Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/7bd8cf-2a61-4b74-860d-364fae7c72c4/1/biaZMBJdBOPx2FHlzf8QzqNWSW4.roa
File:                     biaZMBJdBOPx2FHlzf8QzqNWSW4.roa (raw, json)
Hash identifier:          R6EFt2yzO/6cvZjM+UoPUQd1LR5tVrN3Lm9Q4bu+Nzo=
Subject key identifier:   6E:26:99:30:12:5D:04:E3:F1:D8:51:E5:CD:FF:10:CE:A3:56:49:6E
Certificate issuer:       /CN=08a5c3aba421b78a7d5d09b75b4ce3be5273caac
Certificate serial:       018CC6B94452A691F7E66D04E5F66814DAB7
Authority key identifier: 08:A5:C3:AB:A4:21:B7:8A:7D:5D:09:B7:5B:4C:E3:BE:52:73:CA:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CKXDq6Qht4p9XQm3W0zjvlJzyqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/7bd8cf-2a61-4b74-860d-364fae7c72c4/1/biaZMBJdBOPx2FHlzf8QzqNWSW4.roa
Signing time:             Mon 01 Jan 2024 20:31:19 +0000
ROA not before:           Mon 01 Jan 2024 20:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28760
IP address blocks:        185.236.144.0/22 maxlen: 22
                          185.71.252.0/22 maxlen: 22
                          5.104.216.0/21 maxlen: 21
                          213.174.224.0/19 maxlen: 19
                          77.242.64.0/20 maxlen: 20
                          2a03:fa00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/7bd8cf-2a61-4b74-860d-364fae7c72c4/1/CKXDq6Qht4p9XQm3W0zjvlJzyqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/7bd8cf-2a61-4b74-860d-364fae7c72c4/1/CKXDq6Qht4p9XQm3W0zjvlJzyqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CKXDq6Qht4p9XQm3W0zjvlJzyqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:44:52:a6:91:f7:e6:6d:04:e5:f6:68:14:da:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08a5c3aba421b78a7d5d09b75b4ce3be5273caac
        Validity
            Not Before: Jan  1 20:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e269930125d04e3f1d851e5cdff10cea356496e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:63:a8:55:a1:4d:30:70:d0:61:90:e0:60:55:
                    60:43:d2:70:6a:84:a6:2d:ff:db:a7:2a:b3:91:b7:
                    bc:46:a4:ee:c5:65:96:78:78:fe:17:b8:fd:d4:ca:
                    37:23:b0:d3:40:57:87:50:33:96:36:8e:16:e6:91:
                    bc:f5:d8:6f:da:33:8c:e0:f4:5d:4a:96:96:04:e6:
                    67:55:81:60:ae:87:dd:27:9c:e5:6d:40:77:e8:50:
                    62:8f:d6:56:95:c8:06:b1:f0:fc:ba:78:c3:97:f5:
                    c3:8e:e6:76:91:d8:63:64:b9:39:b2:45:b4:3e:f0:
                    78:20:91:55:9f:48:e2:ae:b8:70:cd:43:80:10:77:
                    21:86:92:49:e2:12:e4:b4:34:48:f3:db:b5:fd:b7:
                    68:a7:04:23:10:22:ae:3e:fc:b0:df:e1:3e:56:9a:
                    8c:6f:77:0c:c6:74:30:e3:6c:45:a8:06:43:6c:40:
                    40:b3:37:57:b7:76:09:73:fb:f1:78:d9:d2:0d:5a:
                    c8:ed:a1:d2:41:79:2c:5e:13:93:62:0e:46:cc:77:
                    91:b2:21:58:5e:e7:b7:73:04:0f:6a:22:e1:c7:8c:
                    67:b7:97:8d:0e:47:28:ad:5e:dd:6a:79:f1:5c:7c:
                    ef:63:1f:db:a7:aa:a2:62:bc:11:b1:52:f0:45:8f:
                    00:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:26:99:30:12:5D:04:E3:F1:D8:51:E5:CD:FF:10:CE:A3:56:49:6E
            X509v3 Authority Key Identifier:
                keyid:08:A5:C3:AB:A4:21:B7:8A:7D:5D:09:B7:5B:4C:E3:BE:52:73:CA:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CKXDq6Qht4p9XQm3W0zjvlJzyqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/7bd8cf-2a61-4b74-860d-364fae7c72c4/1/biaZMBJdBOPx2FHlzf8QzqNWSW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/7bd8cf-2a61-4b74-860d-364fae7c72c4/1/CKXDq6Qht4p9XQm3W0zjvlJzyqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.216.0/21
                  77.242.64.0/20
                  185.71.252.0/22
                  185.236.144.0/22
                  213.174.224.0/19
                IPv6:
                  2a03:fa00::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:b1:58:aa:a4:b0:80:92:71:ab:7e:69:00:72:72:b9:fd:a4:
         f6:59:62:06:b8:84:6b:0c:06:e5:4c:bd:85:5c:b8:6f:61:5d:
         ee:5b:c5:70:99:cc:d4:1b:7b:98:42:93:9d:48:8f:26:92:98:
         67:8e:bf:d1:f5:98:d2:5c:a7:ec:40:ab:b1:a8:0e:ad:ba:17:
         38:8c:f9:3c:11:60:b5:bb:ec:83:06:88:4b:2e:11:21:41:1d:
         cd:b3:fb:e9:4e:c1:fb:40:cb:62:f5:b7:52:bc:84:74:da:0f:
         28:e7:27:ff:a9:1f:ab:cc:7e:24:33:ad:4f:8d:46:a3:a5:c6:
         dd:4f:5b:e4:3d:76:00:a7:c7:55:cc:ae:62:8d:a3:a3:bd:ca:
         43:3f:6a:62:da:4e:8d:28:1d:86:c6:05:9c:75:82:44:0e:a6:
         60:cb:e7:fd:67:aa:be:d1:ae:ce:4b:5a:35:a6:8f:2c:23:87:
         53:f6:12:06:39:c7:4b:18:be:fe:e8:8e:28:06:c0:c3:77:8d:
         6c:65:75:86:68:26:23:08:76:dc:2d:73:94:3a:9e:6c:65:7f:
         17:2c:ea:a2:2a:57:12:cc:d9:e2:3e:9c:6d:86:0f:ce:7d:f0:
         ae:1d:b8:85:eb:e2:c6:4b:cc:2e:dd:3f:85:61:d9:10:5d:4c:
         e1:d2:5f:45
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzGuURSppH35m0E5fZoFNq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YTVjM2FiYTQyMWI3OGE3ZDVkMDliNzViNGNlM2JlNTI3
M2NhYWMwHhcNMjQwMTAxMjAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTI2OTkzMDEyNWQwNGUzZjFkODUxZTVjZGZmMTBjZWEzNTY0OTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGOoVaFNMHDQYZDgYFVgQ9JwaoSm
Lf/bpyqzkbe8RqTuxWWWeHj+F7j91Mo3I7DTQFeHUDOWNo4W5pG89dhv2jOM4PRd
SpaWBOZnVYFgrofdJ5zlbUB36FBij9ZWlcgGsfD8unjDl/XDjuZ2kdhjZLk5skW0
PvB4IJFVn0jirrhwzUOAEHchhpJJ4hLktDRI89u1/bdopwQjECKuPvyw3+E+VpqM
b3cMxnQw42xFqAZDbEBAszdXt3YJc/vxeNnSDVrI7aHSQXksXhOTYg5GzHeRsiFY
Xue3cwQPaiLhx4xnt5eNDkcorV7dannxXHzvYx/bp6qiYrwRsVLwRY8ARQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFG4mmTASXQTj8dhR5c3/EM6jVkluMB8GA1UdIwQY
MBaAFAilw6ukIbeKfV0Jt1tM475Sc8qsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0tYRHE2UWh0NHA5WFFtM1cwemp2bEp6eXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My83YmQ4Y2YtMmE2MS00Yjc0LTg2MGQt
MzY0ZmFlN2M3MmM0LzEvYmlhWk1CSmRCT1B4MkZIbHpmOFF6cU5XU1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My83YmQ4Y2YtMmE2MS00Yjc0LTg2MGQtMzY0ZmFlN2M3MmM0
LzEvQ0tYRHE2UWh0NHA5WFFtM1cwemp2bEp6eXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBWjYAwQE
TfJAAwQCuUf8AwQCueyQAwQF1a7gMA0EAgACMAcDBQMqA/oAMA0GCSqGSIb3DQEB
CwUAA4IBAQAMsViqpLCAknGrfmkAcnK5/aT2WWIGuIRrDAblTL2FXLhvYV3uW8Vw
mczUG3uYQpOdSI8mkphnjr/R9ZjSXKfsQKuxqA6tuhc4jPk8EWC1u+yDBohLLhEh
QR3Ns/vpTsH7QMti9bdSvIR02g8o5yf/qR+rzH4kM61PjUajpcbdT1vkPXYAp8dV
zK5ijaOjvcpDP2pi2k6NKB2GxgWcdYJEDqZgy+f9Z6q+0a7OS1o1po8sI4dT9hIG
OcdLGL7+6I4oBsDDd41sZXWGaCYjCHbcLXOUOp5sZX8XLOqiKlcSzNniPpxthg/O
ffCuHbiF6+LGS8wu3T+FYdkQXUzh0l9F
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:40:05 2024 by rpki-client on console-ams.rpki-client.org