Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/WQuVoewDqry9NtsEbEZfiTxUzVE.roa
File:                     WQuVoewDqry9NtsEbEZfiTxUzVE.roa (raw, json)
Hash identifier:          lC0Ft8zDlfIb6kfdfNUizzAxCsjWdzL0BjsYHVwJWGE=
Subject key identifier:   59:0B:95:A1:EC:03:AA:BC:BD:36:DB:04:6C:46:5F:89:3C:54:CD:51
Certificate issuer:       /CN=5d3bb84891651f2039cd81b0b60912f7c0e5cf96
Certificate serial:       018ECC8DC6F09C044ACBBB0CB17D78D2559D
Authority key identifier: 5D:3B:B8:48:91:65:1F:20:39:CD:81:B0:B6:09:12:F7:C0:E5:CF:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/WQuVoewDqry9NtsEbEZfiTxUzVE.roa
Signing time:             Thu 11 Apr 2024 09:47:07 +0000
ROA not before:           Thu 11 Apr 2024 09:47:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47377
IP address blocks:        62.88.0.0/17 maxlen: 21
                          62.88.0.0/19 maxlen: 19
                          62.88.32.0/19 maxlen: 19
                          62.88.80.0/21 maxlen: 21
                          85.10.64.0/18 maxlen: 24
                          91.86.0.0/15 maxlen: 20
                          91.86.0.0/16 maxlen: 16
                          91.87.0.0/19 maxlen: 19
                          91.87.32.0/19 maxlen: 19
                          91.87.64.0/19 maxlen: 19
                          91.87.96.0/19 maxlen: 19
                          91.87.128.0/19 maxlen: 19
                          91.87.160.0/19 maxlen: 19
                          94.104.0.0/13 maxlen: 23
                          94.104.0.0/24 maxlen: 24
                          94.104.17.0/24 maxlen: 24
                          94.104.24.0/21 maxlen: 21
                          94.104.32.0/19 maxlen: 19
                          94.104.64.0/19 maxlen: 19
                          94.104.96.0/19 maxlen: 19
                          94.104.128.0/21 maxlen: 21
                          94.104.160.0/19 maxlen: 19
                          94.104.192.0/19 maxlen: 19
                          94.104.240.0/21 maxlen: 21
                          94.104.248.0/22 maxlen: 22
                          94.104.252.0/22 maxlen: 22
                          94.105.48.0/20 maxlen: 20
                          94.105.64.0/19 maxlen: 19
                          94.106.128.0/17 maxlen: 17
                          94.107.0.0/17 maxlen: 17
                          94.107.128.0/18 maxlen: 18
                          94.107.192.0/18 maxlen: 18
                          94.107.246.0/24 maxlen: 24
                          94.110.0.0/19 maxlen: 19
                          94.110.32.0/19 maxlen: 19
                          94.110.64.0/19 maxlen: 19
                          94.110.96.0/19 maxlen: 19
                          94.110.128.0/19 maxlen: 19
                          94.110.160.0/19 maxlen: 19
                          94.110.192.0/19 maxlen: 19
                          94.110.224.0/19 maxlen: 19
                          94.111.0.0/19 maxlen: 19
