Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/01835f-504f-45bd-a052-714f9626d021/1/9m785MXZwp0BQtk_jk4fp9A4qB0.roa
File:                     9m785MXZwp0BQtk_jk4fp9A4qB0.roa (raw, json)
Hash identifier:          u+8J+4zJtWHS217NkWrzbcfb0E+Zj0l1Wu1mFSLU2lI=
Subject key identifier:   F6:6E:FC:E4:C5:D9:C2:9D:01:42:D9:3F:8E:4E:1F:A7:D0:38:A8:1D
Certificate issuer:       /CN=50264c3f09831ccd889712f4fab5c5b1be0cad56
Certificate serial:       0194252042408BD5AF1229932F0225142282
Authority key identifier: 50:26:4C:3F:09:83:1C:CD:88:97:12:F4:FA:B5:C5:B1:BE:0C:AD:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UCZMPwmDHM2IlxL0-rXFsb4MrVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/01835f-504f-45bd-a052-714f9626d021/1/9m785MXZwp0BQtk_jk4fp9A4qB0.roa
Signing time:             Thu 02 Jan 2025 03:47:38 +0000
ROA not before:           Thu 02 Jan 2025 03:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12813
IP address blocks:        212.11.224.0/19 maxlen: 19
                          212.11.224.0/24 maxlen: 24
                          212.11.225.0/24 maxlen: 24
                          212.11.226.0/24 maxlen: 24
                          212.11.227.0/24 maxlen: 24
                          212.11.235.0/24 maxlen: 24
                          212.11.240.0/24 maxlen: 24
                          212.11.241.0/24 maxlen: 24
                          212.11.242.0/24 maxlen: 24
                          212.11.244.0/24 maxlen: 24
                          212.11.245.0/24 maxlen: 24
                          2a00:1278::/32 maxlen: 32
                          2a00:1278:100::/40 maxlen: 40
                          2a00:1278:200::/40 maxlen: 40
                          2a00:1278:500::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/01835f-504f-45bd-a052-714f9626d021/1/UCZMPwmDHM2IlxL0-rXFsb4MrVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/01835f-504f-45bd-a052-714f9626d021/1/UCZMPwmDHM2IlxL0-rXFsb4MrVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UCZMPwmDHM2IlxL0-rXFsb4MrVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:42:40:8b:d5:af:12:29:93:2f:02:25:14:22:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50264c3f09831ccd889712f4fab5c5b1be0cad56
        Validity
            Not Before: Jan  2 03:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f66efce4c5d9c29d0142d93f8e4e1fa7d038a81d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1c:c4:06:55:21:5a:a1:8b:77:b0:2b:b2:c9:
                    6a:aa:56:9c:2a:07:10:86:a2:55:0d:99:30:c8:41:
                    d5:02:1e:02:d2:7d:2d:ec:da:dd:71:c1:cc:78:91:
                    4a:71:86:de:b4:48:6e:03:d4:f1:e9:21:47:5c:d6:
                    20:81:4a:88:d9:01:7e:66:a3:9f:1d:cb:07:82:d7:
                    96:8c:a3:6e:b2:96:57:65:11:13:5a:9f:dc:74:d6:
                    06:5d:7a:59:58:09:79:30:86:1c:c7:3b:6a:f8:04:
                    86:af:18:0d:75:c8:2f:40:90:32:39:7c:9f:24:de:
                    d1:a8:c8:a2:7b:9e:03:1a:4b:09:bf:d5:90:a4:f3:
                    f5:63:40:e1:39:d4:c4:92:9c:3c:be:5b:a0:9e:64:
                    81:72:23:e0:ab:e6:5c:42:7e:84:98:92:6b:fe:b7:
                    2f:14:7b:30:36:b5:a6:ce:5b:6c:4a:f4:3e:e7:d7:
                    02:6f:16:30:73:69:eb:23:16:e8:72:92:88:cd:4a:
                    0f:25:dc:c2:5c:bc:9a:01:c5:84:5a:14:dd:1b:87:
                    cd:1d:26:1e:f2:1b:36:cd:80:cf:a9:05:79:8f:9c:
                    8d:97:8c:19:05:c0:f6:dc:03:5f:c1:21:a1:25:6c:
