Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/Xe_W_HHcfVENPkIQvL_W0bOp3r8.roa
File:                     Xe_W_HHcfVENPkIQvL_W0bOp3r8.roa (raw, json)
Hash identifier:          D0PgT5ZbSFFso9sGbxBCIgNamuDKOcOC7vqmPcLG22g=
Subject key identifier:   5D:EF:D6:FC:71:DC:7D:51:0D:3E:42:10:BC:BF:D6:D1:B3:A9:DE:BF
Certificate issuer:       /CN=4866d4027de3c27e897d72adb2c86d87ab7e5ac2
Certificate serial:       018EE0D6A389A37506705F1F6D74BD0D6648
Authority key identifier: 48:66:D4:02:7D:E3:C2:7E:89:7D:72:AD:B2:C8:6D:87:AB:7E:5A:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SGbUAn3jwn6JfXKtsshth6t-WsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/Xe_W_HHcfVENPkIQvL_W0bOp3r8.roa
Signing time:             Mon 15 Apr 2024 08:19:06 +0000
ROA not before:           Mon 15 Apr 2024 08:19:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208808
IP address blocks:        31.13.210.0/24 maxlen: 24
                          45.140.196.0/22 maxlen: 22
                          78.138.18.0/23 maxlen: 23
                          78.138.26.0/23 maxlen: 23
                          78.138.28.0/23 maxlen: 23
                          78.138.42.0/23 maxlen: 23
                          87.120.80.0/23 maxlen: 23
                          87.120.203.0/24 maxlen: 24
                          89.36.232.0/22 maxlen: 22
                          89.46.132.0/22 maxlen: 22
                          92.243.68.0/24 maxlen: 24
                          92.243.71.0/24 maxlen: 24
                          92.243.86.0/23 maxlen: 23
                          92.243.90.0/23 maxlen: 23
                          92.243.94.0/23 maxlen: 23
                          93.114.92.0/22 maxlen: 22
                          93.115.48.0/22 maxlen: 22
                          94.156.26.0/23 maxlen: 23
                          103.43.40.0/22 maxlen: 22
                          103.104.108.0/22 maxlen: 22
                          103.208.72.0/22 maxlen: 22
                          160.202.156.0/22 maxlen: 22
                          185.201.76.0/22 maxlen: 22
                          212.73.152.0/24 maxlen: 24
                          212.73.153.0/24 maxlen: 24
                          213.255.210.0/23 maxlen: 23
                          213.255.216.0/23 maxlen: 23
                          213.255.224.0/23 maxlen: 23
                          213.255.244.0/23 maxlen: 23
                          2a0a:bd40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/SGbUAn3jwn6JfXKtsshth6t-WsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/SGbUAn3jwn6JfXKtsshth6t-WsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SGbUAn3jwn6JfXKtsshth6t-WsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e0:d6:a3:89:a3:75:06:70:5f:1f:6d:74:bd:0d:66:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4866d4027de3c27e897d72adb2c86d87ab7e5ac2
        Validity
