Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/b8aT72-JmVc3UwkkZ31v9uRj86A.roa
File:                     b8aT72-JmVc3UwkkZ31v9uRj86A.roa (raw, json)
Hash identifier:          nQ6gNE6Hebe0phI15kRRZLZWndwJmRhU9YjljhqeqQU=
Subject key identifier:   6F:C6:93:EF:6F:89:99:57:37:53:09:24:67:7D:6F:F6:E4:63:F3:A0
Certificate issuer:       /CN=540b63d19d86ea345c9b5f169300c3a29d4c31c4
Certificate serial:       018CC5DC11101856A6BCF8E9D665B719AC71
Authority key identifier: 54:0B:63:D1:9D:86:EA:34:5C:9B:5F:16:93:00:C3:A2:9D:4C:31:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VAtj0Z2G6jRcm18WkwDDop1MMcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/b8aT72-JmVc3UwkkZ31v9uRj86A.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8680
IP address blocks:        185.48.78.0/24 maxlen: 24
                          185.48.76.0/22 maxlen: 24
                          37.18.136.0/21 maxlen: 24
                          37.18.136.0/23 maxlen: 23
                          37.18.138.0/23 maxlen: 23
                          37.18.138.0/24 maxlen: 24
                          37.18.140.0/23 maxlen: 23
                          46.31.202.0/23 maxlen: 23
                          46.31.204.0/23 maxlen: 23
                          46.31.206.0/24 maxlen: 24
                          46.31.200.0/21 maxlen: 24
                          46.31.207.0/24 maxlen: 24
                          2a04:b240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/VAtj0Z2G6jRcm18WkwDDop1MMcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/VAtj0Z2G6jRcm18WkwDDop1MMcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VAtj0Z2G6jRcm18WkwDDop1MMcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:11:10:18:56:a6:bc:f8:e9:d6:65:b7:19:ac:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=540b63d19d86ea345c9b5f169300c3a29d4c31c4
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fc693ef6f89995737530924677d6ff6e463f3a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:81:9d:9e:cb:48:4e:0c:b0:7e:ff:38:03:02:
                    19:79:72:73:37:d6:fa:d6:a3:9e:b0:81:fc:ef:ee:
                    0e:d0:ea:3c:47:87:34:19:57:36:c1:c2:20:9b:e1:
                    cb:eb:2b:a5:b2:99:92:09:97:ff:1c:9e:2f:d8:57:
                    1d:f4:87:58:b1:45:64:7a:50:08:bb:14:7f:f9:22:
                    74:95:7f:85:27:8e:ad:68:cd:a9:f3:c0:94:df:3d:
                    b0:a4:23:12:29:fc:b9:2e:27:b4:70:6b:ef:59:76:
                    6a:ab:88:f9:d3:c9:b3:8d:d9:0f:aa:0c:e4:04:ca:
                    2f:d9:b9:ac:55:6f:6f:5a:b8:f2:4d:20:3d:5c:94:
                    1b:c5:f6:c5:c6:a7:de:f3:64:c9:f7:97:90:7a:f5:
                    15:29:8f:22:79:72:c8:32:7f:09:bb:6e:46:31:a2:
                    7a:d7:5a:94:c9:71:3d:e6:d3:cd:b0:5b:45:03:bd:
                    af:b7:a6:ca:2a:ce:11:ee:70:4e:2d:a6:3e:eb:61:
                    08:d2:ae:4f:ca:43:b0:19:0f:b9:2f:ae:06:c3:38:
                    78:20:4e:0f:bb:18:73:1e:95:ae:d6:bb:e3:bb:2e:
                    34:94:26:31:94:19:1d:3c:ee:6d:22:d0:e0:c9:1a:
                    b0:56:80:e6:54:a7:86:df:e5:ea:6b:58:e5:04:b0:
                    bc:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C6:93:EF:6F:89:99:57:37:53:09:24:67:7D:6F:F6:E4:63:F3:A0
