Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/5Wi_DvHmhBpXAWghfFVd7Q-H-cs.roa
File:                     5Wi_DvHmhBpXAWghfFVd7Q-H-cs.roa (raw, json)
Hash identifier:          wi+6zaiucpWowzSLTnVpQfpBtWhiajo1VyZNTLvfFMI=
Subject key identifier:   E5:68:BF:0E:F1:E6:84:1A:57:01:68:21:7C:55:5D:ED:0F:87:F9:CB
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DAE6F99766B23ACF1FC64FCDE23ED
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/5Wi_DvHmhBpXAWghfFVd7Q-H-cs.roa
Signing time:             Tue 02 Jan 2024 08:32:40 +0000
ROA not before:           Tue 02 Jan 2024 08:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60494
IP address blocks:        37.153.90.0/24 maxlen: 24
                          37.153.88.0/24 maxlen: 24
                          37.153.91.0/24 maxlen: 24
                          37.153.89.0/24 maxlen: 24
                          37.153.94.0/24 maxlen: 24
                          37.153.92.0/24 maxlen: 24
                          37.153.95.0/24 maxlen: 24
                          37.153.93.0/24 maxlen: 24
                          185.40.145.0/24 maxlen: 24
                          185.40.144.0/24 maxlen: 24
                          185.40.147.0/24 maxlen: 24
                          185.40.146.0/24 maxlen: 24
                          31.200.240.0/24 maxlen: 24
                          31.200.246.0/24 maxlen: 24
                          31.200.244.0/24 maxlen: 24
                          31.200.242.0/24 maxlen: 24
                          31.200.245.0/24 maxlen: 24
                          31.200.243.0/24 maxlen: 24
                          31.200.241.0/24 maxlen: 24
                          31.200.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ae:6f:99:76:6b:23:ac:f1:fc:64:fc:de:23:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e568bf0ef1e6841a570168217c555ded0f87f9cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d9:d9:a6:09:77:f4:05:2f:e2:d2:50:07:5c:
                    7d:8d:83:da:d7:76:aa:fc:b0:dc:47:b9:7a:7a:e0:
                    e8:7a:06:52:a7:dd:d2:39:38:35:e8:65:a9:30:68:
                    3b:a3:74:6d:90:bc:88:45:53:73:b6:01:e4:6f:7c:
                    b6:6c:61:bd:2b:ad:da:95:92:06:26:96:e2:31:38:
                    3d:c6:d5:35:0c:9b:44:1d:dd:53:bb:75:29:ad:2b:
                    2e:67:50:1f:5e:8f:69:c9:38:3b:76:48:3d:dd:4f:
                    a9:15:a2:81:87:d5:70:eb:59:69:4f:36:48:6f:bf:
                    94:50:7f:8b:8b:a5:db:fc:ad:26:1f:e9:c3:fc:62:
                    29:ea:99:d4:31:38:14:36:07:41:5f:f3:07:52:6d:
                    6b:d6:00:53:ff:5b:b0:d0:c9:01:6c:99:e2:4d:e9:
                    f3:43:60:04:8f:34:d1:f5:03:83:d0:2e:55:a6:5a:
                    ea:57:5b:68:c0:38:e2:2c:a4:4a:9d:fc:ba:40:8e:
                    25:31:67:fd:45:c7:08:73:76:3f:92:94:fc:d8:f1:
                    7f:7f:cf:a0:78:87:00:96:b8:86:e1:07:37:df:13:
                    86:28:b3:50:5f:10:6d:23:8e:66:4a:d1:b6:03:f2:
                    60:07:ea:0d:17:ca:0d:4a:45:c0:e8:2d:ad:bb:09:
                    9c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:68:BF:0E:F1:E6:84:1A:57:01:68:21:7C:55:5D:ED:0F:87:F9:CB
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/5Wi_DvHmhBpXAWghfFVd7Q-H-cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.200.240.0/21
                  37.153.88.0/21
                  185.40.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:ba:20:ad:55:ac:66:0d:ce:eb:80:4b:85:57:da:b4:80:f4:
         7a:3a:51:8e:f3:2a:5f:75:8d:9d:78:c6:c7:ef:85:35:09:af:
         ff:a3:54:5c:60:f6:0e:72:9a:7e:7c:1c:94:f8:67:df:1a:17:
         0c:7c:f2:90:73:b5:3b:a3:8e:dc:25:8a:17:d2:1e:48:43:73:
         b9:d6:cb:97:fb:88:5c:70:6a:ba:cb:94:87:65:af:f3:30:f4:
         71:c7:99:61:22:18:c6:57:9c:6e:12:4b:1f:ad:14:df:df:1d:
         17:6f:0f:93:0c:36:f1:cb:23:3d:98:2e:aa:89:40:15:db:4d:
         7f:26:7d:56:a2:4d:c2:2e:c2:b0:a6:74:20:24:5d:47:32:ca:
         a7:6a:cb:08:30:1a:50:eb:44:e2:37:c5:7e:c1:8e:2a:ec:d1:
         aa:b1:b0:03:97:c3:22:5e:df:d0:2b:14:f4:6b:30:f0:26:c0:
         a8:b0:52:77:0f:4d:00:2e:09:47:66:50:dc:12:60:95:4d:96:
         94:75:d7:45:17:6d:07:78:06:b2:3d:cd:a8:1a:98:64:ec:02:
         18:6d:dc:c9:df:31:aa:65:77:3f:f5:e6:2f:c4:d2:73:b2:20:
         95:3b:df:e7:38:91:fa:03:05:bd:6f:0d:30:08:1f:bb:34:52:
         2c:be:5b:ec
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTa5vmXZrI6zx/GT83iPtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTY4YmYwZWYxZTY4NDFhNTcwMTY4MjE3YzU1NWRlZDBmODdmOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltnZpgl39AUv4tJQB1x9jYPa13aq
/LDcR7l6euDoegZSp93SOTg16GWpMGg7o3RtkLyIRVNztgHkb3y2bGG9K63alZIG
JpbiMTg9xtU1DJtEHd1Tu3UprSsuZ1AfXo9pyTg7dkg93U+pFaKBh9Vw61lpTzZI
b7+UUH+Li6Xb/K0mH+nD/GIp6pnUMTgUNgdBX/MHUm1r1gBT/1uw0MkBbJniTenz
Q2AEjzTR9QOD0C5VplrqV1towDjiLKRKnfy6QI4lMWf9RccIc3Y/kpT82PF/f8+g
eIcAlriG4Qc33xOGKLNQXxBtI45mStG2A/JgB+oNF8oNSkXA6C2tuwmcQwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOVovw7x5oQaVwFoIXxVXe0Ph/nLMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvNVdpX0R2SG1oQnBYQVdnaGZGVmQ3US1ILWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDH8jwAwQD
JZlYAwQCuSiQMA0GCSqGSIb3DQEBCwUAA4IBAQAguiCtVaxmDc7rgEuFV9q0gPR6
OlGO8ypfdY2deMbH74U1Ca//o1RcYPYOcpp+fByU+GffGhcMfPKQc7U7o47cJYoX
0h5IQ3O51suX+4hccGq6y5SHZa/zMPRxx5lhIhjGV5xuEksfrRTf3x0Xbw+TDDbx
yyM9mC6qiUAV201/Jn1Wok3CLsKwpnQgJF1HMsqnassIMBpQ60TiN8V+wY4q7NGq
sbADl8MiXt/QKxT0azDwJsCosFJ3D00ALglHZlDcEmCVTZaUdddFF20HeAayPc2o
Gphk7AIYbdzJ3zGqZXc/9eYvxNJzsiCVO9/nOJH6AwW9bw0wCB+7NFIsvlvs
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:38:58 2024 by rpki-client on console-ams.rpki-client.org