Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/agFnj8f_4aSpjF2C3Td2xjLK2XQ.roa
File:                     agFnj8f_4aSpjF2C3Td2xjLK2XQ.roa (raw, json)
Hash identifier:          r/uRUyNJo8SdRFNM9FWYXLy+6Vfv/OloOJJDndHj/8k=
Subject key identifier:   6A:01:67:8F:C7:FF:E1:A4:A9:8C:5D:82:DD:37:76:C6:32:CA:D9:74
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       018F766E8710D95EF301E7B79A0F39E6C505
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/agFnj8f_4aSpjF2C3Td2xjLK2XQ.roa
Signing time:             Tue 14 May 2024 09:28:25 +0000
ROA not before:           Tue 14 May 2024 09:28:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5430
IP address blocks:        62.104.0.0/16 maxlen: 16
                          62.104.10.0/23 maxlen: 23
                          62.104.12.0/22 maxlen: 22
                          62.104.16.0/24 maxlen: 24
                          62.104.17.0/24 maxlen: 24
                          62.104.18.0/24 maxlen: 24
                          62.104.20.0/23 maxlen: 24
                          62.104.45.0/24 maxlen: 24
                          62.104.46.0/23 maxlen: 23
                          62.104.48.0/23 maxlen: 23
                          62.104.50.0/24 maxlen: 24
                          62.104.56.0/24 maxlen: 24
                          62.104.66.0/23 maxlen: 23
                          62.104.95.0/24 maxlen: 24
                          62.104.96.0/21 maxlen: 22
                          62.104.104.0/22 maxlen: 22
                          62.104.164.0/22 maxlen: 22
                          62.104.164.0/24 maxlen: 24
                          62.104.168.0/22 maxlen: 22
                          62.104.172.0/23 maxlen: 23
                          62.104.174.0/24 maxlen: 24
                          62.104.175.0/24 maxlen: 24
                          62.104.176.0/22 maxlen: 22
                          89.48.0.0/13 maxlen: 24
                          89.49.126.0/24 maxlen: 24
                          89.49.127.0/24 maxlen: 24
                          194.97.0.0/18 maxlen: 18
                          194.97.46.0/23 maxlen: 24
                          194.97.58.0/24 maxlen: 24
                          194.97.96.0/19 maxlen: 19
                          194.97.96.0/24 maxlen: 24
                          194.97.102.0/24 maxlen: 24
                          194.97.118.0/24 maxlen: 24
                          194.97.119.0/24 maxlen: 24
                          194.97.120.0/23 maxlen: 23
                          194.97.122.0/24 maxlen: 24
                          194.97.160.0/19 maxlen: 19
                          194.97.164.0/22 maxlen: 22
                          195.4.0.0/17 maxlen: 17
                          195.4.6.0/24 maxlen: 24
                          195.4.12.0/23 maxlen: 23
                          195.4.16.0/22 maxlen: 22
                          195.4.16.0/24 maxlen: 24
                          195.4.27.0/24 maxlen: 24
                          195.4.70.0/24 maxlen: 24
                          195.4.71.0/24 maxlen: 24
                          195.4.104.0/22 maxlen: 22
                          195.4.176.0/21 maxlen: 21
                          195.4.216.0/21 maxlen: 21
                          195.4.224.0/19 maxlen: 19
                          2001:748::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:6e:87:10:d9:5e:f3:01:e7:b7:9a:0f:39:e6:c5:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: May 14 09:28:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a01678fc7ffe1a4a98c5d82dd3776c632cad974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:33:11:74:af:2a:5f:2e:be:88:2b:08:ad:0b:
                    b5:91:76:a7:77:8a:f8:73:e6:cb:c4:ba:00:d7:f9:
                    06:35:bc:b3:8d:0d:cb:bd:bc:94:6d:67:5c:e6:bc:
                    bf:d6:21:95:d7:65:9e:aa:74:50:6b:57:86:10:98:
                    e9:b7:41:ae:d2:b5:1c:a8:82:29:14:58:ae:3c:08:
                    54:35:78:32:80:cd:43:e9:2a:92:d6:8e:a8:7d:67:
                    0d:bb:60:64:1e:a9:65:23:2c:64:fa:07:30:67:e9:
                    eb:f2:3a:96:be:71:12:eb:77:a2:d9:48:b1:3c:b6:
                    47:46:0d:3d:12:20:ca:c4:a8:e8:00:73:60:51:70:
                    54:52:36:4f:de:eb:e3:c1:d2:62:df:5c:c0:51:39:
                    30:4c:8f:dc:7f:86:eb:4b:ef:74:a7:c3:ca:64:d8:
                    74:fc:f3:38:1d:3d:52:00:0c:43:01:2e:c5:fb:44:
                    be:4b:61:c8:d2:6c:19:e2:1d:5a:2f:bf:09:f8:15:
                    6d:a1:29:c5:3b:84:6e:d4:71:da:2a:94:c5:fd:26:
                    25:b9:4f:72:d3:6f:e2:75:93:bc:76:3d:8a:74:14:
                    16:14:d5:1f:29:bd:d1:7d:67:a8:e7:3f:e0:95:de:
                    82:d2:d0:c0:34:80:7d:10:68:57:85:9d:47:2e:00:
                    96:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:01:67:8F:C7:FF:E1:A4:A9:8C:5D:82:DD:37:76:C6:32:CA:D9:74
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/agFnj8f_4aSpjF2C3Td2xjLK2XQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.104.0.0/16
                  89.48.0.0/13
                  194.97.0.0/18
                  194.97.96.0/19
                  194.97.160.0/19
                  195.4.0.0/17
                  195.4.176.0/21
                  195.4.216.0-195.4.255.255
                IPv6:
                  2001:748::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:56:11:6d:d3:21:7b:07:25:a6:c1:cc:a4:82:c2:d9:83:e9:
         9b:79:7d:3d:19:24:39:86:c1:83:26:da:a0:a8:1c:5d:d6:f7:
         56:2b:69:66:89:a0:3b:21:f3:8e:10:f2:70:5f:c4:49:e4:49:
         e1:c6:1c:38:fc:ba:e2:ee:85:1b:42:51:a4:30:a0:86:6b:45:
         bf:f6:30:b8:e1:ec:94:b7:09:7f:d2:2f:14:8f:eb:10:12:11:
         f2:2d:2c:1b:78:47:39:4e:52:71:40:d8:ef:b0:4c:26:75:cd:
         8e:0b:c6:31:94:f2:7f:a6:b5:c3:64:80:81:d0:80:7d:76:04:
         ec:f3:d9:0a:42:13:a4:58:8b:d3:eb:3f:c5:ec:0c:c5:36:70:
         44:79:5b:55:d8:4d:17:b4:85:be:22:62:42:b5:39:03:19:0d:
         74:a6:cb:53:f3:af:00:85:b4:a1:dd:37:ae:ad:24:82:c6:2c:
         95:50:38:4a:84:ba:4b:00:cd:10:bf:33:43:f0:eb:1b:64:4c:
         3d:54:59:f6:ea:61:7c:12:f4:06:84:41:f9:ac:ea:e4:69:41:
         ad:1a:0d:55:5a:4c:ca:22:f8:8f:bf:fd:13:57:b7:a5:2e:24:
         85:6b:85:84:ff:8c:ba:83:78:28:e0:45:a6:49:0e:78:85:2b:
         2c:34:87:2e
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY92bocQ2V7zAee3mg855sUFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjQwNTE0MDkyODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTAxNjc4ZmM3ZmZlMWE0YTk4YzVkODJkZDM3NzZjNjMyY2FkOTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzMRdK8qXy6+iCsIrQu1kXand4r4
c+bLxLoA1/kGNbyzjQ3LvbyUbWdc5ry/1iGV12WeqnRQa1eGEJjpt0Gu0rUcqIIp
FFiuPAhUNXgygM1D6SqS1o6ofWcNu2BkHqllIyxk+gcwZ+nr8jqWvnES63ei2Uix
PLZHRg09EiDKxKjoAHNgUXBUUjZP3uvjwdJi31zAUTkwTI/cf4brS+90p8PKZNh0
/PM4HT1SAAxDAS7F+0S+S2HI0mwZ4h1aL78J+BVtoSnFO4Ru1HHaKpTF/SYluU9y
02/idZO8dj2KdBQWFNUfKb3RfWeo5z/gld6C0tDANIB9EGhXhZ1HLgCWTQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGoBZ4/H/+GkqYxdgt03dsYyytl0MB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvYWdGbmo4Zl80YVNwakYyQzNUZDJ4akxLMlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA7BAIAATA1AwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYAMEBcJhoAMEB8MEAAMEA8MEsDALAwQDwwTYAwMAwwQwDQQC
AAIwBwMFACABB0gwDQYJKoZIhvcNAQELBQADggEBADZWEW3TIXsHJabBzKSCwtmD
6Zt5fT0ZJDmGwYMm2qCoHF3W91YraWaJoDsh844Q8nBfxEnkSeHGHDj8uuLuhRtC
UaQwoIZrRb/2MLjh7JS3CX/SLxSP6xASEfItLBt4RzlOUnFA2O+wTCZ1zY4LxjGU
8n+mtcNkgIHQgH12BOzz2QpCE6RYi9PrP8XsDMU2cER5W1XYTRe0hb4iYkK1OQMZ
DXSmy1PzrwCFtKHdN66tJILGLJVQOEqEuksAzRC/M0Pw6xtkTD1UWfbqYXwS9AaE
Qfms6uRpQa0aDVVaTMoi+I+//RNXt6UuJIVrhYT/jLqDeCjgRaZJDniFKyw0hy4=
-----END CERTIFICATE-----
Generated at Sat Jun 15 23:02:09 2024 by rpki-client on console-fra.rpki-client.org