Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/zB8vLgonXw95iTubUaenQT57vEQ.roa
File:                     zB8vLgonXw95iTubUaenQT57vEQ.roa (raw, json)
Hash identifier:          6BoMbGr4x1XE+8eQVgNL0m+orvTIxzF8h4oCjHG3qY4=
Subject key identifier:   CC:1F:2F:2E:0A:27:5F:0F:79:89:3B:9B:51:A7:A7:41:3E:7B:BC:44
Certificate issuer:       /CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Certificate serial:       018D83A50D578B16F2110789CD2CC837959E
Authority key identifier: 7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/zB8vLgonXw95iTubUaenQT57vEQ.roa
Signing time:             Wed 07 Feb 2024 12:57:28 +0000
ROA not before:           Wed 07 Feb 2024 12:57:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        31.185.24.0/21 maxlen: 21
                          37.191.128.0/17 maxlen: 17
                          62.63.0.0/18 maxlen: 18
                          62.101.192.0/18 maxlen: 18
                          64.28.0.0/19 maxlen: 19
                          77.40.128.0/17 maxlen: 17
                          77.88.64.0/18 maxlen: 18
                          77.234.48.0/21 maxlen: 21
                          78.24.144.0/21 maxlen: 21
                          79.135.0.0/19 maxlen: 19
                          80.64.192.0/20 maxlen: 20
                          80.241.80.0/20 maxlen: 20
                          81.0.128.0/18 maxlen: 18
                          81.175.0.0/20 maxlen: 20
                          81.175.20.0/22 maxlen: 22
                          81.175.24.0/21 maxlen: 21
                          81.175.32.0/19 maxlen: 19
                          81.191.0.0/16 maxlen: 16
                          82.196.192.0/19 maxlen: 19
                          84.20.96.0/19 maxlen: 19
                          85.112.128.0/19 maxlen: 19
                          85.196.64.0/18 maxlen: 18
                          85.221.0.0/17 maxlen: 17
                          85.252.0.0/16 maxlen: 16
                          86.62.128.0/18 maxlen: 18
                          87.118.0.0/18 maxlen: 18
                          88.84.160.0/19 maxlen: 19
                          89.191.0.0/19 maxlen: 19
                          91.135.32.0/20 maxlen: 20
                          91.202.80.0/22 maxlen: 22
                          109.199.192.0/19 maxlen: 19
                          178.74.0.0/18 maxlen: 18
                          185.8.16.0/22 maxlen: 22
                          185.35.80.0/22 maxlen: 22
                          185.67.116.0/22 maxlen: 22
                          185.129.156.0/22 maxlen: 22
                          193.69.0.0/16 maxlen: 16
                          193.71.0.0/16 maxlen: 16
                          193.75.0.0/17 maxlen: 17
                          193.90.0.0/16 maxlen: 16
                          193.91.128.0/17 maxlen: 17
                          194.19.0.0/17 maxlen: 17
                          194.29.200.0/22 maxlen: 22
                          194.54.96.0/19 maxlen: 19
                          195.0.128.0/17 maxlen: 17
                          195.1.0.0/16 maxlen: 16
                          195.18.128.0/17 maxlen: 17
                          195.139.0.0/16 maxlen: 16
                          195.159.0.0/16 maxlen: 16
                          195.204.0.0/16 maxlen: 16
                          212.62.224.0/19 maxlen: 19
                          212.71.64.0/19 maxlen: 19
                          213.52.0.0/17 maxlen: 17
                          213.151.128.0/19 maxlen: 19
                          213.158.224.0/19 maxlen: 19
                          213.160.224.0/20 maxlen: 20
                          213.160.240.0/21 maxlen: 21
                          213.172.192.0/19 maxlen: 19
                          213.239.64.0/18 maxlen: 18
                          217.8.128.0/19 maxlen: 19
                          217.14.0.0/20 maxlen: 20
