Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/GSwT5zT5bvwMj_-xAxrfstapxdo.roa
File:                     GSwT5zT5bvwMj_-xAxrfstapxdo.roa (raw, json)
Hash identifier:          LEyEiAVzllrSp6NUFOD/aw2smssJ7idccBL7YhHn3zQ=
Subject key identifier:   19:2C:13:E7:34:F9:6E:FC:0C:8F:FF:B1:03:1A:DF:B2:D6:A9:C5:DA
Certificate issuer:       /CN=9145ead8d3f1284402b6f75614a87257503ce1bc
Certificate serial:       018CC2DADAC3E7225DA476853E0CDFF18887
Authority key identifier: 91:45:EA:D8:D3:F1:28:44:02:B6:F7:56:14:A8:72:57:50:3C:E1:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/GSwT5zT5bvwMj_-xAxrfstapxdo.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50244
IP address blocks:        89.41.25.0/24 maxlen: 24
                          188.212.129.0/24 maxlen: 24
                          89.47.244.0/23 maxlen: 24
                          94.177.80.0/21 maxlen: 24
                          89.36.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:da:c3:e7:22:5d:a4:76:85:3e:0c:df:f1:88:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9145ead8d3f1284402b6f75614a87257503ce1bc
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=192c13e734f96efc0c8fffb1031adfb2d6a9c5da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ff:0c:54:fc:11:6a:4b:97:15:6e:fa:6f:4b:
                    d1:c1:a3:a8:bc:d1:62:cd:12:ef:bf:a0:4d:2d:a9:
                    a8:ee:16:a1:4e:b3:72:8a:e9:97:61:38:75:9f:32:
                    d0:a4:f9:e0:61:50:e2:16:5f:e3:92:f2:e5:64:88:
                    85:f2:3e:0e:0b:62:65:c5:58:12:a0:ef:04:fc:a7:
                    a3:b0:4a:14:8f:3b:56:19:65:03:a7:c1:d8:37:8e:
                    8e:ae:08:17:ba:bf:aa:f9:53:96:55:9e:03:88:53:
                    e6:e8:45:b6:d5:5b:81:36:3b:dd:e0:9c:e0:ca:64:
                    38:c0:98:82:fe:49:0f:39:bf:84:fc:0b:83:e2:8e:
                    f1:f7:db:0c:15:13:e0:2f:ce:b9:85:b2:9d:d4:a7:
                    af:8e:5e:2a:a3:a4:f7:3a:2d:65:1d:38:a7:34:cf:
                    73:68:82:c6:78:d9:e8:21:70:c1:b9:d2:de:e1:f8:
                    0a:bb:d6:84:95:a2:be:e6:c1:b0:b6:85:32:d4:56:
                    b2:ff:6d:ae:07:bb:15:5d:67:56:af:2a:96:97:e1:
                    c8:e5:1f:ff:ec:57:05:63:cf:02:5f:5e:ed:40:af:
                    fd:1a:0e:59:31:48:6c:c3:e6:4d:3b:64:1c:fd:92:
                    09:f8:c6:36:93:bd:4d:46:21:e0:8c:39:79:22:68:
                    cc:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:2C:13:E7:34:F9:6E:FC:0C:8F:FF:B1:03:1A:DF:B2:D6:A9:C5:DA
            X509v3 Authority Key Identifier:
                keyid:91:45:EA:D8:D3:F1:28:44:02:B6:F7:56:14:A8:72:57:50:3C:E1:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/GSwT5zT5bvwMj_-xAxrfstapxdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.77.0/24
                  89.41.25.0/24
