Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/_KqA1tfDRG9-oGxisQTLJnBuYXU.roa
File:                     _KqA1tfDRG9-oGxisQTLJnBuYXU.roa (raw, json)
Hash identifier:          o9vbccs5UcaXqiJK1Kw1Olg3W+YijyzR+exjYOVfBpE=
Subject key identifier:   FC:AA:80:D6:D7:C3:44:6F:7E:A0:6C:62:B1:04:CB:26:70:6E:61:75
Certificate issuer:       /CN=331bce2ee806e93621112dbd618536f775f44fba
Certificate serial:       018DC5C4B8DF0B7182D404F89CCC9332A94B
Authority key identifier: 33:1B:CE:2E:E8:06:E9:36:21:11:2D:BD:61:85:36:F7:75:F4:4F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MxvOLugG6TYhES29YYU293X0T7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/_KqA1tfDRG9-oGxisQTLJnBuYXU.roa
Signing time:             Tue 20 Feb 2024 09:07:00 +0000
ROA not before:           Tue 20 Feb 2024 09:07:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        5.252.204.0/24 maxlen: 24
                          185.122.200.0/24 maxlen: 24
                          185.122.201.0/24 maxlen: 24
                          185.122.202.0/24 maxlen: 24
                          185.122.203.0/24 maxlen: 24
                          185.130.57.0/24 maxlen: 24
                          185.130.58.0/24 maxlen: 24
                          185.130.59.0/24 maxlen: 24
                          185.198.72.0/24 maxlen: 24
                          185.198.74.0/24 maxlen: 24
                          185.198.75.0/24 maxlen: 24
                          2a07:cd00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/MxvOLugG6TYhES29YYU293X0T7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/MxvOLugG6TYhES29YYU293X0T7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MxvOLugG6TYhES29YYU293X0T7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:c4:b8:df:0b:71:82:d4:04:f8:9c:cc:93:32:a9:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331bce2ee806e93621112dbd618536f775f44fba
        Validity
            Not Before: Feb 20 09:07:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcaa80d6d7c3446f7ea06c62b104cb26706e6175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b8:3b:64:30:c3:6a:b9:ca:fc:a8:67:15:42:
                    e9:e1:c2:5c:22:e9:0f:87:96:f4:69:4f:59:e3:7a:
                    c8:92:81:42:8d:c6:49:8c:aa:77:44:cf:cc:be:d5:
                    0b:d1:f0:f5:32:8f:57:73:c5:02:93:75:32:84:80:
                    c5:e2:0b:3b:d7:c8:b4:95:3f:dc:4d:21:02:37:f9:
                    ba:7c:9a:15:09:0b:b0:08:b7:bf:12:d1:3f:53:9e:
                    34:58:05:10:11:9b:af:f0:a8:dd:1d:7c:65:f6:b3:
                    31:2d:05:da:f5:16:a1:3c:83:3d:61:ff:1d:6d:55:
                    9f:a1:77:9a:19:4c:93:b5:9d:89:20:d2:9e:1d:ac:
                    1e:02:fe:c9:8a:46:82:fb:be:7a:46:c2:a5:0b:40:
                    e5:f2:98:83:8f:29:8f:a4:2d:a5:a5:7f:8d:48:dd:
                    1d:49:9b:0e:bc:83:64:b9:10:25:1c:30:91:ad:4f:
                    d7:40:87:70:e0:22:4f:33:cb:c1:d1:33:40:21:e4:
                    8f:3a:70:d7:5c:da:90:5f:a6:3d:9b:51:5a:10:57:
                    1d:9d:95:94:86:70:8f:66:25:35:6d:8b:09:d7:8f:
                    d2:0a:bf:b1:ae:17:33:b3:54:2e:20:44:2d:8b:ab:
                    95:7e:56:4e:73:e7:07:5b:fd:48:c2:6b:c8:eb:56:
                    02:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:AA:80:D6:D7:C3:44:6F:7E:A0:6C:62:B1:04:CB:26:70:6E:61:75
            X509v3 Authority Key Identifier:
