Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/XzLrchhC5D2vVJP3YAIaxOjvAJw.roa
File:                     XzLrchhC5D2vVJP3YAIaxOjvAJw.roa (raw, json)
Hash identifier:          ZueqqSrkLOat2+SoDPmzQ/x+ylW1XC+IkGLKHtCwFV8=
Subject key identifier:   5F:32:EB:72:18:42:E4:3D:AF:54:93:F7:60:02:1A:C4:E8:EF:00:9C
Certificate issuer:       /CN=864b0e13cf27aff66be730bece98e04b00fdfb9e
Certificate serial:       018CC6B7BE0D95A1675DD862EEADB0450402
Authority key identifier: 86:4B:0E:13:CF:27:AF:F6:6B:E7:30:BE:CE:98:E0:4B:00:FD:FB:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hksOE88nr_Zr5zC-zpjgSwD9-54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/XzLrchhC5D2vVJP3YAIaxOjvAJw.roa
Signing time:             Mon 01 Jan 2024 20:29:39 +0000
ROA not before:           Mon 01 Jan 2024 20:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20495
IP address blocks:        77.74.48.0/21 maxlen: 32
                          195.210.56.0/23 maxlen: 32
                          193.189.149.0/24 maxlen: 32
                          185.58.56.0/22 maxlen: 32
                          193.16.154.0/24 maxlen: 32
                          2a01:310::/32 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/hksOE88nr_Zr5zC-zpjgSwD9-54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/hksOE88nr_Zr5zC-zpjgSwD9-54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hksOE88nr_Zr5zC-zpjgSwD9-54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:be:0d:95:a1:67:5d:d8:62:ee:ad:b0:45:04:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=864b0e13cf27aff66be730bece98e04b00fdfb9e
        Validity
            Not Before: Jan  1 20:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f32eb721842e43daf5493f760021ac4e8ef009c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ce:bb:be:03:a0:36:fd:73:a8:63:c8:4e:bf:
                    57:d3:5c:f6:60:45:7c:d1:e5:67:0c:1e:fc:12:7e:
                    8c:67:61:0d:4a:f9:4c:42:db:23:d1:c9:9a:33:6a:
                    e0:47:bf:bf:ad:e4:63:23:8a:19:80:78:0c:d1:54:
                    02:35:13:0a:d0:54:40:f6:d9:50:a4:74:3f:9e:25:
                    c2:91:3f:c1:1e:81:6a:5a:40:b9:7a:37:ef:13:be:
                    55:b7:3b:c0:fc:30:69:70:f5:c3:93:e3:fc:b0:bc:
                    bd:b8:5f:32:31:03:12:c5:e9:2d:ae:27:fb:10:3b:
                    2a:18:70:ba:d5:3e:98:3f:d7:7d:87:78:ba:27:2d:
                    a9:47:1e:4f:11:2c:25:44:97:0c:fc:3a:38:13:51:
                    d3:6f:eb:94:b1:0b:e6:27:f2:81:41:6b:cc:7d:b4:
                    d9:ef:c9:11:93:ee:a3:59:e1:1e:01:dc:f0:0b:8a:
                    35:9d:ab:43:2a:ba:cd:d9:93:08:8b:39:2a:9a:bd:
                    8d:11:d6:54:83:07:b0:3e:de:2b:0a:97:94:9b:ea:
                    31:60:ba:ab:b1:a6:89:8c:7c:17:a4:9f:fd:36:b1:
                    92:0d:c0:9f:51:cc:8c:26:54:9d:d4:2d:ee:11:4f:
                    4e:27:7f:d7:4e:23:01:9d:5c:57:17:43:6f:05:e0:
                    ee:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:32:EB:72:18:42:E4:3D:AF:54:93:F7:60:02:1A:C4:E8:EF:00:9C
            X509v3 Authority Key Identifier:
                keyid:86:4B:0E:13:CF:27:AF:F6:6B:E7:30:BE:CE:98:E0:4B:00:FD:FB:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hksOE88nr_Zr5zC-zpjgSwD9-54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/XzLrchhC5D2vVJP3YAIaxOjvAJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/hksOE88nr_Zr5zC-zpjgSwD9-54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.48.0/21
                  185.58.56.0/22
                  193.16.154.0/24
                  193.189.149.0/24
                  195.210.56.0/23
                IPv6:
                  2a01:310::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:35:f3:f5:c6:33:94:4c:e8:8d:5c:b2:0d:68:95:80:50:35:
         96:89:a8:c3:29:35:26:8e:4d:1b:21:08:6c:09:b9:7a:56:2d:
         27:60:b4:e3:3a:a8:1b:86:fb:12:72:f0:3e:c1:7b:76:a6:a9:
         1f:67:ca:19:96:ac:11:be:f0:f2:27:0d:86:05:f2:40:56:bc:
         12:88:65:ac:c5:95:5c:22:39:b5:a9:ed:0c:b4:cb:27:8e:ce:
         12:16:21:6a:94:05:3a:e0:f0:cc:92:bd:8c:ba:39:cc:ae:ff:
         46:c5:67:b4:dc:84:1a:74:f0:cb:fe:13:78:45:b2:6d:63:fa:
         55:9d:e5:ab:c6:5c:37:7b:b2:c1:22:31:f3:0d:87:d7:c5:03:
         1b:b0:62:73:74:8c:32:70:61:6b:2a:78:1d:80:38:33:66:5c:
         2e:87:a8:cb:52:72:ff:9c:1a:89:97:69:53:d3:35:d8:04:a7:
         9a:a2:a9:c3:2b:28:a3:ee:33:b7:3b:cc:43:b0:96:65:f1:2d:
         4e:2f:6d:aa:55:17:c7:ae:ba:e7:c6:7f:d4:4c:6d:0a:06:2f:
         cd:50:a8:7e:e6:72:4e:3d:67:8a:ed:47:a7:77:e8:b8:5f:8f:
         52:5b:14:f2:8d:8d:cc:fe:3f:df:11:3b:dd:b8:28:4a:4d:ba:
         c1:53:f4:60
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzGt74NlaFnXdhi7q2wRQQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NGIwZTEzY2YyN2FmZjY2YmU3MzBiZWNlOThlMDRiMDBm
ZGZiOWUwHhcNMjQwMTAxMjAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjMyZWI3MjE4NDJlNDNkYWY1NDkzZjc2MDAyMWFjNGU4ZWYwMDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc67vgOgNv1zqGPITr9X01z2YEV8
0eVnDB78En6MZ2ENSvlMQtsj0cmaM2rgR7+/reRjI4oZgHgM0VQCNRMK0FRA9tlQ
pHQ/niXCkT/BHoFqWkC5ejfvE75VtzvA/DBpcPXDk+P8sLy9uF8yMQMSxektrif7
EDsqGHC61T6YP9d9h3i6Jy2pRx5PESwlRJcM/Do4E1HTb+uUsQvmJ/KBQWvMfbTZ
78kRk+6jWeEeAdzwC4o1natDKrrN2ZMIizkqmr2NEdZUgwewPt4rCpeUm+oxYLqr
saaJjHwXpJ/9NrGSDcCfUcyMJlSd1C3uEU9OJ3/XTiMBnVxXF0NvBeDuCQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFF8y63IYQuQ9r1ST92ACGsTo7wCcMB8GA1UdIwQY
MBaAFIZLDhPPJ6/2a+cwvs6Y4EsA/fueMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGtzT0U4OG5yX1pyNXpDLXpwamdTd0Q5LTU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8zMDI4NjMtNTY4OS00M2ZjLTg3MmYt
ZmM0NGE4YWNlMzcwLzEvWHpMcmNoaEM1RDJ2VkpQM1lBSWF4T2p2QUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8zMDI4NjMtNTY4OS00M2ZjLTg3MmYtZmM0NGE4YWNlMzcw
LzEvaGtzT0U4OG5yX1pyNXpDLXpwamdTd0Q5LTU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDTUowAwQC
uTo4AwQAwRCaAwQAwb2VAwQBw9I4MA0EAgACMAcDBQAqAQMQMA0GCSqGSIb3DQEB
CwUAA4IBAQABNfP1xjOUTOiNXLINaJWAUDWWiajDKTUmjk0bIQhsCbl6Vi0nYLTj
OqgbhvsScvA+wXt2pqkfZ8oZlqwRvvDyJw2GBfJAVrwSiGWsxZVcIjm1qe0MtMsn
js4SFiFqlAU64PDMkr2MujnMrv9GxWe03IQadPDL/hN4RbJtY/pVneWrxlw3e7LB
IjHzDYfXxQMbsGJzdIwycGFrKngdgDgzZlwuh6jLUnL/nBqJl2lT0zXYBKeaoqnD
Kyij7jO3O8xDsJZl8S1OL22qVRfHrrrnxn/UTG0KBi/NUKh+5nJOPWeK7Uend+i4
X49SWxTyjY3M/j/fETvduChKTbrBU/Rg
-----END CERTIFICATE-----
Generated at Sat Jun 15 13:55:13 2024 by rpki-client on console-ams.rpki-client.org