Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aQe1o6LYom6XD6x7a9v6eBtvOz0.roa
File:                     aQe1o6LYom6XD6x7a9v6eBtvOz0.roa (raw, json)
Hash identifier:          fexR+Tp8gFdNq2PHPdcahtZZZa7CMT+g1Ge42akjqds=
Subject key identifier:   69:07:B5:A3:A2:D8:A2:6E:97:0F:AC:7B:6B:DB:FA:78:1B:6F:3B:3D
Certificate issuer:       /CN=69a4d6916b93159aa80984a9b3774683bb550ebd
Certificate serial:       018CC8DF296A36C462B94A56087A8B6DAC8A
Authority key identifier: 69:A4:D6:91:6B:93:15:9A:A8:09:84:A9:B3:77:46:83:BB:55:0E:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aQe1o6LYom6XD6x7a9v6eBtvOz0.roa
Signing time:             Tue 02 Jan 2024 06:31:57 +0000
ROA not before:           Tue 02 Jan 2024 06:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6903
IP address blocks:        213.189.192.0/24 maxlen: 24
                          213.189.196.0/23 maxlen: 23
                          213.189.198.0/24 maxlen: 24
                          213.189.200.0/24 maxlen: 24
                          213.189.207.0/24 maxlen: 24
                          213.189.208.0/23 maxlen: 23
                          213.189.211.0/24 maxlen: 24
                          213.189.212.0/23 maxlen: 23
                          213.189.214.0/24 maxlen: 24
                          62.113.120.0/21 maxlen: 21
                          195.2.82.0/23 maxlen: 23
                          62.113.124.0/22 maxlen: 22
                          195.2.87.0/24 maxlen: 24
                          195.2.88.0/22 maxlen: 22
                          195.2.94.0/23 maxlen: 23
                          62.113.80.0/22 maxlen: 22
                          62.113.86.0/24 maxlen: 24
                          62.113.89.0/24 maxlen: 24
                          62.113.90.0/24 maxlen: 24
                          62.113.95.0/24 maxlen: 24
                          195.2.64.0/23 maxlen: 23
                          195.2.68.0/23 maxlen: 23
                          195.2.72.0/24 maxlen: 24
                          195.2.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aaTWkWuTFZqoCYSps3dGg7tVDr0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aaTWkWuTFZqoCYSps3dGg7tVDr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:29:6a:36:c4:62:b9:4a:56:08:7a:8b:6d:ac:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69a4d6916b93159aa80984a9b3774683bb550ebd
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6907b5a3a2d8a26e970fac7b6bdbfa781b6f3b3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4d:94:ee:f0:e2:66:68:06:ba:a7:ae:27:5f:
                    d2:69:86:ac:39:fd:31:47:6d:ca:f7:f8:c6:e0:bb:
                    5c:b5:fc:9a:30:d2:1d:73:5d:4c:10:e8:f1:8c:32:
                    fa:e8:d5:da:87:46:42:c4:93:de:22:dc:40:17:79:
                    32:f5:82:60:91:8d:2f:70:3c:72:3c:5e:ae:cd:fc:
                    37:3c:35:d6:0c:2f:99:26:87:b8:5f:56:80:d4:ec:
                    bc:f8:d8:e6:79:05:0c:82:1a:36:b4:51:5f:9b:e9:
                    47:de:54:3c:8c:da:5f:1c:bc:10:9d:d7:3b:dd:61:
                    a8:ce:0c:bd:82:f3:96:af:c1:ff:d8:65:71:1e:e3:
                    a3:66:2c:0c:fe:f7:41:5c:13:73:98:a6:27:ef:70:
                    dc:0f:3c:d9:c7:e6:9e:36:47:b9:59:a0:87:2e:ca:
                    ac:0b:f9:08:ca:49:9c:53:b4:d3:f6:0d:17:9d:c9:
                    2f:56:ff:2b:76:b6:ed:63:74:20:bf:9e:a4:d5:52:
                    b7:d5:2b:6c:d3:25:96:4a:af:c8:cf:dc:25:f3:63:
                    7e:30:9b:83:92:37:2c:60:a7:4f:a3:f6:61:d6:cc:
                    b1:e4:46:23:a0:20:c7:44:8e:2c:4c:5a:cb:40:22:
                    15:ba:75:ca:09:e0:eb:b8:03:c9:36:67:8d:c3:33:
                    53:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:07:B5:A3:A2:D8:A2:6E:97:0F:AC:7B:6B:DB:FA:78:1B:6F:3B:3D
            X509v3 Authority Key Identifier:
                keyid:69:A4:D6:91:6B:93:15:9A:A8:09:84:A9:B3:77:46:83:BB:55:0E:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aQe1o6LYom6XD6x7a9v6eBtvOz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aaTWkWuTFZqoCYSps3dGg7tVDr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.113.80.0/22
                  62.113.86.0/24
                  62.113.89.0-62.113.90.255
                  62.113.95.0/24
                  62.113.120.0/21
                  195.2.64.0/23
                  195.2.68.0/23
                  195.2.72.0/24
                  195.2.77.0/24
                  195.2.82.0/23
                  195.2.87.0-195.2.91.255
                  195.2.94.0/23
                  213.189.192.0/24
                  213.189.196.0-213.189.198.255
                  213.189.200.0/24
                  213.189.207.0-213.189.209.255
                  213.189.211.0-213.189.214.255

    Signature Algorithm: sha256WithRSAEncryption
         6c:f3:f1:cf:da:7a:20:dd:80:5e:91:cf:3f:6a:23:99:58:b9:
         de:31:1d:cd:4e:80:0f:2b:a2:ca:23:ba:fd:07:78:fb:25:0b:
         66:4b:75:22:a6:cf:30:b1:72:20:75:1c:d4:ee:83:e9:78:38:
         67:a2:fb:18:fd:76:0d:e7:b8:28:aa:a6:ff:c0:db:67:7c:37:
         83:1c:ca:29:00:df:12:07:5e:02:b2:5e:35:6c:27:a6:00:be:
         42:53:83:bc:3d:de:7a:a8:11:8c:0b:0d:2b:59:d9:d5:d7:50:
         28:9c:8d:60:5d:f0:7e:ee:37:67:f1:fb:95:60:f2:c4:91:bf:
         52:36:4d:bf:a1:ff:90:77:ef:7a:56:9f:43:76:96:90:ee:8e:
         3d:02:d6:79:38:4b:c7:36:73:03:f6:a8:c0:b0:b5:73:b4:f8:
         fa:7a:9d:c0:77:58:9c:e8:cc:f9:c7:53:fc:02:b5:3d:14:f7:
         84:26:de:17:81:74:0d:38:85:6d:d0:be:ac:79:b4:62:d1:19:
         34:62:3e:b4:43:1f:39:e5:4b:9e:1a:f5:91:fe:41:92:36:18:
         bb:4c:17:09:b6:23:7e:0c:9d:ec:ae:f4:3e:c7:63:9c:4d:f3:
         60:84:b5:95:ce:e4:11:23:c8:ad:c4:78:c5:ab:93:6a:fd:65:
         66:d8:2f:0c
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYzI3ylqNsRiuUpWCHqLbayKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YTRkNjkxNmI5MzE1OWFhODA5ODRhOWIzNzc0NjgzYmI1
NTBlYmQwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTA3YjVhM2EyZDhhMjZlOTcwZmFjN2I2YmRiZmE3ODFiNmYzYjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAik2U7vDiZmgGuqeuJ1/SaYasOf0x
R23K9/jG4LtctfyaMNIdc11MEOjxjDL66NXah0ZCxJPeItxAF3ky9YJgkY0vcDxy
PF6uzfw3PDXWDC+ZJoe4X1aA1Oy8+NjmeQUMgho2tFFfm+lH3lQ8jNpfHLwQndc7
3WGozgy9gvOWr8H/2GVxHuOjZiwM/vdBXBNzmKYn73DcDzzZx+aeNke5WaCHLsqs
C/kIykmcU7TT9g0XnckvVv8rdrbtY3Qgv56k1VK31Sts0yWWSq/Iz9wl82N+MJuD
kjcsYKdPo/Zh1syx5EYjoCDHRI4sTFrLQCIVunXKCeDruAPJNmeNwzNTqQIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFGkHtaOi2KJulw+se2vb+ngbbzs9MB8GA1UdIwQY
MBaAFGmk1pFrkxWaqAmEqbN3RoO7VQ69MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWFUV2tXdVRGWnFvQ1lTcHMzZEdnN3RWRHIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9jMDMxZTUtZmM2Ny00MWY1LThlYmUt
MzE5NzExMDA5N2M5LzEvYVFlMW82TFlvbTZYRDZ4N2E5djZlQnR2T3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9jMDMxZTUtZmM2Ny00MWY1LThlYmUtMzE5NzExMDA5N2M5
LzEvYWFUV2tXdVRGWnFvQ1lTcHMzZEdnN3RWRHIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAI+
cVADBAA+cVYwDAMEAD5xWQMEAD5xWgMEAD5xXwMEAz5xeAMEAcMCQAMEAcMCRAME
AMMCSAMEAMMCTQMEAcMCUjAMAwQAwwJXAwQCwwJYAwQBwwJeAwQA1b3AMAwDBALV
vcQDBADVvcYDBADVvcgwDAMEANW9zwMEAdW90DAMAwQA1b3TAwQA1b3WMA0GCSqG
SIb3DQEBCwUAA4IBAQBs8/HP2nog3YBekc8/aiOZWLneMR3NToAPK6LKI7r9B3j7
JQtmS3Uips8wsXIgdRzU7oPpeDhnovsY/XYN57goqqb/wNtnfDeDHMopAN8SB14C
sl41bCemAL5CU4O8Pd56qBGMCw0rWdnV11AonI1gXfB+7jdn8fuVYPLEkb9SNk2/
of+Qd+96Vp9DdpaQ7o49AtZ5OEvHNnMD9qjAsLVztPj6ep3Ad1ic6Mz5x1P8ArU9
FPeEJt4XgXQNOIVt0L6sebRi0Rk0Yj60Qx855UueGvWR/kGSNhi7TBcJtiN+DJ3s
rvQ+x2OcTfNghLWVzuQRI8itxHjFq5Nq/WVm2C8M
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:40:09 2024 by rpki-client on console-ams.rpki-client.org