Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/5QiU4KjHe6rURZgDdGTMl8Zyezw.roa
File:                     5QiU4KjHe6rURZgDdGTMl8Zyezw.roa (raw, json)
Hash identifier:          yuQ/7BQYs9jM3jrH4SGueIzc9M29YlEPUkdg3FNwGhc=
Subject key identifier:   E5:08:94:E0:A8:C7:7B:AA:D4:45:98:03:74:64:CC:97:C6:72:7B:3C
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94DFF5D677EF378ECAFE27883877091
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/5QiU4KjHe6rURZgDdGTMl8Zyezw.roa
Signing time:             Tue 02 Jan 2024 08:33:01 +0000
ROA not before:           Tue 02 Jan 2024 08:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35267
IP address blocks:        86.105.253.0/24 maxlen: 24
                          93.114.232.0/23 maxlen: 24
                          89.36.150.0/23 maxlen: 24
                          188.212.192.0/21 maxlen: 24
                          89.35.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ff:5d:67:7e:f3:78:ec:af:e2:78:83:87:70:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e50894e0a8c77baad44598037464cc97c6727b3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:17:2d:81:df:07:e2:b3:94:f0:be:69:79:3b:
                    d3:5c:66:5f:49:4d:7f:de:67:9d:9c:fb:c3:ba:56:
                    a2:13:02:03:c5:5f:9b:b1:8b:06:f5:c0:e5:ca:f8:
                    da:3e:ee:96:40:b2:e6:e0:49:f0:13:4e:79:07:3b:
                    ae:50:f6:b1:67:e6:01:45:fa:b5:b8:3d:69:e4:61:
                    d3:ac:a1:b4:a8:0f:f4:76:11:3b:02:2e:d1:a2:1c:
                    fa:e5:28:72:ae:c6:ff:65:4d:a7:dc:75:11:c6:3d:
                    54:9c:46:2f:87:b1:eb:17:35:59:c8:21:83:d1:99:
                    f3:1d:62:76:ab:10:35:bc:e3:03:6b:06:75:b7:66:
                    0b:a1:3d:c3:22:1b:cb:76:98:f6:e2:24:ce:4e:29:
                    da:d5:d0:5a:90:e6:b2:be:10:ea:55:53:0a:dc:c4:
                    78:c3:30:34:ca:c5:aa:be:e2:56:c8:b3:8f:33:7e:
                    75:16:82:ad:4a:1f:bc:22:f4:6e:2e:39:74:6f:86:
                    c6:41:83:43:04:a2:ad:5f:7b:84:e7:93:ba:ab:65:
                    e5:ce:cc:5d:ff:49:d2:5f:8b:18:17:3b:c7:6d:68:
                    c3:74:2d:63:62:47:e6:dd:25:00:f4:02:ab:49:1b:
                    34:6f:61:72:ec:48:63:97:42:0a:f1:af:05:77:97:
                    53:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:08:94:E0:A8:C7:7B:AA:D4:45:98:03:74:64:CC:97:C6:72:7B:3C
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/5QiU4KjHe6rURZgDdGTMl8Zyezw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.253.0/24
                  89.35.38.0/24
                  89.36.150.0/23
                  93.114.232.0/23
                  188.212.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         27:65:5e:af:dc:59:e8:91:ad:5a:28:d0:50:19:be:50:93:41:
         20:58:a9:c3:f9:7a:86:f6:76:8f:7c:c9:27:9f:fc:0e:3f:c4:
         6c:e0:0e:f7:8c:90:9a:83:dd:ea:0f:b3:a3:93:c0:a3:9e:de:
         cf:b3:74:d0:e1:ce:f8:f1:97:9e:ed:1c:ae:cd:ef:f2:93:1f:
         5a:3b:44:b1:6f:fa:57:fe:2f:e5:61:3f:06:a2:05:9e:fa:8e:
         b0:ef:cc:5c:4f:34:8f:e6:24:4f:13:6c:cf:d3:1c:ab:c2:0a:
         94:33:88:cd:74:ef:32:96:58:6a:83:b2:d2:e5:c8:25:24:07:
         2c:d6:10:4d:d7:ac:70:72:34:40:f4:ae:cb:30:5b:44:88:5d:
         96:0b:53:36:1d:3b:9e:8e:24:92:79:d7:f4:c0:e2:f7:6c:d1:
         aa:63:d0:cb:90:2c:c2:b7:a5:45:e7:f1:a2:3c:be:5c:59:a9:
         98:7a:de:58:a0:11:d5:5a:9a:07:7a:c4:d7:a0:44:c3:d1:16:
         10:95:9a:7e:39:87:8a:3c:3b:d2:a5:b1:be:08:82:72:bb:7c:
         84:c9:e3:da:d2:53:58:e1:82:b9:a8:bb:95:47:ad:68:2b:01:
         78:ec:89:2a:c2:8e:43:97:94:13:a4:9a:f6:4c:21:5d:1c:87:
         e2:c9:1e:97
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzJTf9dZ37zeOyv4niDh3CRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTA4OTRlMGE4Yzc3YmFhZDQ0NTk4MDM3NDY0Y2M5N2M2NzI3YjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxctgd8H4rOU8L5peTvTXGZfSU1/
3mednPvDulaiEwIDxV+bsYsG9cDlyvjaPu6WQLLm4EnwE055BzuuUPaxZ+YBRfq1
uD1p5GHTrKG0qA/0dhE7Ai7Rohz65Shyrsb/ZU2n3HURxj1UnEYvh7HrFzVZyCGD
0ZnzHWJ2qxA1vOMDawZ1t2YLoT3DIhvLdpj24iTOTina1dBakOayvhDqVVMK3MR4
wzA0ysWqvuJWyLOPM351FoKtSh+8IvRuLjl0b4bGQYNDBKKtX3uE55O6q2Xlzsxd
/0nSX4sYFzvHbWjDdC1jYkfm3SUA9AKrSRs0b2Fy7Ehjl0IK8a8Fd5dTLQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFOUIlOCox3uq1EWYA3RkzJfGcns8MB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvNVFpVTRLakhlNnJVUlpnRGRHVE1sOFp5ZXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAVmn9AwQA
WSMmAwQBWSSWAwQBXXLoAwQDvNTAMA0GCSqGSIb3DQEBCwUAA4IBAQAnZV6v3Fno
ka1aKNBQGb5Qk0EgWKnD+XqG9naPfMknn/wOP8Rs4A73jJCag93qD7Ojk8Cjnt7P
s3TQ4c748Zee7Ryuze/ykx9aO0Sxb/pX/i/lYT8GogWe+o6w78xcTzSP5iRPE2zP
0xyrwgqUM4jNdO8yllhqg7LS5cglJAcs1hBN16xwcjRA9K7LMFtEiF2WC1M2HTue
jiSSedf0wOL3bNGqY9DLkCzCt6VF5/GiPL5cWamYet5YoBHVWpoHesTXoETD0RYQ
lZp+OYeKPDvSpbG+CIJyu3yEyePa0lNY4YK5qLuVR61oKwF47Ikqwo5Dl5QTpJr2
TCFdHIfiyR6X
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:10:35 2024 by rpki-client on console-fra.rpki-client.org