Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/3ZjJxqFabRtI8BHbfk1_XIydiBk.roa
File:                     3ZjJxqFabRtI8BHbfk1_XIydiBk.roa (raw, json)
Hash identifier:          87qJQyryIutCUCxBbYu3HurUn8vSZfKxgKpGadiE7hk=
Subject key identifier:   DD:98:C9:C6:A1:5A:6D:1B:48:F0:11:DB:7E:4D:7F:5C:8C:9D:88:19
Certificate issuer:       /CN=bfd070b0c9add92972fefc566c112d93717c4d6c
Certificate serial:       01904F2FD9C04A86639ADD9DDC210E533019
Authority key identifier: BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/3ZjJxqFabRtI8BHbfk1_XIydiBk.roa
Signing time:             Tue 25 Jun 2024 11:37:34 +0000
ROA not before:           Tue 25 Jun 2024 11:37:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49586
IP address blocks:        137.221.24.0/21 maxlen: 21
                          137.221.25.64/27 maxlen: 27
                          185.7.132.0/22 maxlen: 22
                          188.95.240.0/21 maxlen: 21
                          188.95.240.64/26 maxlen: 26
                          188.95.240.208/29 maxlen: 29
                          188.95.240.216/29 maxlen: 29
                          188.95.240.248/29 maxlen: 29
                          188.95.242.16/30 maxlen: 31
                          188.95.242.254/31 maxlen: 31
                          2a00:10b0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:2f:d9:c0:4a:86:63:9a:dd:9d:dc:21:0e:53:30:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd070b0c9add92972fefc566c112d93717c4d6c
        Validity
            Not Before: Jun 25 11:37:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd98c9c6a15a6d1b48f011db7e4d7f5c8c9d8819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:30:3c:94:9a:cf:06:04:a1:a6:f3:fa:42:55:
                    70:2f:17:56:5f:7f:90:82:ed:5b:f8:9d:11:0f:c8:
                    a2:6e:42:67:43:db:e9:0f:c3:40:a7:1f:75:e0:29:
                    6b:98:5e:51:08:cf:86:95:5b:b4:6f:d1:85:9b:7b:
                    a0:19:bc:67:e9:d4:e5:b3:0b:b8:2a:e3:0f:42:14:
                    59:b0:3f:6d:e0:08:11:86:65:7b:7d:47:07:d3:78:
                    a2:23:8d:d9:52:5f:e8:bf:c9:59:b6:68:5e:0e:85:
                    85:78:7a:a0:6c:0d:b3:21:8e:aa:dd:5c:10:52:d1:
                    34:04:cc:0a:22:db:15:33:3c:3b:ea:76:66:e9:8f:
                    ea:a3:11:ce:ee:f2:cf:db:90:6a:71:fb:e0:2d:46:
                    22:47:4d:90:f4:8c:ce:c5:cf:4c:7a:70:36:fd:12:
                    45:27:a3:b8:f8:37:0a:40:93:56:c6:a4:f1:36:fa:
                    fc:1d:1b:05:ae:bf:88:5c:8b:94:81:cb:e5:6e:58:
                    86:ab:54:ef:4d:cf:cf:cb:2b:b2:f8:2f:4f:4a:30:
                    22:7f:fa:51:6c:87:4c:46:ae:49:88:34:09:14:02:
                    41:74:43:3a:09:14:7a:30:0e:35:52:c5:8d:6d:c8:
                    e8:ee:c8:f4:28:c3:dc:c0:c6:e6:f9:d2:7c:f4:c2:
                    0a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:98:C9:C6:A1:5A:6D:1B:48:F0:11:DB:7E:4D:7F:5C:8C:9D:88:19
