Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/U60Ot9PxU91b0DmIISsq3doTc7w.roa
File:                     U60Ot9PxU91b0DmIISsq3doTc7w.roa (raw, json)
Hash identifier:          qURFYYo4tmHnK6fhZXZjIV/ZMVcSVNZZT+LrCMYiNV8=
Subject key identifier:   53:AD:0E:B7:D3:F1:53:DD:5B:D0:39:88:21:2B:2A:DD:DA:13:73:BC
Certificate issuer:       /CN=e41a8c42ece89b5fbfc210dc7b554c72ea4f3544
Certificate serial:       018CCA2AA148C4E5BF0F1D4E384C1918A3DD
Authority key identifier: E4:1A:8C:42:EC:E8:9B:5F:BF:C2:10:DC:7B:55:4C:72:EA:4F:35:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5BqMQuzom1-_whDce1VMcupPNUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/U60Ot9PxU91b0DmIISsq3doTc7w.roa
Signing time:             Tue 02 Jan 2024 12:34:00 +0000
ROA not before:           Tue 02 Jan 2024 12:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57119
IP address blocks:        149.62.152.0/21 maxlen: 21
                          149.62.154.0/24 maxlen: 24
                          185.64.148.0/22 maxlen: 22
                          185.64.148.0/23 maxlen: 23
                          185.64.151.0/24 maxlen: 24
                          185.64.150.0/24 maxlen: 24
                          2a02:7680::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/5BqMQuzom1-_whDce1VMcupPNUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/5BqMQuzom1-_whDce1VMcupPNUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5BqMQuzom1-_whDce1VMcupPNUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a1:48:c4:e5:bf:0f:1d:4e:38:4c:19:18:a3:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e41a8c42ece89b5fbfc210dc7b554c72ea4f3544
        Validity
            Not Before: Jan  2 12:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53ad0eb7d3f153dd5bd03988212b2addda1373bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:04:56:dd:10:c6:c6:8d:fc:21:10:7c:11:36:
                    78:7c:2b:cc:34:8e:cb:f1:42:45:a2:5b:cd:09:86:
                    0e:ce:32:7d:25:af:fc:55:bb:ff:36:d2:b1:b7:9e:
                    70:8f:74:93:d9:54:10:fc:e3:98:f8:6d:09:3a:8c:
                    f5:cf:36:83:53:48:fd:4f:43:c3:e6:22:ca:51:7e:
                    13:20:61:33:2f:63:44:15:a3:e8:2d:6a:b6:84:22:
                    1d:16:c8:3f:17:ab:4c:59:82:d5:50:37:f1:18:be:
                    81:dc:af:a8:15:a4:04:0d:72:db:5c:ad:74:b3:3b:
                    03:04:44:cf:15:1e:1c:b7:bf:75:0a:37:66:95:8d:
                    44:54:43:f5:21:b7:94:53:38:47:22:ac:8f:fd:c2:
                    30:7e:5d:19:7a:a1:4d:63:cc:78:8c:68:47:08:11:
                    b9:53:12:8a:3a:da:dc:de:92:87:fa:91:84:d6:d1:
                    66:76:b5:9c:de:2e:6c:36:7c:30:dd:07:7e:9e:af:
                    c3:e6:4b:57:c2:48:92:47:69:7e:01:0f:87:de:78:
                    9a:4f:dc:fe:36:4f:0f:b8:7e:6d:8e:a5:44:3d:ce:
                    f5:ee:34:af:1b:d9:36:01:20:3d:e4:3d:b1:e2:6d:
                    55:65:2b:32:36:8b:3d:e7:55:0a:d4:03:59:a6:aa:
                    94:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:AD:0E:B7:D3:F1:53:DD:5B:D0:39:88:21:2B:2A:DD:DA:13:73:BC
            X509v3 Authority Key Identifier:
                keyid:E4:1A:8C:42:EC:E8:9B:5F:BF:C2:10:DC:7B:55:4C:72:EA:4F:35:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5BqMQuzom1-_whDce1VMcupPNUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/U60Ot9PxU91b0DmIISsq3doTc7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/d19c2d-38c3-4526-a7cf-1d666c422c6a/1/5BqMQuzom1-_whDce1VMcupPNUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.152.0/21
                  185.64.148.0/22
                IPv6:
                  2a02:7680::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:b3:36:a4:4a:08:97:7f:81:38:ae:fb:0f:26:0a:7c:ec:d1:
         db:4e:d7:55:cd:e9:66:1c:1e:23:7f:e1:a4:be:56:4d:52:26:
         4f:35:35:3e:7e:ee:ea:40:32:7d:3f:14:a7:ea:a4:a6:35:c5:
         69:8c:03:23:61:bb:19:c6:3b:dd:9a:79:12:aa:19:aa:33:c3:
         7f:40:69:e5:02:c7:6d:e5:ee:6f:38:d8:a9:ff:32:d3:aa:ad:
         04:bd:89:f9:6f:7e:57:15:5d:a7:0d:56:a8:f1:79:b5:16:45:
         ec:d4:98:da:79:c3:05:d9:ac:84:0e:01:5d:a0:ca:ba:b0:be:
         4a:43:38:99:0d:9c:f0:ee:b1:8c:38:1c:10:cd:98:a8:a3:bf:
         27:43:7a:28:4d:03:60:77:0b:44:cf:d2:a6:e0:c9:a6:9a:28:
         72:71:52:6e:65:d3:f8:8b:7d:bb:96:a1:1d:2f:ed:32:17:47:
         aa:d3:6d:92:2f:d7:a2:46:5f:07:32:45:c7:ee:87:22:21:4b:
         46:14:77:c3:ef:06:4d:e4:7f:74:34:6d:4f:bc:e2:97:0b:76:
         08:00:e2:98:86:23:fa:66:78:91:39:82:12:3a:3f:0e:9c:41:
         df:0c:3b:f2:19:ae:8a:7e:7e:4d:7e:80:48:cf:3e:2f:18:ae:
         d3:63:58:6d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKqFIxOW/Dx1OOEwZGKPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0MWE4YzQyZWNlODliNWZiZmMyMTBkYzdiNTU0YzcyZWE0
ZjM1NDQwHhcNMjQwMTAyMTIzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2FkMGViN2QzZjE1M2RkNWJkMDM5ODgyMTJiMmFkZGRhMTM3M2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnARW3RDGxo38IRB8ETZ4fCvMNI7L
8UJFolvNCYYOzjJ9Ja/8Vbv/NtKxt55wj3ST2VQQ/OOY+G0JOoz1zzaDU0j9T0PD
5iLKUX4TIGEzL2NEFaPoLWq2hCIdFsg/F6tMWYLVUDfxGL6B3K+oFaQEDXLbXK10
szsDBETPFR4ct791CjdmlY1EVEP1IbeUUzhHIqyP/cIwfl0ZeqFNY8x4jGhHCBG5
UxKKOtrc3pKH+pGE1tFmdrWc3i5sNnww3Qd+nq/D5ktXwkiSR2l+AQ+H3niaT9z+
Nk8PuH5tjqVEPc717jSvG9k2ASA95D2x4m1VZSsyNos951UK1ANZpqqU+QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFOtDrfT8VPdW9A5iCErKt3aE3O8MB8GA1UdIwQY
MBaAFOQajELs6Jtfv8IQ3HtVTHLqTzVEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUJxTVF1em9tMS1fd2hEY2UxVk1jdXBQTlVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kMTljMmQtMzhjMy00NTI2LWE3Y2Yt
MWQ2NjZjNDIyYzZhLzEvVTYwT3Q5UHhVOTFiMERtSUlTc3EzZG9UYzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kMTljMmQtMzhjMy00NTI2LWE3Y2YtMWQ2NjZjNDIyYzZh
LzEvNUJxTVF1em9tMS1fd2hEY2UxVk1jdXBQTlVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDlT6YAwQC
uUCUMA0EAgACMAcDBQAqAnaAMA0GCSqGSIb3DQEBCwUAA4IBAQBGszakSgiXf4E4
rvsPJgp87NHbTtdVzelmHB4jf+GkvlZNUiZPNTU+fu7qQDJ9PxSn6qSmNcVpjAMj
YbsZxjvdmnkSqhmqM8N/QGnlAsdt5e5vONip/zLTqq0EvYn5b35XFV2nDVao8Xm1
FkXs1JjaecMF2ayEDgFdoMq6sL5KQziZDZzw7rGMOBwQzZioo78nQ3ooTQNgdwtE
z9Km4MmmmihycVJuZdP4i327lqEdL+0yF0eq022SL9eiRl8HMkXH7ociIUtGFHfD
7wZN5H90NG1PvOKXC3YIAOKYhiP6ZniROYISOj8OnEHfDDvyGa6Kfn5NfoBIzz4v
GK7TY1ht
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:06:44 2024 by rpki-client on console-ams.rpki-client.org