                    fa:eb:03:bc:1f:85:bc:f8:cb:85:0e:f1:51:a4:2d:
                    5f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:6E:FC:E4:C5:D9:C2:9D:01:42:D9:3F:8E:4E:1F:A7:D0:38:A8:1D
            X509v3 Authority Key Identifier:
                keyid:50:26:4C:3F:09:83:1C:CD:88:97:12:F4:FA:B5:C5:B1:BE:0C:AD:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UCZMPwmDHM2IlxL0-rXFsb4MrVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/01835f-504f-45bd-a052-714f9626d021/1/9m785MXZwp0BQtk_jk4fp9A4qB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/01835f-504f-45bd-a052-714f9626d021/1/UCZMPwmDHM2IlxL0-rXFsb4MrVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.11.224.0/19
                IPv6:
                  2a00:1278::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:d8:0a:4f:1b:ec:94:c7:02:97:41:97:bc:2c:6c:ac:72:69:
         9a:0e:ea:eb:17:14:a6:b7:7e:97:99:d2:ec:14:1f:e3:01:af:
         dd:18:f4:10:69:47:2f:89:d7:ec:27:c6:ff:6b:2d:90:79:ed:
         67:b3:91:75:f0:cb:f7:d0:a8:17:cc:55:fb:4b:af:f5:ab:08:
         50:a9:7a:49:79:57:ed:14:bd:a5:67:2f:cb:00:97:60:bf:d0:
         13:77:1e:fd:29:ec:39:1a:d7:bd:1c:7d:4b:5a:b6:42:52:d3:
         6b:b3:0b:c3:83:2e:e2:13:d4:c2:1a:4e:d1:1d:ca:96:14:1e:
         cc:49:f7:64:dc:24:e2:80:ef:d6:0d:79:ab:95:ab:84:72:d4:
         7c:ba:a9:6e:ff:91:01:d3:60:02:1b:55:8b:61:e1:46:70:03:
         03:a2:ef:9b:d0:f1:92:1b:02:4b:bc:d6:ab:79:a6:f1:ef:60:
         18:be:05:39:b6:41:56:e2:f1:f0:8b:9c:14:b2:ea:22:8f:db:
         84:99:18:40:15:26:4f:cb:9b:05:f9:a2:3c:be:7f:a9:3d:ca:
         86:42:34:2a:78:43:1a:6f:02:32:cf:d6:87:36:0d:c9:02:f5:
         4e:d8:0e:8d:17:d9:f2:1f:71:cc:22:79:12:a8:b5:c4:96:89:
         8b:13:f6:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIEJAi9WvEimTLwIlFCKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMjY0YzNmMDk4MzFjY2Q4ODk3MTJmNGZhYjVjNWIxYmUw
Y2FkNTYwHhcNMjUwMTAyMDM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjZlZmNlNGM1ZDljMjlkMDE0MmQ5M2Y4ZTRlMWZhN2QwMzhhODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBzEBlUhWqGLd7ArsslqqlacKgcQ
hqJVDZkwyEHVAh4C0n0t7NrdccHMeJFKcYbetEhuA9Tx6SFHXNYggUqI2QF+ZqOf
HcsHgteWjKNuspZXZRETWp/cdNYGXXpZWAl5MIYcxztq+ASGrxgNdcgvQJAyOXyf
JN7RqMiie54DGksJv9WQpPP1Y0DhOdTEkpw8vlugnmSBciPgq+ZcQn6EmJJr/rcv
FHswNrWmzltsSvQ+59cCbxYwc2nrIxbocpKIzUoPJdzCXLyaAcWEWhTdG4fNHSYe
8hs2zYDPqQV5j5yNl4wZBcD23ANfwSGhJWz66wO8H4W8+MuFDvFRpC1fZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPZu/OTF2cKdAULZP45OH6fQOKgdMB8GA1UdIwQY
MBaAFFAmTD8JgxzNiJcS9Pq1xbG+DK1WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUNaTVB3bURITTJJbHhMMC1yWEZzYjRNclZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8wMTgzNWYtNTA0Zi00NWJkLWEwNTIt
NzE0Zjk2MjZkMDIxLzEvOW03ODVNWFp3cDBCUXRrX2prNGZwOUE0cUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8wMTgzNWYtNTA0Zi00NWJkLWEwNTItNzE0Zjk2MjZkMDIx
LzEvVUNaTVB3bURITTJJbHhMMC1yWEZzYjRNclZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1AvgMA0E
AgACMAcDBQAqABJ4MA0GCSqGSIb3DQEBCwUAA4IBAQCC2ApPG+yUxwKXQZe8LGys
cmmaDurrFxSmt36XmdLsFB/jAa/dGPQQaUcvidfsJ8b/ay2Qee1ns5F18Mv30KgX
zFX7S6/1qwhQqXpJeVftFL2lZy/LAJdgv9ATdx79Kew5Gte9HH1LWrZCUtNrswvD
gy7iE9TCGk7RHcqWFB7MSfdk3CTigO/WDXmrlauEctR8uqlu/5EB02ACG1WLYeFG
cAMDou+b0PGSGwJLvNareabx72AYvgU5tkFW4vHwi5wUsuoij9uEmRhAFSZPy5sF
+aI8vn+pPcqGQjQqeEMabwIyz9aHNg3JAvVO2A6NF9nyH3HMInkSqLXElomLE/bX
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:48:37 2025 by rpki-client