Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/84VQswCBuB148vEFTfifm-H4ako.roa
File:                     84VQswCBuB148vEFTfifm-H4ako.roa (raw, json)
Hash identifier:          lwTJBRvS0/kAi7lrVMOhyaLWkxLgr01Rnv8LhhXGjrc=
Subject key identifier:   F3:85:50:B3:00:81:B8:1D:78:F2:F1:05:4D:F8:9F:9B:E1:F8:6A:4A
Certificate issuer:       /CN=69fdfe8249f943aabad1881fca5836613a6a67bc
Certificate serial:       018CC7932DF79DA63F99F96DC807B349D87C
Authority key identifier: 69:FD:FE:82:49:F9:43:AA:BA:D1:88:1F:CA:58:36:61:3A:6A:67:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/af3-gkn5Q6q60Ygfylg2YTpqZ7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/84VQswCBuB148vEFTfifm-H4ako.roa
Signing time:             Tue 02 Jan 2024 00:29:20 +0000
ROA not before:           Tue 02 Jan 2024 00:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198936
IP address blocks:        91.105.253.0/24 maxlen: 24
                          91.105.252.0/24 maxlen: 24
                          91.105.248.0/24 maxlen: 24
                          91.105.249.0/24 maxlen: 24
                          91.105.251.0/24 maxlen: 24
                          91.105.250.0/24 maxlen: 24
                          91.105.254.0/24 maxlen: 24
                          91.105.255.0/24 maxlen: 24
                          185.159.239.0/24 maxlen: 24
                          185.159.238.0/23 maxlen: 23
                          185.159.238.0/24 maxlen: 24
                          2a01:7bc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/af3-gkn5Q6q60Ygfylg2YTpqZ7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/af3-gkn5Q6q60Ygfylg2YTpqZ7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/af3-gkn5Q6q60Ygfylg2YTpqZ7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:2d:f7:9d:a6:3f:99:f9:6d:c8:07:b3:49:d8:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69fdfe8249f943aabad1881fca5836613a6a67bc
        Validity
            Not Before: Jan  2 00:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f38550b30081b81d78f2f1054df89f9be1f86a4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fa:6a:4f:18:86:77:55:92:83:db:a6:68:82:
                    14:65:0b:f4:18:91:38:7f:65:b4:44:3b:56:05:1e:
                    97:0a:a2:b6:dc:84:68:b9:2d:e1:21:4f:c8:cf:b2:
                    fe:c2:6a:1f:38:59:51:f1:4c:8e:9e:1c:df:be:1f:
                    a3:43:b7:c4:d3:db:de:2e:97:42:14:59:ea:a6:49:
                    90:2a:eb:58:e5:7d:b4:d8:71:b8:a6:0f:f8:47:3b:
                    34:fe:74:d0:b8:c4:9a:d8:f0:c6:7a:39:e0:2c:5f:
                    48:bb:fe:13:75:ce:07:d9:44:8c:a3:ac:77:2f:04:
                    ac:b7:87:08:46:98:c5:4c:03:72:d1:d7:6c:2f:2a:
                    ac:be:a4:0e:66:15:3c:53:0f:82:03:37:81:d9:f6:
                    d5:5a:3f:a4:ef:b7:55:38:2b:a6:e5:d9:d6:a0:22:
                    ff:19:a9:4f:5a:9a:38:30:37:c9:78:33:33:22:6e:
                    ad:5e:52:97:60:68:23:36:3f:dd:4d:8d:31:7a:3e:
                    1b:11:3e:59:30:52:87:2c:6b:43:64:7a:73:30:45:
                    dc:37:0a:b7:88:5b:46:25:eb:d1:57:88:06:c1:ea:
                    76:03:a1:ca:29:61:73:8a:06:ee:f9:7d:64:91:6a:
                    bc:e6:a6:a3:1f:4d:1e:71:fa:7f:fb:1f:1b:9c:2b:
                    3a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:85:50:B3:00:81:B8:1D:78:F2:F1:05:4D:F8:9F:9B:E1:F8:6A:4A
