Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/25238c-8eee-4403-9104-9ca947aa665a/1/1-SW2tS-6NZ-gd665x8dt9974dT8.roa
File:                     1-SW2tS-6NZ-gd665x8dt9974dT8.roa (raw, json)
Hash identifier:          9yfnqo4O5r3TQSkjozLStch7Lmxp/qVTMLVy2RDwXOo=
Subject key identifier:   F9:25:B6:B5:2F:BA:35:9F:A0:77:AE:B9:C7:C7:6D:F7:DE:F8:75:3F
Certificate issuer:       /CN=ef401a52e3fde699486e99678dbf48875329c33d
Certificate serial:       018D34CB3EAA71BA9B1D2495A12E68C1EA14
Authority key identifier: EF:40:1A:52:E3:FD:E6:99:48:6E:99:67:8D:BF:48:87:53:29:C3:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/70AaUuP95plIbplnjb9Ih1Mpwz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/25238c-8eee-4403-9104-9ca947aa665a/1/1-SW2tS-6NZ-gd665x8dt9974dT8.roa
Signing time:             Tue 23 Jan 2024 05:29:11 +0000
ROA not before:           Tue 23 Jan 2024 05:29:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50923
IP address blocks:        5.53.16.0/20 maxlen: 20
                          5.53.16.0/21 maxlen: 21
                          5.53.16.0/22 maxlen: 22
                          5.53.20.0/22 maxlen: 22
                          5.53.24.0/21 maxlen: 21
                          5.53.24.0/22 maxlen: 22
                          5.53.28.0/22 maxlen: 22
                          37.60.16.0/21 maxlen: 21
                          37.60.16.0/22 maxlen: 22
                          37.60.16.0/23 maxlen: 23
                          37.60.16.0/24 maxlen: 24
                          37.60.18.0/23 maxlen: 23
                          37.60.20.0/22 maxlen: 22
                          37.60.20.0/23 maxlen: 23
                          37.60.22.0/23 maxlen: 23
                          37.143.96.0/20 maxlen: 20
                          37.143.96.0/21 maxlen: 21
                          37.143.96.0/22 maxlen: 22
                          37.143.100.0/22 maxlen: 22
                          37.143.104.0/21 maxlen: 21
                          37.143.104.0/22 maxlen: 22
                          37.143.108.0/22 maxlen: 22
                          178.208.224.0/19 maxlen: 19
                          178.208.224.0/20 maxlen: 20
                          178.208.224.0/21 maxlen: 21
                          178.208.232.0/21 maxlen: 21
                          178.208.240.0/20 maxlen: 20
                          178.208.240.0/21 maxlen: 21
                          178.208.248.0/21 maxlen: 21
                          185.3.68.0/22 maxlen: 22
                          185.3.68.0/23 maxlen: 23
                          185.3.68.0/24 maxlen: 24
                          185.3.69.0/24 maxlen: 24
                          185.3.70.0/23 maxlen: 23
                          185.3.70.0/24 maxlen: 24
                          185.3.71.0/24 maxlen: 24
                          2a00:ae40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/25238c-8eee-4403-9104-9ca947aa665a/1/70AaUuP95plIbplnjb9Ih1Mpwz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/25238c-8eee-4403-9104-9ca947aa665a/1/70AaUuP95plIbplnjb9Ih1Mpwz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/70AaUuP95plIbplnjb9Ih1Mpwz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:34:cb:3e:aa:71:ba:9b:1d:24:95:a1:2e:68:c1:ea:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef401a52e3fde699486e99678dbf48875329c33d
        Validity
            Not Before: Jan 23 05:29:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f925b6b52fba359fa077aeb9c7c76df7def8753f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:86:6f:5c:4c:10:90:b2:d4:00:be:41:82:92:
                    9d:2b:8a:0a:52:64:be:b4:0a:a4:b9:7a:7e:56:c9:
                    c7:b0:f1:ff:c9:d2:25:e7:7c:30:b0:c2:78:9b:bf:
                    12:d9:51:98:84:4b:e9:b4:f1:75:43:04:cd:13:33:
                    97:7c:6d:78:35:67:ed:c9:a5:a1:ac:f5:c6:f5:39:
                    12:52:13:20:06:62:eb:cf:56:89:e8:ec:77:bb:3e:
                    43:c1:77:ad:f0:7e:a3:9c:8e:3c:47:1d:5a:a5:7e:
                    eb:17:6e:8b:9d:0a:66:cf:7e:cc:83:14:10:6b:98:
                    b1:84:4b:18:04:4a:e4:12:f2:63:63:e2:83:7c:0a:
                    74:e5:54:2e:1b:f2:9b:5d:ce:0d:84:31:cc:c3:60:
                    a5:27:48:d4:ae:30:56:0c:79:95:71:aa:ed:a9:1a:
                    ad:cb:23:08:01:70:fc:c5:0e:41:12:4b:57:6b:0b:
                    80:5f:61:b4:21:4b:a1:ed:f1:db:d5:f9:4e:6e:73:
                    be:e7:7e:bb:b8:e0:53:6d:9e:12:ac:d3:7b:25:03:
                    d9:37:a0:55:43:08:01:71:45:52:d3:8e:e2:39:b8:
                    33:b5:4b:c8:0f:98:7b:16:2c:14:a2:21:e0:d2:ba:
                    49:82:d8:f7:13:72:41:67:ef:4a:a4:e5:e0:4c:7c:
                    a1:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:25:B6:B5:2F:BA:35:9F:A0:77:AE:B9:C7:C7:6D:F7:DE:F8:75:3F
            X509v3 Authority Key Identifier:
                keyid:EF:40:1A:52:E3:FD:E6:99:48:6E:99:67:8D:BF:48:87:53:29:C3:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/70AaUuP95plIbplnjb9Ih1Mpwz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/25238c-8eee-4403-9104-9ca947aa665a/1/1-SW2tS-6NZ-gd665x8dt9974dT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/25238c-8eee-4403-9104-9ca947aa665a/1/70AaUuP95plIbplnjb9Ih1Mpwz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.53.16.0/20
                  37.60.16.0/21
                  37.143.96.0/20
                  178.208.224.0/19
                  185.3.68.0/22
                IPv6:
                  2a00:ae40::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:60:17:1d:f3:96:17:ce:4e:e3:f9:93:96:d6:f9:1c:9d:e3:
         1f:2c:46:9b:9f:df:d0:18:c0:94:13:0c:f5:8d:6f:1d:59:5d:
         60:4c:06:6c:62:ad:b0:08:ff:da:90:6a:58:b6:d3:1a:04:a4:
         29:96:8c:eb:4b:23:2d:6a:5e:9c:00:76:95:2c:1e:85:b6:c3:
         12:23:b4:d7:74:8e:85:ce:3e:44:4f:2c:96:6c:a3:30:49:92:
         ec:c3:f2:a1:a0:bd:75:46:3c:39:9a:c6:f7:a6:81:68:15:a3:
         59:a0:d2:6b:80:f2:69:a5:03:51:df:a1:a3:12:b6:8a:f0:62:
         48:89:46:89:57:c2:4b:07:36:9c:db:00:d9:13:91:41:e8:04:
         53:dd:70:40:37:b2:a6:8e:79:e1:59:da:7a:87:30:3a:ff:92:
         6e:9b:2c:70:0a:7d:0d:ee:68:40:28:75:63:64:b9:4f:35:a9:
         54:bf:36:63:9d:fa:a9:6f:fc:f9:67:9e:00:ec:f5:c5:03:9d:
         70:6c:b9:b9:9b:03:15:6a:62:b6:3e:9b:48:01:a6:48:60:ab:
         c3:4d:ef:02:c8:27:24:33:04:58:a8:ed:84:1f:a3:7b:c6:9f:
         b5:52:d5:27:34:b7:06:8e:e3:ce:78:8b:da:2a:9b:13:c7:3c:
         0f:e9:1e:7c
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAY00yz6qcbqbHSSVoS5oweoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNDAxYTUyZTNmZGU2OTk0ODZlOTk2NzhkYmY0ODg3NTMy
OWMzM2QwHhcNMjQwMTIzMDUyOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTI1YjZiNTJmYmEzNTlmYTA3N2FlYjljN2M3NmRmN2RlZjg3NTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYZvXEwQkLLUAL5BgpKdK4oKUmS+
tAqkuXp+VsnHsPH/ydIl53wwsMJ4m78S2VGYhEvptPF1QwTNEzOXfG14NWftyaWh
rPXG9TkSUhMgBmLrz1aJ6Ox3uz5DwXet8H6jnI48Rx1apX7rF26LnQpmz37MgxQQ
a5ixhEsYBErkEvJjY+KDfAp05VQuG/KbXc4NhDHMw2ClJ0jUrjBWDHmVcartqRqt
yyMIAXD8xQ5BEktXawuAX2G0IUuh7fHb1flObnO+5367uOBTbZ4SrNN7JQPZN6BV
QwgBcUVS047iObgztUvID5h7FiwUoiHg0rpJgtj3E3JBZ+9KpOXgTHyh+wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFPkltrUvujWfoHeuucfHbffe+HU/MB8GA1UdIwQY
MBaAFO9AGlLj/eaZSG6ZZ42/SIdTKcM9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzBBYVV1UDk1cGxJYnBsbmpiOUloMU1wd3owLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8yNTIzOGMtOGVlZS00NDAzLTkxMDQt
OWNhOTQ3YWE2NjVhLzEvMS1TVzJ0Uy02TlotZ2Q2NjV4OGR0OTk3NGRUOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzcvMjUyMzhjLThlZWUtNDQwMy05MTA0LTljYTk0N2FhNjY1
YS8xLzcwQWFVdVA5NXBsSWJwbG5qYjlJaDFNcHd6MC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBGBggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEBAU1EAME
AyU8EAMEBCWPYAMEBbLQ4AMEArkDRDANBAIAAjAHAwUAKgCuQDANBgkqhkiG9w0B
AQsFAAOCAQEAUGAXHfOWF85O4/mTltb5HJ3jHyxGm5/f0BjAlBMM9Y1vHVldYEwG
bGKtsAj/2pBqWLbTGgSkKZaM60sjLWpenAB2lSwehbbDEiO013SOhc4+RE8slmyj
MEmS7MPyoaC9dUY8OZrG96aBaBWjWaDSa4DyaaUDUd+hoxK2ivBiSIlGiVfCSwc2
nNsA2RORQegEU91wQDeypo554VnaeocwOv+SbpsscAp9De5oQCh1Y2S5TzWpVL82
Y536qW/8+WeeAOz1xQOdcGy5uZsDFWpitj6bSAGmSGCrw03vAsgnJDMEWKjthB+j
e8aftVLVJzS3Bo7jzniL2iqbE8c8D+kefA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:07:28 2024 by rpki-client on console-ams.rpki-client.org