                keyid:33:1B:CE:2E:E8:06:E9:36:21:11:2D:BD:61:85:36:F7:75:F4:4F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MxvOLugG6TYhES29YYU293X0T7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/_KqA1tfDRG9-oGxisQTLJnBuYXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/4ba3ca-d6fd-4116-9146-aeac16227c25/1/MxvOLugG6TYhES29YYU293X0T7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.204.0/24
                  185.122.200.0/22
                  185.130.57.0-185.130.59.255
                  185.198.72.0/24
                  185.198.74.0/23
                IPv6:
                  2a07:cd00::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:3b:98:1c:de:fe:27:53:5c:b7:b7:6c:4a:87:e3:be:90:84:
         e2:33:19:6c:ef:9f:2a:88:3e:6f:32:89:f2:ba:3a:10:21:25:
         c3:f5:99:a2:ce:d0:70:26:f8:d1:09:23:23:82:3c:dd:df:da:
         55:68:f1:06:3a:70:ee:14:9e:09:2d:87:52:1d:ac:fc:2b:c0:
         54:51:74:89:e6:be:25:44:0a:45:e6:26:64:7b:e7:b9:e0:8d:
         0c:31:79:2a:13:64:73:ec:66:e9:72:dc:31:5c:09:45:19:ae:
         0a:fb:f1:c6:90:33:18:b6:b6:95:06:df:62:9c:51:46:cc:34:
         74:ac:f6:0c:5d:5b:91:ca:fd:15:fa:76:cf:0f:ed:20:5a:6b:
         ef:aa:1d:29:84:05:16:ae:6b:a1:a5:b3:e3:99:65:8f:1d:e3:
         96:cd:e7:a6:a5:63:0e:70:c0:c2:45:16:a5:f4:84:69:d3:c4:
         4f:0a:80:aa:cf:eb:25:4c:60:02:a0:87:3c:16:69:49:9c:ff:
         6f:7b:45:ff:bd:93:5f:cc:16:0b:28:85:a9:63:0b:cf:20:c0:
         77:ec:b3:bf:9e:fa:0d:13:26:f2:b7:ee:c3:de:56:a0:f3:04:
         cb:72:9a:85:24:23:22:06:96:7a:8c:14:8e:c1:82:64:36:94:
         78:39:2d:a7
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAY3FxLjfC3GC1AT4nMyTMqlLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWJjZTJlZTgwNmU5MzYyMTExMmRiZDYxODUzNmY3NzVm
NDRmYmEwHhcNMjQwMjIwMDkwNzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2FhODBkNmQ3YzM0NDZmN2VhMDZjNjJiMTA0Y2IyNjcwNmU2MTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7g7ZDDDarnK/KhnFULp4cJcIukP
h5b0aU9Z43rIkoFCjcZJjKp3RM/MvtUL0fD1Mo9Xc8UCk3UyhIDF4gs718i0lT/c
TSECN/m6fJoVCQuwCLe/EtE/U540WAUQEZuv8KjdHXxl9rMxLQXa9RahPIM9Yf8d
bVWfoXeaGUyTtZ2JINKeHaweAv7JikaC+756RsKlC0Dl8piDjymPpC2lpX+NSN0d
SZsOvINkuRAlHDCRrU/XQIdw4CJPM8vB0TNAIeSPOnDXXNqQX6Y9m1FaEFcdnZWU
hnCPZiU1bYsJ14/SCr+xrhczs1QuIEQti6uVflZOc+cHW/1IwmvI61YCqwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFPyqgNbXw0RvfqBsYrEEyyZwbmF1MB8GA1UdIwQY
MBaAFDMbzi7oBuk2IREtvWGFNvd19E+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXh2T0x1Z0c2VFloRVMyOVlZVTI5M1gwVDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS80YmEzY2EtZDZmZC00MTE2LTkxNDYt
YWVhYzE2MjI3YzI1LzEvX0txQTF0ZkRSRzktb0d4aXNRVExKbkJ1WVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS80YmEzY2EtZDZmZC00MTE2LTkxNDYtYWVhYzE2MjI3YzI1
LzEvTXh2T0x1Z0c2VFloRVMyOVlZVTI5M1gwVDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAsBAIAATAmAwQABfzMAwQC
uXrIMAwDBAC5gjkDBAK5gjgDBAC5xkgDBAG5xkowDwQCAAIwCQMHACoHzQAAADAN
BgkqhkiG9w0BAQsFAAOCAQEApjuYHN7+J1Nct7dsSofjvpCE4jMZbO+fKog+bzKJ
8ro6ECElw/WZos7QcCb40QkjI4I83d/aVWjxBjpw7hSeCS2HUh2s/CvAVFF0iea+
JUQKReYmZHvnueCNDDF5KhNkc+xm6XLcMVwJRRmuCvvxxpAzGLa2lQbfYpxRRsw0
dKz2DF1bkcr9Ffp2zw/tIFpr76odKYQFFq5roaWz45lljx3jls3npqVjDnDAwkUW
pfSEadPETwqAqs/rJUxgAqCHPBZpSZz/b3tF/72TX8wWCyiFqWMLzyDAd+yzv576
DRMm8rfuw95WoPMEy3KahSQjIgaWeowUjsGCZDaUeDktpw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:33:15 2024 by rpki-client on console-fra.rpki-client.org