Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/xzyvESbk91O-sTMajAzJYvx_Phc.roa
File:                     xzyvESbk91O-sTMajAzJYvx_Phc.roa (raw, json)
Hash identifier:          Zyj0OBucwQPbi8iWQb0O53UPypipa3+8/ZAj46D38Pc=
Subject key identifier:   C7:3C:AF:11:26:E4:F7:53:BE:B1:33:1A:8C:0C:C9:62:FC:7F:3E:17
Certificate issuer:       /CN=1808bf7fe48b057f9f2f3d5d1a6310fd9e14c571
Certificate serial:       018F860A7B0572F75A9C3E90FC9FA4A104C2
Authority key identifier: 18:08:BF:7F:E4:8B:05:7F:9F:2F:3D:5D:1A:63:10:FD:9E:14:C5:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/xzyvESbk91O-sTMajAzJYvx_Phc.roa
Signing time:             Fri 17 May 2024 10:13:04 +0000
ROA not before:           Fri 17 May 2024 10:13:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14061
IP address blocks:        5.42.203.0/24 maxlen: 24
                          5.101.96.0/20 maxlen: 24
                          37.139.0.0/19 maxlen: 22
                          46.101.0.0/16 maxlen: 22
                          80.240.128.0/20 maxlen: 22
                          82.196.0.0/20 maxlen: 22
                          95.85.0.0/18 maxlen: 22
                          146.185.128.0/19 maxlen: 22
                          146.185.160.0/19 maxlen: 22
                          167.172.0.0/16 maxlen: 22
                          178.62.0.0/16 maxlen: 22
                          178.128.0.0/17 maxlen: 22
                          178.128.128.0/17 maxlen: 22
                          185.14.184.0/22 maxlen: 22
                          188.166.0.0/16 maxlen: 22
                          188.226.128.0/17 maxlen: 22
                          2a03:b0c0::/32 maxlen: 48
                          2a12:1840::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:86:0a:7b:05:72:f7:5a:9c:3e:90:fc:9f:a4:a1:04:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1808bf7fe48b057f9f2f3d5d1a6310fd9e14c571
        Validity
            Not Before: May 17 10:13:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c73caf1126e4f753beb1331a8c0cc962fc7f3e17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:df:f2:19:2d:10:31:35:0e:b5:fd:ba:98:17:
                    c4:93:59:a8:ab:99:56:a5:79:10:24:58:41:d0:04:
                    6e:44:f2:d5:d0:df:14:6c:bf:75:ed:3a:32:7b:9f:
                    06:81:4a:3c:3b:dc:b1:59:b9:bb:7e:cf:7f:74:a0:
                    7c:68:4d:bd:13:99:0d:04:33:ca:16:ad:f8:de:48:
                    8f:27:82:98:5e:1d:6f:5b:9b:37:92:c9:78:46:69:
                    dd:d7:1e:65:9b:9a:db:6d:23:a0:de:3a:32:dd:f6:
                    65:35:40:19:db:57:ba:2f:d7:0a:3f:26:c1:f8:27:
                    1e:6c:4c:a3:2b:f4:f2:79:cf:63:38:d7:1a:a8:00:
                    68:6b:3a:e8:69:7b:cc:81:b7:f7:a0:34:92:d5:46:
                    61:48:10:28:9e:ce:f7:c7:e3:13:72:f0:17:40:01:
                    67:0f:d8:d9:67:40:4a:04:99:cb:68:f4:0e:50:c9:
                    18:16:42:1d:73:31:06:b8:29:01:59:8a:63:bf:02:
                    63:fc:1d:bd:48:7e:6d:fa:6b:a4:db:97:6e:89:eb:
                    49:c2:e9:80:aa:cc:64:8d:ef:51:b2:7b:7e:17:b1:
                    4b:b7:8a:34:f6:3a:30:57:f4:c9:76:00:b5:53:ca:
                    1a:3e:17:e2:11:93:ca:14:82:4f:c3:b2:a6:6c:e7:
                    e2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:3C:AF:11:26:E4:F7:53:BE:B1:33:1A:8C:0C:C9:62:FC:7F:3E:17
            X509v3 Authority Key Identifier:
                keyid:18:08:BF:7F:E4:8B:05:7F:9F:2F:3D:5D:1A:63:10:FD:9E:14:C5:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/xzyvESbk91O-sTMajAzJYvx_Phc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.203.0/24
                  5.101.96.0/20
                  37.139.0.0/19
                  46.101.0.0/16
                  80.240.128.0/20
                  82.196.0.0/20
                  95.85.0.0/18
                  146.185.128.0/18
                  167.172.0.0/16
                  178.62.0.0/16
                  178.128.0.0/16
                  185.14.184.0/22
                  188.166.0.0/16
                  188.226.128.0/17
                IPv6:
                  2a03:b0c0::/32
                  2a12:1840::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:9a:82:16:c7:46:da:ff:e0:aa:a4:d5:5b:b5:56:e4:bd:a2:
         43:ae:c5:aa:a3:e8:be:28:9e:b0:9e:5c:42:07:97:96:90:81:
         4e:f4:81:9b:16:e0:d2:be:8d:96:86:e0:ee:c7:1f:2b:c5:dd:
         ae:78:af:59:95:93:33:51:dd:14:ac:1f:3b:12:74:e0:e5:5e:
         79:75:6a:06:1f:d0:a1:c1:5e:09:1c:07:f6:83:e2:6f:76:dd:
         a1:45:b6:f3:3b:99:83:27:c3:64:95:84:9f:70:6d:96:3e:3f:
         c4:19:ce:73:82:16:42:39:a5:0c:c7:2e:3e:fe:f1:0e:47:5c:
         0c:0b:c6:15:bd:7e:8a:33:7f:4d:cc:44:86:1b:bc:21:5b:6e:
         f1:e4:c5:6d:f7:5f:db:44:29:88:ae:fd:be:6d:23:e5:18:f7:
         92:de:26:94:88:30:96:d4:f8:72:15:23:5f:70:42:1f:4e:ec:
         57:bb:db:41:19:b5:15:6b:82:32:3b:0f:46:fc:83:e8:5b:3f:
         32:c3:63:3b:98:89:ab:0e:62:60:e2:dd:31:76:2c:10:48:8d:
         47:51:f2:f7:4a:38:c8:d3:5a:48:76:93:9c:c0:bb:e3:8c:3b:
         49:34:1b:d1:d6:7d:7e:f4:52:78:42:cc:43:49:14:60:d6:eb:
         23:42:a2:45
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAY+GCnsFcvdanD6Q/J+koQTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MDhiZjdmZTQ4YjA1N2Y5ZjJmM2Q1ZDFhNjMxMGZkOWUx
NGM1NzEwHhcNMjQwNTE3MTAxMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzNjYWYxMTI2ZTRmNzUzYmViMTMzMWE4YzBjYzk2MmZjN2YzZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd/yGS0QMTUOtf26mBfEk1moq5lW
pXkQJFhB0ARuRPLV0N8UbL917Toye58GgUo8O9yxWbm7fs9/dKB8aE29E5kNBDPK
Fq343kiPJ4KYXh1vW5s3ksl4Rmnd1x5lm5rbbSOg3joy3fZlNUAZ21e6L9cKPybB
+CcebEyjK/Tyec9jONcaqABoazroaXvMgbf3oDSS1UZhSBAons73x+MTcvAXQAFn
D9jZZ0BKBJnLaPQOUMkYFkIdczEGuCkBWYpjvwJj/B29SH5t+muk25duietJwumA
qsxkje9Rsnt+F7FLt4o09jowV/TJdgC1U8oaPhfiEZPKFIJPw7KmbOfiEQIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFMc8rxEm5PdTvrEzGowMyWL8fz4XMB8GA1UdIwQY
MBaAFBgIv3/kiwV/ny89XRpjEP2eFMVxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0FpX2YtU0xCWC1mTHoxZEdtTVFfWjRVeFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MTBjM2ItZjg3MC00NzZiLWExNjMt
OWQzOTJlZWUwZjY2LzEveHp5dkVTYms5MU8tc1RNYWpBekpZdnhfUGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MTBjM2ItZjg3MC00NzZiLWExNjMtOWQzOTJlZWUwZjY2
LzEvR0FpX2YtU0xCWC1mTHoxZEdtTVFfWjRVeFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBVBAIAATBPAwQABSrLAwQE
BWVgAwQFJYsAAwMALmUDBARQ8IADBARSxAADBAZfVQADBAaSuYADAwCnrAMDALI+
AwMAsoADBAK5DrgDAwC8pgMEB7zigDAUBAIAAjAOAwUAKgOwwAMFAyoSGEAwDQYJ
KoZIhvcNAQELBQADggEBACiaghbHRtr/4Kqk1Vu1VuS9okOuxaqj6L4onrCeXEIH
l5aQgU70gZsW4NK+jZaG4O7HHyvF3a54r1mVkzNR3RSsHzsSdODlXnl1agYf0KHB
XgkcB/aD4m923aFFtvM7mYMnw2SVhJ9wbZY+P8QZznOCFkI5pQzHLj7+8Q5HXAwL
xhW9foozf03MRIYbvCFbbvHkxW33X9tEKYiu/b5tI+UY95LeJpSIMJbU+HIVI19w
Qh9O7Fe720EZtRVrgjI7D0b8g+hbPzLDYzuYiasOYmDi3TF2LBBIjUdR8vdKOMjT
Wkh2k5zAu+OMO0k0G9HWfX70UnhCzENJFGDW6yNCokU=
-----END CERTIFICATE-----
Generated at Sun Jun 16 02:54:23 2024 by rpki-client on console-fra.rpki-client.org