Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/OR-zFl2ZW9WrwEdypx5VnqmEjqU.roa
File:                     OR-zFl2ZW9WrwEdypx5VnqmEjqU.roa (raw, json)
Hash identifier:          eHD9aszImfpFEOong+YF7Sl+sNkhyUDTmdp70f2hXro=
Subject key identifier:   39:1F:B3:16:5D:99:5B:D5:AB:C0:47:72:A7:1E:55:9E:A9:84:8E:A5
Certificate issuer:       /CN=c1a190504b6d9ed9c18096840425b11d7b22dff4
Certificate serial:       018CC94ACCEAB479603082865A34BA2027BE
Authority key identifier: C1:A1:90:50:4B:6D:9E:D9:C1:80:96:84:04:25:B1:1D:7B:22:DF:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/waGQUEttntnBgJaEBCWxHXsi3_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/OR-zFl2ZW9WrwEdypx5VnqmEjqU.roa
Signing time:             Tue 02 Jan 2024 08:29:31 +0000
ROA not before:           Tue 02 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42707
IP address blocks:        84.39.204.0/22 maxlen: 23
                          77.75.48.0/22 maxlen: 23
                          185.245.88.0/22 maxlen: 23
                          91.189.224.0/21 maxlen: 22
                          193.33.134.0/23 maxlen: 24
                          185.252.124.0/22 maxlen: 23
                          185.254.48.0/22 maxlen: 23
                          91.195.64.0/22 maxlen: 23
                          185.148.28.0/22 maxlen: 23
                          185.250.136.0/22 maxlen: 23
                          193.36.164.0/22 maxlen: 23
                          185.247.44.0/22 maxlen: 23
                          185.247.48.0/22 maxlen: 23
                          185.248.228.0/22 maxlen: 23
                          5.45.32.0/22 maxlen: 23
                          5.206.208.0/20 maxlen: 21
                          185.233.212.0/22 maxlen: 23
                          185.236.4.0/22 maxlen: 23
                          185.229.80.0/22 maxlen: 23
                          185.231.24.0/21 maxlen: 22
                          185.231.24.0/22 maxlen: 23
                          185.231.28.0/22 maxlen: 23
                          83.143.76.0/22 maxlen: 24
                          109.207.72.0/22 maxlen: 23
                          5.57.248.0/21 maxlen: 22
                          195.42.224.0/22 maxlen: 23
                          195.42.228.0/23 maxlen: 24
                          194.49.88.0/22 maxlen: 23
                          2a00:5140::/32 maxlen: 32
                          2a00:5141::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/waGQUEttntnBgJaEBCWxHXsi3_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/waGQUEttntnBgJaEBCWxHXsi3_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/waGQUEttntnBgJaEBCWxHXsi3_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:cc:ea:b4:79:60:30:82:86:5a:34:ba:20:27:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1a190504b6d9ed9c18096840425b11d7b22dff4
        Validity
            Not Before: Jan  2 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391fb3165d995bd5abc04772a71e559ea9848ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e3:e7:af:e1:9d:ed:ee:8d:a5:d5:d9:67:63:
                    12:9c:3f:1e:31:6a:fa:6b:a8:07:9b:c2:0c:bc:9e:
                    ac:de:91:41:47:7c:17:4b:64:71:20:60:8f:eb:ec:
                    96:42:5c:eb:b7:4f:bf:71:62:90:60:46:74:82:f8:
                    8c:68:3d:ad:c8:e3:14:c9:d8:13:a6:bc:ae:2a:4b:
                    00:55:aa:cc:64:32:12:d2:d7:6b:64:c8:46:c0:fc:
                    9d:58:89:e0:5d:b3:3e:46:3f:27:a4:f7:fb:9c:40:
                    db:c8:43:e1:8a:79:77:67:fa:4e:b4:cc:e4:8e:fc:
                    e9:d7:b2:55:85:a1:04:21:9c:97:2a:f2:e6:3c:32:
                    98:77:dc:8c:fa:16:3d:9f:b6:52:4e:68:b3:61:97:
                    ce:aa:91:12:66:c6:f3:0c:3a:c3:d1:fa:f4:04:08:
                    15:1d:3f:20:6d:b7:75:0d:5a:cf:ec:cf:8b:51:b7:
                    af:f3:7c:3b:49:98:3e:c7:34:0f:2c:c0:bc:c9:6e:
                    da:b1:72:0d:89:c7:0a:22:64:57:e5:94:56:0b:4e:
                    26:10:4f:8b:ff:ba:87:f5:ab:d3:45:03:0e:15:2a:
                    eb:c4:b8:a5:1e:ec:1e:88:9e:af:cf:74:6f:1e:85:
                    50:db:ac:f9:4b:ad:ff:45:dc:e2:41:14:f3:62:77:
                    22:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1F:B3:16:5D:99:5B:D5:AB:C0:47:72:A7:1E:55:9E:A9:84:8E:A5