                          217.77.32.0/20 maxlen: 20
                          217.118.32.0/19 maxlen: 19
                          217.144.224.0/19 maxlen: 19
                          2001:840::/29 maxlen: 29
                          2001:8c0::/29 maxlen: 29
                          2001:4dd8::/29 maxlen: 29
                          2a00:c440::/29 maxlen: 29
                          2a01:520::/29 maxlen: 29
                          2a02:270::/29 maxlen: 29
                          2a03:c000::/29 maxlen: 29
                          2a04:6340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:83:a5:0d:57:8b:16:f2:11:07:89:cd:2c:c8:37:95:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
        Validity
            Not Before: Feb  7 12:57:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc1f2f2e0a275f0f79893b9b51a7a7413e7bbc44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:21:1e:2b:9f:5b:13:0e:16:25:a6:6e:e9:16:
                    28:b4:65:f8:d2:ec:32:25:23:17:cd:f2:9d:a9:77:
                    de:5d:be:f9:cf:bd:ae:fe:34:86:5c:38:f4:b5:d2:
                    8a:5a:29:bd:44:ec:38:bd:a9:4e:d4:29:a3:dc:c8:
                    f6:ad:be:c2:26:b5:ea:2d:3f:9f:05:39:74:2b:ce:
                    b9:05:9a:c0:3d:54:8e:1e:99:ed:b6:62:c9:ab:3d:
                    b5:b4:23:33:d8:dc:62:22:1a:29:0f:59:ce:f4:8a:
                    b4:b4:f4:52:0b:49:cf:d6:5f:1a:7d:2c:3a:b6:4b:
                    9f:e2:bf:24:65:c6:6f:24:80:b5:66:c2:0f:42:29:
                    4b:ff:aa:65:0a:72:4c:2c:0b:ae:07:c9:80:87:a3:
                    96:ba:d8:78:18:5b:6b:44:eb:9e:6e:72:35:62:6b:
                    d1:2b:14:4d:85:e0:19:30:8f:74:04:45:f2:fd:52:
                    cf:d2:83:a4:bf:13:b7:5b:79:dc:9a:48:87:fb:d4:
                    49:7d:1f:87:6c:a4:c8:26:ac:ae:cc:27:71:40:5d:
                    53:85:41:d2:bb:06:23:bc:0a:94:c8:a9:10:d1:e6:
                    28:76:55:af:e7:53:e6:b4:17:0a:54:1c:4a:4d:42:
                    b6:60:dc:4a:18:e6:35:77:79:50:5d:54:a7:85:f0:
                    b8:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:1F:2F:2E:0A:27:5F:0F:79:89:3B:9B:51:A7:A7:41:3E:7B:BC:44
            X509v3 Authority Key Identifier:
                keyid:7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/zB8vLgonXw95iTubUaenQT57vEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.24.0/21
                  37.191.128.0/17
                  62.63.0.0/18
                  62.101.192.0/18
                  64.28.0.0/19
                  77.40.128.0/17
                  77.88.64.0/18
                  77.234.48.0/21
                  78.24.144.0/21
                  79.135.0.0/19
                  80.64.192.0/20
                  80.241.80.0/20
                  81.0.128.0/18
                  81.175.0.0/20
                  81.175.20.0-81.175.63.255
                  81.191.0.0/16
                  82.196.192.0/19
                  84.20.96.0/19
                  85.112.128.0/19
                  85.196.64.0/18
                  85.221.0.0/17
                  85.252.0.0/16
                  86.62.128.0/18
                  87.118.0.0/18
                  88.84.160.0/19
                  89.191.0.0/19
                  91.135.32.0/20
                  91.202.80.0/22
                  109.199.192.0/19
                  178.74.0.0/18
                  185.8.16.0/22
                  185.35.80.0/22
                  185.67.116.0/22
                  185.129.156.0/22
                  193.69.0.0/16
                  193.71.0.0/16
                  193.75.0.0/17
                  193.90.0.0/16
                  193.91.128.0/17
                  194.19.0.0/17
                  194.29.200.0/22
                  194.54.96.0/19
                  195.0.128.0-195.1.255.255
                  195.18.128.0/17
                  195.139.0.0/16
                  195.159.0.0/16
                  195.204.0.0/16
