Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/kinZNaw5TfeDCJOlRl8hPqbpnyY.roa
File:                     kinZNaw5TfeDCJOlRl8hPqbpnyY.roa (raw, json)
Hash identifier:          VTN+ILF9dzwvGDzgdTEAKeN/gwpJIZajtmFL7VAbcWc=
Subject key identifier:   92:29:D9:35:AC:39:4D:F7:83:08:93:A5:46:5F:21:3E:A6:E9:9F:26
Certificate issuer:       /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial:       018CC7273CDD528B80588A582D53D4BDE9A9
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/kinZNaw5TfeDCJOlRl8hPqbpnyY.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34219
IP address blocks:        178.255.16.0/22 maxlen: 22
                          178.255.22.0/24 maxlen: 24
                          178.255.20.0/23 maxlen: 23
                          159.253.112.0/22 maxlen: 22
                          159.253.118.0/24 maxlen: 24
                          159.253.116.0/23 maxlen: 23
                          159.253.119.0/24 maxlen: 24
                          93.94.4.0/23 maxlen: 23
                          185.2.56.0/22 maxlen: 22
                          2a03:1e00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 15:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3c:dd:52:8b:80:58:8a:58:2d:53:d4:bd:e9:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9229d935ac394df7830893a5465f213ea6e99f26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0a:4c:73:74:32:9d:f0:48:ab:18:9b:68:bc:
                    ea:7b:de:26:92:e5:c1:25:cf:40:33:b9:4e:4f:f3:
                    dd:64:76:1a:b0:55:4c:a2:66:d8:f4:89:dd:f9:17:
                    be:88:74:d6:e7:2e:80:b8:e7:74:ae:e2:b8:ec:be:
                    29:85:1c:fc:c7:0d:a6:73:04:9c:18:c5:49:41:f7:
                    bd:74:82:ab:20:37:fb:3a:7c:78:d5:f7:b6:35:c6:
                    f7:27:e0:6c:8f:f4:9c:a1:af:ed:b9:83:97:c9:d0:
                    7c:94:69:3b:68:93:e8:09:c4:02:18:65:14:2a:74:
                    ff:d1:5b:3c:97:a4:1e:ac:d4:7b:6d:8e:5f:80:a8:
                    4e:05:61:f2:cf:cb:fb:02:78:4f:93:b7:52:93:ab:
                    0f:be:7b:ad:5b:63:21:57:e7:df:d6:fe:68:30:35:
                    b0:96:ed:61:fe:1b:99:e5:02:f5:f8:cd:34:2a:63:
                    ad:90:71:76:19:d9:63:0e:5f:7a:62:c9:29:0c:92:
                    f4:9b:2d:fb:c7:ab:94:3c:df:0d:f8:2f:79:0b:41:
                    5b:e5:34:34:54:d6:3a:e2:1d:8f:b9:b4:81:21:b7:
                    ee:d8:7f:e7:4e:cb:e4:f6:f6:b1:22:7c:13:90:c9:
                    25:37:a4:ac:6e:c5:45:1d:f9:cc:0b:de:c6:89:f6:
                    0b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:29:D9:35:AC:39:4D:F7:83:08:93:A5:46:5F:21:3E:A6:E9:9F:26
            X509v3 Authority Key Identifier:
                keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/kinZNaw5TfeDCJOlRl8hPqbpnyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.4.0/23
                  159.253.112.0/21
                  178.255.16.0-178.255.22.255
                  185.2.56.0/22
                IPv6:
                  2a03:1e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:c5:79:02:8a:0e:24:8d:45:d4:76:de:ba:43:82:a7:10:5c:
         b3:90:e6:61:3a:ae:e9:23:ec:bc:10:e7:6e:50:1c:a1:81:7d:
         e1:f8:84:c9:d7:b7:66:1e:25:10:04:15:f0:c3:e3:6b:07:22:
         67:39:3c:b6:0c:87:83:1c:47:4a:fe:ce:ae:ce:b2:cc:8e:53:
         89:6a:b8:1c:83:7b:a2:fe:9f:65:97:76:93:1e:55:81:0f:42:
         f7:c3:59:a3:bd:b6:16:8f:3a:18:1e:d3:dc:ee:84:f2:6f:39:
         85:4a:38:f3:55:4f:a9:ce:2a:a4:a4:c2:3b:3e:10:80:b3:63:
         0c:6f:09:2f:22:ab:6c:c0:2b:81:1b:15:3a:33:fc:e7:99:1b:
         db:bb:9f:ea:ed:ed:fa:48:10:f8:6e:d9:2a:4e:21:ee:a6:80:
         8b:60:c2:20:ca:57:c8:32:14:57:b1:28:14:0d:36:63:f7:33:
         ca:bf:19:3e:52:0b:0d:a5:23:f5:a2:5f:51:59:2c:41:1d:45:
         e8:be:07:2d:b0:ae:b9:83:2e:41:62:43:a4:a8:12:c6:f7:ad:
         c3:8b:68:ec:b1:98:25:dc:44:75:c1:eb:b1:0c:5b:c3:b5:56:
         61:88:11:db:47:e8:9c:ff:e9:d5:21:91:2c:56:9a:68:3b:85:
         94:39:61:f8
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzHJzzdUouAWIpYLVPUvempMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjI5ZDkzNWFjMzk0ZGY3ODMwODkzYTU0NjVmMjEzZWE2ZTk5ZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsApMc3QynfBIqxibaLzqe94mkuXB
Jc9AM7lOT/PdZHYasFVMombY9Ind+Re+iHTW5y6AuOd0ruK47L4phRz8xw2mcwSc
GMVJQfe9dIKrIDf7Onx41fe2Ncb3J+Bsj/Scoa/tuYOXydB8lGk7aJPoCcQCGGUU
KnT/0Vs8l6QerNR7bY5fgKhOBWHyz8v7AnhPk7dSk6sPvnutW2MhV+ff1v5oMDWw
lu1h/huZ5QL1+M00KmOtkHF2GdljDl96YskpDJL0my37x6uUPN8N+C95C0Fb5TQ0
VNY64h2PubSBIbfu2H/nTsvk9vaxInwTkMklN6SsbsVFHfnMC97GifYL7wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJIp2TWsOU33gwiTpUZfIT6m6Z8mMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEva2luWk5hdzVUZmVEQ0pPbFJsOGhQcWJwbnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQBXV4EAwQD
n/1wMAwDBASy/xADBACy/xYDBAK5AjgwDQQCAAIwBwMFACoDHgAwDQYJKoZIhvcN
AQELBQADggEBAHPFeQKKDiSNRdR23rpDgqcQXLOQ5mE6rukj7LwQ525QHKGBfeH4
hMnXt2YeJRAEFfDD42sHImc5PLYMh4McR0r+zq7OssyOU4lquByDe6L+n2WXdpMe
VYEPQvfDWaO9thaPOhge09zuhPJvOYVKOPNVT6nOKqSkwjs+EICzYwxvCS8iq2zA
K4EbFToz/OeZG9u7n+rt7fpIEPhu2SpOIe6mgItgwiDKV8gyFFexKBQNNmP3M8q/
GT5SCw2lI/WiX1FZLEEdRei+By2wrrmDLkFiQ6SoEsb3rcOLaOyxmCXcRHXB67EM
W8O1VmGIEdtH6Jz/6dUhkSxWmmg7hZQ5Yfg=
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:02:21 2024 by rpki-client on console-fra.rpki-client.org