzKYppy2ygIv0fRe2gpahbMSkD3J1vF7yKbLnIQwbeeYEFek
Tv8erkEoJ/Kwb3Qevs4ZYVFg+oWtQdl466HSK/0YZYRH+nLYrdjMYr0bp/oJiWfQ
g7i4GCMKF4YIcru/+/NSjW0dZCZc00DCARHSwgep4wxzfrv0MhBcq54xQD4NBHif
B2tpBak+f6nnsSANUW/1Q0+zGqBjq2el7C0imsHRSQ0BtCYaewUnEQh6lutro1+J
SdyZe/50cpK1bXraVf7x+ea74alXW2OtOXM5pK7BlBsUQr65Q179dFqaMQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFFRfG30IOsNGrL+pZtJ1Su2AZBfbMB8GA1UdIwQY
MBaAFKynfHCK8LofgVScn4cIlVk5AWelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYt
MjhiMTllM2ZkNGE2LzEvVkY4YmZRZzZ3MGFzdjZsbTBuVks3WUJrRjlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYtMjhiMTllM2ZkNGE2
LzEvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQDWFSIAwQH
WcoAAwQCwW50AwQE2USQAwQE2U/QMBQEAgACMA4DBQAgAUxoAwUAKgIgqDANBgkq
hkiG9w0BAQsFAAOCAQEAUwy7VzrlKLs0wmjiNCg3HMq2/bsIwLLVTqwh9ee+SbNV
BI9uuPeBGYcbuLA4++nCr80FN5tiVw3ixHc6Q2BqC1FSZh4sasGtBfvNVH5rGdUM
uTLLpiAJVIWmmM5W4G1x55PtLT7yrY2aX176L0l4yAyHKuq/Y2k+xfot0NsOjAjQ
xl+99xetMAjBv9dAVwbtrZvqziYTv5RFpdzGMVoAlWrachJoFNGESFIBK0fuDRKd
o015zEgk/CyyAV5AANhTEKFwz0eUn9GMZmTe/J57c4l1WoUFdB8waFzo22qROykZ
0dHKhaMyhJrEnVYKZZssvwAeZUFYFrlH3YjFi9VhrA==
-----END CERTIFICATE-----
Generated at Tue Nov 26 03:27:09 2024 by rpki-client on console-ams.rpki-client.org