Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/a46be7-317e-4708-a016-4fd6b7d76a2f/1/eNkm65rDZIawGpVRtOG5I6SHb54.roa
File:                     eNkm65rDZIawGpVRtOG5I6SHb54.roa (raw, json)
Hash identifier:          WXRPt2vRT0L34fbZa2L7DZ06/e0TPnaukcRuk6KGz0Q=
Subject key identifier:   78:D9:26:EB:9A:C3:64:86:B0:1A:95:51:B4:E1:B9:23:A4:87:6F:9E
Certificate issuer:       /CN=79d69dd98333558401edd1a60168265dd1a0d958
Certificate serial:       018CC7275A826E9E19B95C632D6913ABE2E6
Authority key identifier: 79:D6:9D:D9:83:33:55:84:01:ED:D1:A6:01:68:26:5D:D1:A0:D9:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edad2YMzVYQB7dGmAWgmXdGg2Vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/a46be7-317e-4708-a016-4fd6b7d76a2f/1/eNkm65rDZIawGpVRtOG5I6SHb54.roa
Signing time:             Mon 01 Jan 2024 22:31:34 +0000
ROA not before:           Mon 01 Jan 2024 22:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     513
IP address blocks:        128.141.0.0/16 maxlen: 16
                          192.65.183.0/24 maxlen: 24
                          192.65.184.0/21 maxlen: 21
                          192.65.192.0/22 maxlen: 22
                          192.65.196.0/23 maxlen: 23
                          192.91.236.0/22 maxlen: 22
                          192.91.240.0/22 maxlen: 22
                          192.91.246.0/24 maxlen: 24
                          192.91.244.0/23 maxlen: 23
                          192.16.164.0/23 maxlen: 23
                          192.16.160.0/22 maxlen: 22
                          192.16.166.0/24 maxlen: 24
                          194.12.128.0/18 maxlen: 18
                          137.138.0.0/16 maxlen: 16
                          185.249.56.0/22 maxlen: 22
                          188.184.0.0/16 maxlen: 16
                          128.142.0.0/16 maxlen: 16
                          192.16.155.0/24 maxlen: 24
                          192.16.156.0/22 maxlen: 22
                          188.185.0.0/16 maxlen: 16
                          2001:1459::/32 maxlen: 32
                          2001:1458::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/a46be7-317e-4708-a016-4fd6b7d76a2f/1/edad2YMzVYQB7dGmAWgmXdGg2Vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/a46be7-317e-4708-a016-4fd6b7d76a2f/1/edad2YMzVYQB7dGmAWgmXdGg2Vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/edad2YMzVYQB7dGmAWgmXdGg2Vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5a:82:6e:9e:19:b9:5c:63:2d:69:13:ab:e2:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d69dd98333558401edd1a60168265dd1a0d958
        Validity
            Not Before: Jan  1 22:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78d926eb9ac36486b01a9551b4e1b923a4876f9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3d:5b:99:fc:25:8e:6f:c9:63:b2:ff:f3:64:
                    99:47:19:fa:de:57:23:68:68:5d:f1:8c:93:97:ee:
                    34:49:3b:19:16:f1:49:e7:37:d8:ac:cd:80:4d:af:
                    43:40:f9:a2:9e:b5:14:d5:31:c2:5b:9f:38:49:be:
                    de:42:03:86:5e:93:76:16:8b:b9:e0:ca:cb:c8:a1:
                    13:74:af:1d:a7:50:b4:72:a1:06:cd:c2:c2:4f:f0:
                    41:96:3a:53:13:36:99:e0:c3:6d:a3:fd:ee:0e:c5:
                    eb:16:45:ff:59:a3:71:42:7c:62:a2:de:39:26:fd:
                    15:04:d5:a8:52:e8:e3:3c:c6:5f:96:60:9f:5e:b7:
                    5d:6c:f6:bc:6f:9a:93:2c:98:a8:6c:b9:7f:a1:dc:
                    1e:c3:6c:a4:54:d7:75:34:b6:2a:f6:ca:bf:83:bc:
                    ad:6f:7d:aa:3d:39:93:2f:4d:da:d5:16:27:a0:6e:
                    a2:21:7a:1e:1c:41:27:f5:04:7c:80:c3:8f:af:81:
                    e7:88:e9:61:63:c5:c9:f5:43:6f:66:ea:9b:60:ff:
                    0c:6d:a3:be:16:59:1e:31:70:0f:59:82:ba:d8:05:
                    bf:78:de:ea:c7:93:f3:d5:93:9a:3b:f3:8d:08:b9:
                    68:00:57:d3:fa:4b:59:54:82:b4:c0:40:60:4c:bc:
                    26:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:D9:26:EB:9A:C3:64:86:B0:1A:95:51:B4:E1:B9:23:A4:87:6F:9E
            X509v3 Authority Key Identifier:
                keyid:79:D6:9D:D9:83:33:55:84:01:ED:D1:A6:01:68:26:5D:D1:A0:D9:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edad2YMzVYQB7dGmAWgmXdGg2Vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a46be7-317e-4708-a016-4fd6b7d76a2f/1/eNkm65rDZIawGpVRtOG5I6SHb54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a46be7-317e-4708-a016-4fd6b7d76a2f/1/edad2YMzVYQB7dGmAWgmXdGg2Vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.141.0.0-128.142.255.255
                  137.138.0.0/16
                  185.249.56.0/22
                  188.184.0.0/15
                  192.16.155.0-192.16.166.255
                  192.65.183.0-192.65.197.255
                  192.91.236.0-192.91.246.255
                  194.12.128.0/18
                IPv6:
                  2001:1458::/31

    Signature Algorithm: sha256WithRSAEncryption
         56:86:22:5e:81:0e:2b:48:59:d6:d5:52:85:19:7d:e4:35:28:
         98:46:13:14:d8:17:ee:87:de:ea:31:18:84:8c:d3:3e:f9:38:
         66:fe:0c:ad:32:b8:81:15:f9:ce:0d:a6:d5:96:88:6c:4f:3b:
         49:ad:7a:51:7d:25:f9:17:d1:f4:28:43:d7:db:53:88:4c:69:
         74:f9:e5:3e:d6:9c:10:da:f5:91:05:7b:c9:bf:5d:c0:06:a3:
         12:6d:66:37:76:cc:d3:a1:0f:33:fa:07:b8:f9:8d:3f:91:4b:
         37:fe:b2:51:05:99:27:9b:03:89:3b:92:53:00:80:c7:61:a2:
         63:d3:15:e9:c8:1d:c0:51:26:f5:dc:b1:9a:bf:76:1d:19:d4:
         33:0b:44:14:d8:cd:47:f3:ea:cd:12:23:8f:75:34:f8:0e:b4:
         3c:de:b9:a8:48:91:7a:b1:5a:d8:2b:25:c4:e9:3b:e2:42:29:
         e2:59:38:df:f0:f9:9a:aa:53:0e:a3:15:e0:1f:b3:1f:12:d1:
         fe:2e:2f:35:77:fc:00:6c:c5:cf:10:0d:12:bc:f2:e0:e8:f6:
         65:2e:01:5d:2f:57:8d:c8:8b:cf:ea:f3:14:16:47:5b:c6:0a:
         b6:ea:0c:38:d6:c0:0d:71:20:35:b3:96:88:15:13:48:77:19:
         10:ab:1c:aa
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYzHJ1qCbp4ZuVxjLWkTq+LmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDY5ZGQ5ODMzMzU1ODQwMWVkZDFhNjAxNjgyNjVkZDFh
MGQ5NTgwHhcNMjQwMTAxMjIzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGQ5MjZlYjlhYzM2NDg2YjAxYTk1NTFiNGUxYjkyM2E0ODc2ZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgT1bmfwljm/JY7L/82SZRxn63lcj
aGhd8YyTl+40STsZFvFJ5zfYrM2ATa9DQPminrUU1THCW584Sb7eQgOGXpN2Fou5
4MrLyKETdK8dp1C0cqEGzcLCT/BBljpTEzaZ4MNto/3uDsXrFkX/WaNxQnxiot45
Jv0VBNWoUujjPMZflmCfXrddbPa8b5qTLJiobLl/odwew2ykVNd1NLYq9sq/g7yt
b32qPTmTL03a1RYnoG6iIXoeHEEn9QR8gMOPr4HniOlhY8XJ9UNvZuqbYP8MbaO+
FlkeMXAPWYK62AW/eN7qx5Pz1ZOaO/ONCLloAFfT+ktZVIK0wEBgTLwmCQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFHjZJuuaw2SGsBqVUbThuSOkh2+eMB8GA1UdIwQY
MBaAFHnWndmDM1WEAe3RpgFoJl3RoNlYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWRhZDJZTXpWWVFCN2RHbUFXZ21YZEdnMlZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hNDZiZTctMzE3ZS00NzA4LWEwMTYt
NGZkNmI3ZDc2YTJmLzEvZU5rbTY1ckRaSWF3R3BWUnRPRzVJNlNIYjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hNDZiZTctMzE3ZS00NzA4LWEwMTYtNGZkNmI3ZDc2YTJm
LzEvZWRhZDJZTXpWWVFCN2RHbUFXZ21YZEdnMlZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBSBAIAATBMMAoDAwCAjQMD
AICOAwMAiYoDBAK5+TgDAwG8uDAMAwQAwBCbAwQAwBCmMAwDBADAQbcDBAHAQcQw
DAMEAsBb7AMEAMBb9gMEBsIMgDANBAIAAjAHAwUBIAEUWDANBgkqhkiG9w0BAQsF
AAOCAQEAVoYiXoEOK0hZ1tVShRl95DUomEYTFNgX7ofe6jEYhIzTPvk4Zv4MrTK4
gRX5zg2m1ZaIbE87Sa16UX0l+RfR9ChD19tTiExpdPnlPtacENr1kQV7yb9dwAaj
Em1mN3bM06EPM/oHuPmNP5FLN/6yUQWZJ5sDiTuSUwCAx2GiY9MV6cgdwFEm9dyx
mr92HRnUMwtEFNjNR/PqzRIjj3U0+A60PN65qEiRerFa2CslxOk74kIp4lk43/D5
mqpTDqMV4B+zHxLR/i4vNXf8AGzFzxANErzy4Oj2ZS4BXS9XjciLz+rzFBZHW8YK
tuoMONbADXEgNbOWiBUTSHcZEKscqg==
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:02:40 2024 by rpki-client on console-fra.rpki-client.org