Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/_ZXETUqsyUDtFM-jq4c-EF-2iEA.roa
File:                     _ZXETUqsyUDtFM-jq4c-EF-2iEA.roa (raw, json)
Hash identifier:          AqnIn4kKk24wqrs6/YsdWXoI4yuDLCgAoy8VxbGYqDM=
Subject key identifier:   FD:95:C4:4D:4A:AC:C9:40:ED:14:CF:A3:AB:87:3E:10:5F:B6:88:40
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       019199DB2A34BBE7EE2D044C782F0329C7E2
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/_ZXETUqsyUDtFM-jq4c-EF-2iEA.roa
Signing time:             Wed 28 Aug 2024 16:39:22 +0000
ROA not before:           Wed 28 Aug 2024 16:39:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203
IP address blocks:        5.159.208.0/21 maxlen: 24
                          5.181.72.0/22 maxlen: 24
                          31.192.96.0/21 maxlen: 24
                          45.8.100.0/22 maxlen: 24
                          45.132.108.0/22 maxlen: 24
                          45.137.44.0/22 maxlen: 24
                          80.74.240.0/21 maxlen: 24
                          80.74.248.0/21 maxlen: 24
                          83.150.252.0/22 maxlen: 24
                          85.95.96.0/19 maxlen: 24
                          92.42.120.0/21 maxlen: 24
                          95.129.64.0/21 maxlen: 24
                          176.58.0.0/21 maxlen: 24
                          185.79.184.0/22 maxlen: 24
                          185.90.0.0/22 maxlen: 24
                          185.94.204.0/22 maxlen: 24
                          185.99.76.0/22 maxlen: 24
                          185.145.88.0/22 maxlen: 24
                          185.178.216.0/22 maxlen: 24
                          185.182.200.0/23 maxlen: 24
                          185.204.212.0/22 maxlen: 24
                          185.229.4.0/22 maxlen: 24
                          185.246.132.0/22 maxlen: 24
                          185.247.200.0/22 maxlen: 24
                          185.248.252.0/24 maxlen: 24
                          185.248.253.0/24 maxlen: 24
                          185.248.254.0/24 maxlen: 24
                          185.248.255.0/24 maxlen: 24
                          188.94.16.0/21 maxlen: 24
                          193.24.3.0/24 maxlen: 24
                          193.24.6.0/24 maxlen: 24
                          193.24.13.0/24 maxlen: 24
                          193.24.31.0/24 maxlen: 24
                          195.26.32.0/19 maxlen: 24
                          195.88.8.0/23 maxlen: 24
                          212.11.68.0/22 maxlen: 24
                          212.11.72.0/22 maxlen: 24
                          217.145.128.0/20 maxlen: 24
                          2a00:f1c0::/32 maxlen: 32
                          2a04:e9c0::/29 maxlen: 29
                          2a0a:f480::/29 maxlen: 29
                          2a0d:7680::/29 maxlen: 29
                          2a0d:bf80::/29 maxlen: 29
                          2a0e:a1c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:99:db:2a:34:bb:e7:ee:2d:04:4c:78:2f:03:29:c7:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Aug 28 16:39:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd95c44d4aacc940ed14cfa3ab873e105fb68840
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:78:6a:21:c9:3c:e2:6e:a5:c2:1a:81:b3:d8:
                    33:b9:84:87:35:39:de:73:03:ca:35:fa:6d:e1:d5:
                    93:18:a6:13:39:d9:7f:60:2c:21:e1:a1:43:73:7e:
                    38:5d:4d:be:1f:ee:3b:ab:35:7e:15:e4:d6:fc:b3:
                    f1:22:71:5c:1f:d7:ff:7a:dc:2d:9a:a3:3f:c3:5f:
                    93:16:15:53:3c:bd:d9:c0:3e:88:79:99:36:17:db:
                    1d:8a:55:c3:f3:7d:85:66:b1:75:c9:29:36:31:db:
                    43:b3:20:4a:3a:5e:a9:6b:2a:ba:85:f4:86:15:a2:
                    46:6c:5e:bc:db:01:b8:09:70:81:71:24:d9:89:66:
                    b3:52:e2:5d:87:0e:5b:8b:25:d8:fa:56:86:bf:30:
                    9a:56:62:0b:d9:64:43:36:22:ec:1f:37:3e:3a:4d:
                    d4:5b:78:b9:17:bb:a2:0b:60:85:41:f6:45:7a:7c:
                    99:b1:31:52:2c:f5:b0:c3:3a:85:73:65:4a:1b:1d:
                    f2:96:6d:8f:90:0c:fa:a5:55:dd:e1:ee:66:14:e6:
                    41:48:8a:1c:43:5e:d8:4b:14:ac:a2:5e:e8:c3:9b:
                    07:d9:fe:05:7c:a1:ee:ce:44:64:23:02:aa:2c:22:
                    4d:a1:e3:9d:6b:6d:24:87:ad:9b:8b:10:31:3b:9c:
                    53:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:95:C4:4D:4A:AC:C9:40:ED:14:CF:A3:AB:87:3E:10:5F:B6:88:40
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/_ZXETUqsyUDtFM-jq4c-EF-2iEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.208.0/21
                  5.181.72.0/22
                  31.192.96.0/21
                  45.8.100.0/22
                  45.132.108.0/22
                  45.137.44.0/22
                  80.74.240.0/20
                  83.150.252.0/22
                  85.95.96.0/19
                  92.42.120.0/21
                  95.129.64.0/21
                  176.58.0.0/21
                  185.79.184.0/22
                  185.90.0.0/22
                  185.94.204.0/22
                  185.99.76.0/22
                  185.145.88.0/22
                  185.178.216.0/22
                  185.182.200.0/23
                  185.204.212.0/22
                  185.229.4.0/22
                  185.246.132.0/22
                  185.247.200.0/22
                  185.248.252.0/22
                  188.94.16.0/21
                  193.24.3.0/24
                  193.24.6.0/24
                  193.24.13.0/24
                  193.24.31.0/24
                  195.26.32.0/19
                  195.88.8.0/23
                  212.11.68.0-212.11.75.255
                  217.145.128.0/20
                IPv6:
                  2a00:f1c0::/32
                  2a04:e9c0::/29
                  2a0a:f480::/29
                  2a0d:7680::/29
                  2a0d:bf80::/29
                  2a0e:a1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:0f:03:6c:06:06:81:7c:38:a4:6b:6c:9a:d4:19:52:9d:79:
         51:0a:de:32:4f:95:51:9e:10:2f:ac:9c:f8:92:a4:ef:be:06:
         9b:29:01:ca:87:e4:f1:3c:29:1b:37:32:13:a3:6f:16:a7:90:
         12:18:e8:7d:c2:12:71:54:b7:d6:39:c2:59:2c:f9:52:33:6d:
         e6:4d:07:95:aa:61:7f:75:89:0d:64:22:f9:36:58:eb:fd:d3:
         09:91:78:5f:df:11:0e:08:8b:5b:fb:12:ab:98:82:7f:bb:07:
         dd:88:f1:6e:0f:65:ce:fb:61:31:31:18:da:ea:b5:a9:e8:24:
         54:14:0a:f8:54:24:cc:15:8f:0f:e6:80:fb:84:b7:56:d5:2c:
         47:71:6e:07:b6:f3:68:db:8a:4e:40:03:7b:68:2b:a8:7a:e7:
         56:b9:5e:0e:41:75:00:15:13:01:71:a8:49:f4:eb:47:cf:99:
         66:c2:42:21:fd:43:e8:60:6c:ef:c2:89:77:e1:92:84:df:8e:
         a5:a2:7a:68:2e:21:27:d2:d3:59:9c:11:8e:e5:b3:df:14:8f:
         71:1e:58:fe:99:2d:1d:e2:bd:bc:35:4f:dc:bd:36:b2:ef:84:
         90:59:2e:c1:bb:22:7f:bd:46:c5:7f:1e:23:e1:66:f4:71:f1:
         a9:60:bd:37
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgISAZGZ2yo0u+fuLQRMeC8DKcfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjQwODI4MTYzOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDk1YzQ0ZDRhYWNjOTQwZWQxNGNmYTNhYjg3M2UxMDVmYjY4ODQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXhqIck84m6lwhqBs9gzuYSHNTne
cwPKNfpt4dWTGKYTOdl/YCwh4aFDc344XU2+H+47qzV+FeTW/LPxInFcH9f/etwt
mqM/w1+TFhVTPL3ZwD6IeZk2F9sdilXD832FZrF1ySk2MdtDsyBKOl6payq6hfSG
FaJGbF682wG4CXCBcSTZiWazUuJdhw5biyXY+laGvzCaVmIL2WRDNiLsHzc+Ok3U
W3i5F7uiC2CFQfZFenyZsTFSLPWwwzqFc2VKGx3ylm2PkAz6pVXd4e5mFOZBSIoc
Q17YSxSsol7ow5sH2f4FfKHuzkRkIwKqLCJNoeOda20kh62bixAxO5xT+QIDAQAB
o4IDCzCCAwcwHQYDVR0OBBYEFP2VxE1KrMlA7RTPo6uHPhBftohAMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvX1pYRVRVcXN5VUR0Rk0tanE0Yy1FRi0yaUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHwYIKwYBBQUHAQcBAf8EggEOMIIBCjCB1QQCAAEwgc4D
BAMFn9ADBAIFtUgDBAMfwGADBAItCGQDBAIthGwDBAItiSwDBARQSvADBAJTlvwD
BAVVX2ADBANcKngDBANfgUADBAOwOgADBAK5T7gDBAK5WgADBAK5XswDBAK5Y0wD
BAK5kVgDBAK5stgDBAG5tsgDBAK5zNQDBAK55QQDBAK59oQDBAK598gDBAK5+PwD
BAO8XhADBADBGAMDBADBGAYDBADBGA0DBADBGB8DBAXDGiADBAHDWAgwDAMEAtQL
RAMEAtQLSAMEBNmRgDAwBAIAAjAqAwUAKgDxwAMFAyoE6cADBQMqCvSAAwUDKg12
gAMFAyoNv4ADBQMqDqHAMA0GCSqGSIb3DQEBCwUAA4IBAQCLDwNsBgaBfDika2ya
1BlSnXlRCt4yT5VRnhAvrJz4kqTvvgabKQHKh+TxPCkbNzITo28Wp5ASGOh9whJx
VLfWOcJZLPlSM23mTQeVqmF/dYkNZCL5Nljr/dMJkXhf3xEOCItb+xKrmIJ/uwfd
iPFuD2XO+2ExMRja6rWp6CRUFAr4VCTMFY8P5oD7hLdW1SxHcW4HtvNo24pOQAN7
aCuoeudWuV4OQXUAFRMBcahJ9OtHz5lmwkIh/UPoYGzvwol34ZKE346lonpoLiEn
0tNZnBGO5bPfFI9xHlj+mS0d4r28NU/cvTay74SQWS7BuyJ/vUbFfx4j4Wb0cfGp
YL03
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:28:41 2024 by rpki-client on console-fra.rpki-client.org