Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/FOKFSOVl96Hdf_k_AulGj2_NWfM.roa
File:                     FOKFSOVl96Hdf_k_AulGj2_NWfM.roa (raw, json)
Hash identifier:          H12gfvqXJaO2k7tt9OGWz0KtgOga94RTpVLgBctRTZk=
Subject key identifier:   14:E2:85:48:E5:65:F7:A1:DD:7F:F9:3F:02:E9:46:8F:6F:CD:59:F3
Certificate issuer:       /CN=c9ed64c93ddfdf2f49b7ea1c23eaad0870249a33
Certificate serial:       01903A3FB3E1449CBF56E4ECA539086F2829
Authority key identifier: C9:ED:64:C9:3D:DF:DF:2F:49:B7:EA:1C:23:EA:AD:08:70:24:9A:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/FOKFSOVl96Hdf_k_AulGj2_NWfM.roa
Signing time:             Fri 21 Jun 2024 10:02:51 +0000
ROA not before:           Fri 21 Jun 2024 10:02:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29283
IP address blocks:        85.184.64.0/19 maxlen: 19
                          85.184.78.0/24 maxlen: 24
                          85.184.94.0/24 maxlen: 24
                          89.33.144.0/21 maxlen: 21
                          94.199.120.0/21 maxlen: 21
                          149.232.176.0/21 maxlen: 21
                          185.6.60.0/22 maxlen: 22
                          185.6.60.0/24 maxlen: 24
                          185.6.61.0/24 maxlen: 24
                          185.6.62.0/24 maxlen: 24
                          213.174.96.0/19 maxlen: 19
                          213.174.96.0/24 maxlen: 24
                          213.174.98.0/24 maxlen: 24
                          213.174.99.0/24 maxlen: 24
                          213.174.127.0/24 maxlen: 24
                          2a02:6c40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3a:3f:b3:e1:44:9c:bf:56:e4:ec:a5:39:08:6f:28:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9ed64c93ddfdf2f49b7ea1c23eaad0870249a33
        Validity
            Not Before: Jun 21 10:02:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14e28548e565f7a1dd7ff93f02e9468f6fcd59f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:20:65:07:9b:0b:cd:7b:59:08:02:67:bf:57:
                    b4:7e:9a:21:72:82:67:0f:b1:a5:fa:ec:29:b6:e1:
                    2f:8c:5e:37:d5:90:1a:21:be:7a:9b:cb:dc:17:59:
                    23:53:5a:f7:ce:da:72:05:f3:7a:4e:14:8e:6f:42:
                    34:02:46:5b:29:f0:84:86:83:70:b4:6c:41:ee:d3:
                    ae:93:11:e5:15:78:fb:f8:bb:91:af:0f:34:2f:d2:
                    68:4e:50:7c:50:98:4c:c6:7b:bd:3d:3c:46:c8:2d:
                    76:02:69:e8:8f:5e:f8:05:c6:ca:a5:55:fb:99:f4:
                    58:c6:dd:1f:f0:13:8f:93:ca:e3:a1:94:3f:98:5d:
                    89:46:04:9a:04:c5:80:8e:a4:b4:76:0d:93:e6:89:
                    58:45:74:25:51:94:b2:c7:9f:6b:c5:89:71:72:5e:
                    25:f7:cb:b4:a4:0c:b2:06:95:88:d6:1e:d3:d4:c7:
                    09:ad:84:ec:64:ac:91:62:78:59:74:ac:8a:b2:32:
                    d2:fe:3c:9e:bc:fa:5e:a1:cc:10:88:e2:a8:42:da:
                    0d:c0:e9:11:ef:0e:c1:61:82:9a:6b:43:53:ef:1a:
                    2a:74:92:b1:67:a3:6c:8c:a7:e0:75:6c:d2:64:08:
                    3e:6c:4c:eb:44:a1:3f:b8:8b:86:bc:90:38:19:9f:
                    52:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E2:85:48:E5:65:F7:A1:DD:7F:F9:3F:02:E9:46:8F:6F:CD:59:F3
