Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/3967a6-79f3-4aff-b34b-ae0ea6643bbd/1/L9vQOvgJV_y8-IUh5GZ3n1qXZRY.roa
File:                     L9vQOvgJV_y8-IUh5GZ3n1qXZRY.roa (raw, json)
Hash identifier:          5oszbtV0a33X+NIYd1ID1wqX/2UPYXYn5XTldWJivbo=
Subject key identifier:   2F:DB:D0:3A:F8:09:57:FC:BC:F8:85:21:E4:66:77:9F:5A:97:65:16
Certificate issuer:       /CN=9e4372f63932ba7fe8f161b564b93860614a80ba
Certificate serial:       018CE81CB330DB317C817D56E6B24D962A88
Authority key identifier: 9E:43:72:F6:39:32:BA:7F:E8:F1:61:B5:64:B9:38:60:61:4A:80:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkNy9jkyun_o8WG1ZLk4YGFKgLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/3967a6-79f3-4aff-b34b-ae0ea6643bbd/1/L9vQOvgJV_y8-IUh5GZ3n1qXZRY.roa
Signing time:             Mon 08 Jan 2024 08:07:24 +0000
ROA not before:           Mon 08 Jan 2024 08:07:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49126
IP address blocks:        94.138.192.0/24 maxlen: 24
                          94.138.199.0/24 maxlen: 24
                          94.138.194.0/24 maxlen: 24
                          94.138.193.0/24 maxlen: 24
                          94.138.196.0/24 maxlen: 24
                          94.138.195.0/24 maxlen: 24
                          94.138.198.0/24 maxlen: 24
                          94.138.197.0/24 maxlen: 24
                          94.138.201.0/24 maxlen: 24
                          94.138.200.0/24 maxlen: 24
                          94.138.203.0/24 maxlen: 24
                          94.138.202.0/24 maxlen: 24
                          94.138.204.0/22 maxlen: 22
                          185.48.181.0/24 maxlen: 24
                          185.48.180.0/24 maxlen: 24
                          94.138.208.0/22 maxlen: 22
                          185.48.183.0/24 maxlen: 24
                          185.48.182.0/24 maxlen: 24
                          94.138.212.0/22 maxlen: 22
                          94.138.216.0/22 maxlen: 22
                          94.138.220.0/22 maxlen: 22
                          94.102.90.0/24 maxlen: 24
                          94.102.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/3967a6-79f3-4aff-b34b-ae0ea6643bbd/1/nkNy9jkyun_o8WG1ZLk4YGFKgLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/3967a6-79f3-4aff-b34b-ae0ea6643bbd/1/nkNy9jkyun_o8WG1ZLk4YGFKgLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkNy9jkyun_o8WG1ZLk4YGFKgLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:1c:b3:30:db:31:7c:81:7d:56:e6:b2:4d:96:2a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e4372f63932ba7fe8f161b564b93860614a80ba
        Validity
            Not Before: Jan  8 08:07:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fdbd03af80957fcbcf88521e466779f5a976516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:e5:bb:84:6c:2a:fa:44:b1:8e:78:67:b1:84:
                    44:ff:cb:ef:ab:51:ef:95:24:75:ba:ed:e6:08:34:
                    d9:29:17:1c:23:67:c3:eb:d3:95:e4:9b:c3:6f:64:
                    71:a7:c1:c3:84:a8:ed:01:8c:1d:f7:b8:3f:5a:31:
                    08:b4:a8:81:a1:45:f5:52:b0:50:93:97:86:f6:3a:
                    29:17:13:a9:87:e2:ba:a3:e7:f0:ab:cb:e5:2f:0a:
                    51:c3:19:c0:72:b7:03:52:b6:fb:c7:67:8f:b3:72:
                    62:c9:3c:fc:af:f5:6e:cb:d8:4b:db:f1:ff:d0:ea:
                    9c:6c:e1:1d:78:bf:d3:a3:39:5e:b1:0d:d9:eb:3b:
                    d1:be:19:1b:d4:6f:04:ca:6f:01:62:72:d5:f4:24:
                    0c:68:7e:26:ab:43:92:e0:5d:70:ca:b3:30:ed:de:
                    72:99:50:35:42:16:18:30:f5:da:7f:45:e7:b9:62:
                    5c:5e:75:21:35:bb:02:fb:eb:c0:6d:89:05:c9:2d:
                    df:30:6d:97:21:e0:14:f2:09:74:82:dc:5a:42:fd:
                    63:18:5c:28:78:b3:c7:ae:07:ae:ce:f9:98:df:49:
                    91:f8:f1:b7:e8:5c:f5:3a:6c:ff:4a:a2:69:d8:dd:
                    6a:f5:5c:28:e7:9d:0f:df:0a:80:c5:6d:4e:ad:bc:
                    1d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:DB:D0:3A:F8:09:57:FC:BC:F8:85:21:E4:66:77:9F:5A:97:65:16
            X509v3 Authority Key Identifier:
                keyid:9E:43:72:F6:39:32:BA:7F:E8:F1:61:B5:64:B9:38:60:61:4A:80:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkNy9jkyun_o8WG1ZLk4YGFKgLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/3967a6-79f3-4aff-b34b-ae0ea6643bbd/1/L9vQOvgJV_y8-IUh5GZ3n1qXZRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/3967a6-79f3-4aff-b34b-ae0ea6643bbd/1/nkNy9jkyun_o8WG1ZLk4YGFKgLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.102.90.0/23
                  94.138.192.0/19
                  185.48.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:38:fd:4c:d5:aa:0c:18:ca:a3:ba:9a:e2:6d:9d:32:07:a2:
         36:b7:c3:66:7d:32:a8:c4:18:2d:ee:9c:a4:e4:7c:72:99:f0:
         a4:91:76:5f:8d:82:af:5a:e3:34:62:1d:97:c4:a7:ab:c2:28:
         c1:64:c2:8a:91:ba:dd:b3:c0:4d:a0:33:2d:e6:d8:3b:99:db:
         c7:8c:63:16:5a:02:34:37:e2:08:90:c4:d3:86:08:09:bc:73:
         03:16:b0:7c:ab:6b:6c:14:9d:5a:a5:73:a4:b8:45:6c:3e:c5:
         13:e4:05:eb:d6:82:ca:3d:99:63:08:c0:3c:1c:da:8f:bf:ff:
         fe:0f:01:b0:bd:8e:77:f6:e4:eb:14:7e:21:78:f1:f0:2e:f9:
         b9:33:5c:3f:b6:84:66:08:a9:a0:e9:44:bb:28:c6:e0:52:1a:
         d1:c2:93:04:90:04:53:57:a0:84:07:9a:ad:72:cf:3b:ee:86:
         94:f7:01:06:85:71:ff:74:f8:b7:4f:a8:4d:30:96:f3:1c:8d:
         ed:d6:3e:22:30:59:b2:cc:f7:40:98:dd:bf:bc:05:a8:0d:2a:
         42:9b:52:37:2a:e9:f8:df:a3:16:97:79:72:5e:27:98:dd:ef:
         30:11:35:34:71:72:fa:3b:4f:13:45:3e:f9:76:1d:98:62:c1:
         c3:dc:cf:13
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzoHLMw2zF8gX1W5rJNliqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDM3MmY2MzkzMmJhN2ZlOGYxNjFiNTY0YjkzODYwNjE0
YTgwYmEwHhcNMjQwMTA4MDgwNzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmRiZDAzYWY4MDk1N2ZjYmNmODg1MjFlNDY2Nzc5ZjVhOTc2NTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6uW7hGwq+kSxjnhnsYRE/8vvq1Hv
lSR1uu3mCDTZKRccI2fD69OV5JvDb2Rxp8HDhKjtAYwd97g/WjEItKiBoUX1UrBQ
k5eG9jopFxOph+K6o+fwq8vlLwpRwxnAcrcDUrb7x2ePs3JiyTz8r/Vuy9hL2/H/
0OqcbOEdeL/TozlesQ3Z6zvRvhkb1G8Eym8BYnLV9CQMaH4mq0OS4F1wyrMw7d5y
mVA1QhYYMPXaf0XnuWJcXnUhNbsC++vAbYkFyS3fMG2XIeAU8gl0gtxaQv1jGFwo
eLPHrgeuzvmY30mR+PG36Fz1Omz/SqJp2N1q9Vwo550P3wqAxW1OrbwdcQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC/b0Dr4CVf8vPiFIeRmd59al2UWMB8GA1UdIwQY
MBaAFJ5DcvY5Mrp/6PFhtWS5OGBhSoC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtOeTlqa3l1bl9vOFdHMVpMazRZR0ZLZ0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi8zOTY3YTYtNzlmMy00YWZmLWIzNGIt
YWUwZWE2NjQzYmJkLzEvTDl2UU92Z0pWX3k4LUlVaDVHWjNuMXFYWlJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi8zOTY3YTYtNzlmMy00YWZmLWIzNGItYWUwZWE2NjQzYmJk
LzEvbmtOeTlqa3l1bl9vOFdHMVpMazRZR0ZLZ0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBXmZaAwQF
XorAAwQCuTC0MA0GCSqGSIb3DQEBCwUAA4IBAQCLOP1M1aoMGMqjupribZ0yB6I2
t8NmfTKoxBgt7pyk5HxymfCkkXZfjYKvWuM0Yh2XxKerwijBZMKKkbrds8BNoDMt
5tg7mdvHjGMWWgI0N+IIkMTThggJvHMDFrB8q2tsFJ1apXOkuEVsPsUT5AXr1oLK
PZljCMA8HNqPv//+DwGwvY539uTrFH4hePHwLvm5M1w/toRmCKmg6US7KMbgUhrR
wpMEkARTV6CEB5qtcs877oaU9wEGhXH/dPi3T6hNMJbzHI3t1j4iMFmyzPdAmN2/
vAWoDSpCm1I3Kun436MWl3lyXieY3e8wETU0cXL6O08TRT75dh2YYsHD3M8T
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:18:01 2024 by rpki-client on console-ams.rpki-client.org