Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/e1fb52-979d-4436-be51-8584bef0b7d5/1/Qo26hAuZVKofm9C4NGQXxVJP7eo.roa
File:                     Qo26hAuZVKofm9C4NGQXxVJP7eo.roa (raw, json)
Hash identifier:          GLXRlSu4YCkQp5Ptizp62PJX97Bp1u+C1AlHtGCqGfE=
Subject key identifier:   42:8D:BA:84:0B:99:54:AA:1F:9B:D0:B8:34:64:17:C5:52:4F:ED:EA
Certificate issuer:       /CN=a0b6a5b1a14c86d4cfb46c4e86ecd4066804cc90
Certificate serial:       018CC26D453C7F611ECC3249FDE4FD572251
Authority key identifier: A0:B6:A5:B1:A1:4C:86:D4:CF:B4:6C:4E:86:EC:D4:06:68:04:CC:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oLalsaFMhtTPtGxOhuzUBmgEzJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/e1fb52-979d-4436-be51-8584bef0b7d5/1/Qo26hAuZVKofm9C4NGQXxVJP7eo.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39812
IP address blocks:        5.44.0.0/20 maxlen: 20
                          78.139.64.0/19 maxlen: 19
                          185.12.252.0/22 maxlen: 22
                          185.137.160.0/23 maxlen: 23
                          185.137.162.0/23 maxlen: 23
                          109.202.32.0/19 maxlen: 19
                          185.106.56.0/22 maxlen: 22
                          130.255.32.0/19 maxlen: 19
                          78.139.96.0/21 maxlen: 21
                          78.139.104.0/21 maxlen: 21
                          89.107.112.0/21 maxlen: 21
                          78.139.112.0/21 maxlen: 21
                          78.139.120.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/e1fb52-979d-4436-be51-8584bef0b7d5/1/oLalsaFMhtTPtGxOhuzUBmgEzJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/e1fb52-979d-4436-be51-8584bef0b7d5/1/oLalsaFMhtTPtGxOhuzUBmgEzJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oLalsaFMhtTPtGxOhuzUBmgEzJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:45:3c:7f:61:1e:cc:32:49:fd:e4:fd:57:22:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0b6a5b1a14c86d4cfb46c4e86ecd4066804cc90
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=428dba840b9954aa1f9bd0b8346417c5524fedea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:22:1f:7b:75:ef:21:af:25:58:48:61:d8:4c:
                    3e:79:61:1c:8e:c4:6b:dd:57:0e:a7:c5:ea:06:9c:
                    ef:2f:17:fd:3a:37:4e:0d:2f:00:44:a0:0a:eb:67:
                    a5:45:21:de:e1:46:33:d7:f8:eb:d9:e3:c4:c8:2b:
                    8d:22:23:75:3a:a7:35:bf:53:eb:31:fd:fc:ac:58:
                    dd:89:e4:c2:a1:0b:02:11:1f:97:21:28:8e:a9:9e:
                    fd:f6:3e:09:05:e6:dc:5d:09:a6:43:6f:18:e4:1d:
                    1c:82:0c:87:bd:27:e1:2a:55:dd:b5:e2:b9:14:00:
                    e8:73:d9:9d:66:ec:74:56:93:71:82:2b:7c:07:25:
                    11:2f:57:ef:60:62:a5:33:bd:a5:3d:09:9f:3d:8f:
                    9c:73:8c:1f:e5:14:eb:cc:bf:db:9d:03:dd:49:f2:
                    c1:d3:e9:8e:e9:ee:65:52:f8:c2:fb:7a:cc:2c:54:
                    74:db:a4:37:38:ce:a1:e4:15:20:5d:4f:27:df:cc:
                    fb:aa:ad:da:b1:7f:dd:b5:c0:5a:73:80:d2:3b:8e:
                    61:85:cd:aa:7e:33:61:f3:4c:59:d8:9e:a7:04:3e:
                    13:9f:87:27:de:2f:c0:72:b4:f5:2a:56:76:9a:e0:
                    3a:85:19:cb:47:b9:4f:86:bb:64:f8:75:64:e2:8f:
                    ac:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:8D:BA:84:0B:99:54:AA:1F:9B:D0:B8:34:64:17:C5:52:4F:ED:EA
            X509v3 Authority Key Identifier:
                keyid:A0:B6:A5:B1:A1:4C:86:D4:CF:B4:6C:4E:86:EC:D4:06:68:04:CC:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oLalsaFMhtTPtGxOhuzUBmgEzJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e1fb52-979d-4436-be51-8584bef0b7d5/1/Qo26hAuZVKofm9C4NGQXxVJP7eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/e1fb52-979d-4436-be51-8584bef0b7d5/1/oLalsaFMhtTPtGxOhuzUBmgEzJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.0.0/20
                  78.139.64.0/18
                  89.107.112.0/21
                  109.202.32.0/19
                  130.255.32.0/19
                  185.12.252.0/22
                  185.106.56.0/22
                  185.137.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:9e:4d:78:f6:53:8f:e6:3c:11:67:92:d9:17:5b:29:db:2a:
         8b:b3:26:20:46:93:a9:21:88:71:0d:89:7c:ef:5d:d9:3b:3d:
         e2:60:ac:8c:50:39:2f:89:2f:56:8b:c1:d4:67:79:79:c1:da:
         65:05:b8:2d:1c:50:49:72:39:cd:82:5e:54:5a:85:31:28:4b:
         b5:65:76:60:15:29:d1:a2:ba:56:67:ef:21:3c:c2:2f:26:0d:
         22:e1:b0:84:6b:a5:8d:91:86:28:8c:e8:e5:0c:6a:27:75:22:
         1c:28:ae:52:95:d3:95:63:3a:83:e0:cb:27:bf:ef:6c:ad:4a:
         e3:4b:ff:36:f5:4b:db:0c:fd:53:02:59:13:f2:1b:e2:1a:44:
         3e:d5:7e:f4:53:94:d7:c7:72:4e:ac:d0:24:88:3c:04:32:57:
         cc:aa:9e:56:c4:14:7d:72:d2:64:7d:06:af:87:0c:39:a4:bd:
         60:b3:2c:80:5d:8b:d3:16:ea:92:f8:11:1d:18:aa:88:50:23:
         11:17:43:f3:52:e5:a4:e9:8e:27:9e:fd:2b:b7:57:52:ee:c3:
         d2:07:5a:6d:15:50:79:28:d3:39:71:47:21:eb:df:7f:71:50:
         bf:51:e4:98:7f:ac:fd:90:9c:58:bd:35:4f:d1:b9:73:78:50:
         43:ca:43:41
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzCbUU8f2EezDJJ/eT9VyJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYjZhNWIxYTE0Yzg2ZDRjZmI0NmM0ZTg2ZWNkNDA2Njgw
NGNjOTAwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjhkYmE4NDBiOTk1NGFhMWY5YmQwYjgzNDY0MTdjNTUyNGZlZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyIfe3XvIa8lWEhh2Ew+eWEcjsRr
3VcOp8XqBpzvLxf9OjdODS8ARKAK62elRSHe4UYz1/jr2ePEyCuNIiN1Oqc1v1Pr
Mf38rFjdieTCoQsCER+XISiOqZ799j4JBebcXQmmQ28Y5B0cggyHvSfhKlXdteK5
FADoc9mdZux0VpNxgit8ByURL1fvYGKlM72lPQmfPY+cc4wf5RTrzL/bnQPdSfLB
0+mO6e5lUvjC+3rMLFR026Q3OM6h5BUgXU8n38z7qq3asX/dtcBac4DSO45hhc2q
fjNh80xZ2J6nBD4Tn4cn3i/AcrT1KlZ2muA6hRnLR7lPhrtk+HVk4o+skwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEKNuoQLmVSqH5vQuDRkF8VST+3qMB8GA1UdIwQY
MBaAFKC2pbGhTIbUz7RsTobs1AZoBMyQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0xhbHNhRk1odFRQdEd4T2h1elVCbWdFekpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9lMWZiNTItOTc5ZC00NDM2LWJlNTEt
ODU4NGJlZjBiN2Q1LzEvUW8yNmhBdVpWS29mbTlDNE5HUVh4VkpQN2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9lMWZiNTItOTc5ZC00NDM2LWJlNTEtODU4NGJlZjBiN2Q1
LzEvb0xhbHNhRk1odFRQdEd4T2h1elVCbWdFekpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEBSwAAwQG
TotAAwQDWWtwAwQFbcogAwQFgv8gAwQCuQz8AwQCuWo4AwQCuYmgMA0GCSqGSIb3
DQEBCwUAA4IBAQCVnk149lOP5jwRZ5LZF1sp2yqLsyYgRpOpIYhxDYl8713ZOz3i
YKyMUDkviS9Wi8HUZ3l5wdplBbgtHFBJcjnNgl5UWoUxKEu1ZXZgFSnRorpWZ+8h
PMIvJg0i4bCEa6WNkYYojOjlDGondSIcKK5SldOVYzqD4Msnv+9srUrjS/829Uvb
DP1TAlkT8hviGkQ+1X70U5TXx3JOrNAkiDwEMlfMqp5WxBR9ctJkfQavhww5pL1g
syyAXYvTFuqS+BEdGKqIUCMRF0PzUuWk6Y4nnv0rt1dS7sPSB1ptFVB5KNM5cUch
699/cVC/UeSYf6z9kJxYvTVP0blzeFBDykNB
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:23:48 2024 by rpki-client on console-ams.rpki-client.org