            X509v3 Authority Key Identifier:
                keyid:69:FD:FE:82:49:F9:43:AA:BA:D1:88:1F:CA:58:36:61:3A:6A:67:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/af3-gkn5Q6q60Ygfylg2YTpqZ7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/84VQswCBuB148vEFTfifm-H4ako.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/af3-gkn5Q6q60Ygfylg2YTpqZ7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.105.248.0/21
                  185.159.238.0/23
                IPv6:
                  2a01:7bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:cb:af:58:5f:5f:4f:12:e8:00:67:54:99:fc:ef:b5:d1:e4:
         9a:7d:6c:b1:88:b3:2b:4b:71:99:3f:1c:89:92:57:90:16:4c:
         b4:d2:c5:6c:64:40:e1:f5:59:66:28:da:68:e0:ea:c5:3e:5e:
         5b:16:f1:4e:2a:e1:c5:75:33:db:3f:9c:34:59:f1:fe:b5:14:
         d3:38:88:f9:38:d8:da:68:45:f0:9e:94:3e:4d:bf:eb:09:97:
         8a:b1:4d:65:75:cd:79:ae:80:c0:86:a1:70:aa:e3:cc:59:f4:
         09:4a:2c:33:11:9c:71:36:4c:98:4a:62:53:54:12:56:3d:cd:
         c5:f6:9a:a1:bd:2e:3f:bf:0f:2a:d6:cb:57:c9:fc:1e:53:b8:
         a0:25:6a:6f:ff:72:16:63:cc:10:c6:36:e6:d9:4c:fd:42:50:
         1b:08:fd:99:21:86:b4:69:3e:8c:c9:46:c6:1a:fd:39:c9:a6:
         f2:ba:4e:5b:3c:04:b7:77:32:04:c1:7c:08:d2:9b:0b:7d:aa:
         76:a8:65:7e:44:f0:7f:01:2f:61:7c:b0:b0:8d:8a:f3:ae:0e:
         40:22:df:3e:2f:26:06:dd:c6:41:a4:c4:58:e1:0e:6a:e7:c8:
         28:01:75:76:8b:bb:2a:ca:3b:97:bd:2d:26:67:a0:85:69:4a:
         9f:12:63:44
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHky33naY/mfltyAezSdh8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZmRmZTgyNDlmOTQzYWFiYWQxODgxZmNhNTgzNjYxM2E2
YTY3YmMwHhcNMjQwMTAyMDAyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzg1NTBiMzAwODFiODFkNzhmMmYxMDU0ZGY4OWY5YmUxZjg2YTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvpqTxiGd1WSg9umaIIUZQv0GJE4
f2W0RDtWBR6XCqK23IRouS3hIU/Iz7L+wmofOFlR8UyOnhzfvh+jQ7fE09veLpdC
FFnqpkmQKutY5X202HG4pg/4Rzs0/nTQuMSa2PDGejngLF9Iu/4Tdc4H2USMo6x3
LwSst4cIRpjFTANy0ddsLyqsvqQOZhU8Uw+CAzeB2fbVWj+k77dVOCum5dnWoCL/
GalPWpo4MDfJeDMzIm6tXlKXYGgjNj/dTY0xej4bET5ZMFKHLGtDZHpzMEXcNwq3
iFtGJevRV4gGwep2A6HKKWFzigbu+X1kkWq85qajH00ecfp/+x8bnCs6YQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPOFULMAgbgdePLxBU34n5vh+GpKMB8GA1UdIwQY
MBaAFGn9/oJJ+UOqutGIH8pYNmE6ame8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWYzLWdrbjVRNnE2MFlnZnlsZzJZVHBxWjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9jY2Y3NzctOTQ2NS00YTJlLTgxMTIt
NzFkOGI4ODUwODUzLzEvODRWUXN3Q0J1QjE0OHZFRlRmaWZtLUg0YWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9jY2Y3NzctOTQ2NS00YTJlLTgxMTItNzFkOGI4ODUwODUz
LzEvYWYzLWdrbjVRNnE2MFlnZnlsZzJZVHBxWjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDW2n4AwQB
uZ/uMA0EAgACMAcDBQAqAXvAMA0GCSqGSIb3DQEBCwUAA4IBAQANy69YX19PEugA
Z1SZ/O+10eSafWyxiLMrS3GZPxyJkleQFky00sVsZEDh9VlmKNpo4OrFPl5bFvFO
KuHFdTPbP5w0WfH+tRTTOIj5ONjaaEXwnpQ+Tb/rCZeKsU1ldc15roDAhqFwquPM
WfQJSiwzEZxxNkyYSmJTVBJWPc3F9pqhvS4/vw8q1stXyfweU7igJWpv/3IWY8wQ
xjbm2Uz9QlAbCP2ZIYa0aT6MyUbGGv05yabyuk5bPAS3dzIEwXwI0psLfap2qGV+
RPB/AS9hfLCwjYrzrg5AIt8+LyYG3cZBpMRY4Q5q58goAXV2i7sqyjuXvS0mZ6CF
aUqfEmNE
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:54:29 2024 by rpki-client on console-ams.rpki-client.org