Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/79c5bb-619d-4beb-8649-a2f425600db3/1/A98r0K5J7JeKL64U9w07ZwosmF8.roa
File:                     A98r0K5J7JeKL64U9w07ZwosmF8.roa (raw, json)
Hash identifier:          +6lYf/oC6tPdwpFCd6KYakoAvP56izsM11hvXbsWHxo=
Subject key identifier:   03:DF:2B:D0:AE:49:EC:97:8A:2F:AE:14:F7:0D:3B:67:0A:2C:98:5F
Certificate issuer:       /CN=947121580ed02eddf4f5e5a87d37e017b32df71b
Certificate serial:       018CC6B8814996C7FFEDCE32BCAD3F1AC480
Authority key identifier: 94:71:21:58:0E:D0:2E:DD:F4:F5:E5:A8:7D:37:E0:17:B3:2D:F7:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHEhWA7QLt309eWofTfgF7Mt9xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/79c5bb-619d-4beb-8649-a2f425600db3/1/A98r0K5J7JeKL64U9w07ZwosmF8.roa
Signing time:             Mon 01 Jan 2024 20:30:29 +0000
ROA not before:           Mon 01 Jan 2024 20:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60316
IP address blocks:        185.104.72.0/22 maxlen: 24
                          185.212.32.0/24 maxlen: 24
                          185.186.120.0/22 maxlen: 24
                          185.227.224.0/22 maxlen: 24
                          185.33.216.0/22 maxlen: 24
                          2a06:2f80::/29 maxlen: 32
                          2a04:5a00::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/79c5bb-619d-4beb-8649-a2f425600db3/1/lHEhWA7QLt309eWofTfgF7Mt9xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/79c5bb-619d-4beb-8649-a2f425600db3/1/lHEhWA7QLt309eWofTfgF7Mt9xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lHEhWA7QLt309eWofTfgF7Mt9xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:81:49:96:c7:ff:ed:ce:32:bc:ad:3f:1a:c4:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=947121580ed02eddf4f5e5a87d37e017b32df71b
        Validity
            Not Before: Jan  1 20:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03df2bd0ae49ec978a2fae14f70d3b670a2c985f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:37:44:88:94:3a:22:1c:8a:93:94:a6:da:5f:
                    f5:87:65:af:0a:65:33:f9:5c:10:bd:30:6f:80:d7:
                    09:15:65:22:4b:0b:69:78:3d:df:ce:3f:c6:4b:a8:
                    64:8f:5b:92:bb:0c:fa:9f:02:f9:c6:f0:60:1f:7b:
                    08:d3:7e:fa:08:8c:76:1f:9d:fa:e2:c9:5f:60:36:
                    62:77:cd:77:f9:d7:9e:ea:4a:30:a6:3b:7b:12:de:
                    29:17:d5:08:95:0f:81:02:b0:28:72:8a:dc:db:e4:
                    db:28:81:a6:d7:75:35:dd:f0:26:36:45:78:c9:18:
                    8c:11:8f:ce:7e:30:23:86:72:cd:fe:87:d4:c8:cf:
                    f0:12:c5:f0:9f:00:44:5b:f0:b4:8c:fe:51:0a:14:
                    cd:2e:80:06:6f:7b:33:cf:ee:7c:df:87:44:77:49:
                    0a:be:f7:ec:14:38:6c:0d:bc:e1:c5:9c:85:02:0f:
                    30:23:e1:7e:54:4c:cd:06:46:c8:fe:71:6b:d5:90:
                    33:62:4d:b8:16:38:06:84:b5:cb:24:98:a2:8b:df:
                    f0:d5:52:d7:3a:3d:32:04:e7:d8:dd:2b:f3:34:69:
                    7e:d7:fd:a2:56:a3:d0:69:b2:23:97:c1:5b:95:c3:
                    ff:62:c3:42:86:f2:db:0a:5e:3b:43:de:bb:ff:ec:
                    6f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:DF:2B:D0:AE:49:EC:97:8A:2F:AE:14:F7:0D:3B:67:0A:2C:98:5F
            X509v3 Authority Key Identifier:
                keyid:94:71:21:58:0E:D0:2E:DD:F4:F5:E5:A8:7D:37:E0:17:B3:2D:F7:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHEhWA7QLt309eWofTfgF7Mt9xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/79c5bb-619d-4beb-8649-a2f425600db3/1/A98r0K5J7JeKL64U9w07ZwosmF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/79c5bb-619d-4beb-8649-a2f425600db3/1/lHEhWA7QLt309eWofTfgF7Mt9xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.216.0/22
                  185.104.72.0/22
                  185.186.120.0/22
                  185.212.32.0/24
                  185.227.224.0/22
                IPv6:
                  2a04:5a00::/29
                  2a06:2f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:fa:f8:c8:71:98:16:e5:81:ea:ec:3f:33:c7:86:9d:01:73:
         a5:7b:2f:5b:4b:b5:bf:d6:32:67:46:c5:2a:0d:fa:de:ea:5e:
         ed:1e:05:a4:05:58:30:01:fb:95:e1:30:0e:d6:a2:96:aa:44:
         0c:bb:6b:80:22:a6:dd:f5:7e:a3:68:7a:11:2f:0a:87:50:bb:
         d9:ca:b6:8c:ee:e7:f3:56:78:40:46:56:8c:ac:91:34:1e:58:
         4c:16:3f:38:af:a8:02:fe:bb:72:91:e3:85:de:48:1d:16:46:
         a7:ea:1b:99:36:ca:ba:c9:ed:ac:32:cc:ec:75:5c:42:70:87:
         c0:f3:d5:58:53:4d:de:29:30:5c:46:1b:91:05:28:1b:5f:17:
         34:33:31:34:32:63:b7:2d:a7:a4:95:f5:4c:24:c7:52:48:08:
         37:1b:d1:54:fe:a1:d5:32:25:58:19:85:8d:58:cc:b4:7b:76:
         43:67:06:d3:80:09:d1:3c:92:c9:98:62:75:95:21:c8:a9:17:
         11:19:28:03:d5:e6:6b:66:b5:92:02:17:b8:ad:94:64:f9:22:
         88:7e:bd:1e:49:49:73:90:6c:f1:35:0c:59:ba:a6:2c:03:5a:
         fc:43:48:5b:b0:70:dc:7f:06:6d:cd:bd:48:b1:6e:1d:02:8c:
         7d:dc:a6:49
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzGuIFJlsf/7c4yvK0/GsSAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzEyMTU4MGVkMDJlZGRmNGY1ZTVhODdkMzdlMDE3YjMy
ZGY3MWIwHhcNMjQwMTAxMjAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2RmMmJkMGFlNDllYzk3OGEyZmFlMTRmNzBkM2I2NzBhMmM5ODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzdEiJQ6IhyKk5Sm2l/1h2WvCmUz
+VwQvTBvgNcJFWUiSwtpeD3fzj/GS6hkj1uSuwz6nwL5xvBgH3sI0376CIx2H536
4slfYDZid813+dee6kowpjt7Et4pF9UIlQ+BArAocorc2+TbKIGm13U13fAmNkV4
yRiMEY/OfjAjhnLN/ofUyM/wEsXwnwBEW/C0jP5RChTNLoAGb3szz+5834dEd0kK
vvfsFDhsDbzhxZyFAg8wI+F+VEzNBkbI/nFr1ZAzYk24FjgGhLXLJJiii9/w1VLX
Oj0yBOfY3SvzNGl+1/2iVqPQabIjl8FblcP/YsNChvLbCl47Q967/+xvHwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFAPfK9CuSeyXii+uFPcNO2cKLJhfMB8GA1UdIwQY
MBaAFJRxIVgO0C7d9PXlqH034BezLfcbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhFaFdBN1FMdDMwOWVXb2ZUZmdGN010OXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS83OWM1YmItNjE5ZC00YmViLTg2NDkt
YTJmNDI1NjAwZGIzLzEvQTk4cjBLNUo3SmVLTDY0VTl3MDdad29zbUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS83OWM1YmItNjE5ZC00YmViLTg2NDktYTJmNDI1NjAwZGIz
LzEvbEhFaFdBN1FMdDMwOWVXb2ZUZmdGN010OXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQCuSHYAwQC
uWhIAwQCubp4AwQAudQgAwQCuePgMBQEAgACMA4DBQMqBFoAAwUDKgYvgDANBgkq
hkiG9w0BAQsFAAOCAQEAsfr4yHGYFuWB6uw/M8eGnQFzpXsvW0u1v9YyZ0bFKg36
3upe7R4FpAVYMAH7leEwDtailqpEDLtrgCKm3fV+o2h6ES8Kh1C72cq2jO7n81Z4
QEZWjKyRNB5YTBY/OK+oAv67cpHjhd5IHRZGp+obmTbKusntrDLM7HVcQnCHwPPV
WFNN3ikwXEYbkQUoG18XNDMxNDJjty2npJX1TCTHUkgINxvRVP6h1TIlWBmFjVjM
tHt2Q2cG04AJ0TySyZhidZUhyKkXERkoA9Xma2a1kgIXuK2UZPkiiH69HklJc5Bs
8TUMWbqmLANa/ENIW7Bw3H8Gbc29SLFuHQKMfdymSQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:00:23 2024 by rpki-client on console-ams.rpki-client.org