Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/QRVhwubhTibIe73r-9jKpkQoPVs.roa
File:                     QRVhwubhTibIe73r-9jKpkQoPVs.roa (raw, json)
Hash identifier:          Mmf5lF/NMDS3mDElX6bkZc7sEYFTrSjbET/BLIhIxSE=
Subject key identifier:   41:15:61:C2:E6:E1:4E:26:C8:7B:BD:EB:FB:D8:CA:A6:44:28:3D:5B
Certificate issuer:       /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial:       018CC5DCB04E2C7A9AB3EE78A313BC86073B
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/QRVhwubhTibIe73r-9jKpkQoPVs.roa
Signing time:             Mon 01 Jan 2024 16:30:23 +0000
ROA not before:           Mon 01 Jan 2024 16:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6739
IP address blocks:        81.60.0.0/15 maxlen: 18
                          62.100.96.0/19 maxlen: 19
                          2.154.192.0/18 maxlen: 18
                          84.127.229.0/24 maxlen: 24
                          81.202.0.0/15 maxlen: 15
                          212.97.160.0/19 maxlen: 19
                          213.37.0.0/16 maxlen: 16
                          5.40.0.0/16 maxlen: 16
                          82.158.0.0/15 maxlen: 16
                          62.57.0.0/16 maxlen: 16
                          89.140.0.0/16 maxlen: 17
                          95.39.0.0/16 maxlen: 19
                          212.79.128.0/19 maxlen: 19
                          83.173.128.0/18 maxlen: 18
                          80.224.0.0/16 maxlen: 16
                          85.251.0.0/16 maxlen: 17
                          212.183.192.0/18 maxlen: 18
                          84.120.0.0/13 maxlen: 19
                          194.140.128.0/18 maxlen: 18
                          2.154.0.0/16 maxlen: 16
                          81.184.0.0/16 maxlen: 16
                          213.231.64.0/18 maxlen: 18
                          80.174.0.0/16 maxlen: 17
                          62.174.0.0/15 maxlen: 19
                          213.201.0.0/17 maxlen: 17
                          62.82.0.0/15 maxlen: 16
                          80.173.0.0/16 maxlen: 17
                          212.78.128.0/19 maxlen: 19
                          194.149.192.0/19 maxlen: 19
                          194.106.0.0/19 maxlen: 19
                          213.254.64.0/18 maxlen: 18
                          62.42.0.0/15 maxlen: 16
                          212.21.224.0/19 maxlen: 19
                          82.213.128.0/18 maxlen: 18
                          85.136.0.0/15 maxlen: 15
                          213.227.0.0/18 maxlen: 18
                          212.95.192.0/19 maxlen: 19
                          79.108.0.0/15 maxlen: 18
                          85.219.0.0/17 maxlen: 17
                          85.155.0.0/16 maxlen: 16
                          62.81.0.0/16 maxlen: 24
                          85.155.174.0/24 maxlen: 24
                          212.40.224.0/19 maxlen: 19
                          212.40.224.0/24 maxlen: 24
                          2.152.0.0/16 maxlen: 16
                          217.216.0.0/15 maxlen: 15
