Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/BrYjZ2j-6wiUetPbdiA2oDP8ZK0.roa
File:                     BrYjZ2j-6wiUetPbdiA2oDP8ZK0.roa (raw, json)
Hash identifier:          Qhnkbetmv9PKbpV4/tiVA2KIy5wNdUCrvyuKYkiTsAM=
Subject key identifier:   06:B6:23:67:68:FE:EB:08:94:7A:D3:DB:76:20:36:A0:33:FC:64:AD
Certificate issuer:       /CN=09e2af08cf6e12e2304fb3bdec64cfbcedaa8522
Certificate serial:       018CC2DAF7C79D318CD1D47F4973E75050A0
Authority key identifier: 09:E2:AF:08:CF:6E:12:E2:30:4F:B3:BD:EC:64:CF:BC:ED:AA:85:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/BrYjZ2j-6wiUetPbdiA2oDP8ZK0.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25335
IP address blocks:        185.105.56.0/23 maxlen: 23
                          185.122.130.0/23 maxlen: 23
                          185.105.59.0/24 maxlen: 24
                          185.116.172.0/23 maxlen: 23
                          185.130.36.0/23 maxlen: 23
                          185.127.56.0/23 maxlen: 23
                          185.130.38.0/23 maxlen: 23
                          185.116.175.0/24 maxlen: 24
                          185.127.58.0/23 maxlen: 23
                          185.129.10.0/23 maxlen: 23
                          185.129.8.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CeKvCM9uEuIwT7O97GTPvO2qhSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CeKvCM9uEuIwT7O97GTPvO2qhSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f7:c7:9d:31:8c:d1:d4:7f:49:73:e7:50:50:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09e2af08cf6e12e2304fb3bdec64cfbcedaa8522
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06b6236768feeb08947ad3db762036a033fc64ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7b:c5:96:76:90:12:d1:6f:fa:83:d1:fe:b9:
                    d1:60:2d:d6:b9:b7:3a:2a:b2:80:5a:fe:ad:69:81:
                    60:3b:18:e4:82:1c:00:78:d4:a6:ef:52:58:b8:7f:
                    ff:cc:8e:78:0e:58:84:e5:67:79:89:ad:3c:7c:26:
                    31:f4:b8:a6:3a:9d:74:9c:08:e0:1d:17:86:ba:6d:
                    8c:1e:ec:65:b8:23:e7:7e:a6:40:c8:e6:36:ad:d6:
                    01:92:16:6a:cd:12:b2:7d:f4:00:c3:ca:e1:28:bb:
                    b3:13:4c:81:9a:20:9f:3e:9c:8e:2f:72:e7:9b:66:
                    5f:e7:e6:76:cf:5d:a3:7f:07:1a:f3:1a:a8:7a:a9:
                    e2:f1:58:c4:9e:df:95:43:a0:32:ad:bf:85:3b:8a:
                    d5:de:30:51:f9:cc:79:bd:d5:27:5b:1d:95:e3:d9:
                    12:55:9b:6c:79:ce:2f:a7:5c:9f:ef:28:4f:2a:b3:
                    c5:94:1b:a3:79:c9:91:69:32:c8:fc:2b:2d:bf:c7:
                    56:8f:47:ad:c0:76:28:23:d3:b7:b5:9c:ff:85:e4:
                    6e:b7:2c:7e:00:4d:62:8a:84:ad:1d:ed:6d:4b:0e:
                    e4:66:5c:b4:7e:ec:4e:92:f9:e0:9c:4f:9e:c9:33:
                    52:e4:95:e2:2f:99:2a:0e:db:cf:ae:c2:9f:bc:c0:
                    b1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B6:23:67:68:FE:EB:08:94:7A:D3:DB:76:20:36:A0:33:FC:64:AD
            X509v3 Authority Key Identifier:
                keyid:09:E2:AF:08:CF:6E:12:E2:30:4F:B3:BD:EC:64:CF:BC:ED:AA:85:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/BrYjZ2j-6wiUetPbdiA2oDP8ZK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CeKvCM9uEuIwT7O97GTPvO2qhSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.56.0/23
                  185.105.59.0/24
                  185.116.172.0/23
                  185.116.175.0/24
                  185.122.130.0/23
                  185.127.56.0/22
                  185.129.8.0/22
                  185.130.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:1b:f2:96:97:6d:07:e5:3e:e8:5b:2b:3d:80:47:01:11:17:
         db:35:09:f0:f9:3f:b4:e7:e0:95:ed:f9:5f:f6:b6:f8:a6:b0:
         ef:47:b8:2a:8f:0b:50:dc:88:f1:2a:b4:5a:c5:75:98:34:e0:
         70:da:97:1c:c8:97:40:3c:fb:c4:34:80:b6:ff:c4:15:be:e7:
         a1:26:9f:d6:1e:db:c1:af:92:8c:3c:38:1e:55:f3:18:50:e2:
         7a:32:6b:ab:41:39:04:a5:b3:9b:54:e4:e4:2c:37:0b:35:95:
         4b:cb:f7:d7:14:30:8d:de:ec:de:15:03:14:15:f2:6b:7c:c9:
         77:9e:42:68:23:90:cf:ac:a2:89:6f:0b:2d:de:1f:7f:e3:5d:
         e0:85:d8:2f:6a:cc:24:49:94:b2:c4:5c:62:ab:1f:76:33:7c:
         db:65:ce:92:3b:86:3a:12:c4:2b:71:4c:26:5b:d2:56:1c:30:
         ff:c8:98:f9:b4:3b:6a:c7:9b:11:e0:3d:22:1f:4c:2d:b7:08:
         0e:fc:0b:a4:e7:29:37:b6:37:1a:a2:e8:26:61:86:07:f0:a4:
         b3:00:f1:1f:24:f9:62:99:9e:73:4d:64:6b:c6:8e:5b:f2:30:
         bc:b4:d2:58:21:22:16:59:23:4f:2d:f4:0f:c6:6c:79:6c:7b:
         1e:77:13:e6
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzC2vfHnTGM0dR/SXPnUFCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZTJhZjA4Y2Y2ZTEyZTIzMDRmYjNiZGVjNjRjZmJjZWRh
YTg1MjIwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI2MjM2NzY4ZmVlYjA4OTQ3YWQzZGI3NjIwMzZhMDMzZmM2NGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnvFlnaQEtFv+oPR/rnRYC3Wubc6
KrKAWv6taYFgOxjkghwAeNSm71JYuH//zI54DliE5Wd5ia08fCYx9LimOp10nAjg
HReGum2MHuxluCPnfqZAyOY2rdYBkhZqzRKyffQAw8rhKLuzE0yBmiCfPpyOL3Ln
m2Zf5+Z2z12jfwca8xqoeqni8VjEnt+VQ6Ayrb+FO4rV3jBR+cx5vdUnWx2V49kS
VZtsec4vp1yf7yhPKrPFlBujecmRaTLI/Cstv8dWj0etwHYoI9O3tZz/heRutyx+
AE1iioStHe1tSw7kZly0fuxOkvngnE+eyTNS5JXiL5kqDtvPrsKfvMCxJwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAa2I2do/usIlHrT23YgNqAz/GStMB8GA1UdIwQY
MBaAFAnirwjPbhLiME+zvexkz7ztqoUiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VLdkNNOXVFdUl3VDdPOTdHVFB2TzJxaFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8xOWQzY2QtNjYxMC00M2YwLTgzZWIt
NzBhMWFmNTFkZmJlLzEvQnJZaloyai02d2lVZXRQYmRpQTJvRFA4WkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8xOWQzY2QtNjYxMC00M2YwLTgzZWItNzBhMWFmNTFkZmJl
LzEvQ2VLdkNNOXVFdUl3VDdPOTdHVFB2TzJxaFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBuWk4AwQA
uWk7AwQBuXSsAwQAuXSvAwQBuXqCAwQCuX84AwQCuYEIAwQCuYIkMA0GCSqGSIb3
DQEBCwUAA4IBAQBgG/KWl20H5T7oWys9gEcBERfbNQnw+T+05+CV7flf9rb4prDv
R7gqjwtQ3IjxKrRaxXWYNOBw2pccyJdAPPvENIC2/8QVvuehJp/WHtvBr5KMPDge
VfMYUOJ6MmurQTkEpbObVOTkLDcLNZVLy/fXFDCN3uzeFQMUFfJrfMl3nkJoI5DP
rKKJbwst3h9/413ghdgvaswkSZSyxFxiqx92M3zbZc6SO4Y6EsQrcUwmW9JWHDD/
yJj5tDtqx5sR4D0iH0wttwgO/Auk5yk3tjcaougmYYYH8KSzAPEfJPlimZ5zTWRr
xo5b8jC8tNJYISIWWSNPLfQPxmx5bHsedxPm
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:40:08 2024 by rpki-client on console-fra.rpki-client.org