Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/KLqDVpOBqjJl-Uvfjb6FWynXXPE.roa
File:                     KLqDVpOBqjJl-Uvfjb6FWynXXPE.roa (raw, json)
Hash identifier:          7Rt0duZIW5SJMJM73waU4psOR4GOf5HB6tibmhJy6uc=
Subject key identifier:   28:BA:83:56:93:81:AA:32:65:F9:4B:DF:8D:BE:85:5B:29:D7:5C:F1
Certificate issuer:       /CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
Certificate serial:       018DEB2775F5760A7465896E2F07B68E57CF
Authority key identifier: 7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/KLqDVpOBqjJl-Uvfjb6FWynXXPE.roa
Signing time:             Tue 27 Feb 2024 15:20:48 +0000
ROA not before:           Tue 27 Feb 2024 15:20:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43207
IP address blocks:        5.133.172.0/22 maxlen: 24
                          46.231.8.0/21 maxlen: 24
                          85.95.32.0/19 maxlen: 19
                          91.209.142.0/24 maxlen: 24
                          91.214.228.0/22 maxlen: 24
                          151.249.64.0/20 maxlen: 24
                          185.44.248.0/22 maxlen: 24
                          185.113.0.0/22 maxlen: 24
                          185.168.144.0/22 maxlen: 22
                          209.35.128.0/20 maxlen: 20
                          2a01:5640::/32 maxlen: 32
                          2a0d:ea00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:27:75:f5:76:0a:74:65:89:6e:2f:07:b6:8e:57:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
        Validity
            Not Before: Feb 27 15:20:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28ba83569381aa3265f94bdf8dbe855b29d75cf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:96:17:0d:4c:9b:ed:61:48:91:39:6a:a8:20:
                    50:9f:cf:7d:9d:60:a5:71:80:15:cd:3f:be:db:db:
                    51:a2:c1:27:ac:25:8d:e2:d2:79:62:f1:33:ca:67:
                    80:f9:dc:76:2b:ff:bf:aa:ea:22:c0:a6:79:e2:93:
                    08:c3:75:0f:ce:b4:c1:4a:2c:e7:6c:47:83:80:4e:
                    80:af:2f:28:a1:5e:d3:22:55:b8:b1:a8:c6:c2:40:
                    19:1f:4e:c4:50:c9:85:96:7a:f5:a5:90:43:3c:80:
                    92:4d:df:45:5d:8b:93:63:76:84:55:95:7a:d1:e0:
                    78:4f:09:32:87:eb:b0:db:f4:77:79:90:9b:45:32:
                    6c:03:a6:70:17:31:91:8f:8e:4a:db:05:6f:73:9b:
                    7a:99:e3:44:0e:27:dc:9e:64:23:a3:bd:85:2c:53:
                    07:51:12:70:8a:8c:4c:50:6e:78:0d:42:57:d2:4b:
                    51:1d:95:aa:53:ae:de:b7:44:82:50:22:b5:1d:38:
                    e6:d6:b7:c6:d0:67:cc:64:ca:4e:45:15:e2:27:20:
                    2b:41:4d:09:4c:5b:89:af:ee:8d:83:a1:b2:09:27:
                    10:64:b5:e0:1d:29:67:12:4f:2e:db:9c:23:d3:3f:
                    e3:44:fb:9d:22:d8:51:5d:2b:15:c3:eb:3c:90:a3:
                    8f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BA:83:56:93:81:AA:32:65:F9:4B:DF:8D:BE:85:5B:29:D7:5C:F1
            X509v3 Authority Key Identifier:
                keyid:7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/KLqDVpOBqjJl-Uvfjb6FWynXXPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.172.0/22
