Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/xaY25wbKuPGU48V_UzGEyy4WR8U.roa
File:                     xaY25wbKuPGU48V_UzGEyy4WR8U.roa (raw, json)
Hash identifier:          7J12ICPB5cUoyPLI8sikjvf7zu2e7sHeRohBWKkf3v0=
Subject key identifier:   C5:A6:36:E7:06:CA:B8:F1:94:E3:C5:7F:53:31:84:CB:2E:16:47:C5
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B335221C5EB00228CD2133633FA8
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/xaY25wbKuPGU48V_UzGEyy4WR8U.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        195.245.103.0/24 maxlen: 24
                          194.32.222.0/24 maxlen: 24
                          45.140.175.0/24 maxlen: 24
                          45.144.37.0/24 maxlen: 24
                          92.249.15.0/24 maxlen: 24
                          92.249.12.0/24 maxlen: 24
                          45.154.163.0/24 maxlen: 24
                          45.154.160.0/24 maxlen: 24
                          45.154.161.0/24 maxlen: 24
                          91.191.184.0/24 maxlen: 24
                          45.94.20.0/24 maxlen: 24
                          45.150.60.0/24 maxlen: 24
                          45.150.61.0/24 maxlen: 24
                          45.146.230.0/24 maxlen: 24
                          45.146.231.0/24 maxlen: 24
                          45.146.168.0/24 maxlen: 24
                          45.146.169.0/24 maxlen: 24
                          45.146.171.0/24 maxlen: 24
                          45.147.0.0/24 maxlen: 24
                          193.150.99.0/24 maxlen: 24
                          91.221.39.0/24 maxlen: 24
                          45.85.66.0/24 maxlen: 24
                          91.230.38.0/24 maxlen: 24
                          91.230.39.0/24 maxlen: 24
                          194.55.105.0/24 maxlen: 24
                          194.55.102.0/24 maxlen: 24
                          45.153.54.0/24 maxlen: 24
                          45.153.55.0/24 maxlen: 24
                          45.153.52.0/24 maxlen: 24
                          45.153.53.0/24 maxlen: 24
                          109.196.172.0/24 maxlen: 24
                          45.149.132.0/24 maxlen: 24
                          45.152.226.0/24 maxlen: 24
                          45.152.224.0/24 maxlen: 24
                          45.149.135.0/24 maxlen: 24
                          91.220.81.0/24 maxlen: 24
                          194.156.93.0/24 maxlen: 24
                          45.155.61.0/24 maxlen: 24
                          45.141.197.0/24 maxlen: 24
                          194.61.77.0/24 maxlen: 24
                          45.148.240.0/24 maxlen: 24
                          45.148.241.0/24 maxlen: 24
                          45.148.242.0/24 maxlen: 24
                          45.145.169.0/24 maxlen: 24
                          45.145.170.0/24 maxlen: 24
                          45.145.88.0/24 maxlen: 24
                          45.145.89.0/24 maxlen: 24
                          45.145.91.0/24 maxlen: 24
                          109.94.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b3:35:22:1c:5e:b0:02:28:cd:21:33:63:3f:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5a636e706cab8f194e3c57f533184cb2e1647c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f5:40:c0:0c:29:65:c8:16:79:a4:97:3d:ae:
                    af:1d:e6:74:87:f3:83:0a:a9:7d:4c:a2:f4:5e:aa:
                    b2:1a:06:01:b7:0d:ad:df:0a:e9:ed:50:7a:8d:1d:
                    cf:23:c8:a3:8b:6c:12:53:4c:e2:39:3c:e1:10:47:
                    43:52:86:00:1b:0c:06:fa:19:85:4f:1f:f6:1d:c1:
                    e2:f9:07:66:59:09:a6:b1:bc:00:1d:28:03:78:ce:
                    57:6c:0d:6c:46:53:5e:c4:1d:40:c7:38:b1:6d:73:
                    2e:90:81:1f:b0:85:a3:21:9a:d1:5d:7d:97:6c:82:
                    c0:f1:21:ae:1d:56:2a:c6:ec:af:04:d3:c8:74:46:
                    88:65:52:bb:80:44:10:78:1f:a0:06:f8:7b:07:e8:
                    54:28:03:ae:ce:a1:c7:dc:a7:70:cb:00:79:db:52:
                    56:6d:c1:e8:ab:79:1d:71:37:f5:3c:f0:28:f0:99:
                    d4:d7:50:16:01:89:eb:0e:b9:8a:1a:f7:8a:e8:b4:
                    ba:84:9a:75:8e:e6:8b:9d:e1:52:7b:53:a8:cd:a0:
                    0f:72:b4:45:7f:3d:05:09:82:21:4c:97:1e:c9:0d:
                    7d:31:57:ab:85:64:bd:75:bb:86:61:bf:ad:d2:f7:
                    56:bd:67:c1:1f:1c:f1:0b:06:02:1d:06:c9:f2:d4:
                    b4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A6:36:E7:06:CA:B8:F1:94:E3:C5:7F:53:31:84:CB:2E:16:47:C5
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/xaY25wbKuPGU48V_UzGEyy4WR8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.66.0/24
                  45.94.20.0/24
                  45.140.175.0/24
                  45.141.197.0/24
                  45.144.37.0/24
                  45.145.88.0/23
                  45.145.91.0/24
                  45.145.169.0-45.145.170.255
                  45.146.168.0/23
                  45.146.171.0/24
                  45.146.230.0/23
                  45.147.0.0/24
                  45.148.240.0-45.148.242.255
                  45.149.132.0/24
                  45.149.135.0/24
                  45.150.60.0/23
                  45.152.224.0/24
                  45.152.226.0/24
                  45.153.52.0/22
                  45.154.160.0/23
                  45.154.163.0/24
                  45.155.61.0/24
                  91.191.184.0/24
                  91.220.81.0/24
                  91.221.39.0/24
                  91.230.38.0/23
                  92.249.12.0/24
                  92.249.15.0/24
                  109.94.210.0/24
                  109.196.172.0/24
                  193.150.99.0/24
                  194.32.222.0/24
                  194.55.102.0/24
                  194.55.105.0/24
                  194.61.77.0/24
                  194.156.93.0/24
                  195.245.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:f1:56:da:3c:73:b2:d9:da:8f:9b:e4:71:cb:6c:e7:97:ff:
         d6:af:18:f5:ab:13:97:25:72:46:fb:94:c5:5c:a0:d8:24:57:
         ba:de:00:25:16:5f:0c:de:6f:ca:6a:1d:91:9d:c3:26:a0:16:
         97:57:ad:dd:88:19:79:26:9f:1d:4c:1a:03:8a:5a:74:f2:60:
         80:ff:de:5b:a7:e0:a0:0e:c2:eb:7e:c4:2e:16:99:aa:2d:af:
         72:d3:55:25:89:06:2d:03:7d:53:96:ab:98:4f:8c:8f:01:19:
         4c:4d:29:43:0f:6e:e6:c2:7c:c1:2f:56:04:f6:45:2b:a1:bf:
         3a:c6:65:28:4a:cb:09:12:99:e0:be:31:ec:15:f1:60:4f:c1:
         68:51:c6:d0:a0:65:4c:58:86:fb:3e:e4:56:b1:da:08:a3:36:
         01:90:23:ac:4e:34:ee:53:a0:30:ed:00:7b:74:77:09:ab:6f:
         9a:7a:38:57:e4:b4:f5:1c:38:d2:43:c7:88:d7:09:48:cb:dc:
         e4:f1:68:2d:55:05:83:61:80:cf:b6:d2:43:b8:f4:53:32:c4:
         56:f0:20:f6:b7:63:ee:46:4d:a9:24:7c:eb:f2:94:a3:4d:bd:
         72:cb:42:8a:d5:54:a8:31:16:55:ec:74:a9:70:b8:c7:83:47:
         4c:d6:62:ed
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgISAYzGt7M1IhxesAIozSEzYz+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE2MzZlNzA2Y2FiOGYxOTRlM2M1N2Y1MzMxODRjYjJlMTY0N2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfVAwAwpZcgWeaSXPa6vHeZ0h/OD
Cql9TKL0XqqyGgYBtw2t3wrp7VB6jR3PI8iji2wSU0ziOTzhEEdDUoYAGwwG+hmF
Tx/2HcHi+QdmWQmmsbwAHSgDeM5XbA1sRlNexB1AxzixbXMukIEfsIWjIZrRXX2X
bILA8SGuHVYqxuyvBNPIdEaIZVK7gEQQeB+gBvh7B+hUKAOuzqHH3KdwywB521JW
bcHoq3kdcTf1PPAo8JnU11AWAYnrDrmKGveK6LS6hJp1juaLneFSe1OozaAPcrRF
fz0FCYIhTJceyQ19MVerhWS9dbuGYb+t0vdWvWfBHxzxCwYCHQbJ8tS0uwIDAQAB
o4IC9zCCAvMwHQYDVR0OBBYEFMWmNucGyrjxlOPFf1MxhMsuFkfFMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEveGFZMjV3Ykt1UEdVNDhWX1V6R0V5eTRXUjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCwYIKwYBBQUHAQcBAf8EgfswgfgwgfUEAgABMIHuAwQA
LVVCAwQALV4UAwQALYyvAwQALY3FAwQALZAlAwQBLZFYAwQALZFbMAwDBAAtkakD
BAAtkaoDBAEtkqgDBAAtkqsDBAEtkuYDBAAtkwAwDAMEBC2U8AMEAC2U8gMEAC2V
hAMEAC2VhwMEAS2WPAMEAC2Y4AMEAC2Y4gMEAi2ZNAMEAS2aoAMEAC2aowMEAC2b
PQMEAFu/uAMEAFvcUQMEAFvdJwMEAVvmJgMEAFz5DAMEAFz5DwMEAG1e0gMEAG3E
rAMEAMGWYwMEAMIg3gMEAMI3ZgMEAMI3aQMEAMI9TQMEAMKcXQMEAMP1ZzANBgkq
hkiG9w0BAQsFAAOCAQEAjvFW2jxzstnaj5vkccts55f/1q8Y9asTlyVyRvuUxVyg
2CRXut4AJRZfDN5vymodkZ3DJqAWl1et3YgZeSafHUwaA4padPJggP/eW6fgoA7C
637ELhaZqi2vctNVJYkGLQN9U5armE+MjwEZTE0pQw9u5sJ8wS9WBPZFK6G/OsZl
KErLCRKZ4L4x7BXxYE/BaFHG0KBlTFiG+z7kVrHaCKM2AZAjrE407lOgMO0Ae3R3
Catvmno4V+S09Rw40kPHiNcJSMvc5PFoLVUFg2GAz7bSQ7j0UzLEVvAg9rdj7kZN
qSR86/KUo029cstCitVUqDEWVex0qXC4x4NHTNZi7Q==
-----END CERTIFICATE-----
Generated at Sat Jun 15 19:56:58 2024 by rpki-client on console-fra.rpki-client.org