Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/RZQ5y55NZ91q7qGueZI2kyy2lHI.roa
File:                     RZQ5y55NZ91q7qGueZI2kyy2lHI.roa (raw, json)
Hash identifier:          s/DyWvu0J1swkDaWXLLyRdJ0euIh4+uqvas0DU4Xq7I=
Subject key identifier:   45:94:39:CB:9E:4D:67:DD:6A:EE:A1:AE:79:92:36:93:2C:B6:94:72
Certificate issuer:       /CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
Certificate serial:       0197115A38529D4A70CE18BAFAFA7D268A6C
Authority key identifier: D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/RZQ5y55NZ91q7qGueZI2kyy2lHI.roa
Signing time:             Tue 27 May 2025 10:46:54 +0000
ROA not before:           Tue 27 May 2025 10:46:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206774
IP address blocks:        46.252.1.0/24 maxlen: 24
                          46.252.3.0/24 maxlen: 24
                          46.252.4.0/24 maxlen: 24
                          46.252.5.0/24 maxlen: 24
                          46.252.7.0/24 maxlen: 24
                          46.252.8.0/24 maxlen: 24
                          46.252.9.0/24 maxlen: 24
                          46.252.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:5a:38:52:9d:4a:70:ce:18:ba:fa:fa:7d:26:8a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
        Validity
            Not Before: May 27 10:46:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=459439cb9e4d67dd6aeea1ae799236932cb69472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:43:18:10:f8:70:3a:e3:02:61:f0:08:83:cb:
                    65:0e:e2:7d:ef:77:6c:74:00:c2:b3:1e:5d:2d:a9:
                    cf:b3:bd:d6:82:5e:86:83:ac:de:31:d3:30:11:37:
                    fb:9b:d2:b1:d5:0b:62:4a:20:0c:96:0b:e2:d1:bd:
                    4a:d9:74:1e:c3:07:25:41:64:52:d1:a1:f3:90:67:
                    37:27:fb:fd:87:55:7b:64:69:4d:34:2e:4c:51:f0:
                    f7:87:db:33:a5:27:f1:87:dd:af:56:66:09:9a:cc:
                    91:48:c8:24:09:82:e1:30:8f:03:b0:3e:66:49:ad:
                    a8:3e:a4:9e:cd:ea:17:ad:34:ac:85:dc:ef:45:18:
                    9b:02:39:cd:9a:94:2d:6d:1d:cd:48:94:e1:ee:ef:
                    e5:75:9d:d8:b6:ba:ee:80:c9:f3:a8:89:bd:b0:b4:
                    cd:3e:bb:29:ce:b6:3d:bd:e8:90:48:f0:81:5c:33:
                    4b:f4:7e:d0:29:d0:d1:ed:28:44:d7:82:99:c9:c4:
                    79:db:56:73:f6:df:29:b9:e6:00:4f:a0:16:f0:34:
                    fc:46:f1:99:5f:cf:3d:63:57:cc:2b:ae:2d:e1:90:
                    49:7f:f1:91:be:46:fa:64:4a:2a:6e:b7:ea:03:37:
                    06:64:30:7b:30:41:d7:4d:8a:f8:ab:7b:77:4c:0c:
                    6e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:94:39:CB:9E:4D:67:DD:6A:EE:A1:AE:79:92:36:93:2C:B6:94:72
            X509v3 Authority Key Identifier:
                keyid:D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/RZQ5y55NZ91q7qGueZI2kyy2lHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.252.1.0/24
                  46.252.3.0-46.252.5.255
                  46.252.7.0-46.252.10.255

    Signature Algorithm: sha256WithRSAEncryption
         bd:3b:56:a4:bc:da:c0:7e:59:12:25:05:44:af:f4:e6:45:b4:
         dd:9f:37:7a:db:e0:b6:79:8a:54:96:72:6c:e3:87:66:79:63:
         66:a7:d2:2e:4e:df:d1:05:75:e7:55:12:0a:81:7c:4b:c6:8d:
         ff:e9:ad:be:e5:22:6f:e1:bd:46:29:0f:7c:01:e5:31:5c:2c:
         75:72:00:a9:00:1c:98:2f:b7:4b:89:f8:fb:63:89:39:2a:dc:
         3b:0c:78:9c:91:a2:09:5c:d9:0a:1c:98:f9:b5:22:39:ba:87:
         5c:1f:ec:8f:67:a8:db:a5:1f:66:90:cb:09:90:f1:98:69:26:
         87:9c:0f:98:70:3e:8c:01:4b:6f:7b:79:0a:df:f0:7b:73:c2:
         06:c8:f5:99:7d:2a:9b:fb:90:a7:29:75:79:a2:89:a7:9c:f5:
         26:19:88:fb:11:1f:05:47:30:b6:59:6c:7f:23:b7:79:6c:50:
         93:92:e0:a3:9d:ed:a8:ac:64:bc:54:03:eb:2b:b7:bc:f2:3d:
         ec:97:67:de:e4:d7:d2:b3:40:30:79:ab:6e:d7:97:7d:0d:00:
         3d:cb:94:0a:c9:97:1e:f0:04:ae:5b:85:af:04:70:3e:7c:06:
         f5:fa:a2:15:9d:30:8c:fd:d0:6d:79:cc:80:55:90:75:94:cc:
         ad:fb:65:ec
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZcRWjhSnUpwzhi6+vp9JopsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Mjg0ZjE4Y2Q0NDYwNGJkZDZkMDhmNGQ4NzhkYzYxNDU2
YzQwZmQwHhcNMjUwNTI3MTA0NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTk0MzljYjllNGQ2N2RkNmFlZWExYWU3OTkyMzY5MzJjYjY5NDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUMYEPhwOuMCYfAIg8tlDuJ973ds
dADCsx5dLanPs73Wgl6Gg6zeMdMwETf7m9Kx1QtiSiAMlgvi0b1K2XQewwclQWRS
0aHzkGc3J/v9h1V7ZGlNNC5MUfD3h9szpSfxh92vVmYJmsyRSMgkCYLhMI8DsD5m
Sa2oPqSezeoXrTSshdzvRRibAjnNmpQtbR3NSJTh7u/ldZ3YtrrugMnzqIm9sLTN
PrspzrY9veiQSPCBXDNL9H7QKdDR7ShE14KZycR521Zz9t8pueYAT6AW8DT8RvGZ
X889Y1fMK64t4ZBJf/GRvkb6ZEoqbrfqAzcGZDB7MEHXTYr4q3t3TAxuRwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFEWUOcueTWfdau6hrnmSNpMstpRyMB8GA1UdIwQY
MBaAFNgoTxjNRGBL3W0I9Nh43GFFbED9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0Zjgt
Yzc4NjkxMjg1ODJjLzEvUlpRNXk1NU5aOTFxN3FHdWVaSTJreXkybEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0ZjgtYzc4NjkxMjg1ODJj
LzEvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQALvwBMAwD
BAAu/AMDBAEu/AQwDAMEAC78BwMEAC78CjANBgkqhkiG9w0BAQsFAAOCAQEAvTtW
pLzawH5ZEiUFRK/05kW03Z83etvgtnmKVJZybOOHZnljZqfSLk7f0QV151USCoF8
S8aN/+mtvuUib+G9RikPfAHlMVwsdXIAqQAcmC+3S4n4+2OJOSrcOwx4nJGiCVzZ
ChyY+bUiObqHXB/sj2eo26UfZpDLCZDxmGkmh5wPmHA+jAFLb3t5Ct/we3PCBsj1
mX0qm/uQpyl1eaKJp5z1JhmI+xEfBUcwtllsfyO3eWxQk5Lgo53tqKxkvFQD6yu3
vPI97Jdn3uTX0rNAMHmrbteXfQ0APcuUCsmXHvAErluFrwRwPnwG9fqiFZ0wjP3Q
bXnMgFWQdZTMrftl7A==
-----END CERTIFICATE-----
Generated at Tue Jun 10 16:06:30 2025 by rpki-client