                  89.47.244.0/23
                  94.177.80.0/21
                  188.212.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:a7:ad:93:c2:86:26:7f:4d:47:a1:90:13:3f:4c:d5:5b:a9:
         89:98:30:d5:d6:8e:16:42:a8:22:b7:2d:b0:c2:8f:61:40:40:
         8a:0b:6a:c0:58:60:e3:0c:e7:8c:1f:84:f4:81:b6:81:a7:31:
         a8:1f:b7:5e:bc:71:e1:9a:cc:68:e2:fe:a6:1b:fe:1d:3b:bd:
         77:d8:2a:93:6a:f8:ae:2b:65:72:ae:2d:43:7a:a0:ee:49:3e:
         df:3c:b3:b1:22:d1:d4:13:6c:93:58:12:23:9c:51:03:42:97:
         c3:50:5c:cb:4e:e2:45:4b:31:5b:c3:fb:cf:b2:04:35:89:63:
         b0:45:3b:86:18:cd:39:22:79:44:ce:cb:a0:2f:5b:e3:4a:cb:
         56:f7:d1:c1:74:b1:7b:c5:97:22:37:21:0b:d0:14:3f:c9:0f:
         6c:0a:89:90:9e:20:97:e4:48:f2:8d:ed:7c:03:ea:2a:9a:a2:
         64:17:71:45:2c:3c:3f:7b:76:ef:53:31:8f:69:dd:3f:96:a5:
         e8:8b:bf:5a:6c:74:dc:47:83:dc:6d:07:93:9c:c9:af:96:2e:
         00:4a:ed:b3:ef:a3:09:a6:d9:4c:69:69:c7:a5:43:e6:b6:99:
         42:7a:39:2e:d9:46:18:db:de:1a:7a:ff:97:5a:69:72:50:7a:
         a1:f6:8e:0e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzC2trD5yJdpHaFPgzf8YiHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNDVlYWQ4ZDNmMTI4NDQwMmI2Zjc1NjE0YTg3MjU3NTAz
Y2UxYmMwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTJjMTNlNzM0Zjk2ZWZjMGM4ZmZmYjEwMzFhZGZiMmQ2YTljNWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/8MVPwRakuXFW76b0vRwaOovNFi
zRLvv6BNLamo7hahTrNyiumXYTh1nzLQpPngYVDiFl/jkvLlZIiF8j4OC2JlxVgS
oO8E/KejsEoUjztWGWUDp8HYN46OrggXur+q+VOWVZ4DiFPm6EW21VuBNjvd4Jzg
ymQ4wJiC/kkPOb+E/AuD4o7x99sMFRPgL865hbKd1Kevjl4qo6T3Oi1lHTinNM9z
aILGeNnoIXDBudLe4fgKu9aElaK+5sGwtoUy1Fay/22uB7sVXWdWryqWl+HI5R//
7FcFY88CX17tQK/9Gg5ZMUhsw+ZNO2Qc/ZIJ+MY2k71NRiHgjDl5ImjM+QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBksE+c0+W78DI//sQMa37LWqcXaMB8GA1UdIwQY
MBaAFJFF6tjT8ShEArb3VhSocldQPOG8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VYcTJOUHhLRVFDdHZkV0ZLaHlWMUE4NGJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9hNTIzNWYtNjJmYi00YWJiLTgwMzct
MmFkMTk1MjY0YzcyLzEvR1N3VDV6VDVidndNal8teEF4cmZzdGFweGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9hNTIzNWYtNjJmYi00YWJiLTgwMzctMmFkMTk1MjY0Yzcy
LzEva1VYcTJOUHhLRVFDdHZkV0ZLaHlWMUE4NGJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAWSRNAwQA
WSkZAwQBWS/0AwQDXrFQAwQAvNSBMA0GCSqGSIb3DQEBCwUAA4IBAQAhp62TwoYm
f01HoZATP0zVW6mJmDDV1o4WQqgity2wwo9hQECKC2rAWGDjDOeMH4T0gbaBpzGo
H7devHHhmsxo4v6mG/4dO7132CqTaviuK2Vyri1DeqDuST7fPLOxItHUE2yTWBIj
nFEDQpfDUFzLTuJFSzFbw/vPsgQ1iWOwRTuGGM05InlEzsugL1vjSstW99HBdLF7
xZciNyEL0BQ/yQ9sComQniCX5Ejyje18A+oqmqJkF3FFLDw/e3bvUzGPad0/lqXo
i79abHTcR4PcbQeTnMmvli4ASu2z76MJptlMaWnHpUPmtplCejku2UYY294aev+X
WmlyUHqh9o4O
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:00:27 2024 by rpki-client on console-ams.rpki-client.org