Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Alcw5bqlDy76iV6c7S-O4-OARxU.roa
File:                     Alcw5bqlDy76iV6c7S-O4-OARxU.roa (raw, json)
Hash identifier:          6PM7jMBzQWTA4t/Nn+DwFnlxCf+V4o07GoBa6fjtRkI=
Subject key identifier:   02:57:30:E5:BA:A5:0F:2E:FA:89:5E:9C:ED:2F:8E:E3:E3:80:47:15
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       0196F76AD32F8C41C24E441BBB39F1254BBB
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Alcw5bqlDy76iV6c7S-O4-OARxU.roa
Signing time:             Thu 22 May 2025 09:54:55 +0000
ROA not before:           Thu 22 May 2025 09:54:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21267
IP address blocks:        5.39.176.0/21 maxlen: 24
                          5.159.208.0/21 maxlen: 24
                          5.181.72.0/22 maxlen: 24
                          31.192.96.0/21 maxlen: 24
                          45.8.100.0/22 maxlen: 24
                          45.132.108.0/22 maxlen: 24
                          45.137.44.0/22 maxlen: 24
                          80.74.240.0/21 maxlen: 24
                          80.74.248.0/21 maxlen: 24
                          80.87.16.0/20 maxlen: 24
                          83.150.252.0/22 maxlen: 24
                          85.95.96.0/19 maxlen: 24
                          87.236.128.0/21 maxlen: 24
                          88.151.152.0/21 maxlen: 24
                          89.38.120.0/21 maxlen: 24
                          91.143.64.0/20 maxlen: 24
                          92.42.120.0/21 maxlen: 24
                          93.115.176.0/20 maxlen: 24
                          94.142.168.0/21 maxlen: 24
                          95.129.64.0/21 maxlen: 24
                          176.58.0.0/21 maxlen: 24
                          185.52.144.0/22 maxlen: 24
                          185.79.184.0/22 maxlen: 24
                          185.90.0.0/22 maxlen: 24
                          185.94.204.0/22 maxlen: 24
                          185.99.76.0/22 maxlen: 24
                          185.145.88.0/22 maxlen: 24
                          185.178.216.0/22 maxlen: 24
                          185.178.218.0/24 maxlen: 24
                          185.178.219.0/24 maxlen: 24
                          185.182.200.0/23 maxlen: 24
                          185.204.212.0/22 maxlen: 24
                          185.229.4.0/22 maxlen: 24
                          185.246.132.0/22 maxlen: 24
                          185.247.200.0/22 maxlen: 24
                          185.248.252.0/24 maxlen: 24
                          185.248.253.0/24 maxlen: 24
                          185.248.254.0/24 maxlen: 24
                          185.248.255.0/24 maxlen: 24
                          188.94.16.0/21 maxlen: 24
                          188.94.19.0/24 maxlen: 24
                          188.94.21.0/24 maxlen: 24
                          193.24.3.0/24 maxlen: 24
                          193.24.6.0/24 maxlen: 24
                          193.24.13.0/24 maxlen: 24
                          193.24.31.0/24 maxlen: 24
                          195.26.32.0/19 maxlen: 24
