Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/5ZrHKq_emjY0DN_HCxxxwzi5GZ0.roa
File:                     5ZrHKq_emjY0DN_HCxxxwzi5GZ0.roa (raw, json)
Hash identifier:          0/XBHhbDCH8XKIpuFct3gJL2Il9ngqrERiB17LyeUOc=
Subject key identifier:   E5:9A:C7:2A:AF:DE:9A:36:34:0C:DF:C7:0B:1C:71:C3:38:B9:19:9D
Certificate issuer:       /CN=408025c7de0400e0f3c88d4a122a317e32c5e21c
Certificate serial:       018CC3B6E8980D52A4E0710C03C1E0A9F4D0
Authority key identifier: 40:80:25:C7:DE:04:00:E0:F3:C8:8D:4A:12:2A:31:7E:32:C5:E2:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIAlx94EAODzyI1KEioxfjLF4hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/5ZrHKq_emjY0DN_HCxxxwzi5GZ0.roa
Signing time:             Mon 01 Jan 2024 06:29:53 +0000
ROA not before:           Mon 01 Jan 2024 06:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30818
IP address blocks:        82.221.0.0/20 maxlen: 20
                          82.221.164.0/24 maxlen: 24
                          82.221.166.0/24 maxlen: 24
                          82.221.171.0/24 maxlen: 24
                          82.221.167.0/24 maxlen: 24
                          82.221.168.0/24 maxlen: 24
                          82.221.170.0/24 maxlen: 24
                          82.221.80.0/20 maxlen: 20
                          82.221.96.0/20 maxlen: 20
                          82.221.112.0/20 maxlen: 20
                          82.221.16.0/20 maxlen: 20
                          82.221.32.0/20 maxlen: 20
                          82.221.48.0/20 maxlen: 20
                          82.221.57.0/24 maxlen: 24
                          82.221.64.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/QIAlx94EAODzyI1KEioxfjLF4hw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/QIAlx94EAODzyI1KEioxfjLF4hw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIAlx94EAODzyI1KEioxfjLF4hw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e8:98:0d:52:a4:e0:71:0c:03:c1:e0:a9:f4:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408025c7de0400e0f3c88d4a122a317e32c5e21c
        Validity
            Not Before: Jan  1 06:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e59ac72aafde9a36340cdfc70b1c71c338b9199d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e9:22:99:a2:27:32:ab:5e:d5:3c:9e:b3:86:
                    9a:fb:86:f0:0c:6a:9f:c4:66:ad:fb:e0:3b:db:7c:
                    8d:c5:1f:b2:34:92:f2:b7:9c:54:c5:ca:f4:f1:fd:
                    3a:23:60:6a:9b:ad:4c:7a:f4:cc:a3:eb:b9:4e:3c:
                    0d:6d:fe:74:70:08:e5:52:d7:18:e9:4a:8e:fc:b7:
                    7a:5b:a3:80:12:e4:14:19:fa:40:a1:9c:df:b9:85:
                    4a:24:42:01:e5:be:62:ce:0b:f0:62:73:1f:1c:f7:
                    2f:a6:02:72:c4:e7:10:94:70:b9:e7:f2:c6:83:b5:
                    38:a2:e5:8f:56:b9:c0:60:6f:d8:5a:d1:d4:3f:ac:
                    52:60:db:5c:b9:7b:82:15:b6:9a:d8:59:dc:c3:8f:
                    4f:13:5d:ea:23:19:e2:d3:b1:db:e3:8e:3a:ed:68:
                    e5:3c:87:75:fa:14:f2:46:96:d7:e9:70:3d:d0:97:
                    bb:23:8c:be:34:2b:3b:57:95:de:44:24:57:93:9f:
                    f1:c9:60:62:fe:69:19:6e:98:57:5b:74:6b:33:c1:
                    96:b5:a2:11:06:79:36:84:61:58:48:c1:d7:66:92:
                    c5:57:7c:13:70:5f:85:c1:cb:a1:02:7e:a6:ce:2a:
                    8e:da:8c:3c:0f:4e:2c:b8:84:72:8d:32:1c:d2:24:
                    f4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:9A:C7:2A:AF:DE:9A:36:34:0C:DF:C7:0B:1C:71:C3:38:B9:19:9D
            X509v3 Authority Key Identifier:
                keyid:40:80:25:C7:DE:04:00:E0:F3:C8:8D:4A:12:2A:31:7E:32:C5:E2:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIAlx94EAODzyI1KEioxfjLF4hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/5ZrHKq_emjY0DN_HCxxxwzi5GZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/QIAlx94EAODzyI1KEioxfjLF4hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.221.0.0/17
                  82.221.164.0/24
                  82.221.166.0-82.221.168.255
                  82.221.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:0c:27:6e:e8:82:8b:97:2d:ca:67:94:ac:f7:78:7f:a8:bb:
         43:cd:91:2f:89:8c:24:a9:50:52:15:ee:fe:c7:2b:a2:0e:7f:
         15:66:57:44:86:9b:3c:2c:88:ea:53:f4:45:e1:4e:41:5e:46:
         75:6e:bb:00:98:65:d3:20:df:b9:f6:04:77:01:81:3b:b3:02:
         24:f1:b1:df:bd:59:0a:85:ee:a3:f0:a8:4a:f5:98:80:0c:e6:
         a3:3b:a2:22:a5:01:51:02:bb:00:06:3e:8d:a0:6a:b4:eb:6f:
         90:50:35:dc:b2:6a:62:53:13:48:35:27:2d:a2:ab:1b:a0:54:
         5a:af:8b:49:71:ff:9b:ef:0d:dc:bc:da:c1:ef:6e:dc:8a:b3:
         6d:cb:96:17:6b:af:11:90:5e:f0:b9:03:e6:d3:54:29:1f:a0:
         c7:f6:5b:e7:a3:2b:e5:9f:7d:9c:b6:77:15:40:d5:fc:21:b1:
         34:5a:ed:cd:2d:33:13:25:4d:72:ba:1c:d8:c3:68:ce:21:11:
         cf:47:cf:01:41:94:ad:5d:0a:91:20:07:51:35:c5:fb:41:cc:
         25:56:2f:6f:54:36:19:fc:83:ec:17:c4:2b:42:cc:6e:55:fb:
         f3:4a:33:ba:b3:1d:30:f6:c7:b8:ba:5f:a8:c8:c8:79:2b:75:
         4e:5f:88:75
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzDtuiYDVKk4HEMA8HgqfTQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwODAyNWM3ZGUwNDAwZTBmM2M4OGQ0YTEyMmEzMTdlMzJj
NWUyMWMwHhcNMjQwMTAxMDYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTlhYzcyYWFmZGU5YTM2MzQwY2RmYzcwYjFjNzFjMzM4YjkxOTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+kimaInMqte1Tyes4aa+4bwDGqf
xGat++A723yNxR+yNJLyt5xUxcr08f06I2Bqm61MevTMo+u5TjwNbf50cAjlUtcY
6UqO/Ld6W6OAEuQUGfpAoZzfuYVKJEIB5b5izgvwYnMfHPcvpgJyxOcQlHC55/LG
g7U4ouWPVrnAYG/YWtHUP6xSYNtcuXuCFbaa2Fncw49PE13qIxni07Hb44467Wjl
PId1+hTyRpbX6XA90Je7I4y+NCs7V5XeRCRXk5/xyWBi/mkZbphXW3RrM8GWtaIR
Bnk2hGFYSMHXZpLFV3wTcF+FwcuhAn6mziqO2ow8D04suIRyjTIc0iT0nQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOWaxyqv3po2NAzfxwscccM4uRmdMB8GA1UdIwQY
MBaAFECAJcfeBADg88iNShIqMX4yxeIcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlBbHg5NEVBT0R6eUkxS0Vpb3hmakxGNGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy81OTMwM2QtNzQ4YS00Nzk3LTgxMWUt
ZmVlMmU4ZDQwODRmLzEvNVpySEtxX2VtalkwRE5fSEN4eHh3emk1R1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy81OTMwM2QtNzQ4YS00Nzk3LTgxMWUtZmVlMmU4ZDQwODRm
LzEvUUlBbHg5NEVBT0R6eUkxS0Vpb3hmakxGNGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQHUt0AAwQA
Ut2kMAwDBAFS3aYDBABS3agDBAFS3aowDQYJKoZIhvcNAQELBQADggEBAIkMJ27o
gouXLcpnlKz3eH+ou0PNkS+JjCSpUFIV7v7HK6IOfxVmV0SGmzwsiOpT9EXhTkFe
RnVuuwCYZdMg37n2BHcBgTuzAiTxsd+9WQqF7qPwqEr1mIAM5qM7oiKlAVECuwAG
Po2garTrb5BQNdyyamJTE0g1Jy2iqxugVFqvi0lx/5vvDdy82sHvbtyKs23Llhdr
rxGQXvC5A+bTVCkfoMf2W+ejK+WffZy2dxVA1fwhsTRa7c0tMxMlTXK6HNjDaM4h
Ec9HzwFBlK1dCpEgB1E1xftBzCVWL29UNhn8g+wXxCtCzG5V+/NKM7qzHTD2x7i6
X6jIyHkrdU5fiHU=
-----END CERTIFICATE-----
Generated at Sat Nov 23 07:49:49 2024 by rpki-client on console-ams.rpki-client.org