                  46.231.8.0/21
                  85.95.32.0/19
                  91.209.142.0/24
                  91.214.228.0/22
                  151.249.64.0/20
                  185.44.248.0/22
                  185.113.0.0/22
                  185.168.144.0/22
                  209.35.128.0/20
                IPv6:
                  2a01:5640::/32
                  2a0d:ea00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:44:25:98:e7:0a:dd:f1:e3:cf:f7:14:c8:33:4c:4b:2a:be:
         97:e0:95:e2:22:09:2a:3a:c8:92:10:2a:24:c5:af:d9:41:10:
         32:71:bc:88:5c:90:7d:4f:d3:c6:e6:fa:64:99:1b:60:83:7e:
         73:8c:f1:fe:3e:99:0c:5c:31:80:36:72:8b:25:91:fc:d1:db:
         20:01:ff:91:39:6b:78:02:d1:0d:7b:f4:9a:c8:9b:48:91:ff:
         36:25:fb:42:6f:45:22:01:f0:a7:7b:a2:f2:fd:cc:a9:af:b4:
         95:b4:78:f1:07:e6:ab:90:d6:75:e4:4f:45:52:bd:ec:63:7e:
         ce:02:a2:ee:ec:74:7c:25:1b:0d:b0:bb:77:8d:e7:eb:c1:ef:
         a3:c3:a7:bb:69:12:eb:9e:bf:0e:ef:a6:53:38:56:bf:fd:af:
         5a:cc:21:0b:95:49:65:8e:52:f2:ed:ee:8b:d8:7c:d5:fe:29:
         44:86:d8:bb:2d:f6:cd:29:d5:9e:85:13:98:ac:71:e8:64:36:
         9d:60:64:00:d4:80:ba:9f:60:2c:a7:9c:11:94:9a:54:39:c2:
         1b:e4:9b:af:1e:70:d2:81:c6:6c:d6:be:ab:7d:15:d0:be:78:
         bc:3b:eb:1c:7e:7a:58:72:f7:65:1e:b9:1b:71:2f:8a:29:f4:
         9e:ad:e9:7f
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY3rJ3X1dgp0ZYluLwe2jlfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNDVhOWEwMzUzYTMzYzZhNGY5MzYwOGY5ZDI1ZjI3Yzg1
OTQ4YjcwHhcNMjQwMjI3MTUyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJhODM1NjkzODFhYTMyNjVmOTRiZGY4ZGJlODU1YjI5ZDc1Y2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZYXDUyb7WFIkTlqqCBQn899nWCl
cYAVzT++29tRosEnrCWN4tJ5YvEzymeA+dx2K/+/quoiwKZ54pMIw3UPzrTBSizn
bEeDgE6Ary8ooV7TIlW4sajGwkAZH07EUMmFlnr1pZBDPICSTd9FXYuTY3aEVZV6
0eB4Twkyh+uw2/R3eZCbRTJsA6ZwFzGRj45K2wVvc5t6meNEDifcnmQjo72FLFMH
URJwioxMUG54DUJX0ktRHZWqU67et0SCUCK1HTjm1rfG0GfMZMpORRXiJyArQU0J
TFuJr+6Ng6GyCScQZLXgHSlnEk8u25wj0z/jRPudIthRXSsVw+s8kKOPSwIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFCi6g1aTgaoyZflL342+hVsp11zxMB8GA1UdIwQY
MBaAFH5FqaA1OjPGpPk2CPnSXyfIWUi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2Qt
MzdhNjBjMzM1YTVkLzEvS0xxRFZwT0JxakpsLVV2ZmpiNkZXeW5YWFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2QtMzdhNjBjMzM1YTVk
LzEvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBCBAIAATA8AwQCBYWsAwQD
LucIAwQFVV8gAwQAW9GOAwQCW9bkAwQEl/lAAwQCuSz4AwQCuXEAAwQCuaiQAwQE
0SOAMBQEAgACMA4DBQAqAVZAAwUDKg3qADANBgkqhkiG9w0BAQsFAAOCAQEAX0Ql
mOcK3fHjz/cUyDNMSyq+l+CV4iIJKjrIkhAqJMWv2UEQMnG8iFyQfU/Txub6ZJkb
YIN+c4zx/j6ZDFwxgDZyiyWR/NHbIAH/kTlreALRDXv0msibSJH/NiX7Qm9FIgHw
p3ui8v3Mqa+0lbR48Qfmq5DWdeRPRVK97GN+zgKi7ux0fCUbDbC7d43n68Hvo8On
u2kS656/Du+mUzhWv/2vWswhC5VJZY5S8u3ui9h81f4pRIbYuy32zSnVnoUTmKxx
6GQ2nWBkANSAup9gLKecEZSaVDnCG+Sbrx5w0oHGbNa+q30V0L54vDvrHH56WHL3
ZR65G3Eviin0nq3pfw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:37:02 2024 by rpki-client on console-ams.rpki-client.org