Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/5LSfJS95La-elYsRiHdxSEFEGpc.roa
File:                     5LSfJS95La-elYsRiHdxSEFEGpc.roa (raw, json)
Hash identifier:          myzvUgjHPH0DHizHLkaq8Q0TBR/BQzto/Fjm1pWKiGw=
Subject key identifier:   E4:B4:9F:25:2F:79:2D:AF:9E:95:8B:11:88:77:71:48:41:44:1A:97
Certificate issuer:       /CN=64b31dcd6bb5308029c4273230514f726b1b86ba
Certificate serial:       018CC56EB779F4911080E21BB685BDC2DE45
Authority key identifier: 64:B3:1D:CD:6B:B5:30:80:29:C4:27:32:30:51:4F:72:6B:1B:86:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZLMdzWu1MIApxCcyMFFPcmsbhro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/5LSfJS95La-elYsRiHdxSEFEGpc.roa
Signing time:             Mon 01 Jan 2024 14:30:16 +0000
ROA not before:           Mon 01 Jan 2024 14:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135391
IP address blocks:        185.232.56.0/24 maxlen: 24
                          185.232.58.0/24 maxlen: 24
                          185.232.57.0/24 maxlen: 24
                          185.232.59.0/24 maxlen: 24
                          2a0d:5300:300::/40 maxlen: 40
                          2a0d:5300::/40 maxlen: 40
                          2a0d:5300:100::/40 maxlen: 40
                          2a0d:5300:200::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/ZLMdzWu1MIApxCcyMFFPcmsbhro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/ZLMdzWu1MIApxCcyMFFPcmsbhro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZLMdzWu1MIApxCcyMFFPcmsbhro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b7:79:f4:91:10:80:e2:1b:b6:85:bd:c2:de:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64b31dcd6bb5308029c4273230514f726b1b86ba
        Validity
            Not Before: Jan  1 14:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4b49f252f792daf9e958b118877714841441a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:16:3e:85:7c:5d:c9:d6:05:e9:77:4c:0b:fd:
                    09:1b:4a:69:e4:06:8f:e9:2b:f3:4f:bf:b1:15:a1:
                    cd:ae:36:d2:50:06:60:b2:92:09:6f:da:1e:01:2b:
                    2c:85:f2:87:52:e9:4a:32:42:2e:9a:9a:13:1e:27:
                    bd:67:44:35:f4:7f:84:83:37:0d:72:76:7e:fe:59:
                    34:9f:79:ac:05:25:6e:cb:ca:09:bd:ec:38:06:9f:
                    ad:b8:d7:bf:94:bc:88:ab:73:5f:4c:6f:49:7d:7c:
                    8f:3b:c6:54:79:2e:70:10:4e:59:74:23:ab:9d:15:
                    7a:b6:26:97:2c:b3:23:f5:18:8e:ed:a0:6d:44:de:
                    5a:eb:99:ee:a8:21:fd:04:b1:e0:13:b5:a2:f4:bb:
                    8d:48:20:27:22:43:0c:7e:54:57:e4:b5:2a:22:d8:
                    00:61:8d:fe:99:2e:78:e6:00:69:9e:d1:be:6e:28:
                    92:de:18:b1:4c:68:2e:bf:b3:b9:0d:08:d9:f3:c5:
                    1a:73:63:0f:ba:b3:19:0d:a6:c9:f9:c8:01:a2:06:
                    63:1f:4d:bf:8d:cd:51:40:59:da:84:5b:45:0f:88:
                    99:d4:36:55:1b:1a:d2:c8:58:32:da:48:7d:3d:92:
                    de:58:82:84:f8:e8:b9:81:9d:74:e6:39:22:1f:41:
                    f4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B4:9F:25:2F:79:2D:AF:9E:95:8B:11:88:77:71:48:41:44:1A:97
            X509v3 Authority Key Identifier:
                keyid:64:B3:1D:CD:6B:B5:30:80:29:C4:27:32:30:51:4F:72:6B:1B:86:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZLMdzWu1MIApxCcyMFFPcmsbhro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/5LSfJS95La-elYsRiHdxSEFEGpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/980d6e-8a99-4260-8064-44ab689e1d4d/1/ZLMdzWu1MIApxCcyMFFPcmsbhro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.56.0/22
                IPv6:
                  2a0d:5300::/38

    Signature Algorithm: sha256WithRSAEncryption
         ca:6b:a7:0e:af:dd:d9:85:fe:40:0c:ac:bf:2b:cf:e3:5f:5e:
         40:ff:7e:f1:4a:37:80:34:d5:ed:54:c4:c0:ce:93:0e:42:c1:
         1f:af:3d:3d:0c:d6:d9:ef:f9:3f:b0:8a:f8:41:f2:e3:a7:b4:
         58:1f:58:d3:b2:59:54:58:a8:56:dd:34:b1:ef:c7:14:4c:70:
         3b:db:e6:05:67:71:ae:ed:7d:97:3f:e0:5c:71:28:e3:b2:a7:
         8a:93:f8:04:5a:74:af:33:6c:a4:bb:4a:ed:de:ba:f9:20:4b:
         5e:8e:64:e1:75:46:43:e2:3b:b3:fb:9b:ea:7f:d1:0f:ef:d1:
         dc:44:57:0d:23:26:1f:c5:92:1b:44:0a:12:c3:92:72:90:53:
         0d:9e:7b:d3:17:c7:7c:49:37:59:8f:d7:5c:f4:2b:f8:a1:cc:
         25:30:53:4f:78:19:e6:3f:c6:9a:80:cf:6e:ab:1d:26:b0:b5:
         1c:a7:75:e9:e8:75:fa:65:53:e4:d7:f6:f9:bc:85:6c:94:98:
         e6:a1:c5:30:f0:ab:49:07:a5:e7:c2:78:66:9c:ca:49:ad:41:
         75:f2:25:dd:6b:d8:b0:9f:37:51:f6:bd:40:40:8b:e3:4e:2e:
         4e:49:47:ce:8f:97:49:02:19:0c:da:38:27:59:5a:d0:ae:7d:
         eb:46:ee:65
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzFbrd59JEQgOIbtoW9wt5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YjMxZGNkNmJiNTMwODAyOWM0MjczMjMwNTE0ZjcyNmIx
Yjg2YmEwHhcNMjQwMTAxMTQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGI0OWYyNTJmNzkyZGFmOWU5NThiMTE4ODc3NzE0ODQxNDQxYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRY+hXxdydYF6XdMC/0JG0pp5AaP
6SvzT7+xFaHNrjbSUAZgspIJb9oeASsshfKHUulKMkIumpoTHie9Z0Q19H+EgzcN
cnZ+/lk0n3msBSVuy8oJvew4Bp+tuNe/lLyIq3NfTG9JfXyPO8ZUeS5wEE5ZdCOr
nRV6tiaXLLMj9RiO7aBtRN5a65nuqCH9BLHgE7Wi9LuNSCAnIkMMflRX5LUqItgA
YY3+mS545gBpntG+biiS3hixTGguv7O5DQjZ88Uac2MPurMZDabJ+cgBogZjH02/
jc1RQFnahFtFD4iZ1DZVGxrSyFgy2kh9PZLeWIKE+Oi5gZ105jkiH0H0mQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFOS0nyUveS2vnpWLEYh3cUhBRBqXMB8GA1UdIwQY
MBaAFGSzHc1rtTCAKcQnMjBRT3JrG4a6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkxNZHpXdTFNSUFweENjeU1GRlBjbXNiaHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny85ODBkNmUtOGE5OS00MjYwLTgwNjQt
NDRhYjY4OWUxZDRkLzEvNUxTZkpTOTVMYS1lbFlzUmlIZHhTRUZFR3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny85ODBkNmUtOGE5OS00MjYwLTgwNjQtNDRhYjY4OWUxZDRk
LzEvWkxNZHpXdTFNSUFweENjeU1GRlBjbXNiaHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCueg4MA4E
AgACMAgDBgIqDVMAADANBgkqhkiG9w0BAQsFAAOCAQEAymunDq/d2YX+QAysvyvP
419eQP9+8Uo3gDTV7VTEwM6TDkLBH689PQzW2e/5P7CK+EHy46e0WB9Y07JZVFio
Vt00se/HFExwO9vmBWdxru19lz/gXHEo47KnipP4BFp0rzNspLtK7d66+SBLXo5k
4XVGQ+I7s/ub6n/RD+/R3ERXDSMmH8WSG0QKEsOScpBTDZ570xfHfEk3WY/XXPQr
+KHMJTBTT3gZ5j/GmoDPbqsdJrC1HKd16eh1+mVT5Nf2+byFbJSY5qHFMPCrSQel
58J4ZpzKSa1BdfIl3WvYsJ83Ufa9QECL404uTklHzo+XSQIZDNo4J1la0K5960bu
ZQ==
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:20:20 2024 by rpki-client on console-ams.rpki-client.org