            X509v3 Authority Key Identifier:
                keyid:54:0B:63:D1:9D:86:EA:34:5C:9B:5F:16:93:00:C3:A2:9D:4C:31:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VAtj0Z2G6jRcm18WkwDDop1MMcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/b8aT72-JmVc3UwkkZ31v9uRj86A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/VAtj0Z2G6jRcm18WkwDDop1MMcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.136.0/21
                  46.31.200.0/21
                  185.48.76.0/22
                IPv6:
                  2a04:b240::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:30:a3:b2:79:85:6a:69:9e:7e:b2:ea:f6:43:b2:85:0d:37:
         1c:64:62:7c:15:09:6f:b5:eb:b5:a0:e4:06:0d:38:33:2c:d6:
         aa:e7:f1:e1:d3:c5:57:64:58:a0:c1:a8:81:a8:36:e1:b8:c9:
         d7:93:8c:42:28:33:b3:b5:74:b6:1f:ae:87:88:38:6c:4a:73:
         51:a0:79:71:36:a8:74:ba:80:97:6a:b4:7a:a3:e1:41:c6:c6:
         fb:55:3d:d6:61:f3:c5:52:fc:58:71:fb:99:6f:90:0b:21:d9:
         17:9c:d7:3d:8c:11:ec:29:bc:91:85:04:44:52:cb:a3:2f:36:
         a0:83:24:44:72:44:2b:de:c2:81:50:da:65:f1:60:0d:ef:f7:
         20:96:b4:5c:aa:f3:3a:29:d0:de:34:ed:e0:0a:d7:cc:9a:76:
         31:b6:70:f0:ea:fd:a9:32:16:2d:f4:d1:eb:f4:92:c6:0c:de:
         b3:3f:2c:2d:58:78:d6:23:1c:5c:4f:2a:b5:b3:5e:18:7e:29:
         de:ed:37:b9:a1:3d:f1:d5:fe:ed:11:02:5d:61:ca:0b:4a:42:
         5e:fc:4c:fe:9c:6a:90:68:78:78:f7:c3:99:65:90:c5:83:eb:
         2e:a5:5d:44:82:cf:e1:00:be:1c:7a:3f:d9:a0:dd:a9:93:65:
         9a:0a:06:fd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzF3BEQGFamvPjp1mW3GaxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MGI2M2QxOWQ4NmVhMzQ1YzliNWYxNjkzMDBjM2EyOWQ0
YzMxYzQwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmM2OTNlZjZmODk5OTU3Mzc1MzA5MjQ2NzdkNmZmNmU0NjNmM2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4GdnstITgywfv84AwIZeXJzN9b6
1qOesIH87+4O0Oo8R4c0GVc2wcIgm+HL6yulspmSCZf/HJ4v2Fcd9IdYsUVkelAI
uxR/+SJ0lX+FJ46taM2p88CU3z2wpCMSKfy5Lie0cGvvWXZqq4j508mzjdkPqgzk
BMov2bmsVW9vWrjyTSA9XJQbxfbFxqfe82TJ95eQevUVKY8ieXLIMn8Ju25GMaJ6
11qUyXE95tPNsFtFA72vt6bKKs4R7nBOLaY+62EI0q5PykOwGQ+5L64Gwzh4IE4P
uxhzHpWu1rvjuy40lCYxlBkdPO5tItDgyRqwVoDmVKeG3+Xqa1jlBLC8VQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFG/Gk+9viZlXN1MJJGd9b/bkY/OgMB8GA1UdIwQY
MBaAFFQLY9Gdhuo0XJtfFpMAw6KdTDHEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkF0ajBaMkc2alJjbTE4V2t3RERvcDFNTWNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9kOTg0NzItZjBiNy00ZGYzLTkyNWIt
MDAwNGIyNzQ2MzBiLzEvYjhhVDcyLUptVmMzVXdra1ozMXY5dVJqODZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9kOTg0NzItZjBiNy00ZGYzLTkyNWItMDAwNGIyNzQ2MzBi
LzEvVkF0ajBaMkc2alJjbTE4V2t3RERvcDFNTWNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJRKIAwQD
Lh/IAwQCuTBMMA0EAgACMAcDBQMqBLJAMA0GCSqGSIb3DQEBCwUAA4IBAQBLMKOy
eYVqaZ5+sur2Q7KFDTccZGJ8FQlvteu1oOQGDTgzLNaq5/Hh08VXZFigwaiBqDbh
uMnXk4xCKDOztXS2H66HiDhsSnNRoHlxNqh0uoCXarR6o+FBxsb7VT3WYfPFUvxY
cfuZb5ALIdkXnNc9jBHsKbyRhQREUsujLzaggyREckQr3sKBUNpl8WAN7/cglrRc
qvM6KdDeNO3gCtfMmnYxtnDw6v2pMhYt9NHr9JLGDN6zPywtWHjWIxxcTyq1s14Y
fine7Te5oT3x1f7tEQJdYcoLSkJe/Ez+nGqQaHh498OZZZDFg+supV1Egs/hAL4c
ej/ZoN2pk2WaCgb9
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:17:02 2024 by rpki-client on console-fra.rpki-client.org