Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/aW2pswfyFoRSx1GYnGoKm5n1eXM.roa
File:                     aW2pswfyFoRSx1GYnGoKm5n1eXM.roa (raw, json)
Hash identifier:          KkBxksAcMbyRpgx9+ihsRUjJalQqEOCm1CY7VULFiIg=
Subject key identifier:   69:6D:A9:B3:07:F2:16:84:52:C7:51:98:9C:6A:0A:9B:99:F5:79:73
Certificate issuer:       /CN=dd97c7ca05bcc3d6a2ad1ba235bed8feab694550
Certificate serial:       019010E2736328488BB91D693440638E9C1B
Authority key identifier: DD:97:C7:CA:05:BC:C3:D6:A2:AD:1B:A2:35:BE:D8:FE:AB:69:45:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ZfHygW8w9airRuiNb7Y_qtpRVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/aW2pswfyFoRSx1GYnGoKm5n1eXM.roa
Signing time:             Thu 13 Jun 2024 09:16:34 +0000
ROA not before:           Thu 13 Jun 2024 09:16:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52145
IP address blocks:        46.253.88.0/21 maxlen: 21
                          46.253.90.0/24 maxlen: 24
                          46.253.90.0/25 maxlen: 25
                          46.253.90.128/25 maxlen: 25
                          46.253.93.0/24 maxlen: 24
                          46.253.94.0/24 maxlen: 24
                          46.253.95.0/24 maxlen: 24
                          2a04:19c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/3ZfHygW8w9airRuiNb7Y_qtpRVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/3ZfHygW8w9airRuiNb7Y_qtpRVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ZfHygW8w9airRuiNb7Y_qtpRVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:e2:73:63:28:48:8b:b9:1d:69:34:40:63:8e:9c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd97c7ca05bcc3d6a2ad1ba235bed8feab694550
        Validity
            Not Before: Jun 13 09:16:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=696da9b307f2168452c751989c6a0a9b99f57973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1e:62:ae:39:2b:6e:cf:eb:d2:cc:c3:96:cc:
                    a0:f4:12:92:63:08:ee:a7:55:ba:47:cc:a7:0f:da:
                    47:b2:03:c5:eb:4b:5d:f0:c6:ab:3c:17:19:b8:9d:
                    3f:e7:0c:80:45:af:a2:1a:57:e5:16:19:b5:17:fc:
                    de:c8:3b:7f:ea:a3:23:35:fa:35:84:60:79:17:78:
                    10:a7:41:93:a6:f8:c6:61:e9:ae:da:c3:83:99:44:
                    06:d0:09:c9:a5:81:6c:13:41:dd:14:3e:e8:c8:a2:
                    86:e8:6e:c9:d4:c5:67:22:92:bf:b0:49:de:ed:e3:
                    8b:07:3e:11:b0:5b:3e:11:c8:7c:b3:d8:65:17:e2:
                    b8:70:03:d3:3a:69:58:bd:09:fa:1d:37:26:6b:d4:
                    26:29:c8:19:4e:93:96:69:49:1f:79:cc:f7:bf:73:
                    38:68:fa:62:72:eb:3e:df:12:2a:5a:ad:6f:9c:80:
                    41:88:7d:77:d4:f2:59:b2:11:eb:1f:93:96:93:b5:
                    85:ad:c6:81:28:93:4f:62:00:7a:0f:50:9c:5c:e2:
                    3f:68:54:53:93:c1:50:85:3b:46:f5:ee:3e:8e:d1:
                    59:34:54:ed:26:18:df:2d:70:8b:28:d6:1e:1b:27:
                    6d:1c:01:ea:ca:8a:f4:fa:f0:c2:81:e6:b8:37:31:
                    59:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:6D:A9:B3:07:F2:16:84:52:C7:51:98:9C:6A:0A:9B:99:F5:79:73
            X509v3 Authority Key Identifier:
                keyid:DD:97:C7:CA:05:BC:C3:D6:A2:AD:1B:A2:35:BE:D8:FE:AB:69:45:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ZfHygW8w9airRuiNb7Y_qtpRVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/aW2pswfyFoRSx1GYnGoKm5n1eXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/3ZfHygW8w9airRuiNb7Y_qtpRVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.88.0/21
                IPv6:
                  2a04:19c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:1e:ed:45:cc:3f:5f:49:71:86:77:7a:ef:b0:c4:c4:bd:3a:
         97:19:99:bb:a2:57:8c:45:a9:50:22:dc:96:f9:f5:dc:ce:cf:
         29:e5:a7:65:65:b8:07:10:0b:89:0e:c8:fa:b2:d6:14:c8:6e:
         79:15:54:14:be:03:70:42:1d:6f:f1:a4:99:81:79:bc:a1:d0:
         22:7f:d5:39:64:f5:28:d0:35:ae:4c:05:5f:8c:e4:a5:64:d2:
         3b:b2:15:74:a7:4f:f1:66:a9:ef:b3:58:56:bd:a1:76:76:30:
         e5:26:32:59:b2:87:34:60:2e:13:4e:51:e7:3c:9c:0b:2a:65:
         46:0c:83:20:53:70:4b:1f:67:bd:91:77:94:03:ce:39:7b:30:
         38:03:26:89:11:df:35:bc:8d:78:c0:b4:36:37:55:11:bb:7b:
         e6:17:7e:49:88:d0:29:c5:ce:70:21:5e:e9:b8:96:e6:39:42:
         63:fc:fe:e1:08:48:22:5b:61:d7:eb:99:93:9f:3a:31:13:37:
         d7:4f:96:07:4c:88:1d:83:b4:20:c1:2b:25:4b:13:8d:02:6c:
         49:49:c3:a5:d4:e6:ae:67:10:0b:19:44:46:36:49:93:22:89:
         86:4d:94:e5:63:44:0d:24:54:9a:a8:fa:ce:e8:9d:b3:ec:21:
         2e:f5:a4:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZAQ4nNjKEiLuR1pNEBjjpwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkOTdjN2NhMDViY2MzZDZhMmFkMWJhMjM1YmVkOGZlYWI2
OTQ1NTAwHhcNMjQwNjEzMDkxNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTZkYTliMzA3ZjIxNjg0NTJjNzUxOTg5YzZhMGE5Yjk5ZjU3OTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAux5irjkrbs/r0szDlsyg9BKSYwju
p1W6R8ynD9pHsgPF60td8MarPBcZuJ0/5wyARa+iGlflFhm1F/zeyDt/6qMjNfo1
hGB5F3gQp0GTpvjGYemu2sODmUQG0AnJpYFsE0HdFD7oyKKG6G7J1MVnIpK/sEne
7eOLBz4RsFs+Ech8s9hlF+K4cAPTOmlYvQn6HTcma9QmKcgZTpOWaUkfecz3v3M4
aPpicus+3xIqWq1vnIBBiH131PJZshHrH5OWk7WFrcaBKJNPYgB6D1CcXOI/aFRT
k8FQhTtG9e4+jtFZNFTtJhjfLXCLKNYeGydtHAHqyor0+vDCgea4NzFZuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGltqbMH8haEUsdRmJxqCpuZ9XlzMB8GA1UdIwQY
MBaAFN2Xx8oFvMPWoq0bojW+2P6raUVQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1pmSHlnVzh3OWFpclJ1aU5iN1lfcXRwUlZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9lMzJhOWEtODNlMC00ZmI5LWFjNzEt
NGQ0YjE2MTQ0ZDY4LzEvYVcycHN3ZnlGb1JTeDFHWW5Hb0ttNW4xZVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9lMzJhOWEtODNlMC00ZmI5LWFjNzEtNGQ0YjE2MTQ0ZDY4
LzEvM1pmSHlnVzh3OWFpclJ1aU5iN1lfcXRwUlZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLv1YMA0E
AgACMAcDBQMqBBnAMA0GCSqGSIb3DQEBCwUAA4IBAQCDHu1FzD9fSXGGd3rvsMTE
vTqXGZm7oleMRalQItyW+fXczs8p5adlZbgHEAuJDsj6stYUyG55FVQUvgNwQh1v
8aSZgXm8odAif9U5ZPUo0DWuTAVfjOSlZNI7shV0p0/xZqnvs1hWvaF2djDlJjJZ
soc0YC4TTlHnPJwLKmVGDIMgU3BLH2e9kXeUA845ezA4AyaJEd81vI14wLQ2N1UR
u3vmF35JiNApxc5wIV7puJbmOUJj/P7hCEgiW2HX65mTnzoxEzfXT5YHTIgdg7Qg
wSslSxONAmxJScOl1OauZxALGURGNkmTIomGTZTlY0QNJFSaqPrO6J2z7CEu9aQh
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:48:22 2024 by rpki-client on console-ams.rpki-client.org