                          185.128.128.0/22 maxlen: 24
                          2.152.0.0/14 maxlen: 17
                          62.101.160.0/19 maxlen: 19
                          2a02:a800::/26 maxlen: 26

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:b0:4e:2c:7a:9a:b3:ee:78:a3:13:bc:86:07:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
        Validity
            Not Before: Jan  1 16:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=411561c2e6e14e26c87bbdebfbd8caa644283d5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d9:7d:fe:03:be:cc:28:39:81:e9:8a:e8:cb:
                    7c:55:5e:e8:40:b5:d8:41:23:d4:b0:40:35:ef:fb:
                    ef:cb:5f:0c:3e:58:86:fa:94:be:46:73:ec:4c:0d:
                    e0:ad:c8:95:9d:b7:76:ef:8b:5e:85:26:ad:c6:fa:
                    a3:17:ee:aa:3e:a1:e3:b0:6c:55:fa:61:4e:5f:49:
                    95:d5:63:44:94:c9:41:ac:f2:c0:c7:d4:68:12:62:
                    1c:1b:9a:28:f9:8f:dc:27:fc:dd:66:e3:d8:64:09:
                    f4:44:66:46:33:30:55:b0:1a:0f:05:16:e1:29:8e:
                    8b:18:c3:a1:1d:84:db:5d:5a:ab:bf:14:c0:3a:d0:
                    8e:53:eb:9e:e3:3c:5f:a0:d8:bf:59:aa:56:2e:47:
                    af:dc:1a:91:07:38:e5:fb:e5:cf:d0:08:4c:a0:22:
                    75:cc:13:2e:22:87:88:c2:7a:2e:68:4b:92:d7:3a:
                    08:ee:19:3d:88:e1:cc:92:29:9d:4a:e6:ee:1a:93:
                    ba:b9:93:7a:fb:b4:56:50:8a:50:44:90:1a:ec:5d:
                    ce:7a:ec:f2:70:8d:83:37:f2:43:08:88:ce:2a:9f:
                    77:33:8e:cc:d4:41:d0:41:c6:13:f0:c4:0c:d2:0f:
                    de:c9:fb:b5:24:6f:d1:5c:a7:01:d7:39:f7:96:1d:
                    a3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:15:61:C2:E6:E1:4E:26:C8:7B:BD:EB:FB:D8:CA:A6:44:28:3D:5B
            X509v3 Authority Key Identifier:
                keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/QRVhwubhTibIe73r-9jKpkQoPVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.152.0.0/14
                  5.40.0.0/16
                  62.42.0.0/15
                  62.57.0.0/16
                  62.81.0.0-62.83.255.255
                  62.100.96.0/19
                  62.101.160.0/19
                  62.174.0.0/15
                  79.108.0.0/15
                  80.173.0.0-80.174.255.255
                  80.224.0.0/16
                  81.60.0.0/15
                  81.184.0.0/16
                  81.202.0.0/15
                  82.158.0.0/15
                  82.213.128.0/18
                  83.173.128.0/18
                  84.120.0.0/13
                  85.136.0.0/15
                  85.155.0.0/16
                  85.219.0.0/17
                  85.251.0.0/16
                  89.140.0.0/16
                  95.39.0.0/16
                  185.128.128.0/22
                  194.106.0.0/19
                  194.140.128.0/18
                  194.149.192.0/19
                  212.21.224.0/19
                  212.40.224.0/19
                  212.78.128.0/19
                  212.79.128.0/19
