Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/EinaYUKdL9Pfswka9B_vt5rcZPo.roa
File:                     EinaYUKdL9Pfswka9B_vt5rcZPo.roa (raw, json)
Hash identifier:          cIzqSPwD+RaXxLmQDlYnukjZZNN6P/pymXkxHSth8Kg=
Subject key identifier:   12:29:DA:61:42:9D:2F:D3:DF:B3:09:1A:F4:1F:EF:B7:9A:DC:64:FA
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B4DBBA63F70C28F997A018414171D
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/EinaYUKdL9Pfswka9B_vt5rcZPo.roa
Signing time:             Tue 02 Jan 2024 12:34:44 +0000
ROA not before:           Tue 02 Jan 2024 12:34:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41689
IP address blocks:        188.0.240.0/23 maxlen: 32
                          185.112.36.0/22 maxlen: 32
                          185.112.32.0/22 maxlen: 32
                          77.238.120.0/22 maxlen: 32
                          93.115.144.0/21 maxlen: 32
                          46.143.0.0/17 maxlen: 32
                          37.156.144.0/22 maxlen: 32
                          89.235.96.0/22 maxlen: 32
                          185.120.220.0/22 maxlen: 32
                          185.120.248.0/22 maxlen: 32
                          176.65.240.0/22 maxlen: 32
                          31.25.128.0/21 maxlen: 32
                          176.65.252.0/23 maxlen: 32
                          176.65.254.0/23 maxlen: 32
                          128.65.176.0/20 maxlen: 32
                          79.127.0.0/17 maxlen: 32
                          185.98.112.0/22 maxlen: 32
                          89.41.40.0/22 maxlen: 32
                          93.118.180.0/22 maxlen: 32
                          185.99.212.0/22 maxlen: 32
                          185.109.244.0/22 maxlen: 32
                          185.49.84.0/22 maxlen: 32
                          185.109.248.0/22 maxlen: 32
                          31.7.64.0/20 maxlen: 32
                          178.22.120.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:4d:bb:a6:3f:70:c2:8f:99:7a:01:84:14:17:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1229da61429d2fd3dfb3091af41fefb79adc64fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4e:09:44:cc:5e:fb:49:95:de:39:d7:d4:cd:
                    e7:a4:70:31:0a:6a:ae:8d:28:26:94:5c:90:4f:dc:
                    a2:62:91:0c:96:13:c3:5a:37:2d:23:99:a5:88:93:
                    cf:dd:97:19:4a:f0:d6:f5:10:8c:fe:6b:af:6b:0f:
                    df:a4:be:03:ef:e2:63:e5:35:5a:7e:1f:71:44:d7:
                    d3:c2:20:22:f1:80:75:a6:4f:36:d5:2c:4c:88:03:
                    1f:18:bb:39:a3:7b:62:ce:a1:c9:42:d6:b1:c4:f5:
                    88:9b:7c:76:2e:f1:83:e4:5b:05:2e:3c:bd:97:a2:
                    e2:43:75:a1:a6:61:77:68:cc:90:0d:51:6e:08:f0:
                    a4:35:00:a3:6a:da:1e:4e:f8:3d:0d:dc:d0:1b:3f:
                    80:ed:51:1e:73:7b:27:4e:fd:da:27:4d:36:52:4c:
                    c6:da:dd:61:b9:b5:16:91:4b:85:31:12:f4:95:3c:
                    50:9d:c9:70:78:cb:1b:2b:0b:c4:38:26:3b:1e:57:
                    6d:55:c6:ab:45:da:fc:3d:54:b2:79:5c:57:b8:cd:
                    ae:56:aa:73:5b:85:8b:e8:3b:03:bc:65:56:17:90:
                    7c:db:99:d8:20:0f:95:df:7d:a2:9c:a7:1a:4d:9f:
                    3d:bd:16:7a:ab:75:3b:e7:fc:90:fb:76:a7:50:47:
                    eb:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:29:DA:61:42:9D:2F:D3:DF:B3:09:1A:F4:1F:EF:B7:9A:DC:64:FA
