Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/Zswh882YU3DbI3hMSYP9PASAmEQ.roa
File:                     Zswh882YU3DbI3hMSYP9PASAmEQ.roa (raw, json)
Hash identifier:          g6Cqjxu/dOZwHY3CPsztItdlnELg/vChl6xagNjm66A=
Subject key identifier:   66:CC:21:F3:CD:98:53:70:DB:23:78:4C:49:83:FD:3C:04:80:98:44
Certificate issuer:       /CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
Certificate serial:       018F99B89FF286C6D726455E8981E79BA44A
Authority key identifier: D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/Zswh882YU3DbI3hMSYP9PASAmEQ.roa
Signing time:             Tue 21 May 2024 05:56:04 +0000
ROA not before:           Tue 21 May 2024 05:56:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206774
IP address blocks:        46.252.1.0/24 maxlen: 24
                          46.252.3.0/24 maxlen: 24
                          46.252.4.0/24 maxlen: 24
                          46.252.5.0/24 maxlen: 24
                          46.252.7.0/24 maxlen: 24
                          46.252.8.0/24 maxlen: 24
                          46.252.9.0/24 maxlen: 24
                          46.252.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:99:b8:9f:f2:86:c6:d7:26:45:5e:89:81:e7:9b:a4:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
        Validity
            Not Before: May 21 05:56:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66cc21f3cd985370db23784c4983fd3c04809844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a1:63:ac:50:16:de:2d:4d:80:7e:ea:b9:f0:
                    d3:09:d7:5d:ae:33:f3:0a:52:d1:72:8a:66:8b:46:
                    a9:e1:78:08:59:20:c8:f8:d8:e7:23:f3:64:b5:57:
                    e2:85:31:98:0d:06:7f:b5:ca:0e:d2:c4:d3:03:8b:
                    90:84:58:57:4b:cb:91:8f:85:c4:2c:b0:f3:86:94:
                    23:3b:3c:9d:d9:20:f0:b1:ff:f6:87:04:11:ee:ff:
                    fc:9d:92:55:7f:38:1b:3f:42:67:08:b0:e4:0b:8d:
                    ba:bc:43:e7:aa:92:2a:32:98:e4:dd:e7:bd:5a:4e:
                    cf:dd:1b:e8:fa:90:31:92:79:1b:65:f3:5d:6e:a2:
                    ab:a0:8c:17:f6:7e:92:bb:ca:8b:d5:d8:5c:04:34:
                    26:73:0d:7f:e2:93:1c:84:91:bc:26:86:3d:9f:ce:
                    bd:ad:da:c1:81:ef:f8:29:a1:14:17:11:79:47:12:
                    27:42:ff:70:9a:3f:fa:ec:14:10:37:1e:e2:2d:a3:
                    bc:4e:75:a0:2f:45:6e:18:9b:ea:d5:ed:bf:da:25:
                    9d:88:a4:0e:aa:e0:75:70:47:6d:ab:9f:a4:9b:a3:
                    3a:4b:66:73:6a:dd:66:73:68:07:ef:8d:32:cb:ca:
                    26:9f:c1:81:cd:ca:e5:8d:78:bb:59:90:d9:43:8c:
                    ec:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:CC:21:F3:CD:98:53:70:DB:23:78:4C:49:83:FD:3C:04:80:98:44
            X509v3 Authority Key Identifier:
                keyid:D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/Zswh882YU3DbI3hMSYP9PASAmEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.252.1.0/24
                  46.252.3.0-46.252.5.255
                  46.252.7.0-46.252.10.255

    Signature Algorithm: sha256WithRSAEncryption
         0b:75:0e:aa:76:97:e4:f5:1d:58:38:f7:cd:6f:3a:4d:bd:d8:
         e6:96:80:c6:5d:b4:97:7b:84:32:88:6e:a5:ac:a6:c1:89:be:
         03:20:0c:ae:85:b0:be:69:b7:8d:7a:eb:4c:9d:e3:52:ed:92:
         8c:68:06:41:ec:d0:fd:59:d8:8d:d7:0f:df:7a:a8:7f:ce:80:
         79:5b:5e:e6:f7:74:13:13:2b:a4:4e:ba:f7:f8:c1:21:53:49:
         e0:b7:4b:d9:c6:d0:aa:0b:6b:99:55:82:d6:a9:de:26:09:5b:
         fc:1f:43:48:79:78:6c:7a:93:76:3a:98:65:40:b4:7b:7f:d6:
         1b:5f:5c:62:d8:70:81:32:0c:14:cd:5b:7d:85:e9:4a:53:4a:
         3b:49:43:09:82:69:4e:de:e2:6d:b6:1a:69:84:51:a1:44:85:
         1f:34:83:b6:ac:27:7b:12:31:a6:31:21:d6:cb:19:70:67:7a:
         99:a0:20:55:55:d8:78:5b:3e:7f:14:25:1e:ad:bf:af:99:04:
         8f:88:4d:6b:6a:1e:17:00:5d:20:4b:38:0f:32:9c:5b:ce:2f:
         0d:aa:7a:79:ad:02:23:d5:78:0d:85:ec:ac:94:ea:10:83:c5:
         04:9d:32:e4:12:9d:9a:3e:37:54:ab:aa:80:e7:11:ae:07:2c:
         2c:62:38:fc
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAY+ZuJ/yhsbXJkVeiYHnm6RKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Mjg0ZjE4Y2Q0NDYwNGJkZDZkMDhmNGQ4NzhkYzYxNDU2
YzQwZmQwHhcNMjQwNTIxMDU1NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmNjMjFmM2NkOTg1MzcwZGIyMzc4NGM0OTgzZmQzYzA0ODA5ODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KFjrFAW3i1NgH7qufDTCdddrjPz
ClLRcopmi0ap4XgIWSDI+NjnI/NktVfihTGYDQZ/tcoO0sTTA4uQhFhXS8uRj4XE
LLDzhpQjOzyd2SDwsf/2hwQR7v/8nZJVfzgbP0JnCLDkC426vEPnqpIqMpjk3ee9
Wk7P3Rvo+pAxknkbZfNdbqKroIwX9n6Su8qL1dhcBDQmcw1/4pMchJG8JoY9n869
rdrBge/4KaEUFxF5RxInQv9wmj/67BQQNx7iLaO8TnWgL0VuGJvq1e2/2iWdiKQO
quB1cEdtq5+km6M6S2Zzat1mc2gH740yy8omn8GBzcrljXi7WZDZQ4zsfQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFGbMIfPNmFNw2yN4TEmD/TwEgJhEMB8GA1UdIwQY
MBaAFNgoTxjNRGBL3W0I9Nh43GFFbED9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0Zjgt
Yzc4NjkxMjg1ODJjLzEvWnN3aDg4MllVM0RiSTNoTVNZUDlQQVNBbUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0ZjgtYzc4NjkxMjg1ODJj
LzEvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQALvwBMAwD
BAAu/AMDBAEu/AQwDAMEAC78BwMEAC78CjANBgkqhkiG9w0BAQsFAAOCAQEAC3UO
qnaX5PUdWDj3zW86Tb3Y5paAxl20l3uEMohupaymwYm+AyAMroWwvmm3jXrrTJ3j
Uu2SjGgGQezQ/VnYjdcP33qof86AeVte5vd0ExMrpE669/jBIVNJ4LdL2cbQqgtr
mVWC1qneJglb/B9DSHl4bHqTdjqYZUC0e3/WG19cYthwgTIMFM1bfYXpSlNKO0lD
CYJpTt7ibbYaaYRRoUSFHzSDtqwnexIxpjEh1ssZcGd6maAgVVXYeFs+fxQlHq2/
r5kEj4hNa2oeFwBdIEs4DzKcW84vDap6ea0CI9V4DYXsrJTqEIPFBJ0y5BKdmj43
VKuqgOcRrgcsLGI4/A==
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:19 2024 by rpki-client on console-ams.rpki-client.org