Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/QH5h9kNEtNvkMnKSihJPtcTs0HE.roa
File:                     QH5h9kNEtNvkMnKSihJPtcTs0HE.roa (raw, json)
Hash identifier:          AsA1najb9bXe/1fdz6nmzffABId2n/zsPH7Cbk4Xzqs=
Subject key identifier:   40:7E:61:F6:43:44:B4:DB:E4:32:72:92:8A:12:4F:B5:C4:EC:D0:71
Certificate issuer:       /CN=44566c1a283d553ef3f656f57223984dda7c355f
Certificate serial:       0196E94BA30C07DFBFBC595A8E93140C2C17
Authority key identifier: 44:56:6C:1A:28:3D:55:3E:F3:F6:56:F5:72:23:98:4D:DA:7C:35:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFZsGig9VT7z9lb1ciOYTdp8NV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/QH5h9kNEtNvkMnKSihJPtcTs0HE.roa
Signing time:             Mon 19 May 2025 16:06:10 +0000
ROA not before:           Mon 19 May 2025 16:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29399
IP address blocks:        170.84.252.0/23 maxlen: 27
                          178.250.88.0/21 maxlen: 27
                          185.49.128.0/22 maxlen: 27
                          185.212.216.0/22 maxlen: 27
                          195.137.222.0/23 maxlen: 27
                          195.149.85.0/24 maxlen: 27
                          212.85.224.0/24 maxlen: 24
                          212.85.225.0/24 maxlen: 24
                          212.85.226.0/24 maxlen: 24
                          212.85.227.0/24 maxlen: 24
                          2a03:5d00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/RFZsGig9VT7z9lb1ciOYTdp8NV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/RFZsGig9VT7z9lb1ciOYTdp8NV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFZsGig9VT7z9lb1ciOYTdp8NV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 20:45:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e9:4b:a3:0c:07:df:bf:bc:59:5a:8e:93:14:0c:2c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44566c1a283d553ef3f656f57223984dda7c355f
        Validity
            Not Before: May 19 16:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=407e61f64344b4dbe43272928a124fb5c4ecd071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:dc:3b:4d:03:62:85:68:bd:6c:db:8a:e9:45:
                    d4:06:dc:f4:85:06:ab:bc:1d:e0:88:ed:ad:a9:f4:
                    92:05:e5:d9:2f:fc:63:2a:81:62:3a:3b:02:81:87:
                    01:72:d4:c8:ff:07:2b:42:45:d5:c2:dc:f4:18:45:
                    c6:27:36:ec:de:d2:1a:ef:61:ac:fc:84:82:84:22:
                    58:07:84:e6:dc:7c:22:18:aa:ed:f7:a1:86:04:5e:
                    cd:64:d9:d7:78:52:8a:d4:a7:be:8b:61:f5:6f:02:
                    a5:e8:bb:46:10:c1:9c:51:ce:df:70:82:ff:68:1c:
                    36:4b:68:43:a3:b3:5c:78:3a:6b:ef:a1:e2:39:70:
                    db:2a:87:7d:b7:48:30:fd:94:91:c7:fe:3a:d1:b0:
                    3a:1a:01:e7:07:eb:c2:85:c4:23:cb:76:cb:59:47:
                    d9:99:75:c4:76:97:4f:98:9c:6c:27:45:5e:33:b0:
                    68:60:6a:5c:d8:2c:94:40:ed:76:dd:84:bb:7b:e7:
                    a1:a5:72:3f:49:c3:8c:f8:65:e4:d0:fc:ef:c2:f7:
                    06:97:5f:8a:aa:29:79:49:c6:e8:cc:20:e6:ad:7d:
                    94:13:2f:a5:d6:52:04:37:19:2d:10:fc:31:65:c6:
                    9e:e7:b5:2c:7b:75:e3:18:4b:29:89:1e:eb:c6:b6:
                    a1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:7E:61:F6:43:44:B4:DB:E4:32:72:92:8A:12:4F:B5:C4:EC:D0:71
            X509v3 Authority Key Identifier:
                keyid:44:56:6C:1A:28:3D:55:3E:F3:F6:56:F5:72:23:98:4D:DA:7C:35:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFZsGig9VT7z9lb1ciOYTdp8NV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/QH5h9kNEtNvkMnKSihJPtcTs0HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/eeb813-f24c-4175-828b-9d58ce221843/1/RFZsGig9VT7z9lb1ciOYTdp8NV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.84.252.0/23
                  178.250.88.0/21
                  185.49.128.0/22
                  185.212.216.0/22
                  195.137.222.0/23
                  195.149.85.0/24
                  212.85.224.0/22
                IPv6:
                  2a03:5d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:78:42:16:53:e6:26:39:db:68:63:64:58:a8:57:6e:48:70:
         d4:8d:20:98:4b:fb:ba:42:07:9a:5b:bc:aa:df:03:5a:8a:76:
         b5:ef:14:08:e9:17:ef:d6:43:26:8a:8f:71:80:13:98:8c:1d:
         85:7d:c1:4e:c1:c3:5e:9b:e4:b6:4d:67:2d:d9:3e:8d:fe:0b:
         61:97:32:7c:a7:68:5e:29:cd:db:64:ea:75:f0:72:f5:92:ab:
         fc:ce:c3:d2:d6:7c:f7:0c:14:ee:d4:13:ab:9b:52:12:c9:a9:
         28:ca:3f:67:25:ae:04:3a:41:7e:98:c9:3c:84:00:b6:f8:44:
         2d:d9:80:e5:51:60:ac:2a:86:42:0f:e5:5b:aa:09:ef:da:6b:
         85:5b:cc:07:58:a0:c5:9f:e0:0a:b2:a5:07:f2:34:2b:66:fd:
         6e:03:e0:9a:f4:fc:90:49:dd:41:c6:f3:24:4b:41:3a:05:e7:
         36:85:73:bc:14:59:b3:ac:1b:93:8c:de:22:25:88:44:71:96:
         dc:a2:b3:62:a7:ae:3c:f4:64:f0:33:b7:bf:ee:3c:0f:18:29:
         72:3f:6b:c7:3e:aa:90:6c:53:bc:33:32:ab:cc:7f:27:a5:a7:
         9a:b4:75:b7:6d:3d:74:0b:0b:99:3d:ee:e9:ee:7a:1d:26:73:
         a1:ce:c2:3f
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZbpS6MMB9+/vFlajpMUDCwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTY2YzFhMjgzZDU1M2VmM2Y2NTZmNTcyMjM5ODRkZGE3
YzM1NWYwHhcNMjUwNTE5MTYwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDdlNjFmNjQzNDRiNGRiZTQzMjcyOTI4YTEyNGZiNWM0ZWNkMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNw7TQNihWi9bNuK6UXUBtz0hQar
vB3giO2tqfSSBeXZL/xjKoFiOjsCgYcBctTI/wcrQkXVwtz0GEXGJzbs3tIa72Gs
/ISChCJYB4Tm3HwiGKrt96GGBF7NZNnXeFKK1Ke+i2H1bwKl6LtGEMGcUc7fcIL/
aBw2S2hDo7NceDpr76HiOXDbKod9t0gw/ZSRx/460bA6GgHnB+vChcQjy3bLWUfZ
mXXEdpdPmJxsJ0VeM7BoYGpc2CyUQO123YS7e+ehpXI/ScOM+GXk0PzvwvcGl1+K
qil5ScbozCDmrX2UEy+l1lIENxktEPwxZcae57Use3XjGEspiR7rxrahHwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFEB+YfZDRLTb5DJykooST7XE7NBxMB8GA1UdIwQY
MBaAFERWbBooPVU+8/ZW9XIjmE3afDVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZac0dpZzlWVDd6OWxiMWNpT1lUZHA4TlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lZWI4MTMtZjI0Yy00MTc1LTgyOGIt
OWQ1OGNlMjIxODQzLzEvUUg1aDlrTkV0TnZrTW5LU2loSlB0Y1RzMEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lZWI4MTMtZjI0Yy00MTc1LTgyOGItOWQ1OGNlMjIxODQz
LzEvUkZac0dpZzlWVDd6OWxiMWNpT1lUZHA4TlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQBqlT8AwQD
svpYAwQCuTGAAwQCudTYAwQBw4neAwQAw5VVAwQC1FXgMA0EAgACMAcDBQMqA10A
MA0GCSqGSIb3DQEBCwUAA4IBAQAmeEIWU+YmOdtoY2RYqFduSHDUjSCYS/u6Qgea
W7yq3wNaina17xQI6Rfv1kMmio9xgBOYjB2FfcFOwcNem+S2TWct2T6N/gthlzJ8
p2heKc3bZOp18HL1kqv8zsPS1nz3DBTu1BOrm1ISyakoyj9nJa4EOkF+mMk8hAC2
+EQt2YDlUWCsKoZCD+Vbqgnv2muFW8wHWKDFn+AKsqUH8jQrZv1uA+Ca9PyQSd1B
xvMkS0E6Bec2hXO8FFmzrBuTjN4iJYhEcZbcorNip6489GTwM7e/7jwPGClyP2vH
PqqQbFO8MzKrzH8npaeatHW3bT10CwuZPe7p7nodJnOhzsI/
-----END CERTIFICATE-----
Generated at Wed Jun 11 06:49:39 2025 by rpki-client