Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/MupxJXIhUUWKqsCELLd67Cz33fc.roa
File:                     MupxJXIhUUWKqsCELLd67Cz33fc.roa (raw, json)
Hash identifier:          zrhDw1HaEfOjdAxwW5TeJre6DoBTV72QIRH/gLiUeZY=
Subject key identifier:   32:EA:71:25:72:21:51:45:8A:AA:C0:84:2C:B7:7A:EC:2C:F7:DD:F7
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0194228D9A88922EFF0AD61596D28D4A3FBA
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/MupxJXIhUUWKqsCELLd67Cz33fc.roa
Signing time:             Wed 01 Jan 2025 15:48:12 +0000
ROA not before:           Wed 01 Jan 2025 15:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57546
IP address blocks:        212.56.4.0/24 maxlen: 24
                          212.56.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:9a:88:92:2e:ff:0a:d6:15:96:d2:8d:4a:3f:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  1 15:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32ea7125722151458aaac0842cb77aec2cf7ddf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:64:ff:a0:c4:30:c2:8b:b5:61:af:3a:5c:f1:
                    3b:19:0c:95:17:8c:e7:4f:95:b1:fa:0f:d1:b2:a2:
                    a5:95:71:d1:5f:dc:8e:86:a2:4b:d0:e5:02:d8:1d:
                    62:cb:4d:c8:08:67:7c:bb:67:5a:71:18:e4:ba:3e:
                    7e:79:b5:1c:11:49:7d:a1:4b:77:27:07:8d:8c:5d:
                    66:6b:2b:c3:00:02:0c:dd:09:ae:ac:64:2a:13:17:
                    15:cf:8a:c7:31:7a:66:66:cd:ee:36:50:a1:d5:a8:
                    26:92:f5:05:ec:6d:74:1f:30:c0:9a:e6:6e:96:de:
                    f5:d8:0f:30:8e:ed:da:6a:28:aa:be:e7:29:14:bb:
                    73:1e:66:7a:74:01:c0:ec:e0:26:f7:c6:c6:16:07:
                    50:8e:73:99:d2:57:7b:4c:74:83:2c:3a:2c:83:ee:
                    d6:ba:ad:09:42:69:14:ab:0d:58:60:d1:96:f6:73:
                    c0:dd:65:e3:70:b4:e1:d4:b2:9a:bf:31:03:66:8b:
                    9f:50:be:3b:66:62:62:a5:2a:cb:3a:7a:69:69:85:
                    1a:fb:a6:36:27:48:33:d0:7d:6b:42:68:5e:54:01:
                    5d:81:d1:e8:84:fb:34:33:37:4e:20:f7:0c:25:47:
                    d9:69:32:01:b9:7a:95:74:f1:f5:15:9d:df:07:1c:
                    28:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:EA:71:25:72:21:51:45:8A:AA:C0:84:2C:B7:7A:EC:2C:F7:DD:F7
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/MupxJXIhUUWKqsCELLd67Cz33fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.56.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:5b:ee:b5:27:f9:45:e1:f6:f8:d3:dc:d9:35:ae:0e:73:24:
         f1:25:97:33:22:21:a1:a8:24:6c:5c:b0:db:21:b4:8f:38:4b:
         94:d8:19:58:de:67:29:64:f7:a9:8f:21:de:b9:16:c0:f4:22:
         a8:76:b6:91:50:cd:96:9c:54:e2:9e:cf:2e:b8:72:38:95:0a:
         34:4c:57:0e:6a:e4:3e:c8:c6:4e:3d:8b:6e:7b:6d:ed:cb:4d:
         99:95:91:9d:24:1e:be:8a:fb:3d:35:cc:35:25:a3:69:f5:3c:
         ef:93:ba:da:f7:74:6d:34:ea:94:6e:d2:46:d9:13:6d:67:81:
         90:75:26:42:88:15:e8:90:a4:64:c5:23:be:56:3d:9b:a4:f6:
         37:6f:84:4d:0f:d6:cc:c5:1a:c0:a4:0a:fc:88:4f:dc:30:30:
         cc:13:14:ba:8c:91:55:9e:ee:31:a4:54:46:ab:9e:9e:d5:29:
         6c:ca:20:bf:28:6f:f0:5a:8b:cd:aa:98:65:4d:6c:4a:39:e3:
         8a:c0:ef:e9:09:f2:02:0e:aa:bd:2d:e5:9f:f6:04:5f:89:01:
         36:7b:10:32:18:b2:ff:63:56:ec:8f:d9:3c:26:82:9b:a4:4a:
         36:ec:a0:7d:1b:17:81:ed:26:82:ec:2e:26:03:42:dd:0e:c3:
         b1:f1:08:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZqIki7/CtYVltKNSj+6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmVhNzEyNTcyMjE1MTQ1OGFhYWMwODQyY2I3N2FlYzJjZjdkZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmT/oMQwwou1Ya86XPE7GQyVF4zn
T5Wx+g/RsqKllXHRX9yOhqJL0OUC2B1iy03ICGd8u2dacRjkuj5+ebUcEUl9oUt3
JweNjF1mayvDAAIM3QmurGQqExcVz4rHMXpmZs3uNlCh1agmkvUF7G10HzDAmuZu
lt712A8wju3aaiiqvucpFLtzHmZ6dAHA7OAm98bGFgdQjnOZ0ld7THSDLDosg+7W
uq0JQmkUqw1YYNGW9nPA3WXjcLTh1LKavzEDZoufUL47ZmJipSrLOnppaYUa+6Y2
J0gz0H1rQmheVAFdgdHohPs0MzdOIPcMJUfZaTIBuXqVdPH1FZ3fBxwoCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDLqcSVyIVFFiqrAhCy3euws9933MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvTXVweEpYSWhVVVdLcXNDRUxMZDY3Q3ozM2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1DgEMA0G
CSqGSIb3DQEBCwUAA4IBAQAFW+61J/lF4fb409zZNa4OcyTxJZczIiGhqCRsXLDb
IbSPOEuU2BlY3mcpZPepjyHeuRbA9CKodraRUM2WnFTins8uuHI4lQo0TFcOauQ+
yMZOPYtue23ty02ZlZGdJB6+ivs9Ncw1JaNp9Tzvk7ra93RtNOqUbtJG2RNtZ4GQ
dSZCiBXokKRkxSO+Vj2bpPY3b4RND9bMxRrApAr8iE/cMDDMExS6jJFVnu4xpFRG
q56e1SlsyiC/KG/wWovNqphlTWxKOeOKwO/pCfICDqq9LeWf9gRfiQE2exAyGLL/
Y1bsj9k8JoKbpEo27KB9GxeB7SaC7C4mA0LdDsOx8QgF
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:20:24 2025 by rpki-client