Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/EPPn0VrVMxJDBZ3yzPXxFFOFz-E.roa
File:                     EPPn0VrVMxJDBZ3yzPXxFFOFz-E.roa (raw, json)
Hash identifier:          +GGPZwUIYwrmL2DXN+3VI8IuB6XLtsuTlo8qLNCQlMc=
Subject key identifier:   10:F3:E7:D1:5A:D5:33:12:43:05:9D:F2:CC:F5:F1:14:53:85:CF:E1
Certificate issuer:       /CN=259490c5dbcfbf590da33bfbd37970a0763469c9
Certificate serial:       018E622216F29BE71B1EDDBA607517311F4B
Authority key identifier: 25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/EPPn0VrVMxJDBZ3yzPXxFFOFz-E.roa
Signing time:             Thu 21 Mar 2024 17:49:45 +0000
ROA not before:           Thu 21 Mar 2024 17:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211444
IP address blocks:        2a09:be41::/32 maxlen: 32
                          2a09:be42::/32 maxlen: 32
                          2a09:be43::/32 maxlen: 32
                          2a09:be44::/32 maxlen: 32
                          2a09:be45::/32 maxlen: 32
                          2a09:be46::/32 maxlen: 32
                          2a09:be47::/32 maxlen: 32
                          2a0e:ec02::/32 maxlen: 48
                          2a0e:ec03::/32 maxlen: 48
                          2a12:49c0::/32 maxlen: 32
                          2a12:49c1::/32 maxlen: 32
                          2a12:49c2::/32 maxlen: 32
                          2a12:49c3::/32 maxlen: 32
                          2a12:49c4::/32 maxlen: 32
                          2a12:49c5::/32 maxlen: 32
                          2a12:49c6::/32 maxlen: 32
                          2a12:49c7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:62:22:16:f2:9b:e7:1b:1e:dd:ba:60:75:17:31:1f:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=259490c5dbcfbf590da33bfbd37970a0763469c9
        Validity
            Not Before: Mar 21 17:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10f3e7d15ad5331243059df2ccf5f1145385cfe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:22:b1:9d:62:65:c4:b4:34:51:3e:7b:b6:5e:
                    4b:8c:aa:c7:33:5a:81:eb:7c:4e:7c:12:61:60:86:
                    09:7e:79:ad:43:93:b5:a7:4c:b5:c7:43:ce:e2:97:
                    57:54:ea:1d:22:e0:5b:68:8e:3d:1f:d5:11:20:cb:
                    0d:d5:70:2e:63:1e:a1:d3:cd:fb:a1:d7:47:e7:f6:
                    7a:3f:75:62:99:5b:b4:50:f6:e0:02:c2:8b:4d:fe:
                    29:e8:28:01:de:a8:3c:83:9b:06:de:83:b2:0b:d0:
                    3c:2b:2c:7c:2a:b0:53:d7:85:e9:40:9b:a1:5a:4d:
                    ee:e8:2e:da:94:2c:82:57:8f:77:18:ea:b5:c9:32:
                    e4:4f:6f:ad:b6:97:bd:8b:b3:26:98:5c:87:56:dd:
                    db:56:31:87:bf:09:f2:bd:b8:2d:15:2d:f2:75:53:
                    4c:48:6f:3d:22:23:f1:e6:49:70:6c:51:4e:90:63:
                    71:bb:f7:35:06:78:71:99:b3:b5:84:88:ba:85:5b:
                    8a:15:43:f8:f0:d4:e5:2b:29:2a:cd:58:5e:a9:42:
                    4d:3b:73:77:1d:0b:84:33:40:40:27:fe:1a:c9:ee:
                    47:4d:e4:bd:07:8a:bf:d7:02:bd:10:4d:9f:34:45:
                    43:3c:37:7b:73:98:6e:77:21:25:6e:c8:d8:9e:60:
                    d0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:F3:E7:D1:5A:D5:33:12:43:05:9D:F2:CC:F5:F1:14:53:85:CF:E1
            X509v3 Authority Key Identifier:
                keyid:25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/EPPn0VrVMxJDBZ3yzPXxFFOFz-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:be41::-2a09:be47:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0e:ec02::/31
                  2a12:49c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c4:87:c5:f2:15:fd:cf:16:c8:60:cf:4a:a5:b0:ee:77:ba:b3:
         af:35:cf:09:74:7b:d6:fa:62:f7:01:15:c8:d2:86:7d:8a:c1:
         de:ae:c0:f5:a7:08:e8:d3:07:22:f1:ab:73:cf:d4:cf:84:bd:
         0b:d0:22:63:89:9f:b1:6a:0d:b7:d0:76:51:09:57:d6:6d:35:
         77:d9:23:2a:86:45:8b:8a:dd:7e:b3:3c:13:33:72:f8:2e:97:
         77:e5:56:12:8a:4f:86:1c:98:2d:0d:0f:62:42:1f:5e:59:b1:
         ea:93:93:3c:05:b5:5f:4c:2d:f2:14:fb:b9:8f:19:86:a9:c5:
         53:80:11:21:57:2a:14:4a:1d:a6:ed:96:c9:06:2c:5f:99:2e:
         3e:f7:91:56:8a:fa:52:b5:c8:40:a4:d7:86:a6:bb:36:0a:72:
         e6:a5:ef:0d:0f:04:f8:05:6c:78:2d:70:be:c8:a5:f3:0d:b5:
         97:7d:63:d4:89:13:e8:7a:38:59:af:09:14:b2:10:61:c8:18:
         cb:c5:79:90:81:59:a7:25:c5:f0:e0:50:f1:c0:fe:7e:21:5b:
         49:7a:51:66:20:1a:ff:14:87:1a:10:d4:6c:c6:9e:70:85:c4:
         0b:3a:39:4a:b4:f5:d0:7d:b7:76:e1:62:40:85:15:c6:06:6b:
         35:c3:7b:66
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY5iIhbym+cbHt26YHUXMR9LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OTQ5MGM1ZGJjZmJmNTkwZGEzM2JmYmQzNzk3MGEwNzYz
NDY5YzkwHhcNMjQwMzIxMTc0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGYzZTdkMTVhZDUzMzEyNDMwNTlkZjJjY2Y1ZjExNDUzODVjZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSKxnWJlxLQ0UT57tl5LjKrHM1qB
63xOfBJhYIYJfnmtQ5O1p0y1x0PO4pdXVOodIuBbaI49H9URIMsN1XAuYx6h0837
oddH5/Z6P3VimVu0UPbgAsKLTf4p6CgB3qg8g5sG3oOyC9A8Kyx8KrBT14XpQJuh
Wk3u6C7alCyCV493GOq1yTLkT2+ttpe9i7MmmFyHVt3bVjGHvwnyvbgtFS3ydVNM
SG89IiPx5klwbFFOkGNxu/c1BnhxmbO1hIi6hVuKFUP48NTlKykqzVheqUJNO3N3
HQuEM0BAJ/4aye5HTeS9B4q/1wK9EE2fNEVDPDd7c5hudyElbsjYnmDQLQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBDz59Fa1TMSQwWd8sz18RRThc/hMB8GA1UdIwQY
MBaAFCWUkMXbz79ZDaM7+9N5cKB2NGnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQt
M2NlM2NmOGIxYzQ5LzEvRVBQbjBWclZNeEpEQlozeXpQWHhGRk9Gei1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQtM2NlM2NmOGIxYzQ5
LzEvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAAjAeMA4DBQAqCb5B
AwUDKgm+QAMFASoO7AIDBQMqEknAMA0GCSqGSIb3DQEBCwUAA4IBAQDEh8XyFf3P
Fshgz0qlsO53urOvNc8JdHvW+mL3ARXI0oZ9isHersD1pwjo0wci8atzz9TPhL0L
0CJjiZ+xag230HZRCVfWbTV32SMqhkWLit1+szwTM3L4Lpd35VYSik+GHJgtDQ9i
Qh9eWbHqk5M8BbVfTC3yFPu5jxmGqcVTgBEhVyoUSh2m7ZbJBixfmS4+95FWivpS
tchApNeGprs2CnLmpe8NDwT4BWx4LXC+yKXzDbWXfWPUiRPoejhZrwkUshBhyBjL
xXmQgVmnJcXw4FDxwP5+IVtJelFmIBr/FIcaENRsxp5whcQLOjlKtPXQfbd24WJA
hRXGBms1w3tm
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:40:33 2024 by rpki-client on console-ams.rpki-client.org