Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/LSilrmrxPp762MenUw8eQG1dpDQ.roa
File:                     LSilrmrxPp762MenUw8eQG1dpDQ.roa (raw, json)
Hash identifier:          N3RpDlrEloSqs/Ni3QJV/BFuhIS8wjcdED+rtr1hky8=
Subject key identifier:   2D:28:A5:AE:6A:F1:3E:9E:FA:D8:C7:A7:53:0F:1E:40:6D:5D:A4:34
Certificate issuer:       /CN=d038c338b128f83adec2f69d93c32c5353ca0398
Certificate serial:       018CC3B6AE2AA2E176C9623C00491A38FA6C
Authority key identifier: D0:38:C3:38:B1:28:F8:3A:DE:C2:F6:9D:93:C3:2C:53:53:CA:03:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0DjDOLEo-Drewvadk8MsU1PKA5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/LSilrmrxPp762MenUw8eQG1dpDQ.roa
Signing time:             Mon 01 Jan 2024 06:29:38 +0000
ROA not before:           Mon 01 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        192.41.132.0/22 maxlen: 22
                          130.60.0.0/16 maxlen: 16
                          192.41.136.0/24 maxlen: 24
                          185.207.116.0/24 maxlen: 24
                          185.207.118.0/23 maxlen: 24
                          185.207.117.0/24 maxlen: 24
                          192.12.247.0/24 maxlen: 24
                          89.206.64.0/18 maxlen: 18
                          2001:67c:16dc::/48 maxlen: 48
                          2a0b:2040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/0DjDOLEo-Drewvadk8MsU1PKA5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/0DjDOLEo-Drewvadk8MsU1PKA5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0DjDOLEo-Drewvadk8MsU1PKA5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ae:2a:a2:e1:76:c9:62:3c:00:49:1a:38:fa:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d038c338b128f83adec2f69d93c32c5353ca0398
        Validity
            Not Before: Jan  1 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d28a5ae6af13e9efad8c7a7530f1e406d5da434
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3e:1c:db:99:c8:8e:5b:e5:b8:9f:f6:34:32:
                    93:c2:37:38:73:45:d2:0e:df:90:11:bb:bb:c1:a7:
                    df:78:a9:e0:d6:d2:20:e5:01:e4:8c:7e:a9:ca:dd:
                    ed:62:26:4f:66:f6:46:16:55:ee:cc:c3:2b:01:c7:
                    72:19:34:20:09:84:3b:b9:2d:18:4c:85:56:8c:cb:
                    1f:13:d8:41:48:43:35:b6:13:4a:5d:17:2f:f2:27:
                    ef:14:b4:eb:f4:5c:c5:29:37:f8:9f:4b:96:c9:55:
                    02:13:c6:a2:45:af:55:91:77:18:59:79:d5:24:1c:
                    54:ef:c9:c8:42:09:b3:31:07:f4:dd:82:11:20:84:
                    c1:ac:29:02:89:f9:d5:fb:cc:ce:86:5d:de:29:c7:
                    2c:95:b6:1d:8d:0a:a2:53:9f:13:d1:15:09:42:bc:
                    d8:15:b2:2b:be:76:58:90:e8:ff:63:f7:ad:37:2a:
                    5e:aa:af:6b:07:6e:95:8c:65:84:89:3f:8a:10:28:
                    97:23:6e:41:ab:e2:2f:ed:ac:8b:59:e6:32:53:86:
                    16:5e:0a:e5:d4:ec:2b:60:72:ea:88:d8:72:41:52:
                    8c:0f:02:a6:00:ca:10:e5:c6:db:91:5a:f3:a9:70:
                    9f:ed:c2:ab:a3:08:2f:b4:b5:68:7b:c3:5a:1c:53:
                    84:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:28:A5:AE:6A:F1:3E:9E:FA:D8:C7:A7:53:0F:1E:40:6D:5D:A4:34
            X509v3 Authority Key Identifier:
                keyid:D0:38:C3:38:B1:28:F8:3A:DE:C2:F6:9D:93:C3:2C:53:53:CA:03:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0DjDOLEo-Drewvadk8MsU1PKA5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/LSilrmrxPp762MenUw8eQG1dpDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/0DjDOLEo-Drewvadk8MsU1PKA5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.206.64.0/18
                  130.60.0.0/16
                  185.207.116.0/22
                  192.12.247.0/24
                  192.41.132.0-192.41.136.255
                IPv6:
                  2001:67c:16dc::/48
                  2a0b:2040::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:78:84:0c:96:75:30:43:cb:ac:0d:08:88:ff:67:df:13:be:
         4a:e5:53:13:db:18:19:8c:20:81:cd:de:3b:e7:d0:ba:f3:7d:
         b9:97:b1:63:1a:2d:4a:53:4e:3a:e7:bd:83:5b:30:17:e7:82:
         43:c1:0b:25:d3:99:86:ae:6c:65:9c:81:47:df:78:bf:9b:d2:
         3f:8d:d0:bc:9d:4e:7b:f9:2b:10:87:b9:4e:46:1f:38:50:1d:
         be:55:54:40:11:70:f2:d9:8b:f9:9b:7a:ae:a2:e8:13:9c:96:
         31:db:95:ed:69:24:5c:1f:b8:6b:03:fc:c6:4d:9b:fc:83:ef:
         c0:32:03:7f:eb:83:07:b8:f4:52:44:d6:2c:f2:ec:31:19:74:
         a6:95:3e:97:16:af:79:35:b4:ef:80:46:7c:f8:f8:34:c6:d6:
         62:e8:9e:da:ed:b8:42:9b:20:78:8e:6f:b6:b5:40:8e:75:1e:
         1c:ec:70:41:ab:0d:75:f3:f1:24:78:e0:02:54:19:33:ac:ba:
         97:de:16:f7:dc:b1:4b:a5:c2:a3:27:e2:c6:9b:b3:35:7b:77:
         97:da:b4:a1:19:7c:ce:2a:f4:18:eb:f2:93:17:3c:16:40:a4:
         0e:dd:b1:a7:ee:f6:84:9d:c8:ec:50:89:d5:b7:bb:08:57:ef:
         6b:d2:88:6b
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYzDtq4qouF2yWI8AEkaOPpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMzhjMzM4YjEyOGY4M2FkZWMyZjY5ZDkzYzMyYzUzNTNj
YTAzOTgwHhcNMjQwMTAxMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDI4YTVhZTZhZjEzZTllZmFkOGM3YTc1MzBmMWU0MDZkNWRhNDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoT4c25nIjlvluJ/2NDKTwjc4c0XS
Dt+QEbu7waffeKng1tIg5QHkjH6pyt3tYiZPZvZGFlXuzMMrAcdyGTQgCYQ7uS0Y
TIVWjMsfE9hBSEM1thNKXRcv8ifvFLTr9FzFKTf4n0uWyVUCE8aiRa9VkXcYWXnV
JBxU78nIQgmzMQf03YIRIITBrCkCifnV+8zOhl3eKccslbYdjQqiU58T0RUJQrzY
FbIrvnZYkOj/Y/etNypeqq9rB26VjGWEiT+KECiXI25Bq+Iv7ayLWeYyU4YWXgrl
1OwrYHLqiNhyQVKMDwKmAMoQ5cbbkVrzqXCf7cKrowgvtLVoe8NaHFOE5wIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFC0opa5q8T6e+tjHp1MPHkBtXaQ0MB8GA1UdIwQY
MBaAFNA4wzixKPg63sL2nZPDLFNTygOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERqRE9MRW8tRHJld3ZhZGs4TXNVMVBLQTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85MjVmOTEtMzBjNS00YTZiLWExNDkt
OWJmOGIxZWYyZTk2LzEvTFNpbHJtcnhQcDc2Mk1lblV3OGVRRzFkcERRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85MjVmOTEtMzBjNS00YTZiLWExNDktOWJmOGIxZWYyZTk2
LzEvMERqRE9MRW8tRHJld3ZhZGs4TXNVMVBLQTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTArBAIAATAlAwQGWc5AAwMA
gjwDBAK5z3QDBADADPcwDAMEAsAphAMEAMApiDAWBAIAAjAQAwcAIAEGfBbcAwUD
KgsgQDANBgkqhkiG9w0BAQsFAAOCAQEAAHiEDJZ1MEPLrA0IiP9n3xO+SuVTE9sY
GYwggc3eO+fQuvN9uZexYxotSlNOOue9g1swF+eCQ8ELJdOZhq5sZZyBR994v5vS
P43QvJ1Oe/krEIe5TkYfOFAdvlVUQBFw8tmL+Zt6rqLoE5yWMduV7WkkXB+4awP8
xk2b/IPvwDIDf+uDB7j0UkTWLPLsMRl0ppU+lxaveTW074BGfPj4NMbWYuie2u24
QpsgeI5vtrVAjnUeHOxwQasNdfPxJHjgAlQZM6y6l94W99yxS6XCoyfixpuzNXt3
l9q0oRl8zir0GOvykxc8FkCkDt2xp+72hJ3I7FCJ1be7CFfva9KIaw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:15:36 2024 by rpki-client on console-ams.rpki-client.org