Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/AxdzFFXSdRtvXDMq70gFnhqwwIM.roa
File:                     AxdzFFXSdRtvXDMq70gFnhqwwIM.roa (raw, json)
Hash identifier:          1URVYMZK7iq2+dcLdvQyEQ3eCr2QzGhA/ihJSYDfomg=
Subject key identifier:   03:17:73:14:55:D2:75:1B:6F:5C:33:2A:EF:48:05:9E:1A:B0:C0:83
Certificate issuer:       /CN=588cabf6f523f26e267db03b524347841aaaa465
Certificate serial:       018F7732724A3EE95A23E296BBDCDF0BA6FE
Authority key identifier: 58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/AxdzFFXSdRtvXDMq70gFnhqwwIM.roa
Signing time:             Tue 14 May 2024 13:02:25 +0000
ROA not before:           Tue 14 May 2024 13:02:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48635
IP address blocks:        62.221.192.0/19 maxlen: 24
                          86.109.16.0/22 maxlen: 24
                          94.126.32.0/22 maxlen: 24
                          109.237.208.0/20 maxlen: 20
                          185.21.240.0/22 maxlen: 22
                          185.21.240.0/24 maxlen: 24
                          185.21.241.0/24 maxlen: 24
                          185.21.242.0/24 maxlen: 24
                          185.21.243.0/24 maxlen: 24
                          185.87.248.0/22 maxlen: 24
                          2001:1460::/32 maxlen: 48
                          2a04:1cc0::/29 maxlen: 48
                          2a05:c4c0::/29 maxlen: 48
                          2a0d:7980::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:32:72:4a:3e:e9:5a:23:e2:96:bb:dc:df:0b:a6:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588cabf6f523f26e267db03b524347841aaaa465
        Validity
            Not Before: May 14 13:02:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0317731455d2751b6f5c332aef48059e1ab0c083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:23:1c:0f:96:7f:7a:15:72:93:2a:a8:67:5c:
                    8f:f5:09:63:16:95:24:96:79:f1:86:05:3c:c6:fe:
                    3e:68:46:a5:93:5c:65:3a:f0:d5:23:97:3c:96:ce:
                    4a:51:91:a6:c0:76:c7:0a:65:18:2c:d4:73:50:72:
                    12:65:62:b4:c4:f1:b2:3e:ef:74:85:a3:d1:20:8b:
                    97:6d:d1:a8:61:98:da:79:19:36:87:8a:ed:c5:91:
                    d2:c1:67:8d:8c:83:00:11:1f:ce:14:ad:df:89:45:
                    cb:33:fc:e3:03:72:92:c8:0c:01:de:6d:c1:02:cd:
                    74:32:ba:ca:75:c6:90:f4:d7:9f:c2:d4:72:a9:4d:
                    fe:90:7d:c6:98:27:67:67:78:c9:70:cc:d7:78:1a:
                    51:aa:e7:41:b0:4e:93:b8:5d:a2:a5:12:5d:e7:f5:
                    af:37:d2:e6:18:cb:23:c1:6b:d6:8a:01:3a:1f:8a:
                    0c:03:1f:25:de:7f:e6:ce:a9:8d:c5:62:a6:fb:a8:
                    20:7a:43:0b:5e:84:a7:51:b8:a5:ce:01:01:62:88:
                    bd:6a:e6:cf:74:c7:37:42:89:48:fd:73:59:b3:eb:
                    e7:63:6a:64:ad:b7:ee:21:65:e1:b8:70:e6:a4:27:
                    40:ec:71:b2:0f:1a:74:98:40:d6:c0:68:85:43:27:
                    09:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:17:73:14:55:D2:75:1B:6F:5C:33:2A:EF:48:05:9E:1A:B0:C0:83
            X509v3 Authority Key Identifier:
                keyid:58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/AxdzFFXSdRtvXDMq70gFnhqwwIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.221.192.0/19
                  86.109.16.0/22
                  94.126.32.0/22
                  109.237.208.0/20
                  185.21.240.0/22
                  185.87.248.0/22
                IPv6:
                  2001:1460::/32
                  2a04:1cc0::/29
                  2a05:c4c0::/29
                  2a0d:7980::/32

    Signature Algorithm: sha256WithRSAEncryption
         d2:e4:b2:5f:d5:bb:8b:95:3e:6c:a2:e3:da:0f:39:07:9e:78:
         ba:ce:c5:25:2b:d5:f9:06:c4:4d:f1:f8:58:4a:32:72:c2:4f:
         a5:0b:d1:9f:49:42:a2:58:9e:de:4e:4f:ea:0d:3e:39:43:bb:
         5e:36:7e:d8:c0:a3:16:d9:7e:cd:0f:40:30:e0:7a:4b:5e:3a:
         66:ea:b1:80:a4:6f:e1:89:4f:e9:89:03:e6:ac:44:81:2e:0e:
         c6:ca:00:85:6e:ae:1b:95:12:79:b0:c6:99:c1:fa:66:b3:0f:
         a5:6a:93:40:5a:96:d3:50:bc:78:83:68:26:56:c3:68:02:ef:
         f2:69:a8:32:4a:3f:6c:a9:59:89:39:c1:d0:df:19:d0:6a:7d:
         e3:1b:f9:72:ff:2d:56:8c:e9:8f:a5:46:66:fa:e2:dd:cc:2e:
         c1:85:31:fc:51:c8:2d:a3:ff:e1:90:54:2e:6c:1b:31:e2:1d:
         1d:bc:e8:ec:71:7d:86:9a:15:97:f7:d2:bf:fb:c5:79:ab:b9:
         11:4c:5c:70:f3:10:5a:74:6f:5c:b1:da:d6:56:91:21:83:d1:
         0c:d1:2e:60:3e:5f:60:90:f4:70:40:ee:d3:31:ff:e6:ea:8e:
         b1:2a:30:af:48:ae:5b:33:0d:0b:87:13:40:a0:e3:ef:a8:70:
         48:c5:17:8a
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY93MnJKPulaI+KWu9zfC6b+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGNhYmY2ZjUyM2YyNmUyNjdkYjAzYjUyNDM0Nzg0MWFh
YWE0NjUwHhcNMjQwNTE0MTMwMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzE3NzMxNDU1ZDI3NTFiNmY1YzMzMmFlZjQ4MDU5ZTFhYjBjMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryMcD5Z/ehVykyqoZ1yP9QljFpUk
lnnxhgU8xv4+aEalk1xlOvDVI5c8ls5KUZGmwHbHCmUYLNRzUHISZWK0xPGyPu90
haPRIIuXbdGoYZjaeRk2h4rtxZHSwWeNjIMAER/OFK3fiUXLM/zjA3KSyAwB3m3B
As10MrrKdcaQ9NefwtRyqU3+kH3GmCdnZ3jJcMzXeBpRqudBsE6TuF2ipRJd5/Wv
N9LmGMsjwWvWigE6H4oMAx8l3n/mzqmNxWKm+6ggekMLXoSnUbilzgEBYoi9aubP
dMc3QolI/XNZs+vnY2pkrbfuIWXhuHDmpCdA7HGyDxp0mEDWwGiFQycJ1wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFAMXcxRV0nUbb1wzKu9IBZ4asMCDMB8GA1UdIwQY
MBaAFFiMq/b1I/JuJn2wO1JDR4QaqqRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQt
NmFkMzI1MmExNDI3LzEvQXhkekZGWFNkUnR2WERNcTcwZ0ZuaHF3d0lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQtNmFkMzI1MmExNDI3
LzEvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDAqBAIAATAkAwQFPt3AAwQC
Vm0QAwQCXn4gAwQEbe3QAwQCuRXwAwQCuVf4MCIEAgACMBwDBQAgARRgAwUDKgQc
wAMFAyoFxMADBQAqDXmAMA0GCSqGSIb3DQEBCwUAA4IBAQDS5LJf1buLlT5souPa
DzkHnni6zsUlK9X5BsRN8fhYSjJywk+lC9GfSUKiWJ7eTk/qDT45Q7teNn7YwKMW
2X7ND0Aw4HpLXjpm6rGApG/hiU/piQPmrESBLg7GygCFbq4blRJ5sMaZwfpmsw+l
apNAWpbTULx4g2gmVsNoAu/yaagySj9sqVmJOcHQ3xnQan3jG/ly/y1WjOmPpUZm
+uLdzC7BhTH8Ucgto//hkFQubBsx4h0dvOjscX2GmhWX99K/+8V5q7kRTFxw8xBa
dG9csdrWVpEhg9EM0S5gPl9gkPRwQO7TMf/m6o6xKjCvSK5bMw0LhxNAoOPvqHBI
xReK
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:20:34 2024 by rpki-client on console-fra.rpki-client.org