Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/5avQS7V5KoFK9wPCZWf1mKbef0o.roa
File:                     5avQS7V5KoFK9wPCZWf1mKbef0o.roa (raw, json)
Hash identifier:          CWVr1CMjh4VQHe4otjBIpGvVv9NFPYi8ufRKDrz+0Fs=
Subject key identifier:   E5:AB:D0:4B:B5:79:2A:81:4A:F7:03:C2:65:67:F5:98:A6:DE:7F:4A
Certificate issuer:       /CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
Certificate serial:       018DC2CDB0DA1C90218CB47CFD6ED5174D11
Authority key identifier: EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/5avQS7V5KoFK9wPCZWf1mKbef0o.roa
Signing time:             Mon 19 Feb 2024 19:17:56 +0000
ROA not before:           Mon 19 Feb 2024 19:17:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        93.180.216.0/24 maxlen: 24
                          93.180.217.0/24 maxlen: 24
                          93.180.218.0/24 maxlen: 24
                          93.180.219.0/24 maxlen: 24
                          93.180.220.0/24 maxlen: 24
                          93.180.221.0/24 maxlen: 24
                          93.180.222.0/24 maxlen: 24
                          93.180.223.0/24 maxlen: 24
                          144.86.228.0/24 maxlen: 24
                          144.86.229.0/24 maxlen: 24
                          144.86.230.0/24 maxlen: 24
                          144.86.231.0/24 maxlen: 24
                          185.20.196.0/24 maxlen: 24
                          185.20.197.0/24 maxlen: 24
                          185.20.198.0/23 maxlen: 23
                          185.20.198.0/24 maxlen: 24
                          185.20.199.0/24 maxlen: 24
                          185.138.120.0/23 maxlen: 23
                          185.138.120.0/24 maxlen: 24
                          185.138.121.0/24 maxlen: 24
                          185.138.122.0/24 maxlen: 24
                          185.138.123.0/24 maxlen: 24
                          185.254.12.0/24 maxlen: 24
                          185.254.13.0/24 maxlen: 24
                          185.254.14.0/24 maxlen: 24
                          185.254.15.0/24 maxlen: 24
                          195.133.220.0/24 maxlen: 24
                          195.133.221.0/24 maxlen: 24
                          195.133.222.0/24 maxlen: 24
                          195.133.223.0/24 maxlen: 24
                          199.74.189.0/24 maxlen: 24
                          199.74.191.0/24 maxlen: 24
                          2a0b:1880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c2:cd:b0:da:1c:90:21:8c:b4:7c:fd:6e:d5:17:4d:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
        Validity
            Not Before: Feb 19 19:17:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5abd04bb5792a814af703c26567f598a6de7f4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:25:53:e2:fe:a9:46:e8:55:69:69:5e:c3:16:
                    50:11:c0:74:08:c2:fe:f0:63:45:9c:06:50:48:8e:
                    c5:23:96:a2:6b:88:8f:93:27:11:46:32:3f:b6:f9:
                    c2:51:e3:39:a5:17:ce:e5:11:fb:06:b2:dc:80:db:
                    d8:a5:15:4f:8b:34:0d:8a:4c:ba:e4:29:dc:3e:ff:
                    84:c7:3e:57:ee:dd:05:65:c1:b1:da:78:ed:41:60:
                    8b:aa:64:6a:a2:66:82:5a:b7:3a:e0:38:b8:80:72:
                    65:54:7f:b3:c9:67:d1:9a:91:bf:94:31:33:4c:15:
                    30:05:ac:8b:b6:4a:80:9a:ae:cc:5f:4f:b4:b6:21:
                    76:b7:e0:9c:73:37:95:18:67:b6:5c:37:a5:e7:45:
                    64:0f:fc:11:77:7b:ee:0f:04:de:fd:55:91:2e:d7:
                    71:11:ab:2d:b7:fa:55:ac:65:0c:d8:d2:9e:ab:d2:
                    5e:d2:8f:39:af:33:00:09:3d:67:f9:90:d2:a3:61:
                    7f:9c:e6:08:d8:cc:58:73:46:45:6a:74:f6:70:92:
                    63:75:4d:6d:a0:76:05:c2:1c:29:db:85:69:c3:56:
                    f4:2c:00:9c:a9:33:fb:a6:72:d5:57:ee:e0:f0:b2:
                    5b:58:9b:75:f0:a6:d4:0e:2d:67:e0:5a:7b:2f:bf:
                    c8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AB:D0:4B:B5:79:2A:81:4A:F7:03:C2:65:67:F5:98:A6:DE:7F:4A
            X509v3 Authority Key Identifier:
                keyid:EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/5avQS7V5KoFK9wPCZWf1mKbef0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.180.216.0/21
                  144.86.228.0/22
                  185.20.196.0/22
                  185.138.120.0/22
                  185.254.12.0/22
                  195.133.220.0/22
                  199.74.189.0/24
                  199.74.191.0/24
                IPv6:
                  2a0b:1880::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:7c:e7:df:00:a5:f9:e5:bb:b0:90:54:c6:95:2f:fa:db:63:
         0a:42:b6:7b:81:2d:44:a0:68:e2:0c:70:db:ea:a4:19:f8:5d:
         32:c2:19:f9:04:85:08:36:22:93:92:59:f6:80:dd:19:ef:cc:
         53:b8:50:a6:86:e2:5e:93:e4:86:51:a4:83:87:4e:60:68:ee:
         85:06:20:9b:71:7e:ce:db:17:ca:88:8e:49:67:5e:c1:e8:11:
         6d:3f:1c:a0:bb:88:33:f6:c7:00:f1:ec:b7:68:2e:c4:e9:a5:
         0a:f1:2c:a8:78:2d:a3:b5:04:72:fd:14:b4:9d:1e:a4:08:93:
         2f:60:ca:ba:9d:e7:f3:34:1c:f4:9c:3a:da:78:f4:26:d2:09:
         f6:be:b7:ef:11:fe:ee:02:a6:d4:0e:5d:51:fd:6c:19:93:54:
         d2:d3:88:ab:ca:84:11:63:b2:73:6c:ce:2e:b6:04:22:bb:99:
         91:a0:9a:a8:1d:8a:20:7a:4b:16:d6:6a:30:d9:93:b8:1f:89:
         ed:68:e7:b5:27:0a:d5:5d:fb:7c:09:0a:b9:40:38:81:64:fa:
         04:6f:85:45:b5:f5:77:48:a9:58:4c:fe:35:96:1c:ce:a8:42:
         5e:e5:d0:a5:0c:ae:c1:e5:43:ff:4c:72:4d:4a:23:e7:0d:e9:
         37:b9:f0:49
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAY3CzbDaHJAhjLR8/W7VF00RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTRkOWU0MWVhNWUyZDE2MWI3YzRjZGIyZTQ3MDJjNGYy
NDhlMTQwHhcNMjQwMjE5MTkxNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWFiZDA0YmI1NzkyYTgxNGFmNzAzYzI2NTY3ZjU5OGE2ZGU3ZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSVT4v6pRuhVaWlewxZQEcB0CML+
8GNFnAZQSI7FI5aia4iPkycRRjI/tvnCUeM5pRfO5RH7BrLcgNvYpRVPizQNiky6
5CncPv+Exz5X7t0FZcGx2njtQWCLqmRqomaCWrc64Di4gHJlVH+zyWfRmpG/lDEz
TBUwBayLtkqAmq7MX0+0tiF2t+CcczeVGGe2XDel50VkD/wRd3vuDwTe/VWRLtdx
Eastt/pVrGUM2NKeq9Je0o85rzMACT1n+ZDSo2F/nOYI2MxYc0ZFanT2cJJjdU1t
oHYFwhwp24Vpw1b0LACcqTP7pnLVV+7g8LJbWJt18KbUDi1n4Fp7L7/I3QIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFOWr0Eu1eSqBSvcDwmVn9Zim3n9KMB8GA1UdIwQY
MBaAFO9U2eQepeLRYbfEzbLkcCxPJI4UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzIt
ZmJjNmZjYjVlN2E2LzEvNWF2UVM3VjVLb0ZLOXdQQ1pXZjFtS2JlZjBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzItZmJjNmZjYjVlN2E2
LzEvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDXbTYAwQC
kFbkAwQCuRTEAwQCuYp4AwQCuf4MAwQCw4XcAwQAx0q9AwQAx0q/MA0EAgACMAcD
BQMqCxiAMA0GCSqGSIb3DQEBCwUAA4IBAQBafOffAKX55buwkFTGlS/622MKQrZ7
gS1EoGjiDHDb6qQZ+F0ywhn5BIUINiKTkln2gN0Z78xTuFCmhuJek+SGUaSDh05g
aO6FBiCbcX7O2xfKiI5JZ17B6BFtPxygu4gz9scA8ey3aC7E6aUK8SyoeC2jtQRy
/RS0nR6kCJMvYMq6nefzNBz0nDraePQm0gn2vrfvEf7uAqbUDl1R/WwZk1TS04ir
yoQRY7JzbM4utgQiu5mRoJqoHYogeksW1mow2ZO4H4ntaOe1JwrVXft8CQq5QDiB
ZPoEb4VFtfV3SKlYTP41lhzOqEJe5dClDK7B5UP/THJNSiPnDek3ufBJ
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:11:12 2024 by rpki-client on console-ams.rpki-client.org