Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/802525-5c2c-4564-ba5a-6cd659acbf07/1/CcXyKrLKh_ZQZCSRzb3WH-q9pxo.roa
File:                     CcXyKrLKh_ZQZCSRzb3WH-q9pxo.roa (raw, json)
Hash identifier:          fcU7jODB5y6k+oAovMZ6xMTAOaQ3NM6G5kcqZdQntAA=
Subject key identifier:   09:C5:F2:2A:B2:CA:87:F6:50:64:24:91:CD:BD:D6:1F:EA:BD:A7:1A
Certificate issuer:       /CN=33fe80aea100e98c0da5d1ffef98b371d11edda2
Certificate serial:       018CC349674AB6192C6794A9089CD57D8920
Authority key identifier: 33:FE:80:AE:A1:00:E9:8C:0D:A5:D1:FF:EF:98:B3:71:D1:1E:DD:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M_6ArqEA6YwNpdH_75izcdEe3aI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/802525-5c2c-4564-ba5a-6cd659acbf07/1/CcXyKrLKh_ZQZCSRzb3WH-q9pxo.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31214
IP address blocks:        5.11.64.0/20 maxlen: 20
                          193.39.220.0/22 maxlen: 22
                          178.210.0.0/19 maxlen: 19
                          109.111.128.0/19 maxlen: 19
                          185.234.120.0/22 maxlen: 22
                          194.50.12.0/22 maxlen: 22
                          91.109.128.0/19 maxlen: 19
                          185.251.216.0/22 maxlen: 22
                          37.60.208.0/20 maxlen: 20
                          213.149.0.0/19 maxlen: 19
                          185.238.76.0/22 maxlen: 22
                          31.192.128.0/19 maxlen: 19
                          185.16.136.0/22 maxlen: 22
                          83.219.128.0/19 maxlen: 19
                          2a03:5800::/32 maxlen: 32
                          2a06:50c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/802525-5c2c-4564-ba5a-6cd659acbf07/1/M_6ArqEA6YwNpdH_75izcdEe3aI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/802525-5c2c-4564-ba5a-6cd659acbf07/1/M_6ArqEA6YwNpdH_75izcdEe3aI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M_6ArqEA6YwNpdH_75izcdEe3aI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:67:4a:b6:19:2c:67:94:a9:08:9c:d5:7d:89:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33fe80aea100e98c0da5d1ffef98b371d11edda2
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09c5f22ab2ca87f650642491cdbdd61feabda71a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c1:28:af:6a:45:11:3a:09:66:4b:37:9c:b2:
                    63:da:bf:5b:c2:1f:6a:34:cf:23:6f:55:e4:bc:df:
                    4b:44:f0:7b:98:04:b8:a1:9b:ff:47:26:9e:d4:8d:
                    e2:f4:48:32:86:60:a8:b2:45:a0:98:b2:b7:4e:06:
                    d3:c9:75:af:56:79:7b:0c:60:db:e6:20:96:52:81:
                    0f:bf:88:74:ff:b6:fb:15:b8:ba:2b:ca:12:e1:cf:
                    7d:d1:4a:59:34:a2:58:10:95:82:42:11:76:cc:f2:
                    a2:86:a7:a4:30:d4:46:12:c8:ee:40:c0:07:48:f7:
                    70:26:0b:37:7e:a3:a8:b2:c6:d7:36:c3:a6:a3:0a:
                    43:4b:99:3d:0a:1a:0d:81:ac:3b:5f:4a:b6:08:96:
                    2f:82:37:3c:bc:33:70:f2:13:c2:3b:74:60:52:cd:
                    b7:81:36:06:71:85:b8:69:99:ca:f2:48:41:2a:24:
                    de:b2:bc:fc:68:2e:1e:a1:3e:43:cf:e3:b4:57:f4:
                    b3:c3:fb:5e:5f:96:28:b8:10:15:7c:fd:92:c8:58:
                    39:7b:23:7d:1b:d1:81:f3:d1:8d:16:f9:db:75:c0:
                    ef:14:59:15:28:16:e7:c5:9d:9d:68:0e:2c:fb:cd:
                    ba:6e:a8:f4:1e:e5:65:88:8c:18:f5:bd:39:b8:47:
                    e6:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C5:F2:2A:B2:CA:87:F6:50:64:24:91:CD:BD:D6:1F:EA:BD:A7:1A
            X509v3 Authority Key Identifier:
                keyid:33:FE:80:AE:A1:00:E9:8C:0D:A5:D1:FF:EF:98:B3:71:D1:1E:DD:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M_6ArqEA6YwNpdH_75izcdEe3aI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/802525-5c2c-4564-ba5a-6cd659acbf07/1/CcXyKrLKh_ZQZCSRzb3WH-q9pxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/802525-5c2c-4564-ba5a-6cd659acbf07/1/M_6ArqEA6YwNpdH_75izcdEe3aI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.64.0/20
                  31.192.128.0/19
                  37.60.208.0/20
                  83.219.128.0/19
                  91.109.128.0/19
                  109.111.128.0/19
                  178.210.0.0/19
                  185.16.136.0/22
                  185.234.120.0/22
                  185.238.76.0/22
                  185.251.216.0/22
                  193.39.220.0/22
                  194.50.12.0/22
                  213.149.0.0/19
                IPv6:
                  2a03:5800::/32
                  2a06:50c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:07:ba:e5:2b:9b:65:38:39:82:56:ef:6c:9b:90:35:b1:be:
         4b:c9:19:c0:60:4b:6f:88:45:56:d9:a2:33:a8:63:63:5b:ed:
         75:87:32:f4:a6:90:a5:d2:a4:1d:e4:bb:50:8a:2d:1f:65:98:
         a0:c3:c2:4c:eb:cc:83:00:42:0d:70:7b:37:37:ba:7d:e8:d8:
         87:72:57:04:19:e2:70:d9:53:5d:d6:eb:14:1c:ea:c6:b6:d4:
         f4:9c:d7:1a:53:1c:ec:3e:fc:70:4c:e7:41:54:f3:cc:25:ad:
         76:c2:19:38:9d:b5:2b:0e:42:14:ec:4b:34:f4:85:d9:b6:5c:
         28:20:ca:fa:ab:14:4c:a2:59:17:2f:f9:6f:ac:e9:b5:2a:fa:
         e6:83:69:6d:11:ed:ef:e6:46:1d:31:ab:0f:17:a1:a6:45:3a:
         67:3d:ca:c2:e6:54:8f:86:96:9a:6b:52:b1:ad:68:cc:d3:ab:
         6b:20:37:d4:ba:2a:1d:51:1b:de:99:72:f6:4b:d4:0f:21:77:
         43:c6:94:98:9a:e7:4a:1d:cd:4b:91:4d:4e:2c:68:e1:cb:9b:
         c9:6d:6f:c8:71:18:03:df:b9:5f:05:a4:a3:c4:75:d9:c4:d9:
         a1:a0:cb:87:d8:7a:b9:ca:cf:bb:39:00:e3:15:d0:fe:24:a5:
         82:af:50:4d
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYzDSWdKthksZ5SpCJzVfYkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZmU4MGFlYTEwMGU5OGMwZGE1ZDFmZmVmOThiMzcxZDEx
ZWRkYTIwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWM1ZjIyYWIyY2E4N2Y2NTA2NDI0OTFjZGJkZDYxZmVhYmRhNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMEor2pFEToJZks3nLJj2r9bwh9q
NM8jb1XkvN9LRPB7mAS4oZv/Ryae1I3i9EgyhmCoskWgmLK3TgbTyXWvVnl7DGDb
5iCWUoEPv4h0/7b7Fbi6K8oS4c990UpZNKJYEJWCQhF2zPKihqekMNRGEsjuQMAH
SPdwJgs3fqOossbXNsOmowpDS5k9ChoNgaw7X0q2CJYvgjc8vDNw8hPCO3RgUs23
gTYGcYW4aZnK8khBKiTesrz8aC4eoT5Dz+O0V/Szw/teX5YouBAVfP2SyFg5eyN9
G9GB89GNFvnbdcDvFFkVKBbnxZ2daA4s+826bqj0HuVliIwY9b05uEfmfQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFAnF8iqyyof2UGQkkc291h/qvacaMB8GA1UdIwQY
MBaAFDP+gK6hAOmMDaXR/++Ys3HRHt2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTV82QXJxRUE2WXdOcGRIXzc1aXpjZEVlM2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS84MDI1MjUtNWMyYy00NTY0LWJhNWEt
NmNkNjU5YWNiZjA3LzEvQ2NYeUtyTEtoX1pRWkNTUnpiM1dILXE5cHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS84MDI1MjUtNWMyYy00NTY0LWJhNWEtNmNkNjU5YWNiZjA3
LzEvTV82QXJxRUE2WXdOcGRIXzc1aXpjZEVlM2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwWgQCAAEwVAMEBAULQAME
BR/AgAMEBCU80AMEBVPbgAMEBVttgAMEBW1vgAMEBbLSAAMEArkQiAMEArnqeAME
ArnuTAMEArn72AMEAsEn3AMEAsIyDAMEBdWVADAUBAIAAjAOAwUAKgNYAAMFACoG
UMAwDQYJKoZIhvcNAQELBQADggEBAGsHuuUrm2U4OYJW72ybkDWxvkvJGcBgS2+I
RVbZojOoY2Nb7XWHMvSmkKXSpB3ku1CKLR9lmKDDwkzrzIMAQg1wezc3un3o2Idy
VwQZ4nDZU13W6xQc6sa21PSc1xpTHOw+/HBM50FU88wlrXbCGTidtSsOQhTsSzT0
hdm2XCggyvqrFEyiWRcv+W+s6bUq+uaDaW0R7e/mRh0xqw8XoaZFOmc9ysLmVI+G
lpprUrGtaMzTq2sgN9S6Kh1RG96ZcvZL1A8hd0PGlJia50odzUuRTU4saOHLm8lt
b8hxGAPfuV8FpKPEddnE2aGgy4fYernKz7s5AOMV0P4kpYKvUE0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:50:45 2024 by rpki-client on console-fra.rpki-client.org