                          94.111.32.0/19 maxlen: 19
                          94.111.64.0/19 maxlen: 19
                          94.111.96.0/19 maxlen: 19
                          94.111.128.0/19 maxlen: 19
                          94.111.160.0/19 maxlen: 19
                          94.111.192.0/19 maxlen: 19
                          94.111.224.0/19 maxlen: 19
                          178.50.0.0/15 maxlen: 19
                          185.65.72.0/22 maxlen: 24
                          212.53.0.0/20 maxlen: 24
                          212.65.32.0/19 maxlen: 19
                          212.87.96.0/19 maxlen: 24
                          212.224.128.0/17 maxlen: 19
                          2a00:1868::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cc:8d:c6:f0:9c:04:4a:cb:bb:0c:b1:7d:78:d2:55:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d3bb84891651f2039cd81b0b60912f7c0e5cf96
        Validity
            Not Before: Apr 11 09:47:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=590b95a1ec03aabcbd36db046c465f893c54cd51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b0:d3:92:e6:25:67:8b:b8:82:5a:54:ab:8d:
                    75:ee:4b:d8:40:0d:01:89:37:f6:85:f5:db:2c:0b:
                    6c:49:c8:30:09:d4:99:47:f5:74:40:57:be:1d:64:
                    cf:9c:a2:20:1c:38:08:ac:73:6e:9b:3c:5c:8b:51:
                    9f:37:1a:20:d5:fc:e6:9d:12:6e:90:d4:eb:c6:0e:
                    81:f5:4f:cb:ac:0d:9a:3b:7a:4d:e5:f8:c3:5a:dd:
                    27:4c:5c:1e:c0:e1:a2:9b:a2:c4:21:67:ff:f4:99:
                    5c:1d:5a:61:ae:7e:fa:be:d2:c0:0c:ad:b9:d3:1a:
                    b5:a6:a4:c6:a2:1c:54:73:cd:dc:55:44:81:31:53:
                    d0:47:07:91:5f:91:f4:ea:ba:1d:49:c4:96:df:5a:
                    59:a9:cc:ae:fc:53:70:ce:3d:06:c4:59:c1:b6:3b:
                    ad:a4:c5:92:71:b2:81:31:f1:c0:cc:9a:97:d8:37:
                    74:5e:eb:c5:e1:97:60:ee:a8:08:97:86:c0:c8:00:
                    53:0a:a0:98:2f:09:c6:5e:cc:0a:a7:a4:6a:85:02:
                    4d:44:34:81:ae:63:8d:53:fc:30:2b:01:4c:18:6f:
                    f7:78:e8:68:7b:58:2d:18:83:f9:43:ed:0b:e7:61:
                    b4:b6:98:b5:cc:43:ff:37:18:f9:d1:b7:c3:30:38:
                    29:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:0B:95:A1:EC:03:AA:BC:BD:36:DB:04:6C:46:5F:89:3C:54:CD:51
            X509v3 Authority Key Identifier:
                keyid:5D:3B:B8:48:91:65:1F:20:39:CD:81:B0:B6:09:12:F7:C0:E5:CF:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/WQuVoewDqry9NtsEbEZfiTxUzVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/587f7e-60cc-41a0-8869-4f8c638a72e1/1/XTu4SJFlHyA5zYGwtgkS98Dlz5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.88.0.0/17
                  85.10.64.0/18
                  91.86.0.0/15
                  94.104.0.0/13
                  178.50.0.0/15
                  185.65.72.0/22
                  212.53.0.0/20