                          195.88.8.0/23 maxlen: 24
                          212.11.68.0/22 maxlen: 24
                          212.11.72.0/22 maxlen: 24
                          217.145.128.0/20 maxlen: 24
                          2a00:f1c0::/32 maxlen: 32
                          2a0d:7680::/29 maxlen: 29
                          2a0e:a1c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:6a:d3:2f:8c:41:c2:4e:44:1b:bb:39:f1:25:4b:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: May 22 09:54:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=025730e5baa50f2efa895e9ced2f8ee3e3804715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:12:bf:6e:4f:37:14:5b:70:0c:59:ec:ce:60:
                    32:71:6e:8e:d7:55:59:95:52:a5:b1:05:50:a9:ad:
                    3e:d8:76:8c:1a:ad:f6:bb:7c:73:4b:5e:d4:75:9f:
                    65:be:55:24:70:c0:fa:9d:ae:2b:60:2a:9b:c9:a8:
                    3b:59:cf:57:59:1c:e3:c6:0b:71:cd:c0:72:fe:9f:
                    53:ec:c9:e5:d0:2c:ef:6d:89:4c:97:8e:aa:c4:f6:
                    4c:25:1f:e5:08:eb:50:54:44:32:3b:4c:2b:e0:27:
                    8b:dd:57:52:0e:83:d2:7e:0a:91:8b:94:6f:ab:0c:
                    13:95:84:d7:77:28:6e:df:be:7f:a9:89:10:32:ba:
                    3e:dd:0e:48:ae:ab:49:b1:b3:f3:c4:dc:0b:5f:56:
                    ea:5d:45:c2:16:58:94:e1:8e:1d:59:6d:53:f8:67:
                    46:ed:90:72:d0:ee:89:87:67:b0:19:7d:c3:14:51:
                    6a:c6:58:f5:77:b7:c2:a9:a7:62:ba:4f:e0:73:91:
                    91:17:3f:71:09:f2:d0:94:8d:8d:90:21:f5:73:ae:
                    59:d2:78:87:c3:16:76:f0:08:72:49:6d:69:5b:24:
                    c4:48:3b:fb:24:b5:01:3c:79:20:9a:67:7d:77:cf:
                    9d:a1:54:f0:02:4f:da:41:a3:d7:d9:3c:9c:dc:e2:
                    78:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:57:30:E5:BA:A5:0F:2E:FA:89:5E:9C:ED:2F:8E:E3:E3:80:47:15
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Alcw5bqlDy76iV6c7S-O4-OARxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.176.0/21
                  5.159.208.0/21
                  5.181.72.0/22
                  31.192.96.0/21
                  45.8.100.0/22
                  45.132.108.0/22
                  45.137.44.0/22
                  80.74.240.0/20
                  80.87.16.0/20
                  83.150.252.0/22
                  85.95.96.0/19
                  87.236.128.0/21
                  88.151.152.0/21
                  89.38.120.0/21
                  91.143.64.0/20
                  92.42.120.0/21
                  93.115.176.0/20
                  94.142.168.0/21
                  95.129.64.0/21
                  176.58.0.0/21
                  185.52.144.0/22
                  185.79.184.0/22
                  185.90.0.0/22
                  185.94.204.0/22
                  185.99.76.0/22
                  185.145.88.0/22
                  185.178.216.0/22
                  185.182.200.0/23
                  185.204.212.0/22
                  185.229.4.0/22
                  185.246.132.0/22
                  185.247.200.0/22
                  185.248.252.0/22
