Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/Zds-0yoirKWsyW6ursByen80Cg8.roa
File:                     Zds-0yoirKWsyW6ursByen80Cg8.roa (raw, json)
Hash identifier:          BXiyhGHT9zX+B5Q4iQJx+8USQCvczwNWk+LhQCn6JRc=
Subject key identifier:   65:DB:3E:D3:2A:22:AC:A5:AC:C9:6E:AE:AE:C0:72:7A:7F:34:0A:0F
Certificate issuer:       /CN=4b25df8620374243e3c5eab25550af24e0eff48c
Certificate serial:       018CC50154A9AFC029DF7BE253B53CE59D13
Authority key identifier: 4B:25:DF:86:20:37:42:43:E3:C5:EA:B2:55:50:AF:24:E0:EF:F4:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SyXfhiA3QkPjxeqyVVCvJODv9Iw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/Zds-0yoirKWsyW6ursByen80Cg8.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49284
IP address blocks:        46.29.104.0/21 maxlen: 21
                          185.208.232.0/23 maxlen: 23
                          185.208.232.0/22 maxlen: 22
                          185.208.233.0/24 maxlen: 24
                          185.208.234.0/24 maxlen: 24
                          185.208.234.0/23 maxlen: 23
                          185.208.235.0/24 maxlen: 24
                          188.92.184.0/21 maxlen: 21
                          37.209.200.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/SyXfhiA3QkPjxeqyVVCvJODv9Iw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/SyXfhiA3QkPjxeqyVVCvJODv9Iw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SyXfhiA3QkPjxeqyVVCvJODv9Iw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:54:a9:af:c0:29:df:7b:e2:53:b5:3c:e5:9d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b25df8620374243e3c5eab25550af24e0eff48c
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65db3ed32a22aca5acc96eaeaec0727a7f340a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:80:48:98:30:90:6f:a9:e8:5a:05:3e:3e:b0:
                    fb:02:79:9c:27:9c:71:e8:78:b2:d3:fd:3d:36:55:
                    44:1f:98:8d:5f:51:c5:44:c9:4f:ea:5e:72:6a:a1:
                    a8:03:09:32:f8:fc:d0:9c:75:9c:24:e7:90:07:af:
                    93:18:80:ad:51:28:7d:12:7e:29:de:94:5a:90:86:
                    28:a3:45:cb:03:89:cd:92:b5:ed:d8:e8:29:19:13:
                    d5:73:7c:59:ce:d2:09:3d:0f:b2:6a:d1:dc:ce:42:
                    03:1f:ae:aa:4b:53:34:48:38:af:21:a3:47:10:fd:
                    6b:5d:bf:80:5b:d6:3d:f6:93:4e:11:43:cd:7c:f6:
                    e1:18:30:78:8e:7e:d7:8c:b3:cc:e0:98:6f:37:f3:
                    c3:37:c8:84:f9:d4:3a:4d:7d:45:47:e7:26:40:01:
                    e9:54:a5:dd:5c:52:14:9d:29:af:2e:37:08:d1:1e:
                    96:44:86:94:d9:45:98:07:a7:53:f5:2d:70:e4:68:
                    28:86:ab:ba:4b:4e:7c:d7:e4:78:22:22:4b:70:e3:
                    12:f7:ef:2f:0b:ba:d4:f4:04:60:84:fe:3d:68:75:
                    2d:42:a6:b1:7c:c7:d7:fd:62:46:23:f2:5c:ba:ad:
                    89:67:e6:12:56:71:4d:8c:ed:44:71:8d:7a:88:4c:
                    b8:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:DB:3E:D3:2A:22:AC:A5:AC:C9:6E:AE:AE:C0:72:7A:7F:34:0A:0F
            X509v3 Authority Key Identifier:
                keyid:4B:25:DF:86:20:37:42:43:E3:C5:EA:B2:55:50:AF:24:E0:EF:F4:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SyXfhiA3QkPjxeqyVVCvJODv9Iw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/Zds-0yoirKWsyW6ursByen80Cg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a71248-a465-40d4-a2cf-a41b50aa272d/1/SyXfhiA3QkPjxeqyVVCvJODv9Iw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.200.0/21
                  46.29.104.0/21
                  185.208.232.0/22
                  188.92.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ba:01:80:29:ba:23:96:d8:e1:5c:7d:02:55:22:1f:7a:73:a8:
         35:d3:e8:e8:f5:0a:a3:b6:6e:39:18:87:ec:84:2c:5f:c2:98:
         b2:c5:5d:97:1e:da:53:8c:13:80:ce:03:b5:cd:c2:45:f3:2c:
         e3:49:8a:79:10:90:77:34:16:56:b9:cb:d7:17:24:b7:58:35:
         6d:13:69:3a:36:ee:ad:18:a8:fd:bf:56:be:b5:23:76:df:d0:
         16:e1:61:97:f6:45:2a:79:cc:03:6d:3a:f2:c0:21:ec:b3:86:
         16:7a:35:e6:98:dd:98:76:0d:78:e1:1c:0b:ca:c2:3e:f0:30:
         40:7d:b7:13:71:67:b3:de:66:4d:9e:c3:20:2b:89:6f:56:cf:
         cf:d2:9b:5e:84:61:f8:0a:72:6b:91:0b:a1:8d:17:c1:9a:5d:
         2e:6d:24:74:f5:38:e4:1a:4a:85:18:ef:06:b9:18:66:df:3f:
         e7:4f:3c:52:23:1b:76:72:3b:fb:ee:66:02:d4:a8:1d:13:22:
         00:67:54:5b:6c:b7:84:e9:dc:8f:51:8f:34:9c:9b:48:cb:ad:
         ca:11:2e:1f:0b:9c:fa:da:ad:25:1c:af:6a:2c:6b:d7:84:2b:
         85:d8:14:be:e2:17:8b:53:dc:76:ac:45:6f:c4:63:f7:43:69:
         43:22:f1:86
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzFAVSpr8Ap33viU7U85Z0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMjVkZjg2MjAzNzQyNDNlM2M1ZWFiMjU1NTBhZjI0ZTBl
ZmY0OGMwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWRiM2VkMzJhMjJhY2E1YWNjOTZlYWVhZWMwNzI3YTdmMzQwYTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IBImDCQb6noWgU+PrD7AnmcJ5xx
6Hiy0/09NlVEH5iNX1HFRMlP6l5yaqGoAwky+PzQnHWcJOeQB6+TGICtUSh9En4p
3pRakIYoo0XLA4nNkrXt2OgpGRPVc3xZztIJPQ+yatHczkIDH66qS1M0SDivIaNH
EP1rXb+AW9Y99pNOEUPNfPbhGDB4jn7XjLPM4JhvN/PDN8iE+dQ6TX1FR+cmQAHp
VKXdXFIUnSmvLjcI0R6WRIaU2UWYB6dT9S1w5Ggohqu6S0581+R4IiJLcOMS9+8v
C7rU9ARghP49aHUtQqaxfMfX/WJGI/Jcuq2JZ+YSVnFNjO1EcY16iEy4wwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGXbPtMqIqylrMlurq7Acnp/NAoPMB8GA1UdIwQY
MBaAFEsl34YgN0JD48XqslVQryTg7/SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3lYZmhpQTNRa1BqeGVxeVZWQ3ZKT0R2OUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9hNzEyNDgtYTQ2NS00MGQ0LWEyY2Yt
YTQxYjUwYWEyNzJkLzEvWmRzLTB5b2lyS1dzeVc2dXJzQnllbjgwQ2c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9hNzEyNDgtYTQ2NS00MGQ0LWEyY2YtYTQxYjUwYWEyNzJk
LzEvU3lYZmhpQTNRa1BqeGVxeVZWQ3ZKT0R2OUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDJdHIAwQD
Lh1oAwQCudDoAwQDvFy4MA0GCSqGSIb3DQEBCwUAA4IBAQC6AYApuiOW2OFcfQJV
Ih96c6g10+jo9Qqjtm45GIfshCxfwpiyxV2XHtpTjBOAzgO1zcJF8yzjSYp5EJB3
NBZWucvXFyS3WDVtE2k6Nu6tGKj9v1a+tSN239AW4WGX9kUqecwDbTrywCHss4YW
ejXmmN2Ydg144RwLysI+8DBAfbcTcWez3mZNnsMgK4lvVs/P0ptehGH4CnJrkQuh
jRfBml0ubSR09TjkGkqFGO8GuRhm3z/nTzxSIxt2cjv77mYC1KgdEyIAZ1RbbLeE
6dyPUY80nJtIy63KES4fC5z62q0lHK9qLGvXhCuF2BS+4heLU9x2rEVvxGP3Q2lD
IvGG
-----END CERTIFICATE-----
Generated at Sun Jun 16 23:48:16 2024 by rpki-client on console-ams.rpki-client.org