            X509v3 Authority Key Identifier:
                keyid:C1:A1:90:50:4B:6D:9E:D9:C1:80:96:84:04:25:B1:1D:7B:22:DF:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/waGQUEttntnBgJaEBCWxHXsi3_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/OR-zFl2ZW9WrwEdypx5VnqmEjqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/387f21-101b-487e-8a0f-0b838a599662/1/waGQUEttntnBgJaEBCWxHXsi3_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.32.0/22
                  5.57.248.0/21
                  5.206.208.0/20
                  77.75.48.0/22
                  83.143.76.0/22
                  84.39.204.0/22
                  91.189.224.0/21
                  91.195.64.0/22
                  109.207.72.0/22
                  185.148.28.0/22
                  185.229.80.0/22
                  185.231.24.0/21
                  185.233.212.0/22
                  185.236.4.0/22
                  185.245.88.0/22
                  185.247.44.0-185.247.51.255
                  185.248.228.0/22
                  185.250.136.0/22
                  185.252.124.0/22
                  185.254.48.0/22
                  193.33.134.0/23
                  193.36.164.0/22
                  194.49.88.0/22
                  195.42.224.0-195.42.229.255
                IPv6:
                  2a00:5140::/31

    Signature Algorithm: sha256WithRSAEncryption
         44:5d:a0:cc:f5:cd:92:75:74:92:9f:26:ee:1f:27:9d:bf:c8:
         b5:85:f7:2d:bf:28:40:cc:99:08:02:2b:0d:ae:b1:7c:e9:82:
         bb:b6:27:56:33:32:01:d0:71:6e:ae:df:0a:65:c2:13:53:23:
         ec:93:1e:42:d2:7e:7c:ac:b8:cf:48:25:b4:b0:3b:7d:07:5a:
         2a:9c:e4:d7:c6:bc:69:fd:95:71:54:a5:95:dd:7e:ed:4d:f7:
         a6:26:83:36:03:37:34:80:2d:c7:63:8b:c4:40:a9:10:07:39:
         6e:f8:f6:4f:fa:64:23:95:5d:9a:2b:bc:48:80:a7:de:87:84:
         84:98:0f:97:92:dc:80:e1:c7:07:83:7f:93:2c:07:2a:23:29:
         78:fb:96:31:1d:bd:9f:39:68:1d:fc:83:b5:61:25:3d:ec:55:
         91:b1:cf:07:95:93:a1:97:82:c0:2b:e6:e1:2a:c9:ac:0f:76:
         31:d4:e8:d5:4a:c0:10:65:ae:31:2a:74:ff:31:f6:d4:83:ac:
         5b:f8:fb:79:ad:e6:34:ff:e8:fa:3f:c4:6f:74:3d:64:c6:6a:
         a6:6c:25:7b:e5:8d:f1:c5:8a:2b:3e:d2:e7:ea:a7:af:20:37:
         4c:3a:54:e8:43:76:78:fb:19:11:f0:12:5d:cf:9a:8f:a8:0a:
         aa:1d:04:9c
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgISAYzJSszqtHlgMIKGWjS6ICe+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYTE5MDUwNGI2ZDllZDljMTgwOTY4NDA0MjViMTFkN2Iy
MmRmZjQwHhcNMjQwMTAyMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFmYjMxNjVkOTk1YmQ1YWJjMDQ3NzJhNzFlNTU5ZWE5ODQ4ZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuPnr+Gd7e6NpdXZZ2MSnD8eMWr6
a6gHm8IMvJ6s3pFBR3wXS2RxIGCP6+yWQlzrt0+/cWKQYEZ0gviMaD2tyOMUydgT
pryuKksAVarMZDIS0tdrZMhGwPydWIngXbM+Rj8npPf7nEDbyEPhinl3Z/pOtMzk
jvzp17JVhaEEIZyXKvLmPDKYd9yM+hY9n7ZSTmizYZfOqpESZsbzDDrD0fr0BAgV
HT8gbbd1DVrP7M+LUbev83w7SZg+xzQPLMC8yW7asXINiccKImRX5ZRWC04mEE+L
/7qH9avTRQMOFSrrxLilHuweiJ6vz3RvHoVQ26z5S63/RdziQRTzYnci9QIDAQAB
o4ICtzCCArMwHQYDVR0OBBYEFDkfsxZdmVvVq8BHcqceVZ6phI6lMB8GA1UdIwQY
MBaAFMGhkFBLbZ7ZwYCWhAQlsR17It/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2FHUVVFdHRudG5CZ0phRUJDV3hIWHNpM19RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8zODdmMjEtMTAxYi00ODdlLThhMGYt
MGI4MzhhNTk5NjYyLzEvT1ItekZsMlpXOVdyd0VkeXB4NVZucW1FanFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8zODdmMjEtMTAxYi00ODdlLThhMGYtMGI4MzhhNTk5NjYy
LzEvd2FHUVVFdHRudG5CZ0phRUJDV3hIWHNpM19RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHMBggrBgEFBQcBBwEB/wSBvDCBuTCBpwQCAAEwgaADBAIF
LSADBAMFOfgDBAQFztADBAJNSzADBAJTj0wDBAJUJ8wDBANbveADBAJbw0ADBAJt
z0gDBAK5lBwDBAK55VADBAO55xgDBAK56dQDBAK57AQDBAK59VgwDAMEArn3LAME
Arn3MAMEArn45AMEArn6iAMEArn8fAMEArn+MAMEAcEhhgMEAsEkpAMEAsIxWDAM
AwQFwyrgAwQBwyrkMA0EAgACMAcDBQEqAFFAMA0GCSqGSIb3DQEBCwUAA4IBAQBE
XaDM9c2SdXSSnybuHyedv8i1hfctvyhAzJkIAisNrrF86YK7tidWMzIB0HFurt8K
ZcITUyPskx5C0n58rLjPSCW0sDt9B1oqnOTXxrxp/ZVxVKWV3X7tTfemJoM2Azc0
gC3HY4vEQKkQBzlu+PZP+mQjlV2aK7xIgKfeh4SEmA+XktyA4ccHg3+TLAcqIyl4
+5YxHb2fOWgd/IO1YSU97FWRsc8HlZOhl4LAK+bhKsmsD3Yx1OjVSsAQZa4xKnT/
MfbUg6xb+Pt5reY0/+j6P8RvdD1kxmqmbCV75Y3xxYorPtLn6qevIDdMOlToQ3Z4
+xkR8BJdz5qPqAqqHQSc
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:01:13 2024 by rpki-client on console-fra.rpki-client.org