Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/kUqVwIQaI4i20IqQ5q3Y5pgQbP4.roa
File:                     kUqVwIQaI4i20IqQ5q3Y5pgQbP4.roa (raw, json)
Hash identifier:          q6un4SO/J8o5wXrudHUKwHbOh2WXofqHsYPo5AuG7aU=
Subject key identifier:   91:4A:95:C0:84:1A:23:88:B6:D0:8A:90:E6:AD:D8:E6:98:10:6C:FE
Certificate issuer:       /CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Certificate serial:       018CC500EB40B7A835FA2E1DE7C732076A3D
Authority key identifier: 25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/kUqVwIQaI4i20IqQ5q3Y5pgQbP4.roa
Signing time:             Mon 01 Jan 2024 12:30:20 +0000
ROA not before:           Mon 01 Jan 2024 12:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43160
IP address blocks:        149.62.176.0/21 maxlen: 21
                          149.62.181.0/24 maxlen: 24
                          5.158.81.0/24 maxlen: 24
                          5.158.80.0/24 maxlen: 24
                          5.158.83.0/24 maxlen: 24
                          37.235.37.0/24 maxlen: 24
                          37.235.32.0/21 maxlen: 21
                          37.235.33.0/24 maxlen: 24
                          2a01:b5c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:eb:40:b7:a8:35:fa:2e:1d:e7:c7:32:07:6a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
        Validity
            Not Before: Jan  1 12:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=914a95c0841a2388b6d08a90e6add8e698106cfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6e:cf:53:ac:5e:c8:70:16:7d:dc:5f:a1:bd:
                    72:55:58:b7:73:a4:bb:a6:59:aa:57:e1:79:b2:53:
                    91:52:fc:f6:eb:09:5d:08:17:1a:c9:94:15:51:dd:
                    31:de:ed:e4:72:75:a4:ed:55:5a:54:29:b0:a1:f8:
                    52:ae:e5:0a:f8:52:94:ff:8d:1b:7e:92:f1:93:11:
                    a6:df:06:5c:c7:d0:b2:8f:d5:61:52:25:ba:2c:29:
                    ed:11:3b:d0:6a:d3:97:41:61:ac:17:18:6c:fb:5c:
                    50:b8:30:86:91:8c:9c:17:5b:77:68:26:48:8d:a2:
                    c8:98:04:95:81:cd:29:f5:ee:9b:41:df:0f:14:d4:
                    f7:42:13:8c:1b:c3:55:82:4e:90:50:96:d6:6d:64:
                    6a:06:46:65:0e:49:af:01:eb:49:b9:5a:d9:34:e2:
                    ce:d2:92:57:d3:f4:7a:1d:00:5a:fb:94:29:cf:2a:
                    98:a9:da:d0:e2:1a:6c:c1:69:a0:a6:29:09:5b:a8:
                    5a:8e:d7:99:14:7e:22:c8:8d:23:16:8e:41:0f:c8:
                    76:f9:29:f4:b2:81:e0:e5:9b:82:6f:7a:99:61:b4:
                    eb:c4:a5:c8:55:d1:73:0c:71:cf:26:d2:95:9e:a8:
                    65:8f:8f:d5:1c:a1:c5:5c:c6:6f:fe:f5:47:3c:dc:
                    52:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:4A:95:C0:84:1A:23:88:B6:D0:8A:90:E6:AD:D8:E6:98:10:6C:FE
            X509v3 Authority Key Identifier:
                keyid:25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/kUqVwIQaI4i20IqQ5q3Y5pgQbP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.80.0/23
                  5.158.83.0/24
                  37.235.32.0/21
                  149.62.176.0/21
                IPv6:
                  2a01:b5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:3a:c1:93:0a:26:b7:6f:66:bb:ad:78:f1:4a:e7:86:a3:7d:
         25:ea:11:fc:9c:c6:ed:aa:5a:8e:b0:b6:c4:04:6b:c4:ce:e7:
         93:57:c8:8e:89:2d:e0:b7:57:4c:86:f5:5d:e4:dd:19:52:f4:
         cd:95:c3:9a:40:c0:24:c1:7f:f7:4c:c6:03:e8:b5:ad:2f:fd:
         f6:4b:b4:77:ab:42:cd:db:57:0b:8c:fd:fd:22:f3:85:7e:f1:
         1a:da:b0:39:7b:90:ed:b5:a6:4b:e7:ba:bf:de:01:fa:a5:01:
         e9:71:59:be:e8:1d:b3:1f:c8:e1:68:3c:51:43:4f:bb:1d:46:
         f4:fa:4b:60:25:a9:5b:4d:18:87:14:a6:96:d8:8d:59:9e:22:
         91:dc:6e:f8:30:c4:15:70:e8:6f:ba:69:56:ed:95:45:fb:33:
         c0:98:13:ae:40:80:63:61:70:11:e1:e3:71:5f:e4:7d:79:77:
         b5:5f:95:dc:81:b3:13:fd:98:93:dd:d9:cc:00:14:e6:45:df:
         fd:13:06:6c:d3:32:5e:af:9d:64:e3:ba:58:93:4d:82:0a:34:
         9b:11:bf:f2:57:7b:07:f2:04:5b:1b:9d:c8:ed:e3:f3:f3:64:
         1b:65:2a:e9:c8:77:0d:b7:33:82:98:e3:f0:f4:ce:07:77:c2:
         bb:a6:4a:32
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzFAOtAt6g1+i4d58cyB2o9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWU1NTFhZjBiYjVkNzk3N2VhNzNmNjg5NmYyNWYxZWNh
MjhmOWQwHhcNMjQwMTAxMTIzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTRhOTVjMDg0MWEyMzg4YjZkMDhhOTBlNmFkZDhlNjk4MTA2Y2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwG7PU6xeyHAWfdxfob1yVVi3c6S7
plmqV+F5slORUvz26wldCBcayZQVUd0x3u3kcnWk7VVaVCmwofhSruUK+FKU/40b
fpLxkxGm3wZcx9Cyj9VhUiW6LCntETvQatOXQWGsFxhs+1xQuDCGkYycF1t3aCZI
jaLImASVgc0p9e6bQd8PFNT3QhOMG8NVgk6QUJbWbWRqBkZlDkmvAetJuVrZNOLO
0pJX0/R6HQBa+5QpzyqYqdrQ4hpswWmgpikJW6hajteZFH4iyI0jFo5BD8h2+Sn0
soHg5ZuCb3qZYbTrxKXIVdFzDHHPJtKVnqhlj4/VHKHFXMZv/vVHPNxSrwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJFKlcCEGiOIttCKkOat2OaYEGz+MB8GA1UdIwQY
MBaAFCWuVRrwu115d+pz9olvJfHsoo+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjkt
MjE0MmY4ZmI2NzZlLzEva1VxVndJUWFJNGkyMElxUTVxM1k1cGdRYlA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjktMjE0MmY4ZmI2NzZl
LzEvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBBZ5QAwQA
BZ5TAwQDJesgAwQDlT6wMA0EAgACMAcDBQAqAbXAMA0GCSqGSIb3DQEBCwUAA4IB
AQAtOsGTCia3b2a7rXjxSueGo30l6hH8nMbtqlqOsLbEBGvEzueTV8iOiS3gt1dM
hvVd5N0ZUvTNlcOaQMAkwX/3TMYD6LWtL/32S7R3q0LN21cLjP39IvOFfvEa2rA5
e5DttaZL57q/3gH6pQHpcVm+6B2zH8jhaDxRQ0+7HUb0+ktgJalbTRiHFKaW2I1Z
niKR3G74MMQVcOhvumlW7ZVF+zPAmBOuQIBjYXAR4eNxX+R9eXe1X5XcgbMT/ZiT
3dnMABTmRd/9EwZs0zJer51k47pYk02CCjSbEb/yV3sH8gRbG53I7ePz82QbZSrp
yHcNtzOCmOPw9M4Hd8K7pkoy
-----END CERTIFICATE-----
Generated at Sat Jun 15 19:54:05 2024 by rpki-client on console-fra.rpki-client.org