Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/XEuHkVsbTKhTWFqfk9nXxTwbwAo.roa
File:                     XEuHkVsbTKhTWFqfk9nXxTwbwAo.roa (raw, json)
Hash identifier:          wu+r83K4umrYHYEFk4Qztz7EU7s/bxVn8Muw/eGmsJE=
Subject key identifier:   5C:4B:87:91:5B:1B:4C:A8:53:58:5A:9F:93:D9:D7:C5:3C:1B:C0:0A
Certificate issuer:       /CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
Certificate serial:       018DF8FBCE59F7027255223613A8EC357516
Authority key identifier: 29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/XEuHkVsbTKhTWFqfk9nXxTwbwAo.roa
Signing time:             Fri 01 Mar 2024 07:47:48 +0000
ROA not before:           Fri 01 Mar 2024 07:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25144
IP address blocks:        31.223.128.0/19 maxlen: 19
                          31.223.128.0/21 maxlen: 21
                          31.223.136.0/21 maxlen: 21
                          31.223.144.0/21 maxlen: 21
                          31.223.152.0/21 maxlen: 21
                          46.239.0.0/18 maxlen: 18
                          62.101.144.0/20 maxlen: 20
                          81.93.64.0/19 maxlen: 19
                          81.93.66.0/24 maxlen: 24
                          81.93.67.0/24 maxlen: 24
                          81.93.69.0/24 maxlen: 24
                          81.93.73.0/24 maxlen: 24
                          81.93.84.0/24 maxlen: 24
                          81.93.86.0/24 maxlen: 24
                          81.93.91.0/24 maxlen: 24
                          81.93.92.0/24 maxlen: 24
                          89.111.192.0/18 maxlen: 18
                          89.111.192.0/19 maxlen: 19
                          89.111.192.0/24 maxlen: 24
                          89.111.200.0/24 maxlen: 24
                          89.111.224.0/19 maxlen: 19
                          89.111.225.0/24 maxlen: 24
                          89.111.226.0/24 maxlen: 24
                          89.111.227.0/24 maxlen: 24
                          89.111.231.0/24 maxlen: 24
                          89.111.235.0/24 maxlen: 24
                          89.111.236.0/24 maxlen: 24
                          89.111.240.0/24 maxlen: 24
                          89.111.244.0/22 maxlen: 22
                          89.111.246.0/24 maxlen: 24
                          89.111.248.0/22 maxlen: 22
                          94.250.0.0/18 maxlen: 18
                          94.250.18.0/24 maxlen: 24
                          94.250.64.0/18 maxlen: 18
                          109.165.128.0/17 maxlen: 17
                          185.35.156.0/22 maxlen: 22
                          217.24.128.0/20 maxlen: 20
                          2a00:cb00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f8:fb:ce:59:f7:02:72:55:22:36:13:a8:ec:35:75:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
        Validity
            Not Before: Mar  1 07:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c4b87915b1b4ca853585a9f93d9d7c53c1bc00a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d9:cf:f0:1c:b4:9b:91:f7:90:a8:cb:1d:0c:
                    5d:89:09:5d:84:58:98:86:2b:04:0f:c5:df:bb:2e:
                    f5:51:07:e0:c9:ad:77:ee:9f:0f:5a:37:86:b1:c7:
                    0d:44:eb:39:1c:65:77:34:7c:63:28:f9:8a:92:7d:
                    fc:df:0b:63:9b:91:5a:6f:55:a8:9b:ce:65:fa:da:
                    ac:1a:d4:81:6c:5b:a6:ba:33:4e:c8:0b:e6:ba:67:
                    d9:4f:d7:cc:8f:31:68:3d:15:5a:88:44:bf:fd:64:
                    40:e2:c3:25:a5:f3:10:cc:bb:41:63:cb:5d:42:25:
                    43:63:4a:52:f2:6f:f2:48:4b:c5:16:8d:61:a7:c9:
                    b7:68:7f:b6:8e:ea:8b:23:a3:7d:fc:31:7e:a6:d9:
                    61:bb:5d:b5:76:bf:d2:97:b1:0d:9a:20:13:1c:89:
                    80:71:d3:17:82:cc:15:ab:00:9c:d3:5c:1e:b9:92:
                    f3:33:93:83:a4:01:f0:5b:9b:0f:25:fa:6b:56:dc:
                    d7:3a:74:b5:b7:b0:24:20:6e:f4:89:d5:2f:af:1c:
                    96:07:c7:38:58:ee:71:33:d0:b8:da:ca:e1:e4:54:
                    47:91:b2:df:9d:fe:1b:6a:f4:e9:33:a3:78:d3:94:
                    64:4f:a1:44:19:95:40:ee:d9:2f:be:29:3b:f4:4a:
                    12:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:4B:87:91:5B:1B:4C:A8:53:58:5A:9F:93:D9:D7:C5:3C:1B:C0:0A
            X509v3 Authority Key Identifier:
                keyid:29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/XEuHkVsbTKhTWFqfk9nXxTwbwAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.223.128.0/19
                  46.239.0.0/18
                  62.101.144.0/20
                  81.93.64.0/19
                  89.111.192.0/18
                  94.250.0.0/17
                  109.165.128.0/17
                  185.35.156.0/22
                  217.24.128.0/20
                IPv6:
                  2a00:cb00::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:46:c3:cf:60:37:34:97:61:c5:5e:17:3e:a3:96:50:0c:a8:
         c2:ec:dd:1d:f8:5b:9a:b7:70:ec:29:1b:2a:a2:6f:0f:b8:82:
         df:65:eb:99:06:5d:94:b4:b5:34:10:1a:82:f5:54:d5:35:50:
         8f:ae:21:3d:75:91:a2:43:7b:0c:7a:2c:8c:3c:9a:70:0e:83:
         a6:73:95:f3:8c:1c:37:9a:48:bf:fa:40:cc:fd:a3:06:f5:0e:
         6b:c8:b2:eb:5c:a6:30:81:cd:f1:0b:92:92:31:f7:61:87:4a:
         13:2a:b2:d3:25:4a:80:03:53:b5:91:66:62:66:f2:4a:c4:ad:
         52:35:cf:03:6a:1c:1b:1f:4a:b4:30:56:01:8e:49:d1:ac:79:
         d2:5a:56:28:6e:d1:bf:48:cf:b0:39:0e:2a:be:8a:f4:cd:2f:
         f2:2b:a4:c7:0c:69:a5:3e:12:a2:25:88:fe:52:18:7d:80:2b:
         c1:09:53:38:59:00:f1:35:ed:5f:95:cc:4e:cf:c3:05:01:57:
         2f:7e:27:b6:85:81:0c:2b:ac:d5:6b:4f:a9:46:de:40:ff:d8:
         56:14:95:36:75:63:23:8b:03:bf:03:d5:4f:b4:03:06:e4:d1:
         00:16:ab:63:02:ab:5f:2b:0e:40:6f:c5:8f:1e:d7:52:f3:5a:
         a4:f5:3b:34
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAY34+85Z9wJyVSI2E6jsNXUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YTk5NjRlMGNkMzVmYjM2NzU3ZTU2NTNmZmE3NjI2YWM1
ZGVlZTgwHhcNMjQwMzAxMDc0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzRiODc5MTViMWI0Y2E4NTM1ODVhOWY5M2Q5ZDdjNTNjMWJjMDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9nP8By0m5H3kKjLHQxdiQldhFiY
hisED8Xfuy71UQfgya137p8PWjeGsccNROs5HGV3NHxjKPmKkn383wtjm5Fab1Wo
m85l+tqsGtSBbFumujNOyAvmumfZT9fMjzFoPRVaiES//WRA4sMlpfMQzLtBY8td
QiVDY0pS8m/ySEvFFo1hp8m3aH+2juqLI6N9/DF+ptlhu121dr/Sl7ENmiATHImA
cdMXgswVqwCc01weuZLzM5ODpAHwW5sPJfprVtzXOnS1t7AkIG70idUvrxyWB8c4
WO5xM9C42srh5FRHkbLfnf4bavTpM6N405RkT6FEGZVA7tkvvik79EoS2wIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFFxLh5FbG0yoU1han5PZ18U8G8AKMB8GA1UdIwQY
MBaAFCmplk4M01+zZ1flZT/6diasXe7oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTIt
ZDliNTMzZjdmYmMzLzEvWEV1SGtWc2JUS2hUV0ZxZms5blh4VHdid0FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTItZDliNTMzZjdmYmMz
LzEvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQFH9+AAwQG
Lu8AAwQEPmWQAwQFUV1AAwQGWW/AAwQHXvoAAwQHbaWAAwQCuSOcAwQE2RiAMA0E
AgACMAcDBQAqAMsAMA0GCSqGSIb3DQEBCwUAA4IBAQCpRsPPYDc0l2HFXhc+o5ZQ
DKjC7N0d+Fuat3DsKRsqom8PuILfZeuZBl2UtLU0EBqC9VTVNVCPriE9dZGiQ3sM
eiyMPJpwDoOmc5XzjBw3mki/+kDM/aMG9Q5ryLLrXKYwgc3xC5KSMfdhh0oTKrLT
JUqAA1O1kWZiZvJKxK1SNc8DahwbH0q0MFYBjknRrHnSWlYobtG/SM+wOQ4qvor0
zS/yK6THDGmlPhKiJYj+Uhh9gCvBCVM4WQDxNe1flcxOz8MFAVcvfie2hYEMK6zV
a0+pRt5A/9hWFJU2dWMjiwO/A9VPtAMG5NEAFqtjAqtfKw5Ab8WPHtdS81qk9Ts0
-----END CERTIFICATE-----
Generated at Sun Jun 16 03:08:09 2024 by rpki-client on console-fra.rpki-client.org