Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/02u4PN8vTV2Ha0mP9vjfkcZUX00.roa
File:                     02u4PN8vTV2Ha0mP9vjfkcZUX00.roa (raw, json)
Hash identifier:          PUjoWymbVBiy90QHISqzivHb8J8X7UyTKc8QpGLCNGk=
Subject key identifier:   D3:6B:B8:3C:DF:2F:4D:5D:87:6B:49:8F:F6:F8:DF:91:C6:54:5F:4D
Certificate issuer:       /CN=f08fba5263519b7c3a2155c69878217776defba0
Certificate serial:       018CC500482485096DEAB939A3AC6C843B15
Authority key identifier: F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/02u4PN8vTV2Ha0mP9vjfkcZUX00.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48847
IP address blocks:        185.12.223.0/24 maxlen: 24
                          185.12.222.0/24 maxlen: 24
                          185.12.221.0/24 maxlen: 24
                          185.12.220.0/22 maxlen: 22
                          185.12.221.152/29 maxlen: 29
                          109.233.21.92/30 maxlen: 30
                          109.233.17.0/24 maxlen: 24
                          109.233.16.0/24 maxlen: 24
                          109.233.16.0/21 maxlen: 21
                          109.233.20.0/24 maxlen: 24
                          109.233.19.128/25 maxlen: 25
                          109.233.19.0/24 maxlen: 24
                          109.233.18.0/24 maxlen: 24
                          109.233.23.0/24 maxlen: 24
                          109.233.22.0/24 maxlen: 24
                          109.233.21.0/24 maxlen: 24
                          109.233.23.0/30 maxlen: 30
                          109.233.19.128/30 maxlen: 30
                          109.233.23.152/29 maxlen: 29
                          109.233.20.196/30 maxlen: 30
                          109.233.21.100/30 maxlen: 30
                          2a03:6900::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:48:24:85:09:6d:ea:b9:39:a3:ac:6c:84:3b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f08fba5263519b7c3a2155c69878217776defba0
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d36bb83cdf2f4d5d876b498ff6f8df91c6545f4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:83:29:90:70:8e:d4:40:fa:b0:ad:b9:b5:ca:
                    ca:42:41:a1:a2:c8:47:83:01:1b:ac:6d:fb:e0:02:
                    d8:04:e3:6b:4f:52:33:4c:9d:0b:8d:09:e7:ef:f6:
                    fa:4d:d6:64:94:26:91:dc:e9:bf:81:4c:d7:db:09:
                    0f:c9:f3:cf:18:e0:29:6f:d9:83:fc:48:03:75:b8:
                    35:73:65:c8:24:f5:9c:9f:5d:99:21:13:f5:e7:5b:
                    1b:b2:6f:95:ff:d3:a3:04:9a:7f:f2:87:01:ba:a3:
                    23:ad:0f:b9:b9:52:b7:9e:be:c3:24:2e:9c:34:46:
                    48:6a:0c:d5:82:dc:60:5e:8e:23:d2:38:4f:e9:6d:
                    d3:27:e2:55:ca:7b:57:19:2d:83:c2:3b:60:d6:73:
                    23:2b:9f:18:b8:22:e5:06:92:c1:d3:1e:00:f5:3c:
                    60:b6:1f:a9:9c:c2:aa:e2:f0:1f:20:7b:93:04:6e:
                    4c:5c:a8:38:45:86:ec:cc:a8:9f:87:59:8f:bb:4d:
                    36:4e:87:84:33:a8:61:bb:3f:ad:55:7d:3c:87:cf:
                    b0:64:9c:45:1d:a9:fc:3a:b9:b8:b2:5e:c5:fb:b0:
                    e7:88:8a:2a:96:d1:fc:b4:c5:60:1b:a4:37:35:93:
                    ad:e4:99:8c:d8:99:21:af:e0:d1:54:f5:a2:dd:eb:
                    9a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:6B:B8:3C:DF:2F:4D:5D:87:6B:49:8F:F6:F8:DF:91:C6:54:5F:4D
            X509v3 Authority Key Identifier:
                keyid:F0:8F:BA:52:63:51:9B:7C:3A:21:55:C6:98:78:21:77:76:DE:FB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8I-6UmNRm3w6IVXGmHghd3be-6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/02u4PN8vTV2Ha0mP9vjfkcZUX00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1bb1a2-6763-4b24-ad88-06413ceefce0/1/8I-6UmNRm3w6IVXGmHghd3be-6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.16.0/21
                  185.12.220.0/22
                IPv6:
                  2a03:6900::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:01:8e:fa:22:8d:ce:4a:0c:e5:65:88:1f:9a:88:b6:51:4e:
         bd:0e:13:68:c6:95:c6:c1:5e:6c:0c:38:91:c2:5b:8a:b2:1e:
         73:19:91:a5:1d:f3:85:91:28:e2:e3:ad:0b:8d:53:0f:a6:ab:
         64:0f:5d:67:65:af:10:4a:7a:3a:08:7d:36:27:3e:20:15:6d:
         08:61:fd:f0:41:67:ca:8a:5f:06:95:c1:b2:c7:9c:02:33:67:
         60:bf:5c:37:31:8e:f1:fc:23:72:a6:87:cc:9a:92:a7:15:dc:
         bf:f4:02:2d:d9:31:46:56:6b:9b:9d:c9:9b:f6:11:30:bb:87:
         a0:07:b7:fe:85:72:54:48:ab:d5:15:21:cf:c1:09:06:ba:3c:
         71:f4:33:c5:6d:cd:55:c3:91:cc:ad:88:ac:97:01:1a:3a:a1:
         1a:e3:33:f5:09:1f:6f:26:15:4b:82:d3:7c:93:1d:b3:36:bd:
         6e:a0:d0:ea:33:1d:61:c3:66:a1:47:bd:5e:4e:36:29:57:54:
         62:06:1f:5b:d2:16:eb:39:1b:13:b5:9a:ff:2a:14:ad:37:9a:
         59:59:b4:16:cf:c6:80:52:e5:a6:47:58:b3:3a:3c:5d:5d:71:
         5a:c3:b6:8a:2d:20:b9:3e:8c:cd:d6:3b:a1:a2:3d:ed:0d:e2:
         60:06:4b:34
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAEgkhQlt6rk5o6xshDsVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwOGZiYTUyNjM1MTliN2MzYTIxNTVjNjk4NzgyMTc3NzZk
ZWZiYTAwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzZiYjgzY2RmMmY0ZDVkODc2YjQ5OGZmNmY4ZGY5MWM2NTQ1ZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIMpkHCO1ED6sK25tcrKQkGhoshH
gwEbrG374ALYBONrT1IzTJ0LjQnn7/b6TdZklCaR3Om/gUzX2wkPyfPPGOApb9mD
/EgDdbg1c2XIJPWcn12ZIRP151sbsm+V/9OjBJp/8ocBuqMjrQ+5uVK3nr7DJC6c
NEZIagzVgtxgXo4j0jhP6W3TJ+JVyntXGS2Dwjtg1nMjK58YuCLlBpLB0x4A9Txg
th+pnMKq4vAfIHuTBG5MXKg4RYbszKifh1mPu002ToeEM6hhuz+tVX08h8+wZJxF
Han8Orm4sl7F+7DniIoqltH8tMVgG6Q3NZOt5JmM2Jkhr+DRVPWi3eua5wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNNruDzfL01dh2tJj/b435HGVF9NMB8GA1UdIwQY
MBaAFPCPulJjUZt8OiFVxph4IXd23vugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgt
MDY0MTNjZWVmY2UwLzEvMDJ1NFBOOHZUVjJIYTBtUDl2amZrY1pVWDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xYmIxYTItNjc2My00YjI0LWFkODgtMDY0MTNjZWVmY2Uw
LzEvOEktNlVtTlJtM3c2SVZYR21IZ2hkM2JlLTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbekQAwQC
uQzcMA0EAgACMAcDBQAqA2kAMA0GCSqGSIb3DQEBCwUAA4IBAQAiAY76Io3OSgzl
ZYgfmoi2UU69DhNoxpXGwV5sDDiRwluKsh5zGZGlHfOFkSji460LjVMPpqtkD11n
Za8QSno6CH02Jz4gFW0IYf3wQWfKil8GlcGyx5wCM2dgv1w3MY7x/CNypofMmpKn
Fdy/9AIt2TFGVmubncmb9hEwu4egB7f+hXJUSKvVFSHPwQkGujxx9DPFbc1Vw5HM
rYislwEaOqEa4zP1CR9vJhVLgtN8kx2zNr1uoNDqMx1hw2ahR71eTjYpV1RiBh9b
0hbrORsTtZr/KhStN5pZWbQWz8aAUuWmR1izOjxdXXFaw7aKLSC5PozN1juhoj3t
DeJgBks0
-----END CERTIFICATE-----
Generated at Sat Nov 23 14:55:05 2024 by rpki-client on console-ams.rpki-client.org