Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/pu3FV2HN9lYJR88Ww1-K-r9MyvM.roa
File:                     pu3FV2HN9lYJR88Ww1-K-r9MyvM.roa (raw, json)
Hash identifier:          prYgRr/gg5AkKKdndwb9a90EXVnq/3UrJ4udgYUXp7k=
Subject key identifier:   A6:ED:C5:57:61:CD:F6:56:09:47:CF:16:C3:5F:8A:FA:BF:4C:CA:F3
Certificate issuer:       /CN=d504e641e55a48aee0141e2c0d26227102caa6d4
Certificate serial:       018CC26D230D3B231DEECE9A600794D9A0C6
Authority key identifier: D5:04:E6:41:E5:5A:48:AE:E0:14:1E:2C:0D:26:22:71:02:CA:A6:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QTmQeVaSK7gFB4sDSYicQLKptQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/pu3FV2HN9lYJR88Ww1-K-r9MyvM.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        5.182.85.0/24 maxlen: 24
                          5.182.84.0/24 maxlen: 24
                          46.254.92.0/24 maxlen: 24
                          46.254.93.0/24 maxlen: 24
                          77.232.141.0/24 maxlen: 24
                          77.232.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/1QTmQeVaSK7gFB4sDSYicQLKptQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/1QTmQeVaSK7gFB4sDSYicQLKptQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1QTmQeVaSK7gFB4sDSYicQLKptQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:23:0d:3b:23:1d:ee:ce:9a:60:07:94:d9:a0:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d504e641e55a48aee0141e2c0d26227102caa6d4
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6edc55761cdf6560947cf16c35f8afabf4ccaf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5d:87:d1:5a:46:39:d0:12:f2:ad:9c:81:94:
                    f9:00:f9:71:4b:66:b5:90:fd:48:11:44:96:e5:21:
                    79:13:8c:79:e1:32:71:d1:19:54:12:e2:f3:5a:5f:
                    89:1e:4c:8b:de:e9:6e:6d:46:cb:4d:d8:2f:1d:6d:
                    f4:32:f2:1a:01:a2:7c:e4:e2:4a:0a:1f:81:55:f2:
                    99:6f:a6:10:a2:0d:8c:30:33:ef:45:08:45:87:31:
                    ac:cc:ad:21:8f:db:9f:bd:e4:11:36:e8:55:e1:a0:
                    39:7b:10:c6:98:92:e1:d9:90:bc:f3:67:c2:18:f0:
                    4a:50:a4:7d:61:16:d8:0d:e0:5d:10:0f:52:ec:5c:
                    b9:5f:94:56:0a:02:82:a0:f3:79:8b:86:05:13:f3:
                    4c:f3:a0:84:64:49:84:bc:37:b9:fe:c3:5a:66:e4:
                    64:e2:7d:96:67:d4:dc:71:6a:d1:07:d1:18:29:c2:
                    b1:d4:47:d9:72:30:6d:b3:92:38:0d:23:95:e3:03:
                    65:e6:51:da:f6:e4:0c:9d:e7:32:fb:c6:68:b8:79:
                    6a:5f:63:aa:07:72:02:9a:68:38:cf:ab:30:a9:15:
                    f6:62:fe:68:c6:02:82:cc:48:1f:2d:23:59:91:ed:
                    5f:9a:80:87:e3:99:47:34:fe:80:41:83:41:2a:aa:
                    9f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:ED:C5:57:61:CD:F6:56:09:47:CF:16:C3:5F:8A:FA:BF:4C:CA:F3
            X509v3 Authority Key Identifier:
                keyid:D5:04:E6:41:E5:5A:48:AE:E0:14:1E:2C:0D:26:22:71:02:CA:A6:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QTmQeVaSK7gFB4sDSYicQLKptQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/pu3FV2HN9lYJR88Ww1-K-r9MyvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f01f35-2cca-4e5a-828a-6bffcb7c0f0a/1/1QTmQeVaSK7gFB4sDSYicQLKptQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.84.0/23
                  46.254.92.0/23
                  77.232.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:de:7e:e4:24:f7:aa:a2:d3:52:64:b5:22:0a:f4:46:2a:6e:
         7d:34:25:15:78:45:cf:4f:17:7a:ef:7b:b1:12:70:2b:54:0e:
         66:d4:58:c2:8d:c5:cc:09:ee:c7:31:a3:78:a1:3a:14:5c:9f:
         0d:af:43:d8:12:cd:58:36:60:34:d9:04:a3:46:1b:84:31:1e:
         c6:0a:06:d9:b6:cb:8b:08:ba:d0:5c:ab:32:66:71:95:36:9d:
         45:36:1f:7c:9f:95:6f:ca:23:01:1b:b2:3f:f9:a9:67:96:69:
         86:25:a0:de:21:c2:4d:18:08:51:1b:a4:5e:d4:60:18:3c:f6:
         54:c2:c3:02:73:88:ba:8b:39:ca:ea:f8:95:9b:2c:d4:12:95:
         c3:da:d2:f7:61:42:d5:49:61:6e:9f:da:65:fc:89:12:c3:ca:
         9a:02:6e:62:76:f6:71:c7:37:a7:35:51:b6:d1:ce:e8:0d:5e:
         45:7c:95:58:3e:31:38:3d:02:af:85:2a:b5:a1:ab:4a:13:c1:
         e9:6f:8e:ea:01:3b:1e:0c:cb:54:a3:a0:90:f5:6c:43:27:54:
         7d:93:59:21:fa:92:1f:66:8a:f4:70:91:f8:fc:64:3a:2b:46:
         ad:5c:45:93:f7:03:51:fe:48:c6:fe:20:dc:07:e1:56:17:3e:
         63:8e:f6:f9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbSMNOyMd7s6aYAeU2aDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDRlNjQxZTU1YTQ4YWVlMDE0MWUyYzBkMjYyMjcxMDJj
YWE2ZDQwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmVkYzU1NzYxY2RmNjU2MDk0N2NmMTZjMzVmOGFmYWJmNGNjYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol2H0VpGOdAS8q2cgZT5APlxS2a1
kP1IEUSW5SF5E4x54TJx0RlUEuLzWl+JHkyL3ulubUbLTdgvHW30MvIaAaJ85OJK
Ch+BVfKZb6YQog2MMDPvRQhFhzGszK0hj9ufveQRNuhV4aA5exDGmJLh2ZC882fC
GPBKUKR9YRbYDeBdEA9S7Fy5X5RWCgKCoPN5i4YFE/NM86CEZEmEvDe5/sNaZuRk
4n2WZ9TccWrRB9EYKcKx1EfZcjBts5I4DSOV4wNl5lHa9uQMnecy+8ZouHlqX2Oq
B3ICmmg4z6swqRX2Yv5oxgKCzEgfLSNZke1fmoCH45lHNP6AQYNBKqqfnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKbtxVdhzfZWCUfPFsNfivq/TMrzMB8GA1UdIwQY
MBaAFNUE5kHlWkiu4BQeLA0mInECyqbUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFUbVFlVmFTSzdnRkI0c0RTWWljUUxLcHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mMDFmMzUtMmNjYS00ZTVhLTgyOGEt
NmJmZmNiN2MwZjBhLzEvcHUzRlYySE45bFlKUjg4V3cxLUstcjlNeXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mMDFmMzUtMmNjYS00ZTVhLTgyOGEtNmJmZmNiN2MwZjBh
LzEvMVFUbVFlVmFTSzdnRkI0c0RTWWljUUxLcHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBBbZUAwQB
Lv5cAwQBTeiMMA0GCSqGSIb3DQEBCwUAA4IBAQCi3n7kJPeqotNSZLUiCvRGKm59
NCUVeEXPTxd673uxEnArVA5m1FjCjcXMCe7HMaN4oToUXJ8Nr0PYEs1YNmA02QSj
RhuEMR7GCgbZtsuLCLrQXKsyZnGVNp1FNh98n5VvyiMBG7I/+alnlmmGJaDeIcJN
GAhRG6Re1GAYPPZUwsMCc4i6iznK6viVmyzUEpXD2tL3YULVSWFun9pl/IkSw8qa
Am5idvZxxzenNVG20c7oDV5FfJVYPjE4PQKvhSq1oatKE8Hpb47qATseDMtUo6CQ
9WxDJ1R9k1kh+pIfZor0cJH4/GQ6K0atXEWT9wNR/kjG/iDcB+FWFz5jjvb5
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:07:45 2024 by rpki-client on console-ams.rpki-client.org