                  188.94.16.0/21
                  193.24.3.0/24
                  193.24.6.0/24
                  193.24.13.0/24
                  193.24.31.0/24
                  195.26.32.0/19
                  195.88.8.0/23
                  212.11.68.0-212.11.75.255
                  217.145.128.0/20
                IPv6:
                  2a00:f1c0::/32
                  2a0d:7680::/29
                  2a0e:a1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:ed:00:1b:32:b5:51:4d:fb:c6:d4:de:f1:81:5f:3c:9a:65:
         5d:d6:d1:a7:63:16:a6:f3:bc:a4:cb:28:72:ec:c0:11:17:1f:
         a0:df:07:c6:0b:b1:30:9e:77:2a:9f:b9:28:af:49:3f:02:82:
         67:06:f1:c4:30:78:6d:5e:bf:b7:21:89:78:3e:da:ac:77:0b:
         07:9a:58:0c:d0:48:51:85:ea:0c:8e:59:9a:5f:a5:ae:50:e1:
         c1:e8:fd:e9:42:cb:65:e7:58:7a:a6:92:67:24:7e:61:60:2a:
         22:fd:f0:7d:6d:90:3f:3b:c1:32:15:28:32:32:53:25:af:cc:
         d0:bb:eb:d1:65:4e:5b:99:41:0e:be:58:b6:e4:3d:9c:54:92:
         a6:e5:04:55:d5:42:0e:86:8b:4d:20:fb:2e:eb:2b:5a:10:ae:
         b7:b3:7a:e8:b7:51:78:e2:cd:84:8f:7b:d9:2f:94:f5:b5:0e:
         ea:46:b5:e6:37:f7:19:01:6f:db:68:a0:c9:07:58:06:ed:24:
         ad:95:29:2f:94:d9:d6:52:d3:ff:20:83:f2:2f:65:bb:0f:39:
         70:9e:cd:48:b1:28:65:eb:52:14:1e:70:76:85:2c:41:92:37:
         3e:2f:46:16:09:f6:c5:f9:13:3d:54:0f:28:e5:a1:6c:69:32:
         e3:a3:17:43
-----BEGIN CERTIFICATE-----
MIIGIjCCBQqgAwIBAgISAZb3atMvjEHCTkQbuznxJUu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwNTIyMDk1NDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjU3MzBlNWJhYTUwZjJlZmE4OTVlOWNlZDJmOGVlM2UzODA0NzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RK/bk83FFtwDFnszmAycW6O11VZ
lVKlsQVQqa0+2HaMGq32u3xzS17UdZ9lvlUkcMD6na4rYCqbyag7Wc9XWRzjxgtx
zcBy/p9T7Mnl0CzvbYlMl46qxPZMJR/lCOtQVEQyO0wr4CeL3VdSDoPSfgqRi5Rv
qwwTlYTXdyhu375/qYkQMro+3Q5IrqtJsbPzxNwLX1bqXUXCFliU4Y4dWW1T+GdG
7ZBy0O6Jh2ewGX3DFFFqxlj1d7fCqadiuk/gc5GRFz9xCfLQlI2NkCH1c65Z0niH
wxZ28AhySW1pWyTESDv7JLUBPHkgmmd9d8+doVTwAk/aQaPX2Tyc3OJ4UwIDAQAB
o4IDLjCCAyowHQYDVR0OBBYEFAJXMOW6pQ8u+olenO0vjuPjgEcVMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvQWxjdzVicWxEeTc2aVY2YzdTLU80LU9BUnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQgYIKwYBBQUHAQcBAf8EggExMIIBLTCCAQwEAgABMIIB
BAMEAwUnsAMEAwWf0AMEAgW1SAMEAx/AYAMEAi0IZAMEAi2EbAMEAi2JLAMEBFBK
8AMEBFBXEAMEAlOW/AMEBVVfYAMEA1fsgAMEA1iXmAMEA1kmeAMEBFuPQAMEA1wq
eAMEBF1zsAMEA16OqAMEA1+BQAMEA7A6AAMEArk0kAMEArlPuAMEArlaAAMEArle
zAMEArljTAMEArmRWAMEArmy2AMEAbm2yAMEArnM1AMEArnlBAMEArn2hAMEArn3
yAMEArn4/AMEA7xeEAMEAMEYAwMEAMEYBgMEAMEYDQMEAMEYHwMEBcMaIAMEAcNY
CDAMAwQC1AtEAwQC1AtIAwQE2ZGAMBsEAgACMBUDBQAqAPHAAwUDKg12gAMFAyoO
ocAwDQYJKoZIhvcNAQELBQADggEBAC/tABsytVFN+8bU3vGBXzyaZV3W0adjFqbz
vKTLKHLswBEXH6DfB8YLsTCedyqfuSivST8CgmcG8cQweG1ev7chiXg+2qx3Cwea
WAzQSFGF6gyOWZpfpa5Q4cHo/elCy2XnWHqmkmckfmFgKiL98H1tkD87wTIVKDIy
UyWvzNC769FlTluZQQ6+WLbkPZxUkqblBFXVQg6Gi00g+y7rK1oQrrezeui3UXji
zYSPe9kvlPW1DupGteY39xkBb9tooMkHWAbtJK2VKS+U2dZS0/8gg/IvZbsPOXCe
zUixKGXrUhQecHaFLEGSNz4vRhYJ9sX5Ez1UDyjloWxpMuOjF0M=
-----END CERTIFICATE-----
Generated at Tue Jun 10 15:23:17 2025 by rpki-client