Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/UQyH-zt70NKVDJvr5zvOM2AjkYg.roa
File:                     UQyH-zt70NKVDJvr5zvOM2AjkYg.roa (raw, json)
Hash identifier:          ut9sDn5S4ZjkkDHeE2BU7fk4uT70FgwDgoK8QWQibGs=
Subject key identifier:   51:0C:87:FB:3B:7B:D0:D2:95:0C:9B:EB:E7:3B:CE:33:60:23:91:88
Certificate issuer:       /CN=332293d0399160788b31e438760dc3bd1ed882eb
Certificate serial:       019178B7E2C00E4608FFA565955E39105E1A
Authority key identifier: 33:22:93:D0:39:91:60:78:8B:31:E4:38:76:0D:C3:BD:1E:D8:82:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/UQyH-zt70NKVDJvr5zvOM2AjkYg.roa
Signing time:             Thu 22 Aug 2024 06:13:22 +0000
ROA not before:           Thu 22 Aug 2024 06:13:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50188
IP address blocks:        95.215.192.0/21 maxlen: 21
                          95.215.192.0/24 maxlen: 24
                          95.215.193.0/24 maxlen: 24
                          95.215.194.0/24 maxlen: 24
                          95.215.195.0/24 maxlen: 24
                          95.215.196.0/24 maxlen: 24
                          95.215.197.0/24 maxlen: 24
                          95.215.198.0/24 maxlen: 24
                          95.215.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:78:b7:e2:c0:0e:46:08:ff:a5:65:95:5e:39:10:5e:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=332293d0399160788b31e438760dc3bd1ed882eb
        Validity
            Not Before: Aug 22 06:13:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=510c87fb3b7bd0d2950c9bebe73bce3360239188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2a:dd:96:82:d3:27:bc:93:b1:c7:e7:3d:f2:
                    ef:fd:78:47:90:8b:85:9e:04:09:33:fa:36:39:5a:
                    f4:cd:4b:d1:b6:cd:38:b1:5a:f0:71:73:7b:87:17:
                    ee:cb:f8:8a:43:05:ca:e5:af:9a:13:9f:f0:90:4d:
                    07:48:e0:8e:c4:4e:60:a3:76:b1:ed:4f:eb:57:cb:
                    58:3d:bc:a6:42:ad:b0:37:96:9f:a0:a6:69:69:9f:
                    cb:01:0a:66:d1:5e:64:ae:49:47:df:45:d7:46:f5:
                    cc:59:a7:ac:8e:16:eb:b5:a4:24:c9:46:81:32:d0:
                    bb:a4:5b:5e:49:ab:eb:28:da:ce:49:a9:e2:7a:ba:
                    b6:68:67:fc:37:9a:72:4e:cd:e3:49:85:eb:75:92:
                    11:81:e9:01:39:c4:80:e3:a6:55:54:52:e9:4b:a9:
                    e5:ed:f7:bd:43:17:72:0d:64:1f:17:b9:92:fb:41:
                    23:f3:3d:18:6d:e8:26:08:dd:21:d1:6b:96:d7:9c:
                    66:55:9e:b4:cd:10:e1:89:a7:1e:02:80:26:3c:ac:
                    c3:79:d5:50:be:65:8d:24:5c:8e:81:df:83:b1:b7:
                    2b:f9:a1:ba:82:99:c1:7b:11:2b:be:7d:6f:ba:cf:
                    a6:89:18:cc:e9:c3:d3:11:e5:7f:9a:74:84:d0:67:
                    36:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:0C:87:FB:3B:7B:D0:D2:95:0C:9B:EB:E7:3B:CE:33:60:23:91:88
            X509v3 Authority Key Identifier:
                keyid:33:22:93:D0:39:91:60:78:8B:31:E4:38:76:0D:C3:BD:1E:D8:82:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/UQyH-zt70NKVDJvr5zvOM2AjkYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/c8b1e5-7b95-4ca7-b2ba-222fe348268a/1/MyKT0DmRYHiLMeQ4dg3DvR7Ygus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:1e:4c:33:c9:dd:2c:e0:6f:25:29:a6:af:65:09:74:bf:c2:
         5b:98:90:17:b6:89:41:2f:2e:a2:32:ee:aa:2e:b3:69:32:94:
         be:8d:5f:b9:e5:1e:b4:fa:a8:92:ae:eb:93:07:13:98:35:5c:
         0a:34:3f:1a:9b:5a:97:be:1e:0b:d4:c0:8e:b4:94:66:14:6f:
         22:78:41:c1:52:8e:36:67:92:50:51:f8:06:dd:3f:e0:c1:ff:
         3d:38:76:69:81:37:cf:e3:19:8b:2d:7c:b4:95:0a:c7:4c:29:
         1e:6e:9e:56:31:a6:f1:54:a2:20:e6:16:8d:4c:12:14:64:df:
         66:0c:f2:18:5f:6d:e3:2f:5a:4b:22:2e:75:9b:8e:9c:00:ff:
         03:b0:9f:5b:78:44:ae:4f:bb:67:dc:a6:c1:cf:a1:90:bd:33:
         3f:f5:4d:f8:cd:b4:23:92:19:f2:fb:2d:8a:fa:d4:10:04:4c:
         97:b8:b9:ed:b7:92:95:16:9f:34:ea:1f:d5:4e:9d:85:47:a6:
         2f:e3:00:00:95:c0:f4:ef:fd:06:e8:f3:c4:64:ce:c8:a3:1b:
         f1:fd:73:40:7e:d4:79:13:71:5e:bd:d1:b4:db:be:bb:1c:48:
         ba:ae:c4:72:79:2e:c3:a1:05:6a:4d:89:37:94:b2:bc:db:2c:
         5b:02:68:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF4t+LADkYI/6VllV45EF4aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMjI5M2QwMzk5MTYwNzg4YjMxZTQzODc2MGRjM2JkMWVk
ODgyZWIwHhcNMjQwODIyMDYxMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTBjODdmYjNiN2JkMGQyOTUwYzliZWJlNzNiY2UzMzYwMjM5MTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzirdloLTJ7yTscfnPfLv/XhHkIuF
ngQJM/o2OVr0zUvRts04sVrwcXN7hxfuy/iKQwXK5a+aE5/wkE0HSOCOxE5go3ax
7U/rV8tYPbymQq2wN5afoKZpaZ/LAQpm0V5krklH30XXRvXMWaesjhbrtaQkyUaB
MtC7pFteSavrKNrOSanierq2aGf8N5pyTs3jSYXrdZIRgekBOcSA46ZVVFLpS6nl
7fe9QxdyDWQfF7mS+0Ej8z0YbegmCN0h0WuW15xmVZ60zRDhiaceAoAmPKzDedVQ
vmWNJFyOgd+Dsbcr+aG6gpnBexErvn1vus+miRjM6cPTEeV/mnSE0Gc2bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEMh/s7e9DSlQyb6+c7zjNgI5GIMB8GA1UdIwQY
MBaAFDMik9A5kWB4izHkOHYNw70e2ILrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXlLVDBEbVJZSGlMTWVRNGRnM0R2UjdZZ3VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9jOGIxZTUtN2I5NS00Y2E3LWIyYmEt
MjIyZmUzNDgyNjhhLzEvVVF5SC16dDcwTktWREp2cjV6dk9NMkFqa1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9jOGIxZTUtN2I5NS00Y2E3LWIyYmEtMjIyZmUzNDgyNjhh
LzEvTXlLVDBEbVJZSGlMTWVRNGRnM0R2UjdZZ3VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX9fAMA0G
CSqGSIb3DQEBCwUAA4IBAQAJHkwzyd0s4G8lKaavZQl0v8JbmJAXtolBLy6iMu6q
LrNpMpS+jV+55R60+qiSruuTBxOYNVwKND8am1qXvh4L1MCOtJRmFG8ieEHBUo42
Z5JQUfgG3T/gwf89OHZpgTfP4xmLLXy0lQrHTCkebp5WMabxVKIg5haNTBIUZN9m
DPIYX23jL1pLIi51m46cAP8DsJ9beESuT7tn3KbBz6GQvTM/9U34zbQjkhny+y2K
+tQQBEyXuLntt5KVFp806h/VTp2FR6Yv4wAAlcD07/0G6PPEZM7Ioxvx/XNAftR5
E3FevdG02767HEi6rsRyeS7DoQVqTYk3lLK82yxbAmgr
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:40:14 2024 by rpki-client on console-ams.rpki-client.org