Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/5732d3-a53c-41f7-a623-55b3e6476a7b/1/NLmE571muwKh1aAr-ZZw50qChK8.roa
File:                     NLmE571muwKh1aAr-ZZw50qChK8.roa (raw, json)
Hash identifier:          T+e/8ywbs/dvRVugJtpPZzr0e9ZodgLu6rmEGH/a7K8=
Subject key identifier:   34:B9:84:E7:BD:66:BB:02:A1:D5:A0:2B:F9:96:70:E7:4A:82:84:AF
Certificate issuer:       /CN=056006f2a1840900c753628121b3fb7ec5bd89e9
Certificate serial:       018CC726D467B364584D4E3F5430B72DE6E4
Authority key identifier: 05:60:06:F2:A1:84:09:00:C7:53:62:81:21:B3:FB:7E:C5:BD:89:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BWAG8qGECQDHU2KBIbP7fsW9iek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/5732d3-a53c-41f7-a623-55b3e6476a7b/1/NLmE571muwKh1aAr-ZZw50qChK8.roa
Signing time:             Mon 01 Jan 2024 22:30:59 +0000
ROA not before:           Mon 01 Jan 2024 22:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62005
IP address blocks:        5.42.221.0/24 maxlen: 24
                          45.129.0.0/24 maxlen: 24
                          2a12:c740:1::/48 maxlen: 48
                          2a12:c740::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/5732d3-a53c-41f7-a623-55b3e6476a7b/1/BWAG8qGECQDHU2KBIbP7fsW9iek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/5732d3-a53c-41f7-a623-55b3e6476a7b/1/BWAG8qGECQDHU2KBIbP7fsW9iek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BWAG8qGECQDHU2KBIbP7fsW9iek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d4:67:b3:64:58:4d:4e:3f:54:30:b7:2d:e6:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=056006f2a1840900c753628121b3fb7ec5bd89e9
        Validity
            Not Before: Jan  1 22:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34b984e7bd66bb02a1d5a02bf99670e74a8284af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ed:7c:c9:cd:e2:b3:92:86:7b:c2:c3:f7:53:
                    6c:36:40:da:c9:8b:5f:b9:39:b1:81:0d:2d:b1:79:
                    2c:f1:72:f7:f2:aa:2a:fe:90:8b:09:8e:39:ce:ba:
                    be:43:85:1c:2b:4e:76:8a:9c:97:66:92:50:b6:60:
                    81:08:b5:38:4e:cd:8a:76:2c:1f:b5:2f:45:67:63:
                    f0:38:62:46:73:a2:b2:0d:d4:ac:b3:24:6f:41:08:
                    c4:34:aa:db:c1:65:73:fb:3c:dd:84:6f:39:ea:35:
                    68:1a:b3:ea:94:fc:ea:e6:50:e8:28:75:11:71:18:
                    a1:5d:83:47:fa:7b:96:d2:a4:46:7f:87:07:36:ab:
                    69:2f:ba:d6:d4:0e:57:ab:38:75:fa:28:31:3a:59:
                    b8:80:4a:d9:95:78:92:65:16:f4:24:ec:f4:0a:54:
                    a8:01:1a:f6:8d:49:48:af:0a:ff:77:9b:f8:77:ca:
                    1b:14:f7:d7:9e:7f:3b:df:1d:a0:70:95:44:61:cb:
                    1f:e9:5a:7a:b1:1d:2a:e3:75:aa:6b:2f:fa:d1:e1:
                    5a:eb:da:b0:ae:ad:97:c5:aa:5b:b6:2e:0c:f2:ec:
                    7e:73:5b:fa:30:d6:4f:a3:08:3d:27:24:7d:18:7e:
                    1b:fe:52:60:d0:69:a4:65:06:8f:bd:26:a0:f7:23:
                    aa:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B9:84:E7:BD:66:BB:02:A1:D5:A0:2B:F9:96:70:E7:4A:82:84:AF
            X509v3 Authority Key Identifier:
                keyid:05:60:06:F2:A1:84:09:00:C7:53:62:81:21:B3:FB:7E:C5:BD:89:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BWAG8qGECQDHU2KBIbP7fsW9iek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5732d3-a53c-41f7-a623-55b3e6476a7b/1/NLmE571muwKh1aAr-ZZw50qChK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5732d3-a53c-41f7-a623-55b3e6476a7b/1/BWAG8qGECQDHU2KBIbP7fsW9iek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.221.0/24
                  45.129.0.0/24
                IPv6:
                  2a12:c740::/47

    Signature Algorithm: sha256WithRSAEncryption
         1b:23:50:95:06:29:31:31:64:ea:82:4a:0e:9e:32:f9:53:17:
         50:d8:fa:b9:f8:72:b4:e0:69:e9:3c:14:5d:4b:16:fd:42:e0:
         36:18:2a:bd:92:fb:d2:68:33:75:f8:30:d2:99:bf:7e:d8:d3:
         c2:31:d6:b9:d0:20:9e:0d:d9:ca:f3:99:16:67:e8:f4:c1:79:
         de:4f:93:d9:20:a8:da:bb:e1:29:d6:a0:41:61:42:14:43:60:
         59:1f:86:ee:0b:d1:89:a0:2e:8c:1c:a0:20:cc:9d:b2:3b:b0:
         57:16:80:a8:e6:20:24:f0:d0:b3:a3:96:83:97:9b:52:93:f4:
         f5:a2:49:5d:0d:ac:9d:94:91:bb:4f:a4:94:b0:e8:21:17:b6:
         6a:6b:23:d3:51:9d:3a:54:b4:8b:1d:ca:cb:ae:eb:14:ec:1b:
         1a:db:b1:c5:8c:82:b7:05:dd:f0:d2:00:b7:70:fb:42:4d:04:
         3d:ce:9d:7c:e9:2d:fa:39:d8:03:a6:c5:78:fb:0a:b7:4d:91:
         06:1f:b6:2e:8d:5d:2b:17:a0:02:d3:e3:f0:8e:b2:70:b6:13:
         9e:7a:de:37:88:d9:60:3f:3e:44:9e:cd:ed:31:e7:9c:4f:37:
         94:1d:5a:27:3a:90:9c:0c:4a:c9:fa:0e:86:f8:53:0d:9d:73:
         6c:d1:89:80
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzHJtRns2RYTU4/VDC3LebkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NjAwNmYyYTE4NDA5MDBjNzUzNjI4MTIxYjNmYjdlYzVi
ZDg5ZTkwHhcNMjQwMTAxMjIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGI5ODRlN2JkNjZiYjAyYTFkNWEwMmJmOTk2NzBlNzRhODI4NGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+18yc3is5KGe8LD91NsNkDayYtf
uTmxgQ0tsXks8XL38qoq/pCLCY45zrq+Q4UcK052ipyXZpJQtmCBCLU4Ts2Kdiwf
tS9FZ2PwOGJGc6KyDdSssyRvQQjENKrbwWVz+zzdhG856jVoGrPqlPzq5lDoKHUR
cRihXYNH+nuW0qRGf4cHNqtpL7rW1A5Xqzh1+igxOlm4gErZlXiSZRb0JOz0ClSo
ARr2jUlIrwr/d5v4d8obFPfXnn873x2gcJVEYcsf6Vp6sR0q43Wqay/60eFa69qw
rq2Xxapbti4M8ux+c1v6MNZPowg9JyR9GH4b/lJg0GmkZQaPvSag9yOqsQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDS5hOe9ZrsCodWgK/mWcOdKgoSvMB8GA1UdIwQY
MBaAFAVgBvKhhAkAx1NigSGz+37FvYnpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQldBRzhxR0VDUURIVTJLQkliUDdmc1c5aWVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC81NzMyZDMtYTUzYy00MWY3LWE2MjMt
NTViM2U2NDc2YTdiLzEvTkxtRTU3MW11d0toMWFBci1aWnc1MHFDaEs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC81NzMyZDMtYTUzYy00MWY3LWE2MjMtNTViM2U2NDc2YTdi
LzEvQldBRzhxR0VDUURIVTJLQkliUDdmc1c5aWVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQABSrdAwQA
LYEAMA8EAgACMAkDBwEqEsdAAAAwDQYJKoZIhvcNAQELBQADggEBABsjUJUGKTEx
ZOqCSg6eMvlTF1DY+rn4crTgaek8FF1LFv1C4DYYKr2S+9JoM3X4MNKZv37Y08Ix
1rnQIJ4N2crzmRZn6PTBed5Pk9kgqNq74SnWoEFhQhRDYFkfhu4L0YmgLowcoCDM
nbI7sFcWgKjmICTw0LOjloOXm1KT9PWiSV0NrJ2UkbtPpJSw6CEXtmprI9NRnTpU
tIsdysuu6xTsGxrbscWMgrcF3fDSALdw+0JNBD3OnXzpLfo52AOmxXj7CrdNkQYf
ti6NXSsXoALT4/COsnC2E5563jeI2WA/PkSeze0x55xPN5QdWic6kJwMSsn6Dob4
Uw2dc2zRiYA=
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:42:31 2024 by rpki-client on console-fra.rpki-client.org