            Not Before: Apr 15 08:19:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5defd6fc71dc7d510d3e4210bcbfd6d1b3a9debf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:74:58:2d:2b:c6:0b:fe:96:da:95:c2:59:d3:
                    95:ba:80:f7:15:0d:7b:42:cb:40:18:8a:e3:99:47:
                    9a:1d:72:54:e6:ca:90:2b:cc:9c:e1:12:1e:f8:66:
                    b0:ae:ad:93:e6:dd:69:70:c4:39:da:ee:38:a4:7e:
                    1e:4d:89:39:54:99:30:9a:b8:5f:fc:26:8f:21:0a:
                    69:7e:15:df:88:e0:0a:78:ec:58:03:56:da:2b:04:
                    c9:77:d8:3f:1a:e9:50:c7:76:f7:c6:af:15:7f:7a:
                    56:1e:20:23:65:ae:34:70:42:17:b7:ae:4c:13:a2:
                    d0:42:52:93:76:c4:b1:c0:f7:c7:d5:41:2c:7b:47:
                    19:53:b1:4b:3d:f7:1a:a2:bb:fe:0e:c8:ad:0f:4e:
                    4e:e7:cf:9d:31:0c:98:74:85:76:fc:4b:74:f2:04:
                    7f:c9:f1:d2:ac:cd:5e:3d:bb:39:ed:e9:25:99:6e:
                    94:e1:ee:eb:5e:53:85:45:f6:fd:e6:d7:98:a5:bb:
                    ef:81:ab:f3:8d:0e:a3:08:49:a9:39:f8:03:fe:f2:
                    d5:84:60:df:e5:8a:ff:c2:40:e8:40:c3:6d:02:30:
                    9e:92:2b:3f:75:f0:8e:d1:fc:bd:9c:29:3a:fc:ba:
                    15:99:43:6b:91:bd:9d:5d:3b:17:3d:58:6a:2a:8a:
                    a5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:EF:D6:FC:71:DC:7D:51:0D:3E:42:10:BC:BF:D6:D1:B3:A9:DE:BF
            X509v3 Authority Key Identifier:
                keyid:48:66:D4:02:7D:E3:C2:7E:89:7D:72:AD:B2:C8:6D:87:AB:7E:5A:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SGbUAn3jwn6JfXKtsshth6t-WsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/Xe_W_HHcfVENPkIQvL_W0bOp3r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/SGbUAn3jwn6JfXKtsshth6t-WsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.210.0/24
                  45.140.196.0/22
                  78.138.18.0/23
                  78.138.26.0-78.138.29.255
                  78.138.42.0/23
                  87.120.80.0/23
                  87.120.203.0/24
                  89.36.232.0/22
                  89.46.132.0/22
                  92.243.68.0/24
                  92.243.71.0/24
                  92.243.86.0/23
                  92.243.90.0/23
                  92.243.94.0/23
                  93.114.92.0/22
                  93.115.48.0/22
                  94.156.26.0/23
                  103.43.40.0/22
                  103.104.108.0/22
                  103.208.72.0/22
                  160.202.156.0/22
                  185.201.76.0/22
                  212.73.152.0/23
                  213.255.210.0/23
                  213.255.216.0/23
                  213.255.224.0/23
                  213.255.244.0/23
                IPv6:
                  2a0a:bd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:be:29:5c:96:9b:bf:9b:b9:ed:9d:36:2a:ca:3d:6b:49:64:
         70:cf:e0:09:7a:f4:73:31:9f:4b:2f:7f:d9:33:0b:3e:2e:a6:
         a5:44:9c:9d:38:5c:da:a2:d0:aa:34:61:09:18:fb:ee:d5:17:
         78:96:9b:64:b0:80:d5:99:ff:fb:7a:4b:c4:72:c9:c1:db:7d:
         67:cb:19:4d:c3:4d:ed:78:bb:d6:f0:46:40:62:61:5f:d3:40:
         c1:d1:a2:36:f2:6d:ae:8c:69:ba:78:4c:76:a3:f1:41:5a:5b:
         f6:f0:b7:63:97:f2:2a:5f:57:88:07:bd:92:c7:45:e8:a5:2f:
         20:0c:ad:d1:bb:cc:a2:5e:91:07:45:47:31:9b:63:44:ab:6b:
         74:18:d7:74:fc:f5:21:2c:ad:35:5f:3c:fb:99:2c:2f:71:29:
         69:5e:94:7c:6c:3c:ce:75:5c:79:14:20:ea:43:88:41:fa:d6:
         a9:dc:45:22:f9:04:de:cb:72:e9:b8:5c:fe:c4:c8:e3:c4:d2:
         34:a8:99:f2:1e:10:9e:95:a2:54:46:47:c4:4a:b0:a6:ba:ca:
         fa:3e:da:57:48:45:a4:f9:64:be:58:d9:92:63:b5:22:55:9f:
         49:73:35:79:f5:21:04:f4:ef:17:78:7c:aa:01:fb:ab:44:d5:
         1f:52:65:9e
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAY7g1qOJo3UGcF8fbXS9DWZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NjZkNDAyN2RlM2MyN2U4OTdkNzJhZGIyYzg2ZDg3YWI3
ZTVhYzIwHhcNMjQwNDE1MDgxOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGVmZDZmYzcxZGM3ZDUxMGQzZTQyMTBiY2JmZDZkMWIzYTlkZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3RYLSvGC/6W2pXCWdOVuoD3FQ17
QstAGIrjmUeaHXJU5sqQK8yc4RIe+Gawrq2T5t1pcMQ52u44pH4eTYk5VJkwmrhf
/CaPIQppfhXfiOAKeOxYA1baKwTJd9g/GulQx3b3xq8Vf3pWHiAjZa40cEIXt65M
E6LQQlKTdsSxwPfH1UEse0cZU7FLPfcaorv+DsitD05O58+dMQyYdIV2/Et08gR/
yfHSrM1ePbs57eklmW6U4e7rXlOFRfb95teYpbvvgavzjQ6jCEmpOfgD/vLVhGDf
5Yr/wkDoQMNtAjCekis/dfCO0fy9nCk6/LoVmUNrkb2dXTsXPVhqKoqlPwIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFF3v1vxx3H1RDT5CELy/1tGzqd6/MB8GA1UdIwQY
MBaAFEhm1AJ948J+iX1yrbLIbYerflrCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0diVUFuM2p3bjZKZlhLdHNzaHRoNnQtV3NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni81NTZhZDUtMmU2Yi00ZDUxLTg1NmMt
NjFjOWMyOWMyNzVkLzEvWGVfV19ISGNmVkVOUGtJUXZMX1cwYk9wM3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni81NTZhZDUtMmU2Yi00ZDUxLTg1NmMtNjFjOWMyOWMyNzVk
LzEvU0diVUFuM2p3bjZKZlhLdHNzaHRoNnQtV3NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHWBggrBgEFBQcBBwEB/wSBxjCBwzCBsQQCAAEwgaoDBAAf
DdIDBAItjMQDBAFOihIwDAMEAU6KGgMEAU6KHAMEAU6KKgMEAVd4UAMEAFd4ywME
Alkk6AMEAlkuhAMEAFzzRAMEAFzzRwMEAVzzVgMEAVzzWgMEAVzzXgMEAl1yXAME
Al1zMAMEAV6cGgMEAmcrKAMEAmdobAMEAmfQSAMEAqDKnAMEArnJTAMEAdRJmAME
AdX/0gMEAdX/2AMEAdX/4AMEAdX/9DANBAIAAjAHAwUDKgq9QDANBgkqhkiG9w0B
AQsFAAOCAQEAPL4pXJabv5u57Z02Kso9a0lkcM/gCXr0czGfSy9/2TMLPi6mpUSc
nThc2qLQqjRhCRj77tUXeJabZLCA1Zn/+3pLxHLJwdt9Z8sZTcNN7Xi71vBGQGJh
X9NAwdGiNvJtroxpunhMdqPxQVpb9vC3Y5fyKl9XiAe9ksdF6KUvIAyt0bvMol6R
B0VHMZtjRKtrdBjXdPz1ISytNV88+5ksL3EpaV6UfGw8znVceRQg6kOIQfrWqdxF
IvkE3sty6bhc/sTI48TSNKiZ8h4QnpWiVEZHxEqwprrK+j7aV0hFpPlkvljZkmO1
IlWfSXM1efUhBPTvF3h8qgH7q0TVH1Jlng==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:45:16 2024 by rpki-client on console-ams.rpki-client.org