                  212.95.192.0/19
                  212.97.160.0/19
                  212.183.192.0/18
                  213.37.0.0/16
                  213.201.0.0/17
                  213.227.0.0/18
                  213.231.64.0/18
                  213.254.64.0/18
                  217.216.0.0/15
                IPv6:
                  2a02:a800::/26

    Signature Algorithm: sha256WithRSAEncryption
         47:b5:d1:d1:c1:cd:12:bd:83:75:6f:69:34:6c:c6:47:8f:f3:
         3d:d2:53:e7:db:58:5a:8e:da:cc:89:9b:26:8d:4d:96:06:f7:
         ee:f1:19:a3:c2:6f:b4:33:99:f4:c9:21:27:69:c5:28:65:1c:
         d8:5e:d7:d6:3b:05:48:89:9f:cd:35:62:9e:1d:05:26:5c:1a:
         e2:9f:f7:cd:4d:bd:df:07:39:11:17:2d:8c:d1:6a:70:32:dc:
         fe:62:15:5c:74:1a:45:2f:36:04:03:01:eb:9f:dc:14:d5:de:
         e7:a8:d3:fc:e8:63:7b:3e:91:a5:d8:08:b6:fb:8f:e4:2e:e0:
         cc:bc:40:74:16:88:3f:2b:6f:ed:3e:32:2c:36:6e:8a:c3:ab:
         89:4f:22:45:ab:93:b4:27:ee:8f:f7:b0:22:ce:70:02:ae:8f:
         2f:b0:29:fd:82:00:20:9b:f4:50:a2:d6:61:24:48:fc:0d:76:
         d2:2e:1c:a7:ad:0d:60:b7:7e:b9:36:9c:ad:2f:35:75:91:6b:
         6f:46:61:8e:4f:fe:e2:fe:bc:d4:b8:d8:d7:4e:d8:87:e9:b0:
         71:b5:31:ec:cb:1f:fe:1d:6e:6a:f7:ed:f1:1a:2a:7d:ed:01:
         87:3d:18:d6:32:91:9d:ac:e0:d5:9c:8b:6e:65:3d:ce:ca:f5:
         19:be:8a:04
-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgISAYzF3LBOLHqas+54oxO8hgc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjQwMTAxMTYzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTE1NjFjMmU2ZTE0ZTI2Yzg3YmJkZWJmYmQ4Y2FhNjQ0MjgzZDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNl9/gO+zCg5gemK6Mt8VV7oQLXY
QSPUsEA17/vvy18MPliG+pS+RnPsTA3grciVnbd274tehSatxvqjF+6qPqHjsGxV
+mFOX0mV1WNElMlBrPLAx9RoEmIcG5oo+Y/cJ/zdZuPYZAn0RGZGMzBVsBoPBRbh
KY6LGMOhHYTbXVqrvxTAOtCOU+ue4zxfoNi/WapWLkev3BqRBzjl++XP0AhMoCJ1
zBMuIoeIwnouaEuS1zoI7hk9iOHMkimdSubuGpO6uZN6+7RWUIpQRJAa7F3Oeuzy
cI2DN/JDCIjOKp93M47M1EHQQcYT8MQM0g/eyfu1JG/RXKcB1zn3lh2jOQIDAQAB
o4IDCTCCAwUwHQYDVR0OBBYEFEEVYcLm4U4myHu96/vYyqZEKD1bMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvUVJWaHd1YmhUaWJJZTczci05aktwa1FvUFZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHQYIKwYBBQUHAQcBAf8EggEMMIIBCDCB9gQCAAEwge8D
AwICmAMDAAUoAwMBPioDAwA+OTAKAwMAPlEDAwI+UAMEBT5kYAMEBT5loAMDAT6u
AwMBT2wwCgMDAFCtAwMAUK4DAwBQ4AMDAVE8AwMAUbgDAwFRygMDAVKeAwQGUtWA
AwQGU62AAwMDVHgDAwFViAMDAFWbAwQHVdsAAwMAVfsDAwBZjAMDAF8nAwQCuYCA
AwQFwmoAAwQGwoyAAwQFwpXAAwQF1BXgAwQF1CjgAwQF1E6AAwQF1E+AAwQF1F/A
AwQF1GGgAwQG1LfAAwMA1SUDBAfVyQADBAbV4wADBAbV50ADBAbV/kADAwHZ2DAN
BAIAAjAHAwUGKgKoADANBgkqhkiG9w0BAQsFAAOCAQEAR7XR0cHNEr2DdW9pNGzG
R4/zPdJT59tYWo7azImbJo1Nlgb37vEZo8JvtDOZ9MkhJ2nFKGUc2F7X1jsFSImf
zTVinh0FJlwa4p/3zU293wc5ERctjNFqcDLc/mIVXHQaRS82BAMB65/cFNXe56jT
/Ohjez6RpdgItvuP5C7gzLxAdBaIPytv7T4yLDZuisOriU8iRauTtCfuj/ewIs5w
Aq6PL7Ap/YIAIJv0UKLWYSRI/A120i4cp60NYLd+uTacrS81dZFrb0Zhjk/+4v68
1LjY107Yh+mwcbUx7Msf/h1uavft8Roqfe0Bhz0Y1jKRnazg1ZyLbmU9zsr1Gb6K
BA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:28:54 2024 by rpki-client on console-fra.rpki-client.org