Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/tnSEYGFQffj7QC2UpLxriwv5T9A.roa
File:                     tnSEYGFQffj7QC2UpLxriwv5T9A.roa (raw, json)
Hash identifier:          LF4rAk23nVmjsL0bCCyjRTdxGUU64fyhDDWToOSHcyo=
Subject key identifier:   B6:74:84:60:61:50:7D:F8:FB:40:2D:94:A4:BC:6B:8B:0B:F9:4F:D0
Certificate issuer:       /CN=a501c89f44829c72f2a953d2a2ba4ae0b7b50d8a
Certificate serial:       018CC6B8DE0777B867774DD7577264E3F6D5
Authority key identifier: A5:01:C8:9F:44:82:9C:72:F2:A9:53:D2:A2:BA:4A:E0:B7:B5:0D:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pQHIn0SCnHLyqVPSorpK4Le1DYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/tnSEYGFQffj7QC2UpLxriwv5T9A.roa
Signing time:             Mon 01 Jan 2024 20:30:53 +0000
ROA not before:           Mon 01 Jan 2024 20:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59414
IP address blocks:        5.102.144.0/21 maxlen: 24
                          45.151.213.0/24 maxlen: 24
                          185.79.232.0/22 maxlen: 24
                          185.98.120.0/22 maxlen: 24
                          45.81.68.0/22 maxlen: 24
                          45.11.220.0/22 maxlen: 24
                          185.72.238.0/23 maxlen: 24
                          2a06:c07::/32 maxlen: 48
                          2a06:c01::/32 maxlen: 48
                          2a06:c02::/32 maxlen: 48
                          2a06:c00::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/pQHIn0SCnHLyqVPSorpK4Le1DYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/pQHIn0SCnHLyqVPSorpK4Le1DYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pQHIn0SCnHLyqVPSorpK4Le1DYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:de:07:77:b8:67:77:4d:d7:57:72:64:e3:f6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a501c89f44829c72f2a953d2a2ba4ae0b7b50d8a
        Validity
            Not Before: Jan  1 20:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b674846061507df8fb402d94a4bc6b8b0bf94fd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:37:33:65:52:76:44:45:c9:7b:1e:9e:38:df:
                    a6:08:97:0c:66:e2:32:ea:82:5f:b0:9c:40:ca:69:
                    33:30:16:d1:91:4a:ec:e0:72:2d:e4:3b:71:5a:e9:
                    ee:33:44:dd:22:d2:57:b6:fa:e1:a9:0e:01:70:90:
                    0a:50:73:57:5e:2f:f9:ca:6b:37:68:66:57:e3:6a:
                    0d:e7:63:51:68:c1:4f:64:63:c2:c1:aa:97:2b:77:
                    7d:88:18:3e:88:30:fa:22:40:b1:4f:61:38:de:e7:
                    aa:ef:59:a0:db:11:bd:cd:00:fb:27:43:1a:eb:38:
                    1a:40:03:f9:8e:58:29:fa:72:a8:ad:5b:c6:94:53:
                    ab:84:e5:44:ce:28:6e:82:5e:37:f4:1d:a2:89:a4:
                    f2:49:e1:77:39:b8:83:44:fd:1a:ae:60:be:15:5b:
                    ef:f9:c6:8d:d2:11:2c:20:79:32:ed:17:6f:ba:5b:
                    ff:ad:58:7b:48:a9:5e:8c:40:b3:17:b2:87:a2:b3:
                    98:a5:4c:36:45:a0:a8:1e:57:22:e7:ff:54:d2:46:
                    b4:7e:23:b3:55:5a:b3:42:6d:44:a7:91:44:d2:f4:
                    c6:09:18:7d:42:d1:be:9c:f2:1d:57:a3:09:7d:cc:
                    f7:17:8e:1a:56:ca:38:4d:0e:fa:94:48:3e:ec:0e:
                    77:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:74:84:60:61:50:7D:F8:FB:40:2D:94:A4:BC:6B:8B:0B:F9:4F:D0
            X509v3 Authority Key Identifier:
                keyid:A5:01:C8:9F:44:82:9C:72:F2:A9:53:D2:A2:BA:4A:E0:B7:B5:0D:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pQHIn0SCnHLyqVPSorpK4Le1DYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/tnSEYGFQffj7QC2UpLxriwv5T9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d5e103-90b5-44f1-b864-14a1eb5512d6/1/pQHIn0SCnHLyqVPSorpK4Le1DYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.144.0/21
                  45.11.220.0/22
                  45.81.68.0/22
                  45.151.213.0/24
                  185.72.238.0/23
                  185.79.232.0/22
                  185.98.120.0/22
                IPv6:
                  2a06:c00::-2a06:c02:ffff:ffff:ffff:ffff:ffff:ffff
                  2a06:c07::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:c4:59:19:56:e5:0f:24:c6:77:fb:8f:49:0a:d2:0f:ac:5a:
         f6:d0:12:12:6c:65:b3:2a:65:1d:c1:92:11:22:ad:29:f6:87:
         cd:80:95:fe:21:55:5d:a1:46:55:a5:06:79:03:a4:69:7b:66:
         6a:38:58:94:9b:ab:82:b9:dc:cf:8c:de:bc:ab:a1:42:ad:89:
         76:0e:39:2d:f8:52:39:7f:67:59:06:15:5f:73:f6:98:aa:31:
         6a:dc:e7:a1:cd:f3:49:37:44:9c:09:dc:72:4c:4a:27:c0:4a:
         a6:60:67:b0:8f:b3:4b:00:de:61:e9:58:96:2f:00:ea:9a:54:
         01:58:93:3b:6c:85:c4:42:87:03:0f:e5:87:5c:24:43:5e:7d:
         76:80:67:f9:45:34:f7:66:30:29:1c:fc:7e:45:5d:86:5c:6a:
         1c:a9:68:65:29:c5:dd:06:82:05:0a:6c:d8:97:98:90:c5:3b:
         3a:68:60:74:2c:22:3e:3a:b4:1b:cc:ca:b0:2f:e0:fb:db:49:
         ba:4f:e9:4c:3c:76:14:27:3c:cf:fa:ed:11:82:71:6a:f0:2e:
         f1:ca:ac:67:ba:bb:ea:10:d3:0c:74:12:e0:7a:de:e2:f4:73:
         51:ed:d2:df:9c:c5:95:e7:05:1e:4f:4f:18:2b:df:43:ab:07:
         da:2f:ad:ba
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYzGuN4Hd7hnd03XV3Jk4/bVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MDFjODlmNDQ4MjljNzJmMmE5NTNkMmEyYmE0YWUwYjdi
NTBkOGEwHhcNMjQwMTAxMjAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc0ODQ2MDYxNTA3ZGY4ZmI0MDJkOTRhNGJjNmI4YjBiZjk0ZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzczZVJ2REXJex6eON+mCJcMZuIy
6oJfsJxAymkzMBbRkUrs4HIt5DtxWunuM0TdItJXtvrhqQ4BcJAKUHNXXi/5yms3
aGZX42oN52NRaMFPZGPCwaqXK3d9iBg+iDD6IkCxT2E43ueq71mg2xG9zQD7J0Ma
6zgaQAP5jlgp+nKorVvGlFOrhOVEzihugl439B2iiaTySeF3ObiDRP0armC+FVvv
+caN0hEsIHky7Rdvulv/rVh7SKlejECzF7KHorOYpUw2RaCoHlci5/9U0ka0fiOz
VVqzQm1Ep5FE0vTGCRh9QtG+nPIdV6MJfcz3F44aVso4TQ76lEg+7A53CQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLZ0hGBhUH34+0AtlKS8a4sL+U/QMB8GA1UdIwQY
MBaAFKUByJ9Egpxy8qlT0qK6SuC3tQ2KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFFISW4wU0NuSEx5cVZQU29ycEs0TGUxRFlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9kNWUxMDMtOTBiNS00NGYxLWI4NjQt
MTRhMWViNTUxMmQ2LzEvdG5TRVlHRlFmZmo3UUMyVXBMeHJpd3Y1VDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9kNWUxMDMtOTBiNS00NGYxLWI4NjQtMTRhMWViNTUxMmQ2
LzEvcFFISW4wU0NuSEx5cVZQU29ycEs0TGUxRFlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDAwBAIAATAqAwQDBWaQAwQC
LQvcAwQCLVFEAwQALZfVAwQBuUjuAwQCuU/oAwQCuWJ4MBwEAgACMBYwDQMEAioG
DAMFACoGDAIDBQAqBgwHMA0GCSqGSIb3DQEBCwUAA4IBAQAsxFkZVuUPJMZ3+49J
CtIPrFr20BISbGWzKmUdwZIRIq0p9ofNgJX+IVVdoUZVpQZ5A6Rpe2ZqOFiUm6uC
udzPjN68q6FCrYl2Djkt+FI5f2dZBhVfc/aYqjFq3OehzfNJN0ScCdxyTEonwEqm
YGewj7NLAN5h6ViWLwDqmlQBWJM7bIXEQocDD+WHXCRDXn12gGf5RTT3ZjApHPx+
RV2GXGocqWhlKcXdBoIFCmzYl5iQxTs6aGB0LCI+OrQbzMqwL+D720m6T+lMPHYU
JzzP+u0RgnFq8C7xyqxnurvqENMMdBLget7i9HNR7dLfnMWV5wUeT08YK99Dqwfa
L626
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:54:57 2024 by rpki-client on console-fra.rpki-client.org