                  212.62.224.0/19
                  212.71.64.0/19
                  213.52.0.0/17
                  213.151.128.0/19
                  213.158.224.0/19
                  213.160.224.0-213.160.247.255
                  213.172.192.0/19
                  213.239.64.0/18
                  217.8.128.0/19
                  217.14.0.0/20
                  217.77.32.0/20
                  217.118.32.0/19
                  217.144.224.0/19
                IPv6:
                  2001:840::/29
                  2001:8c0::/29
                  2001:4dd8::/29
                  2a00:c440::/29
                  2a01:520::/29
                  2a02:270::/29
                  2a03:c000::/29
                  2a04:6340::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:4f:9e:f4:a3:ac:3e:e1:9a:c0:3c:5c:de:72:67:81:02:41:
         52:02:d1:f5:16:6e:c9:29:75:40:97:69:e6:94:d2:a5:7d:cb:
         aa:91:c9:51:f5:72:70:d5:2c:fd:0c:ae:db:b6:4f:bb:2a:94:
         91:c1:d0:29:3b:94:e7:f1:05:28:f6:d2:c9:4e:ac:6f:d8:d9:
         42:b9:d0:9c:0b:9d:3f:e1:8e:50:e8:6a:df:d5:77:8d:27:40:
         56:05:9c:00:e1:fe:7a:47:8e:b9:8a:b8:83:45:d4:ef:89:84:
         0c:70:51:a6:70:fd:59:7c:b5:55:3a:51:63:48:26:56:01:56:
         de:1e:0d:60:f4:9d:20:7b:ee:88:75:43:7f:40:63:72:bb:35:
         70:fc:83:81:f2:42:6b:1f:de:df:e1:d6:6b:9b:84:8c:7d:5b:
         03:55:ba:ed:bb:a2:03:c4:2c:70:6a:61:7c:e3:7d:80:8a:27:
         d1:89:8c:6b:9c:22:0f:66:59:0f:e2:e1:df:02:92:34:d3:f9:
         4b:3a:13:03:84:60:5f:a7:8e:72:da:51:ad:6b:08:15:aa:f5:
         e7:57:98:79:3f:23:83:5f:5d:f1:e2:dd:50:7a:9c:2b:05:1a:
         2f:37:a3:88:18:16:bb:23:01:37:de:4d:64:a1:e8:b6:7f:1e:
         8c:53:7e:13
-----BEGIN CERTIFICATE-----
MIIGuDCCBaCgAwIBAgISAY2DpQ1XixbyEQeJzSzIN5WeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzRhY2VkY2I4NmNkZGZlZDdmNmRlOGNhZGZjYTAwNDY5
YmJjOGUwHhcNMjQwMjA3MTI1NzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzFmMmYyZTBhMjc1ZjBmNzk4OTNiOWI1MWE3YTc0MTNlN2JiYzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryEeK59bEw4WJaZu6RYotGX40uwy
JSMXzfKdqXfeXb75z72u/jSGXDj0tdKKWim9ROw4valO1Cmj3Mj2rb7CJrXqLT+f
BTl0K865BZrAPVSOHpnttmLJqz21tCMz2NxiIhopD1nO9Iq0tPRSC0nP1l8afSw6
tkuf4r8kZcZvJIC1ZsIPQilL/6plCnJMLAuuB8mAh6OWuth4GFtrROuebnI1YmvR
KxRNheAZMI90BEXy/VLP0oOkvxO3W3ncmkiH+9RJfR+HbKTIJqyuzCdxQF1ThUHS
uwYjvAqUyKkQ0eYodlWv51PmtBcKVBxKTUK2YNxKGOY1d3lQXVSnhfC4bwIDAQAB
o4IDxDCCA8AwHQYDVR0OBBYEFMwfLy4KJ18PeYk7m1Gnp0E+e7xEMB8GA1UdIwQY
MBaAFH3ErO3Lhs3f7X9t6MrfygBGm7yOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1Nzkt
Mzk0ODAyODVhOTQ4LzEvekI4dkxnb25Ydzk1aVR1YlVhZW5RVDU3dkVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1NzktMzk0ODAyODVhOTQ4
LzEvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB2AYIKwYBBQUHAQcBAf8EggHHMIIBwzCCAX8EAgABMIIB
dwMEAx+5GAMEByW/gAMEBj4/AAMEBj5lwAMEBUAcAAMEB00ogAMEBk1YQAMEA03q
MAMEA04YkAMEBU+HAAMEBFBAwAMEBFDxUAMEBlEAgAMEBFGvADAMAwQCUa8UAwQG
Ua8AAwMAUb8DBAVSxMADBAVUFGADBAVVcIADBAZVxEADBAdV3QADAwBV/AMEBlY+
gAMEBld2AAMEBVhUoAMEBVm/AAMEBFuHIAMEAlvKUAMEBW3HwAMEBrJKAAMEArkI
EAMEArkjUAMEArlDdAMEArmBnAMDAMFFAwMAwUcDBAfBSwADAwDBWgMEB8FbgAME
B8ITAAMEAsIdyAMEBcI2YDALAwQHwwCAAwMBwwADBAfDEoADAwDDiwMDAMOfAwMA
w8wDBAXUPuADBAXUR0ADBAfVNAADBAXVl4ADBAXVnuAwDAMEBdWg4AMEA9Wg8AME
BdWswAMEBtXvQAMEBdkIgAMEBNkOAAMEBNlNIAMEBdl2IAMEBdmQ4DA+BAIAAjA4
AwUDIAEIQAMFAyABCMADBQMgAU3YAwUDKgDEQAMFAyoBBSADBQMqAgJwAwUDKgPA
AAMFAyoEY0AwDQYJKoZIhvcNAQELBQADggEBAGpPnvSjrD7hmsA8XN5yZ4ECQVIC
0fUWbskpdUCXaeaU0qV9y6qRyVH1cnDVLP0Mrtu2T7sqlJHB0Ck7lOfxBSj20slO
rG/Y2UK50JwLnT/hjlDoat/Vd40nQFYFnADh/npHjrmKuINF1O+JhAxwUaZw/Vl8
tVU6UWNIJlYBVt4eDWD0nSB77oh1Q39AY3K7NXD8g4HyQmsf3t/h1mubhIx9WwNV
uu27ogPELHBqYXzjfYCKJ9GJjGucIg9mWQ/i4d8CkjTT+Us6EwOEYF+njnLaUa1r
CBWq9edXmHk/I4NfXfHi3VB6nCsFGi83o4gYFrsjATfeTWSh6LZ/HoxTfhM=
-----END CERTIFICATE-----
Generated at Sat Jun 15 13:25:47 2024 by rpki-client on console-fra.rpki-client.org