Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/Mzyn949UhdcCK5eerlZ5JDL7LJ4.roa
File:                     Mzyn949UhdcCK5eerlZ5JDL7LJ4.roa (raw, json)
Hash identifier:          xK/FununhztR3Pq5URkRqZKWIizbzlFSnWan/kAsW3k=
Subject key identifier:   33:3C:A7:F7:8F:54:85:D7:02:2B:97:9E:AE:56:79:24:32:FB:2C:9E
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC9CF432BD6B90D9E5DCE029E57423
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/Mzyn949UhdcCK5eerlZ5JDL7LJ4.roa
Signing time:             Mon 01 Jan 2024 16:30:18 +0000
ROA not before:           Mon 01 Jan 2024 16:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202492
IP address blocks:        164.215.100.0/24 maxlen: 24
                          46.23.104.0/22 maxlen: 22
                          85.158.148.0/22 maxlen: 22
                          85.158.146.0/24 maxlen: 24
                          85.158.147.0/24 maxlen: 24
                          109.205.210.0/24 maxlen: 24
                          37.128.200.0/22 maxlen: 22
                          5.10.240.0/22 maxlen: 22
                          5.10.252.0/22 maxlen: 22
                          185.81.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9c:f4:32:bd:6b:90:d9:e5:dc:e0:29:e5:74:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=333ca7f78f5485d7022b979eae56792432fb2c9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:59:f8:cf:aa:5f:de:7b:d5:fa:c1:de:a0:c7:
                    72:ca:88:af:20:a4:1c:c2:ba:09:1a:ee:2d:2a:01:
                    e1:85:6b:39:2d:79:17:9c:f2:2c:3d:f6:ec:2e:95:
                    09:e1:6e:79:9b:36:f5:40:63:fa:c0:a4:7f:73:e6:
                    0d:af:08:eb:8c:a1:77:de:0f:cf:64:8a:e7:8b:9f:
                    73:8b:8e:cc:cc:ab:73:f1:10:71:33:fb:f5:52:76:
                    73:58:e6:14:b3:55:20:2c:52:b1:20:fa:05:a7:ea:
                    28:a1:b4:a0:e0:29:79:b2:52:80:db:fa:4f:48:02:
                    7d:31:2a:fd:ea:8e:b9:34:e7:ed:9f:9d:a2:c7:d7:
                    17:30:6c:82:0f:60:52:da:95:da:69:2a:15:2f:3c:
                    32:e3:ef:cb:85:f5:f2:71:09:d5:67:b6:5c:f7:da:
                    3a:48:37:c6:0d:fe:c0:61:58:1c:77:85:cc:9c:73:
                    0e:53:be:29:55:1a:30:ed:5f:63:f1:86:7f:74:97:
                    32:8f:66:e5:fb:4a:c0:7b:ac:28:59:69:5c:9d:c4:
                    cb:f2:d0:5d:f4:46:04:09:17:28:7a:64:a0:39:65:
                    c8:9b:7f:36:da:59:2c:d4:ed:fc:7a:87:6a:e9:35:
                    e8:77:8c:bb:e9:a7:3d:16:c8:33:77:97:bb:2d:0e:
                    7e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:3C:A7:F7:8F:54:85:D7:02:2B:97:9E:AE:56:79:24:32:FB:2C:9E
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/Mzyn949UhdcCK5eerlZ5JDL7LJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.240.0/22
                  5.10.252.0/22
                  37.128.200.0/22
                  46.23.104.0/22
                  85.158.146.0-85.158.151.255
                  109.205.210.0/24
                  164.215.100.0/24
                  185.81.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:2c:b5:73:b4:cd:81:da:82:58:21:74:09:cd:b1:4b:96:8a:
         7c:7c:db:ae:40:7a:7d:5e:35:a1:ba:77:1f:d7:f9:de:40:34:
         77:a2:b0:9e:35:2f:28:6a:c1:b0:dc:45:cc:c7:53:f8:5e:64:
         52:1d:6d:21:b9:60:69:59:6b:67:69:98:7e:bf:b4:84:b8:65:
         27:4f:8f:77:97:f9:fe:87:27:7b:a5:c1:bd:3f:02:2c:a3:ae:
         d0:e2:d5:74:e0:73:40:68:ba:e9:76:2e:a1:ea:54:f2:60:d6:
         07:e9:5e:73:43:33:8a:c0:b4:29:b0:61:56:af:37:e5:f5:e0:
         c2:c8:6e:be:0d:17:1e:9f:57:40:9b:00:a8:03:ac:bb:e9:7a:
         97:02:50:1d:ee:54:ad:17:09:aa:99:d4:c7:1e:17:7e:b3:5b:
         73:ad:e3:ed:9a:9f:f4:8c:aa:65:3b:98:4c:96:4d:f5:75:c4:
         fd:31:63:dc:f5:c9:69:6d:cc:c2:04:b8:69:77:83:09:d3:bf:
         c0:dc:b8:7d:f0:23:75:07:aa:dc:39:74:62:b9:78:23:33:a9:
         37:4e:e8:5a:81:ae:cd:4f:e7:26:6e:2e:ab:dc:bf:87:dd:56:
         60:ed:81:48:13:09:74:25:6a:b2:3d:0d:43:15:00:46:f0:69:
         c9:28:bf:bf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzF3Jz0Mr1rkNnl3OAp5XQjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzNjYTdmNzhmNTQ4NWQ3MDIyYjk3OWVhZTU2NzkyNDMyZmIyYzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVn4z6pf3nvV+sHeoMdyyoivIKQc
wroJGu4tKgHhhWs5LXkXnPIsPfbsLpUJ4W55mzb1QGP6wKR/c+YNrwjrjKF33g/P
ZIrni59zi47MzKtz8RBxM/v1UnZzWOYUs1UgLFKxIPoFp+ooobSg4Cl5slKA2/pP
SAJ9MSr96o65NOftn52ix9cXMGyCD2BS2pXaaSoVLzwy4+/LhfXycQnVZ7Zc99o6
SDfGDf7AYVgcd4XMnHMOU74pVRow7V9j8YZ/dJcyj2bl+0rAe6woWWlcncTL8tBd
9EYECRcoemSgOWXIm3822lks1O38eodq6TXod4y76ac9Fsgzd5e7LQ5+BQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFDM8p/ePVIXXAiuXnq5WeSQy+yyeMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvTXp5bjk0OVVoZGNDSzVlZXJsWjVKREw3TEo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCBQrwAwQC
BQr8AwQCJYDIAwQCLhdoMAwDBAFVnpIDBANVnpADBABtzdIDBACk12QDBAC5Udow
DQYJKoZIhvcNAQELBQADggEBAM8stXO0zYHaglghdAnNsUuWinx8265Aen1eNaG6
dx/X+d5ANHeisJ41LyhqwbDcRczHU/heZFIdbSG5YGlZa2dpmH6/tIS4ZSdPj3eX
+f6HJ3ulwb0/AiyjrtDi1XTgc0Bouul2LqHqVPJg1gfpXnNDM4rAtCmwYVavN+X1
4MLIbr4NFx6fV0CbAKgDrLvpepcCUB3uVK0XCaqZ1MceF36zW3Ot4+2an/SMqmU7
mEyWTfV1xP0xY9z1yWltzMIEuGl3gwnTv8DcuH3wI3UHqtw5dGK5eCMzqTdO6FqB
rs1P5yZuLqvcv4fdVmDtgUgTCXQlarI9DUMVAEbwackov78=
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:47:13 2024 by rpki-client on console-fra.rpki-client.org