Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/PcGLs3JjQXcPIqca8zGIH88fQDI.roa
File:                     PcGLs3JjQXcPIqca8zGIH88fQDI.roa (raw, json)
Hash identifier:          gLvTJBh3+A+8uhqLs4LLIcyUn56bQ5mD3VGXGE8JtVE=
Subject key identifier:   3D:C1:8B:B3:72:63:41:77:0F:22:A7:1A:F3:31:88:1F:CF:1F:40:32
Certificate issuer:       /CN=bfd070b0c9add92972fefc566c112d93717c4d6c
Certificate serial:       018CC4936F63D389B8EAF981DAA40C9C8097
Authority key identifier: BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/PcGLs3JjQXcPIqca8zGIH88fQDI.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49586
IP address blocks:        188.95.242.254/31 maxlen: 31
                          185.7.132.0/22 maxlen: 22
                          188.95.240.0/21 maxlen: 21
                          188.95.240.64/26 maxlen: 26
                          137.221.24.0/21 maxlen: 21
                          137.221.25.64/27 maxlen: 27
                          188.95.240.216/29 maxlen: 29
                          188.95.240.208/29 maxlen: 29
                          188.95.240.248/29 maxlen: 29
                          2a00:10b0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6f:63:d3:89:b8:ea:f9:81:da:a4:0c:9c:80:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd070b0c9add92972fefc566c112d93717c4d6c
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dc18bb3726341770f22a71af331881fcf1f4032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b4:90:5b:d9:33:1f:b4:52:65:10:64:75:cd:
                    9b:9f:c4:c2:b5:bc:85:9a:84:64:b6:a9:78:46:93:
                    24:e8:e3:67:f1:6a:df:dc:ed:b6:ea:03:89:ae:37:
                    4a:87:8b:4a:17:8d:2d:6e:65:8e:de:de:a2:1f:36:
                    57:de:1c:8a:e4:4f:2e:cf:8f:bf:f2:91:c0:11:35:
                    4c:fb:eb:ca:ea:a0:43:fe:39:b3:8c:d8:4d:3a:40:
                    13:53:4e:3c:c5:92:a7:5b:b2:6c:ee:54:4a:40:12:
                    28:9c:60:39:1e:e7:df:51:01:50:05:e6:0e:db:cd:
                    2e:93:98:a8:e7:fd:c5:2a:d7:db:b7:6b:d4:01:1c:
                    cf:42:0a:c6:f7:49:9a:7d:4c:02:2d:c0:d0:be:a7:
                    e5:04:c8:cc:61:b3:7e:8d:fc:6c:12:d9:3f:37:51:
                    af:fa:b5:4d:51:82:65:7d:4b:04:cb:44:18:c1:e1:
                    01:d4:c6:4f:f3:31:85:d0:9f:05:a9:8a:80:cb:af:
                    f6:bb:08:d7:7a:82:b3:13:29:23:8c:b3:4b:3f:71:
                    e4:2e:dc:53:ce:e1:6d:6f:b8:d0:46:b1:11:46:7b:
                    0f:aa:89:84:f1:af:df:cf:1f:e6:77:fa:49:94:fc:
                    47:08:57:7a:f8:4e:9a:f3:f8:7b:5e:94:aa:26:03:
                    41:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C1:8B:B3:72:63:41:77:0F:22:A7:1A:F3:31:88:1F:CF:1F:40:32
            X509v3 Authority Key Identifier:
                keyid:BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/PcGLs3JjQXcPIqca8zGIH88fQDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.221.24.0/21
                  185.7.132.0/22
                  188.95.240.0/21
                IPv6:
                  2a00:10b0::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:1a:dc:4e:b7:d7:a2:45:ab:15:a6:b7:0a:73:10:01:57:d1:
         3b:b4:04:e3:70:a1:4c:f6:02:18:e3:9f:df:44:3c:5a:2f:ab:
         d2:c8:f0:b3:86:3a:45:99:84:bd:74:b6:7a:c2:7a:c7:37:a0:
         f8:fb:0a:0e:8a:99:b4:27:b8:91:e8:a1:4f:d2:38:59:fe:91:
         03:a8:fa:16:e5:58:9e:99:cc:1b:72:4f:15:55:0e:a6:ef:fc:
         1e:14:ed:64:9c:1e:49:6f:00:cf:72:e7:a9:94:21:5c:d2:2a:
         3e:24:52:7e:7e:ac:6a:bc:75:49:fc:61:5f:57:10:95:76:5b:
         2e:85:fb:ab:0f:74:db:26:cd:46:af:d8:60:ef:58:8e:88:df:
         44:d8:2b:82:39:d1:51:57:d5:d4:2d:71:1d:a1:db:4a:d5:c8:
         f3:b4:c2:ba:38:d6:d1:a3:17:1b:b1:40:8a:27:24:de:66:25:
         85:b7:4f:63:3e:c8:5d:14:ec:d5:4a:e8:8e:16:7e:b2:e9:2d:
         0c:75:49:fd:c9:ab:5c:85:b5:4b:d3:3b:23:72:66:74:0f:df:
         f1:a5:19:2e:61:ec:7e:16:b9:74:ea:ae:51:43:98:62:23:60:
         b9:f9:3c:8f:b0:f1:61:4d:ab:09:50:dd:06:54:30:eb:3d:8e:
         7e:db:71:32
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzEk29j04m46vmB2qQMnICXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDA3MGIwYzlhZGQ5Mjk3MmZlZmM1NjZjMTEyZDkzNzE3
YzRkNmMwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGMxOGJiMzcyNjM0MTc3MGYyMmE3MWFmMzMxODgxZmNmMWY0MDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLSQW9kzH7RSZRBkdc2bn8TCtbyF
moRktql4RpMk6ONn8Wrf3O226gOJrjdKh4tKF40tbmWO3t6iHzZX3hyK5E8uz4+/
8pHAETVM++vK6qBD/jmzjNhNOkATU048xZKnW7Js7lRKQBIonGA5HuffUQFQBeYO
280uk5io5/3FKtfbt2vUARzPQgrG90mafUwCLcDQvqflBMjMYbN+jfxsEtk/N1Gv
+rVNUYJlfUsEy0QYweEB1MZP8zGF0J8FqYqAy6/2uwjXeoKzEykjjLNLP3HkLtxT
zuFtb7jQRrERRnsPqomE8a/fzx/md/pJlPxHCFd6+E6a8/h7XpSqJgNB7wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFD3Bi7NyY0F3DyKnGvMxiB/PH0AyMB8GA1UdIwQY
MBaAFL/QcLDJrdkpcv78VmwRLZNxfE1sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYt
NTNjY2E4MWU5MjI0LzEvUGNHTHMzSmpRWGNQSXFjYTh6R0lIODhmUURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYtNTNjY2E4MWU5MjI0
LzEvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDid0YAwQC
uQeEAwQDvF/wMA0EAgACMAcDBQMqABCwMA0GCSqGSIb3DQEBCwUAA4IBAQBQGtxO
t9eiRasVprcKcxABV9E7tATjcKFM9gIY45/fRDxaL6vSyPCzhjpFmYS9dLZ6wnrH
N6D4+woOipm0J7iR6KFP0jhZ/pEDqPoW5Viemcwbck8VVQ6m7/weFO1knB5JbwDP
cueplCFc0io+JFJ+fqxqvHVJ/GFfVxCVdlsuhfurD3TbJs1Gr9hg71iOiN9E2CuC
OdFRV9XULXEdodtK1cjztMK6ONbRoxcbsUCKJyTeZiWFt09jPshdFOzVSuiOFn6y
6S0MdUn9yatchbVL0zsjcmZ0D9/xpRkuYex+Frl06q5RQ5hiI2C5+TyPsPFhTasJ
UN0GVDDrPY5+23Ey
-----END CERTIFICATE-----
Generated at Mon Jun 17 02:54:09 2024 by rpki-client on console-ams.rpki-client.org