            X509v3 Authority Key Identifier:
                keyid:C9:ED:64:C9:3D:DF:DF:2F:49:B7:EA:1C:23:EA:AD:08:70:24:9A:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/FOKFSOVl96Hdf_k_AulGj2_NWfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.184.64.0/19
                  89.33.144.0/21
                  94.199.120.0/21
                  149.232.176.0/21
                  185.6.60.0/22
                  213.174.96.0/19
                IPv6:
                  2a02:6c40::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:9f:d7:cd:b3:2c:4e:aa:02:73:33:c4:03:e4:11:fc:37:20:
         f1:1d:42:3c:b1:24:2c:1e:c5:d1:03:88:02:28:a4:52:06:2a:
         b3:6f:54:fb:ab:21:b9:b6:f6:dd:1e:ba:11:6e:d2:1b:1c:1d:
         47:35:3c:a1:69:eb:2c:b3:29:c8:20:a5:7e:cf:ad:9f:1d:cc:
         34:ee:99:cd:a0:71:c8:e7:ee:2c:a8:c6:4a:27:c8:93:95:a7:
         8e:b4:37:5f:3f:3f:65:40:62:6f:18:b0:dd:e4:7c:0a:b1:ed:
         1e:e1:de:89:51:7d:cc:e9:22:0e:16:cf:ac:73:01:7f:e4:54:
         7c:51:b7:3d:47:ac:a7:42:56:3e:09:e6:10:c1:9f:88:44:23:
         18:39:20:46:ca:84:92:6d:d8:9a:0d:24:6e:e9:48:08:19:a6:
         03:c6:f6:90:76:0c:40:a5:80:7e:cd:be:d8:bf:f8:61:33:52:
         69:b1:a1:ba:87:1b:11:8e:a2:40:6e:f7:a3:ee:cf:d2:2f:8a:
         eb:bc:6d:9d:cc:bb:d4:6d:a1:38:50:64:8c:78:7b:92:9d:5f:
         be:ff:b7:0f:a2:b7:31:99:27:20:81:1c:49:4e:b1:e2:c1:23:
         19:a7:53:cd:06:4a:be:e7:62:86:c3:b3:38:47:aa:fd:ba:2e:
         37:23:ea:08
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZA6P7PhRJy/VuTspTkIbygpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZWQ2NGM5M2RkZmRmMmY0OWI3ZWExYzIzZWFhZDA4NzAy
NDlhMzMwHhcNMjQwNjIxMTAwMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGUyODU0OGU1NjVmN2ExZGQ3ZmY5M2YwMmU5NDY4ZjZmY2Q1OWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriBlB5sLzXtZCAJnv1e0fpohcoJn
D7Gl+uwptuEvjF431ZAaIb56m8vcF1kjU1r3ztpyBfN6ThSOb0I0AkZbKfCEhoNw
tGxB7tOukxHlFXj7+LuRrw80L9JoTlB8UJhMxnu9PTxGyC12Amnoj174BcbKpVX7
mfRYxt0f8BOPk8rjoZQ/mF2JRgSaBMWAjqS0dg2T5olYRXQlUZSyx59rxYlxcl4l
98u0pAyyBpWI1h7T1McJrYTsZKyRYnhZdKyKsjLS/jyevPpeocwQiOKoQtoNwOkR
7w7BYYKaa0NT7xoqdJKxZ6NsjKfgdWzSZAg+bEzrRKE/uIuGvJA4GZ9SQwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFBTihUjlZfeh3X/5PwLpRo9vzVnzMB8GA1UdIwQY
MBaAFMntZMk9398vSbfqHCPqrQhwJJozMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWUxa3lUM2YzeTlKdC1vY0ktcXRDSEFrbWpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yYTJhYjItMzA5OC00YTBmLTgwOWMt
MzVlZDViNTNkYTA1LzEvRk9LRlNPVmw5NkhkZl9rX0F1bEdqMl9OV2ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yYTJhYjItMzA5OC00YTBmLTgwOWMtMzVlZDViNTNkYTA1
LzEveWUxa3lUM2YzeTlKdC1vY0ktcXRDSEFrbWpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFVbhAAwQD
WSGQAwQDXsd4AwQDleiwAwQCuQY8AwQF1a5gMA0EAgACMAcDBQAqAmxAMA0GCSqG
SIb3DQEBCwUAA4IBAQADn9fNsyxOqgJzM8QD5BH8NyDxHUI8sSQsHsXRA4gCKKRS
Biqzb1T7qyG5tvbdHroRbtIbHB1HNTyhaesssynIIKV+z62fHcw07pnNoHHI5+4s
qMZKJ8iTlaeOtDdfPz9lQGJvGLDd5HwKse0e4d6JUX3M6SIOFs+scwF/5FR8Ubc9
R6ynQlY+CeYQwZ+IRCMYOSBGyoSSbdiaDSRu6UgIGaYDxvaQdgxApYB+zb7Yv/hh
M1JpsaG6hxsRjqJAbvej7s/SL4rrvG2dzLvUbaE4UGSMeHuSnV++/7cPorcxmScg
gRxJTrHiwSMZp1PNBkq+52KGw7M4R6r9ui43I+oI
-----END CERTIFICATE-----
Generated at Fri Nov 22 23:42:40 2024 by rpki-client on console-fra.rpki-client.org