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/EinaYUKdL9Pfswka9B_vt5rcZPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.7.64.0/20
                  31.25.128.0/21
                  37.156.144.0/22
                  46.143.0.0/17
                  77.238.120.0/22
                  79.127.0.0/17
                  89.41.40.0/22
                  89.235.96.0/22
                  93.115.144.0/21
                  93.118.180.0/22
                  128.65.176.0/20
                  176.65.240.0/22
                  176.65.252.0/22
                  178.22.120.0/21
                  185.49.84.0/22
                  185.98.112.0/22
                  185.99.212.0/22
                  185.109.244.0-185.109.251.255
                  185.112.32.0/21
                  185.120.220.0/22
                  185.120.248.0/22
                  188.0.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:c2:e3:e5:b2:4f:50:cb:b4:32:5e:2b:f2:f1:e1:76:83:4c:
         90:23:ff:c4:19:09:0a:7b:57:ed:88:ac:62:84:18:0f:f6:66:
         c3:cd:42:16:df:40:32:39:74:e7:cd:39:9f:fc:e2:c6:63:2f:
         da:bc:a4:b3:04:8f:c4:2b:24:69:9e:c4:0b:c6:24:9c:3d:64:
         68:4d:b0:ec:0a:84:d4:5b:0d:f6:77:d8:17:be:72:98:db:1f:
         09:f9:ac:7d:5d:b3:28:e1:48:fe:83:d9:d2:a3:3c:83:8d:c6:
         6b:29:f4:aa:93:64:fa:71:c1:eb:89:0b:be:1c:a6:70:4b:07:
         61:69:6e:04:a2:46:e0:c0:c8:b3:0a:aa:28:94:49:c4:26:98:
         41:2d:45:e3:ba:24:fa:a8:6a:54:c6:47:c8:2e:ac:c7:f3:55:
         b4:e1:06:e8:05:ff:75:f0:a7:b8:72:c5:41:24:44:07:d8:95:
         4d:a9:b1:61:6e:b6:9c:09:34:75:7c:8c:4f:de:85:ea:ba:44:
         4f:e5:04:cf:f8:39:ac:d4:db:ec:56:3d:3f:ca:ab:29:9c:48:
         4b:c0:7b:41:c6:07:de:3c:a7:88:72:d2:a8:4e:e5:83:22:ba:
         3c:95:94:0d:11:97:2a:77:ec:03:3b:81:03:1d:76:71:50:50:
         bd:79:a0:04
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAYzKK027pj9wwo+ZegGEFBcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjI5ZGE2MTQyOWQyZmQzZGZiMzA5MWFmNDFmZWZiNzlhZGM2NGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA004JRMxe+0mV3jnX1M3npHAxCmqu
jSgmlFyQT9yiYpEMlhPDWjctI5mliJPP3ZcZSvDW9RCM/muvaw/fpL4D7+Jj5TVa
fh9xRNfTwiAi8YB1pk821SxMiAMfGLs5o3tizqHJQtaxxPWIm3x2LvGD5FsFLjy9
l6LiQ3WhpmF3aMyQDVFuCPCkNQCjatoeTvg9DdzQGz+A7VEec3snTv3aJ002UkzG
2t1hubUWkUuFMRL0lTxQnclweMsbKwvEOCY7HldtVcarRdr8PVSyeVxXuM2uVqpz
W4WL6DsDvGVWF5B825nYIA+V332inKcaTZ89vRZ6q3U75/yQ+3anUEfrbwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFBIp2mFCnS/T37MJGvQf77ea3GT6MB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvRWluYVlVS2RMOVBmc3drYTlCX3Z0NXJjWlBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBAQf
B0ADBAMfGYADBAIlnJADBAcujwADBAJN7ngDBAdPfwADBAJZKSgDBAJZ62ADBANd
c5ADBAJddrQDBASAQbADBAKwQfADBAKwQfwDBAOyFngDBAK5MVQDBAK5YnADBAK5
Y9QwDAMEArlt9AMEArlt+AMEA7lwIAMEArl43AMEArl4+AMEAbwA8DANBgkqhkiG
9w0BAQsFAAOCAQEArsLj5bJPUMu0Ml4r8vHhdoNMkCP/xBkJCntX7YisYoQYD/Zm
w81CFt9AMjl05805n/zixmMv2rykswSPxCskaZ7EC8YknD1kaE2w7AqE1FsN9nfY
F75ymNsfCfmsfV2zKOFI/oPZ0qM8g43Gayn0qpNk+nHB64kLvhymcEsHYWluBKJG
4MDIswqqKJRJxCaYQS1F47ok+qhqVMZHyC6sx/NVtOEG6AX/dfCnuHLFQSREB9iV
TamxYW62nAk0dXyMT96F6rpET+UEz/g5rNTb7FY9P8qrKZxIS8B7QcYH3jyniHLS
qE7lgyK6PJWUDRGXKnfsAzuBAx12cVBQvXmgBA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:33:42 2024 by rpki-client on console-ams.rpki-client.org