Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/fWA6gfjGNfVmUIhS-Wyiz7NFx2Q.roa
File:                     fWA6gfjGNfVmUIhS-Wyiz7NFx2Q.roa (raw, json)
Hash identifier:          sAcjgthsqM9uYhWCylT+9oS6kRfZAzv5mZVci8aOheA=
Subject key identifier:   7D:60:3A:81:F8:C6:35:F5:66:50:88:52:F9:6C:A2:CF:B3:45:C7:64
Certificate issuer:       /CN=a968adf120a74a5d10809cfd3cb6814fc89b1f46
Certificate serial:       018CC64A8440F0A6E4603240F2AB4FBD684E
Authority key identifier: A9:68:AD:F1:20:A7:4A:5D:10:80:9C:FD:3C:B6:81:4F:C8:9B:1F:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qWit8SCnSl0QgJz9PLaBT8ibH0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/fWA6gfjGNfVmUIhS-Wyiz7NFx2Q.roa
Signing time:             Mon 01 Jan 2024 18:30:21 +0000
ROA not before:           Mon 01 Jan 2024 18:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39507
IP address blocks:        176.101.80.0/21 maxlen: 21
                          91.234.100.0/22 maxlen: 22
                          46.253.208.0/20 maxlen: 20
                          91.237.219.0/24 maxlen: 24
                          91.237.224.0/22 maxlen: 22
                          91.231.32.0/23 maxlen: 23
                          185.41.80.0/22 maxlen: 22
                          185.245.44.0/22 maxlen: 22
                          91.221.158.0/23 maxlen: 23
                          194.180.220.0/22 maxlen: 22
                          188.191.216.0/21 maxlen: 21
                          185.3.60.0/22 maxlen: 22
                          91.224.196.0/23 maxlen: 23
                          95.171.192.0/19 maxlen: 19
                          185.234.232.0/22 maxlen: 22
                          91.222.72.0/22 maxlen: 22
                          185.23.44.0/22 maxlen: 22
                          91.237.228.0/23 maxlen: 23
                          176.101.128.0/20 maxlen: 20
                          185.253.64.0/22 maxlen: 22
                          185.107.140.0/22 maxlen: 22
                          185.95.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/qWit8SCnSl0QgJz9PLaBT8ibH0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/qWit8SCnSl0QgJz9PLaBT8ibH0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qWit8SCnSl0QgJz9PLaBT8ibH0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:84:40:f0:a6:e4:60:32:40:f2:ab:4f:bd:68:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a968adf120a74a5d10809cfd3cb6814fc89b1f46
        Validity
            Not Before: Jan  1 18:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d603a81f8c635f566508852f96ca2cfb345c764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a5:21:48:5a:21:63:85:79:ef:d7:46:0f:d1:
                    f8:96:f4:d0:27:c6:76:fa:d5:40:87:6e:45:95:20:
                    42:97:14:8a:90:6d:6a:2b:dd:76:7e:59:6b:b3:1c:
                    d2:5f:04:0e:1d:96:09:45:93:88:fd:f5:5f:b9:8e:
                    76:b6:ac:47:d6:88:ce:2c:0d:6f:8e:84:89:49:6b:
                    b3:66:7f:0e:e9:78:cf:72:8f:f0:9f:b9:64:41:da:
                    8c:8a:08:d4:5c:f0:3a:af:92:94:97:82:78:cf:17:
                    c8:06:89:54:b0:a1:31:73:4c:44:54:ce:30:4a:89:
                    49:69:34:0d:3d:45:21:c7:1e:e0:f2:28:7b:97:b7:
                    1b:e1:ed:32:2a:32:b5:42:f5:3c:99:f8:77:97:db:
                    82:4a:cb:87:c2:bc:7c:21:ac:0e:c6:cc:0b:66:5c:
                    fa:09:ff:b1:0e:86:06:7a:07:e2:f5:21:36:48:cf:
                    96:76:eb:17:4a:7e:59:ac:eb:0e:26:b2:8a:c5:2c:
                    49:e7:2e:c4:a0:2f:c8:bd:ee:c0:d7:c1:60:a5:f0:
                    b8:00:f9:79:b7:55:54:2f:6d:09:cf:6a:7e:f9:0d:
                    7f:79:80:3f:fc:e1:71:8d:2a:6c:66:8d:c6:67:b8:
                    23:c3:76:bf:e2:92:58:30:60:41:7f:e9:ec:28:20:
                    9c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:60:3A:81:F8:C6:35:F5:66:50:88:52:F9:6C:A2:CF:B3:45:C7:64
            X509v3 Authority Key Identifier:
                keyid:A9:68:AD:F1:20:A7:4A:5D:10:80:9C:FD:3C:B6:81:4F:C8:9B:1F:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qWit8SCnSl0QgJz9PLaBT8ibH0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/fWA6gfjGNfVmUIhS-Wyiz7NFx2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c4b211-c089-4c05-803b-80ce45861239/1/qWit8SCnSl0QgJz9PLaBT8ibH0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.208.0/20
                  91.221.158.0/23
                  91.222.72.0/22
                  91.224.196.0/23
                  91.231.32.0/23
                  91.234.100.0/22
                  91.237.219.0/24
                  91.237.224.0-91.237.229.255
                  95.171.192.0/19
                  176.101.80.0/21
                  176.101.128.0/20
                  185.3.60.0/22
                  185.23.44.0/22
                  185.41.80.0/22
                  185.95.196.0/22
                  185.107.140.0/22
                  185.234.232.0/22
                  185.245.44.0/22
                  185.253.64.0/22
                  188.191.216.0/21
                  194.180.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:d7:af:8c:02:78:bc:23:72:b0:5c:bd:7b:d5:15:20:f9:3b:
         0c:8e:02:55:0c:f1:8f:50:a0:05:02:2d:b4:1a:cc:e9:f3:e7:
         33:20:50:de:72:16:a5:bf:ad:f3:98:36:98:92:04:87:9f:50:
         80:d1:9d:46:e7:1a:cf:1e:91:f4:72:79:46:8b:d2:a2:cb:e7:
         c6:82:4e:b7:b5:23:63:18:43:c4:4d:13:88:af:16:a1:f1:5d:
         6b:7c:ff:f7:6f:89:b6:90:4a:96:fa:86:8d:d8:42:c3:9d:c6:
         0f:e3:6e:a5:a0:82:22:c0:7e:4d:40:81:57:78:c5:07:f3:2f:
         0e:60:10:49:9c:3b:3e:f2:6b:c5:61:f3:a3:79:86:c2:78:22:
         6f:f6:da:74:3f:34:be:0e:38:7e:13:23:1b:f2:d3:d9:45:8d:
         fb:6d:b2:8e:d5:ea:28:d4:f9:06:d4:d2:dc:84:68:50:cf:e9:
         eb:ae:1b:ca:1b:ba:9c:8f:60:d3:ee:79:d0:6e:52:64:2c:d8:
         5a:45:8d:2e:e0:f2:91:6c:76:98:42:ee:30:e9:5b:56:85:ef:
         85:62:8e:da:53:9c:6a:3b:9a:a0:6d:e1:3f:de:d5:5f:4f:59:
         13:72:6b:2e:60:75:51:35:7c:87:42:db:54:ff:26:40:9a:c9:
         4f:aa:8d:8f
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgISAYzGSoRA8KbkYDJA8qtPvWhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NjhhZGYxMjBhNzRhNWQxMDgwOWNmZDNjYjY4MTRmYzg5
YjFmNDYwHhcNMjQwMTAxMTgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDYwM2E4MWY4YzYzNWY1NjY1MDg4NTJmOTZjYTJjZmIzNDVjNzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKUhSFohY4V579dGD9H4lvTQJ8Z2
+tVAh25FlSBClxSKkG1qK912fllrsxzSXwQOHZYJRZOI/fVfuY52tqxH1ojOLA1v
joSJSWuzZn8O6XjPco/wn7lkQdqMigjUXPA6r5KUl4J4zxfIBolUsKExc0xEVM4w
SolJaTQNPUUhxx7g8ih7l7cb4e0yKjK1QvU8mfh3l9uCSsuHwrx8IawOxswLZlz6
Cf+xDoYGegfi9SE2SM+WdusXSn5ZrOsOJrKKxSxJ5y7EoC/Ive7A18FgpfC4APl5
t1VUL20Jz2p++Q1/eYA//OFxjSpsZo3GZ7gjw3a/4pJYMGBBf+nsKCCc3QIDAQAB
o4ICjjCCAoowHQYDVR0OBBYEFH1gOoH4xjX1ZlCIUvlsos+zRcdkMB8GA1UdIwQY
MBaAFKlorfEgp0pdEICc/Ty2gU/Imx9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVdpdDhTQ25TbDBRZ0p6OVBMYUJUOGliSDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jNGIyMTEtYzA4OS00YzA1LTgwM2It
ODBjZTQ1ODYxMjM5LzEvZldBNmdmakdOZlZtVUloUy1XeWl6N05GeDJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jNGIyMTEtYzA4OS00YzA1LTgwM2ItODBjZTQ1ODYxMjM5
LzEvcVdpdDhTQ25TbDBRZ0p6OVBMYUJUOGliSDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGjBggrBgEFBQcBBwEB/wSBkzCBkDCBjQQCAAEwgYYDBAQu
/dADBAFb3Z4DBAJb3kgDBAFb4MQDBAFb5yADBAJb6mQDBABb7dswDAMEBVvt4AME
AVvt5AMEBV+rwAMEA7BlUAMEBLBlgAMEArkDPAMEArkXLAMEArkpUAMEArlfxAME
ArlrjAMEArnq6AMEArn1LAMEArn9QAMEA7y/2AMEAsK03DANBgkqhkiG9w0BAQsF
AAOCAQEAfNevjAJ4vCNysFy9e9UVIPk7DI4CVQzxj1CgBQIttBrM6fPnMyBQ3nIW
pb+t85g2mJIEh59QgNGdRucazx6R9HJ5RovSosvnxoJOt7UjYxhDxE0TiK8WofFd
a3z/92+JtpBKlvqGjdhCw53GD+NupaCCIsB+TUCBV3jFB/MvDmAQSZw7PvJrxWHz
o3mGwngib/badD80vg44fhMjG/LT2UWN+22yjtXqKNT5BtTS3IRoUM/p664byhu6
nI9g0+550G5SZCzYWkWNLuDykWx2mELuMOlbVoXvhWKO2lOcajuaoG3hP97VX09Z
E3JrLmB1UTV8h0LbVP8mQJrJT6qNjw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:01:45 2024 by rpki-client on console-ams.rpki-client.org