Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/q7IkgOwH6h--euCSk5RNEdYhs7A.roa
File:                     q7IkgOwH6h--euCSk5RNEdYhs7A.roa (raw, json)
Hash identifier:          ejbFtoKkU6yDg3dDX2/EcMz4UWZJlqTIYvhLzPZwaRk=
Subject key identifier:   AB:B2:24:80:EC:07:EA:1F:BE:7A:E0:92:93:94:4D:11:D6:21:B3:B0
Certificate issuer:       /CN=7d61b8378e8f368ae4998d51c3a9ace64148d6cd
Certificate serial:       018CC7953CE24B52847B8DDAAC7AE4C57E07
Authority key identifier: 7D:61:B8:37:8E:8F:36:8A:E4:99:8D:51:C3:A9:AC:E6:41:48:D6:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fWG4N46PNorkmY1Rw6ms5kFI1s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/q7IkgOwH6h--euCSk5RNEdYhs7A.roa
Signing time:             Tue 02 Jan 2024 00:31:35 +0000
ROA not before:           Tue 02 Jan 2024 00:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35790
IP address blocks:        213.204.219.0/24 maxlen: 24
                          213.204.218.0/24 maxlen: 24
                          213.204.216.0/23 maxlen: 23
                          213.204.215.0/24 maxlen: 24
                          213.204.224.0/20 maxlen: 20
                          213.204.222.0/24 maxlen: 24
                          213.204.221.0/24 maxlen: 24
                          213.204.232.0/24 maxlen: 24
                          213.204.237.0/24 maxlen: 24
                          213.204.244.0/24 maxlen: 24
                          213.204.240.0/21 maxlen: 21
                          213.204.252.0/22 maxlen: 22
                          213.204.248.0/22 maxlen: 23
                          213.204.247.0/24 maxlen: 24
                          185.31.143.0/24 maxlen: 24
                          185.31.140.0/22 maxlen: 22
                          213.204.192.0/23 maxlen: 23
                          213.204.192.0/20 maxlen: 20
                          213.204.198.0/24 maxlen: 24
                          213.204.208.0/20 maxlen: 20
                          185.105.244.0/22 maxlen: 22
                          185.57.84.0/22 maxlen: 22
                          185.217.224.0/22 maxlen: 22
                          2a0b:cdc7::/32 maxlen: 32
                          2a0b:cdc0::/29 maxlen: 29
                          2a0b:cdc1::/32 maxlen: 32
                          2a0b:cdc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/fWG4N46PNorkmY1Rw6ms5kFI1s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/fWG4N46PNorkmY1Rw6ms5kFI1s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fWG4N46PNorkmY1Rw6ms5kFI1s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3c:e2:4b:52:84:7b:8d:da:ac:7a:e4:c5:7e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d61b8378e8f368ae4998d51c3a9ace64148d6cd
        Validity
            Not Before: Jan  2 00:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abb22480ec07ea1fbe7ae09293944d11d621b3b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1e:83:e5:af:38:d0:44:92:39:17:ba:d1:c5:
                    d5:89:ce:cc:49:f8:1d:d3:00:4b:34:61:87:c4:57:
                    ae:c0:42:e9:80:76:a3:0e:29:44:54:96:2b:54:2a:
                    81:7b:f3:ce:0d:72:fa:1e:f8:74:19:1d:ed:60:41:
                    d7:6a:8a:16:b7:72:a7:f4:e0:7d:30:11:60:bf:ac:
                    de:be:79:32:4e:47:f7:1e:e2:65:d5:71:ab:35:65:
                    02:48:83:00:b4:e7:b2:bb:d3:8f:c5:74:c5:b0:37:
                    c0:03:46:ed:43:a1:ff:3e:3f:54:a4:83:3b:88:75:
                    43:0c:6a:51:68:12:6d:c9:02:cd:3a:47:50:e5:3d:
                    3c:44:b0:b5:6d:86:e4:bc:66:a2:75:37:a2:f2:e9:
                    62:c7:1b:23:5e:8e:ad:85:c7:b3:17:c7:ef:3b:45:
                    2e:4a:54:94:95:30:f2:63:6b:e0:eb:8d:92:9b:83:
                    59:2f:c6:24:64:6a:14:c2:25:10:6a:84:fa:8d:26:
                    52:12:35:51:bd:55:db:bd:a1:64:ca:97:36:42:3f:
                    70:fa:fb:94:d3:61:91:7b:6e:cd:85:96:54:20:06:
                    c2:05:05:eb:99:49:c4:c5:d0:4f:91:be:b7:8e:cd:
                    50:42:00:22:31:f4:45:c8:60:6d:f3:26:74:b9:ed:
                    0b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B2:24:80:EC:07:EA:1F:BE:7A:E0:92:93:94:4D:11:D6:21:B3:B0
            X509v3 Authority Key Identifier:
                keyid:7D:61:B8:37:8E:8F:36:8A:E4:99:8D:51:C3:A9:AC:E6:41:48:D6:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fWG4N46PNorkmY1Rw6ms5kFI1s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/q7IkgOwH6h--euCSk5RNEdYhs7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ed821b-3452-427a-8e44-d16e4ae61f80/1/fWG4N46PNorkmY1Rw6ms5kFI1s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.140.0/22
                  185.57.84.0/22
                  185.105.244.0/22
                  185.217.224.0/22
                  213.204.192.0/18
                IPv6:
                  2a0b:cdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:7b:42:9c:13:a0:e1:cc:33:6f:ad:97:58:57:2e:c4:4e:bd:
         4f:89:30:4f:6f:fb:cf:96:b7:5d:db:9d:98:96:a7:c4:ea:47:
         8d:e9:f6:ff:fb:33:6f:fe:fa:91:7c:96:8a:bb:b5:df:50:04:
         77:6f:44:3e:29:6e:14:ad:ce:fd:dd:0f:37:d1:8c:4b:76:ae:
         e9:74:57:ff:a5:90:7d:2a:6a:7a:2c:d3:b8:aa:07:ea:26:1a:
         1c:08:5f:fe:39:c6:46:58:db:30:92:cc:6f:16:e6:16:3a:93:
         d4:fe:b1:c7:2c:9e:14:71:e9:70:3e:94:00:ca:98:a8:9d:51:
         fd:35:d4:aa:a1:8b:16:4d:3e:e7:da:1b:c4:7c:3b:24:e8:f6:
         3d:48:ea:e6:af:ed:2f:f0:1c:e5:47:0a:f3:a2:28:b7:62:81:
         84:d3:b2:6b:7c:0f:2b:e4:7a:74:29:a2:25:1f:fe:65:e5:3a:
         85:16:ed:c0:fa:99:cd:e3:54:c0:7f:f0:f7:72:d8:96:85:57:
         ee:ea:38:fd:4f:f4:0b:aa:c9:42:4b:f7:e2:1b:c0:41:1a:00:
         2d:d6:64:fc:84:52:6b:00:43:a8:47:73:9c:f7:52:b3:0c:d7:
         2d:95:5b:28:62:d4:7b:ef:9d:ca:4a:1e:28:07:75:68:76:5e:
         f0:f2:f9:5c
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzHlTziS1KEe43arHrkxX4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNjFiODM3OGU4ZjM2OGFlNDk5OGQ1MWMzYTlhY2U2NDE0
OGQ2Y2QwHhcNMjQwMTAyMDAzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmIyMjQ4MGVjMDdlYTFmYmU3YWUwOTI5Mzk0NGQxMWQ2MjFiM2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvh6D5a840ESSORe60cXVic7MSfgd
0wBLNGGHxFeuwELpgHajDilEVJYrVCqBe/PODXL6Hvh0GR3tYEHXaooWt3Kn9OB9
MBFgv6zevnkyTkf3HuJl1XGrNWUCSIMAtOeyu9OPxXTFsDfAA0btQ6H/Pj9UpIM7
iHVDDGpRaBJtyQLNOkdQ5T08RLC1bYbkvGaidTei8ulixxsjXo6thcezF8fvO0Uu
SlSUlTDyY2vg642Sm4NZL8YkZGoUwiUQaoT6jSZSEjVRvVXbvaFkypc2Qj9w+vuU
02GRe27NhZZUIAbCBQXrmUnExdBPkb63js1QQgAiMfRFyGBt8yZ0ue0LvwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKuyJIDsB+ofvnrgkpOUTRHWIbOwMB8GA1UdIwQY
MBaAFH1huDeOjzaK5JmNUcOprOZBSNbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZldHNE40NlBOb3JrbVkxUnc2bXM1a0ZJMXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZDgyMWItMzQ1Mi00MjdhLThlNDQt
ZDE2ZTRhZTYxZjgwLzEvcTdJa2dPd0g2aC0tZXVDU2s1Uk5FZFloczdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZDgyMWItMzQ1Mi00MjdhLThlNDQtZDE2ZTRhZTYxZjgw
LzEvZldHNE40NlBOb3JrbVkxUnc2bXM1a0ZJMXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuR+MAwQC
uTlUAwQCuWn0AwQCudngAwQG1czAMA0EAgACMAcDBQMqC83AMA0GCSqGSIb3DQEB
CwUAA4IBAQA7e0KcE6DhzDNvrZdYVy7ETr1PiTBPb/vPlrdd252YlqfE6keN6fb/
+zNv/vqRfJaKu7XfUAR3b0Q+KW4Urc793Q830YxLdq7pdFf/pZB9Kmp6LNO4qgfq
JhocCF/+OcZGWNswksxvFuYWOpPU/rHHLJ4UcelwPpQAypionVH9NdSqoYsWTT7n
2hvEfDsk6PY9SOrmr+0v8BzlRwrzoii3YoGE07JrfA8r5Hp0KaIlH/5l5TqFFu3A
+pnN41TAf/D3ctiWhVfu6jj9T/QLqslCS/fiG8BBGgAt1mT8hFJrAEOoR3Oc91Kz
DNctlVsoYtR7753KSh4oB3Vodl7w8vlc
-----END CERTIFICATE-----
Generated at Sat Jun 15 13:27:32 2024 by rpki-client on console-fra.rpki-client.org