            X509v3 Authority Key Identifier:
                keyid:BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/3ZjJxqFabRtI8BHbfk1_XIydiBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.221.24.0/21
                  185.7.132.0/22
                  188.95.240.0/21
                IPv6:
                  2a00:10b0::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:f5:d3:5b:bf:3f:e7:cb:58:6a:c9:56:46:d7:2f:84:13:b8:
         13:08:09:88:96:df:fb:82:48:f7:9f:a8:70:68:7f:f7:e9:81:
         94:c3:6e:d9:e1:7a:fd:48:b3:ec:7b:ef:e3:27:5a:55:56:b1:
         a9:e5:59:1a:ac:b6:a3:2b:b6:9d:f7:32:56:4d:b9:5f:61:2f:
         5b:9f:2b:83:d4:66:f9:af:35:53:f0:2e:9b:51:02:3c:bf:82:
         3b:39:25:62:08:4c:e6:fb:67:5d:17:f6:2d:43:6c:de:fc:cf:
         61:29:ba:f8:fa:f2:9c:2b:5a:de:5a:46:21:96:9d:17:33:9b:
         52:62:fa:86:df:b2:58:7b:46:a9:eb:f4:4b:e3:17:3d:e0:0c:
         74:e9:85:5e:6a:a3:85:4a:7f:36:e8:b2:7a:5e:dd:3b:a9:89:
         33:38:a2:bb:3a:fa:c1:09:a6:ee:29:ff:83:3a:2c:1e:8b:ca:
         04:75:0c:24:81:a1:29:fb:ba:da:b6:46:d0:c8:08:32:15:6c:
         60:67:5e:fa:5d:8d:14:e9:9f:62:c1:b2:0a:65:0c:c3:3f:a5:
         40:ff:f1:c6:96:e7:e9:1d:a4:6d:1a:df:f1:d1:77:4b:24:97:
         c3:ba:6a:bc:c0:89:d5:e3:75:92:ea:4c:77:25:3e:fe:cb:0e:
         eb:08:ea:52
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZBPL9nASoZjmt2d3CEOUzAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDA3MGIwYzlhZGQ5Mjk3MmZlZmM1NjZjMTEyZDkzNzE3
YzRkNmMwHhcNMjQwNjI1MTEzNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDk4YzljNmExNWE2ZDFiNDhmMDExZGI3ZTRkN2Y1YzhjOWQ4ODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDA8lJrPBgShpvP6QlVwLxdWX3+Q
gu1b+J0RD8iibkJnQ9vpD8NApx914ClrmF5RCM+GlVu0b9GFm3ugGbxn6dTlswu4
KuMPQhRZsD9t4AgRhmV7fUcH03iiI43ZUl/ov8lZtmheDoWFeHqgbA2zIY6q3VwQ
UtE0BMwKItsVMzw76nZm6Y/qoxHO7vLP25BqcfvgLUYiR02Q9IzOxc9MenA2/RJF
J6O4+DcKQJNWxqTxNvr8HRsFrr+IXIuUgcvlbliGq1TvTc/Pyyuy+C9PSjAif/pR
bIdMRq5JiDQJFAJBdEM6CRR6MA41UsWNbcjo7sj0KMPcwMbm+dJ89MIKNQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFN2YycahWm0bSPAR235Nf1yMnYgZMB8GA1UdIwQY
MBaAFL/QcLDJrdkpcv78VmwRLZNxfE1sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYt
NTNjY2E4MWU5MjI0LzEvM1pqSnhxRmFiUnRJOEJIYmZrMV9YSXlkaUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYtNTNjY2E4MWU5MjI0
LzEvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDid0YAwQC
uQeEAwQDvF/wMA0EAgACMAcDBQMqABCwMA0GCSqGSIb3DQEBCwUAA4IBAQCD9dNb
vz/ny1hqyVZG1y+EE7gTCAmIlt/7gkj3n6hwaH/36YGUw27Z4Xr9SLPse+/jJ1pV
VrGp5VkarLajK7ad9zJWTblfYS9bnyuD1Gb5rzVT8C6bUQI8v4I7OSViCEzm+2dd
F/YtQ2ze/M9hKbr4+vKcK1reWkYhlp0XM5tSYvqG37JYe0ap6/RL4xc94Ax06YVe
aqOFSn826LJ6Xt07qYkzOKK7OvrBCabuKf+DOiwei8oEdQwkgaEp+7ratkbQyAgy
FWxgZ176XY0U6Z9iwbIKZQzDP6VA//HGlufpHaRtGt/x0XdLJJfDumq8wInV43WS
6kx3JT7+yw7rCOpS
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:17:21 2024 by rpki-client on console-fra.rpki-client.org