                  212.65.32.0/19
                  212.87.96.0/19
                  212.224.128.0/17
                IPv6:
                  2a00:1868::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:e8:f2:da:7f:b5:4f:cf:9f:a4:60:72:8d:f0:85:4d:a4:38:
         f9:34:22:d6:f7:c4:a0:5f:f5:5c:b8:a5:65:b0:6f:e9:b7:db:
         e2:12:a9:7e:81:42:6d:12:4e:e0:ad:72:76:b0:b7:96:6b:8a:
         56:c9:25:7a:6c:d5:42:e5:62:f5:3c:8f:65:bb:5e:93:d2:35:
         ce:07:7a:e3:2f:e6:74:33:d6:63:ef:da:21:7d:e9:5c:21:d8:
         2a:d8:46:a0:89:f3:b8:90:7d:4f:75:5a:d6:4e:ef:01:76:2e:
         22:f3:58:6a:fc:1f:54:c6:43:7e:80:71:50:a8:be:ca:f2:90:
         2f:e8:a9:5c:85:70:0c:70:b8:c7:0b:b9:b0:76:0e:e0:00:a9:
         ad:a2:19:ee:76:43:d4:0f:26:bc:e4:71:7a:7c:d0:c7:31:86:
         3d:72:b8:b8:da:05:0d:a1:19:8b:b0:dd:56:4c:d2:c5:4c:55:
         19:00:85:65:80:1c:95:1d:52:5d:dd:8b:6f:10:d5:6c:19:20:
         78:50:43:f6:63:54:42:7c:bc:2a:4d:8b:d8:bb:3a:3c:d6:90:
         92:c2:64:85:6d:e5:0a:e9:0a:55:18:40:53:1f:38:da:94:83:
         ac:ad:80:96:0e:9d:a4:64:1e:0b:fc:77:68:8c:03:19:3e:8f:
         6b:49:f6:ec
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY7MjcbwnARKy7sMsX140lWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkM2JiODQ4OTE2NTFmMjAzOWNkODFiMGI2MDkxMmY3YzBl
NWNmOTYwHhcNMjQwNDExMDk0NzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTBiOTVhMWVjMDNhYWJjYmQzNmRiMDQ2YzQ2NWY4OTNjNTRjZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7DTkuYlZ4u4glpUq4117kvYQA0B
iTf2hfXbLAtsScgwCdSZR/V0QFe+HWTPnKIgHDgIrHNumzxci1GfNxog1fzmnRJu
kNTrxg6B9U/LrA2aO3pN5fjDWt0nTFwewOGim6LEIWf/9JlcHVphrn76vtLADK25
0xq1pqTGohxUc83cVUSBMVPQRweRX5H06rodScSW31pZqcyu/FNwzj0GxFnBtjut
pMWScbKBMfHAzJqX2Dd0XuvF4Zdg7qgIl4bAyABTCqCYLwnGXswKp6RqhQJNRDSB
rmONU/wwKwFMGG/3eOhoe1gtGIP5Q+0L52G0tpi1zEP/Nxj50bfDMDgpkQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFFkLlaHsA6q8vTbbBGxGX4k8VM1RMB8GA1UdIwQY
MBaAFF07uEiRZR8gOc2BsLYJEvfA5c+WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFR1NFNKRmxIeUE1ellHd3Rna1M5OERsejVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS81ODdmN2UtNjBjYy00MWEwLTg4Njkt
NGY4YzYzOGE3MmUxLzEvV1F1Vm9ld0Rxcnk5TnRzRWJFWmZpVHhVelZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS81ODdmN2UtNjBjYy00MWEwLTg4NjktNGY4YzYzOGE3MmUx
LzEvWFR1NFNKRmxIeUE1ellHd3Rna1M5OERsejVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDA/BAIAATA5AwQHPlgAAwQG
VQpAAwMBW1YDAwNeaAMDAbIyAwQCuUFIAwQE1DUAAwQF1EEgAwQF1FdgAwQH1OCA
MA0EAgACMAcDBQAqABhoMA0GCSqGSIb3DQEBCwUAA4IBAQBC6PLaf7VPz5+kYHKN
8IVNpDj5NCLW98SgX/VcuKVlsG/pt9viEql+gUJtEk7grXJ2sLeWa4pWySV6bNVC
5WL1PI9lu16T0jXOB3rjL+Z0M9Zj79ohfelcIdgq2EagifO4kH1PdVrWTu8Bdi4i
81hq/B9UxkN+gHFQqL7K8pAv6KlchXAMcLjHC7mwdg7gAKmtohnudkPUDya85HF6
fNDHMYY9cri42gUNoRmLsN1WTNLFTFUZAIVlgByVHVJd3YtvENVsGSB4UEP2Y1RC
fLwqTYvYuzo81pCSwmSFbeUK6QpVGEBTHzjalIOsrYCWDp2kZB4L/HdojAMZPo9r
Sfbs
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:18 2024 by rpki-client on console-ams.rpki-client.org