Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/XB23gi2f-EhXMiKkmL8fU9PDDBQ.roa
File:                     XB23gi2f-EhXMiKkmL8fU9PDDBQ.roa (raw, json)
Hash identifier:          hA3iSkL/ACxgzBc9pcR+GrFx+TOBBSivCpNwtRcQVsI=
Subject key identifier:   5C:1D:B7:82:2D:9F:F8:48:57:32:22:A4:98:BF:1F:53:D3:C3:0C:14
Certificate issuer:       /CN=5230b65d6116d4b60d36fdf7b6c6d5e5b954639e
Certificate serial:       018CC8013DDA67EA0000A2BC72B756BA2137
Authority key identifier: 52:30:B6:5D:61:16:D4:B6:0D:36:FD:F7:B6:C6:D5:E5:B9:54:63:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjC2XWEW1LYNNv33tsbV5blUY54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/XB23gi2f-EhXMiKkmL8fU9PDDBQ.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25593
IP address blocks:        217.19.48.0/20 maxlen: 20
                          89.107.168.0/21 maxlen: 21
                          46.19.176.0/21 maxlen: 21
                          93.188.168.0/21 maxlen: 21
                          185.48.44.0/22 maxlen: 22
                          212.67.32.0/20 maxlen: 20
                          185.48.46.0/24 maxlen: 24
                          2a00:1a00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/UjC2XWEW1LYNNv33tsbV5blUY54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/UjC2XWEW1LYNNv33tsbV5blUY54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjC2XWEW1LYNNv33tsbV5blUY54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3d:da:67:ea:00:00:a2:bc:72:b7:56:ba:21:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5230b65d6116d4b60d36fdf7b6c6d5e5b954639e
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c1db7822d9ff848573222a498bf1f53d3c30c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:67:41:1d:04:29:67:59:d8:67:d8:45:e1:38:
                    03:fa:e3:82:cc:70:bd:d5:ba:c7:2b:db:27:fa:34:
                    d2:f0:a0:32:d2:2f:c2:9f:7d:bc:9a:56:d9:08:28:
                    f3:35:6b:1c:88:49:6c:35:6b:16:78:44:d5:79:dd:
                    26:31:71:ee:41:01:d5:5b:8d:71:f7:25:c1:53:0f:
                    9d:7d:58:69:c4:3c:43:4d:1e:f8:79:20:11:03:c2:
                    1d:96:9e:f8:20:15:20:c4:28:52:ba:99:31:d8:9c:
                    35:a4:2a:cd:0a:52:25:b0:cb:e2:2e:1a:f1:c0:20:
                    09:13:7f:71:8c:79:ff:33:2f:d6:a3:89:38:83:a9:
                    a3:40:19:f8:5d:9d:6d:82:77:77:ec:51:1e:12:8d:
                    da:66:c7:f0:63:a7:68:b0:0c:0f:3b:89:76:04:17:
                    b4:5b:61:7c:0d:04:19:c2:93:48:ab:a5:d3:7f:69:
                    7d:40:48:61:0e:71:be:a3:f7:7b:fa:09:63:13:8a:
                    b4:69:1d:7f:3e:23:c1:e8:3e:fc:9a:1e:03:5a:01:
                    46:4b:91:77:46:dd:fb:5f:88:88:d2:7e:04:25:c0:
                    34:d1:dd:63:7a:c4:d8:ef:f7:8e:d4:11:6a:35:2b:
                    a8:bb:e4:39:67:04:38:39:da:35:17:e8:38:9f:27:
                    c2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:1D:B7:82:2D:9F:F8:48:57:32:22:A4:98:BF:1F:53:D3:C3:0C:14
            X509v3 Authority Key Identifier:
                keyid:52:30:B6:5D:61:16:D4:B6:0D:36:FD:F7:B6:C6:D5:E5:B9:54:63:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjC2XWEW1LYNNv33tsbV5blUY54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/XB23gi2f-EhXMiKkmL8fU9PDDBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/fadff6-5cc0-4694-9c62-1358c2b5d541/1/UjC2XWEW1LYNNv33tsbV5blUY54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.176.0/21
                  89.107.168.0/21
                  93.188.168.0/21
                  185.48.44.0/22
                  212.67.32.0/20
                  217.19.48.0/20
                IPv6:
                  2a00:1a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:2d:af:aa:5c:3d:97:77:bc:d1:96:7f:fe:e9:a4:0a:bd:ce:
         fe:05:90:84:53:ed:16:04:13:2e:32:9f:66:18:10:63:31:59:
         6b:5f:c5:31:d2:1b:fe:d5:03:42:05:ac:02:46:74:e8:d3:27:
         84:10:93:d4:d1:39:37:65:c8:a2:55:4b:d7:71:b1:68:4a:ae:
         55:51:5c:08:92:37:6e:80:fe:bf:8c:fd:86:61:12:20:09:71:
         4e:0b:b9:ae:ff:37:a1:05:a1:af:8f:a2:88:18:f1:f4:3e:b3:
         52:5e:03:84:3d:ff:d3:4c:78:97:99:06:90:c6:eb:ea:de:c9:
         91:e4:1a:be:c5:b1:5b:c0:3e:2f:a8:ce:70:c8:3e:92:65:63:
         c3:60:08:a4:db:27:f2:f3:f5:be:0c:70:d6:f8:a2:59:2d:ce:
         ad:45:4e:86:f3:ca:d1:be:4e:65:7d:1c:9b:13:c5:ad:63:62:
         de:4e:cb:b1:91:85:04:2e:9e:4f:80:99:0b:1c:15:4f:be:c7:
         ae:ef:36:43:eb:21:3d:de:f7:c4:e6:15:ce:9e:7f:7d:12:f5:
         ba:5c:94:f8:9a:a4:e4:fd:cc:57:97:8b:6b:8f:4b:21:7e:60:
         8c:e2:2d:16:a8:f0:3e:04:ec:bc:a9:34:6f:28:ac:e6:33:79:
         49:6d:c4:e5
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzIAT3aZ+oAAKK8crdWuiE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzBiNjVkNjExNmQ0YjYwZDM2ZmRmN2I2YzZkNWU1Yjk1
NDYzOWUwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzFkYjc4MjJkOWZmODQ4NTczMjIyYTQ5OGJmMWY1M2QzYzMwYzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGdBHQQpZ1nYZ9hF4TgD+uOCzHC9
1brHK9sn+jTS8KAy0i/Cn328mlbZCCjzNWsciElsNWsWeETVed0mMXHuQQHVW41x
9yXBUw+dfVhpxDxDTR74eSARA8Idlp74IBUgxChSupkx2Jw1pCrNClIlsMviLhrx
wCAJE39xjHn/My/Wo4k4g6mjQBn4XZ1tgnd37FEeEo3aZsfwY6dosAwPO4l2BBe0
W2F8DQQZwpNIq6XTf2l9QEhhDnG+o/d7+gljE4q0aR1/PiPB6D78mh4DWgFGS5F3
Rt37X4iI0n4EJcA00d1jesTY7/eO1BFqNSuou+Q5ZwQ4Odo1F+g4nyfCawIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFFwdt4Itn/hIVzIipJi/H1PTwwwUMB8GA1UdIwQY
MBaAFFIwtl1hFtS2DTb997bG1eW5VGOeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWpDMlhXRVcxTFlOTnYzM3RzYlY1YmxVWTU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mYWRmZjYtNWNjMC00Njk0LTljNjIt
MTM1OGMyYjVkNTQxLzEvWEIyM2dpMmYtRWhYTWlLa21MOGZVOVBEREJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mYWRmZjYtNWNjMC00Njk0LTljNjItMTM1OGMyYjVkNTQx
LzEvVWpDMlhXRVcxTFlOTnYzM3RzYlY1YmxVWTU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDLhOwAwQD
WWuoAwQDXbyoAwQCuTAsAwQE1EMgAwQE2RMwMA0EAgACMAcDBQAqABoAMA0GCSqG
SIb3DQEBCwUAA4IBAQBTLa+qXD2Xd7zRln/+6aQKvc7+BZCEU+0WBBMuMp9mGBBj
MVlrX8Ux0hv+1QNCBawCRnTo0yeEEJPU0Tk3ZciiVUvXcbFoSq5VUVwIkjdugP6/
jP2GYRIgCXFOC7mu/zehBaGvj6KIGPH0PrNSXgOEPf/TTHiXmQaQxuvq3smR5Bq+
xbFbwD4vqM5wyD6SZWPDYAik2yfy8/W+DHDW+KJZLc6tRU6G88rRvk5lfRybE8Wt
Y2LeTsuxkYUELp5PgJkLHBVPvseu7zZD6yE93vfE5hXOnn99EvW6XJT4mqTk/cxX
l4trj0shfmCM4i0WqPA+BOy8qTRvKKzmM3lJbcTl
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:08:49 2024 by rpki-client on console-fra.rpki-client.org