Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/SDl1d_LwR3-jsQaFpaRJ3Ye-bkk.roa
File:                     SDl1d_LwR3-jsQaFpaRJ3Ye-bkk.roa (raw, json)
Hash identifier:          omZ9VHEx9ao81dZNxJqdiG1TdfTjWgNa/X5v4anT2h4=
Subject key identifier:   48:39:75:77:F2:F0:47:7F:A3:B1:06:85:A5:A4:49:DD:87:BE:6E:49
Certificate issuer:       /CN=1daf46a40c246d6540d992c321b1cc3623d65995
Certificate serial:       018EC1C059E260B9CF3F4CAD4C328E883FD6
Authority key identifier: 1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/SDl1d_LwR3-jsQaFpaRJ3Ye-bkk.roa
Signing time:             Tue 09 Apr 2024 07:26:32 +0000
ROA not before:           Tue 09 Apr 2024 07:26:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62370
IP address blocks:        5.104.224.0/21 maxlen: 21
                          37.148.160.0/21 maxlen: 21
                          77.95.224.0/21 maxlen: 21
                          78.41.200.0/21 maxlen: 21
                          89.207.128.0/21 maxlen: 21
                          128.204.192.0/20 maxlen: 20
                          185.62.56.0/22 maxlen: 22
                          193.33.60.0/23 maxlen: 23
                          193.34.166.0/23 maxlen: 23
                          195.20.204.0/24 maxlen: 24
                          195.20.205.0/24 maxlen: 24
                          2a00:7b80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c1:c0:59:e2:60:b9:cf:3f:4c:ad:4c:32:8e:88:3f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1daf46a40c246d6540d992c321b1cc3623d65995
        Validity
            Not Before: Apr  9 07:26:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48397577f2f0477fa3b10685a5a449dd87be6e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:97:65:40:61:08:4e:e0:fe:2c:b0:a2:2c:91:
                    1e:ca:81:66:ab:c2:5f:a1:bd:c5:12:46:f9:7e:5e:
                    2b:5b:82:db:a3:a7:da:80:a8:97:bf:15:35:59:d0:
                    9b:67:4f:e6:28:4b:d8:07:49:be:05:9b:05:f0:47:
                    ee:a7:06:54:58:2e:81:14:0c:6d:4d:20:f1:58:d9:
                    76:eb:55:c8:35:27:fd:61:02:7d:4a:d6:3a:e2:15:
                    07:c3:96:fc:ba:4f:94:7c:28:ad:79:7f:d9:e8:07:
                    bc:ee:b6:91:99:55:b6:e0:eb:11:d2:03:e7:a7:e8:
                    ed:6a:cf:10:c8:08:0f:ae:33:41:e4:16:b5:e5:66:
                    b0:00:22:6f:55:52:67:f0:b2:45:3b:35:a2:fd:68:
                    10:fc:e4:98:5b:f2:bb:3c:bd:b4:4a:f1:48:cf:9c:
                    7b:02:55:f2:62:17:6b:a7:29:4f:91:03:1b:79:f7:
                    d8:14:f3:b2:07:c8:41:e9:be:19:0c:60:af:df:e6:
                    9f:ec:8a:40:17:36:7f:19:8d:9b:cf:e2:55:b7:36:
                    f3:2e:05:9a:28:2e:a7:fb:dd:de:86:b9:d8:5a:ff:
                    df:c2:a9:95:e1:17:dd:5f:b0:9c:80:41:68:65:81:
                    16:8c:64:83:92:d4:a5:c4:45:31:70:57:b3:af:28:
                    95:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:39:75:77:F2:F0:47:7F:A3:B1:06:85:A5:A4:49:DD:87:BE:6E:49
            X509v3 Authority Key Identifier:
                keyid:1D:AF:46:A4:0C:24:6D:65:40:D9:92:C3:21:B1:CC:36:23:D6:59:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/SDl1d_LwR3-jsQaFpaRJ3Ye-bkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/44c0ef-5da6-4ff2-b5ef-79f048bd2a7a/1/Ha9GpAwkbWVA2ZLDIbHMNiPWWZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.224.0/21
                  37.148.160.0/21
                  77.95.224.0/21
                  78.41.200.0/21
                  89.207.128.0/21
                  128.204.192.0/20
                  185.62.56.0/22
                  193.33.60.0/23
                  193.34.166.0/23
                  195.20.204.0/23
                IPv6:
                  2a00:7b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:e9:d7:41:52:dc:8a:4a:84:90:34:46:35:0f:a2:f6:6e:1c:
         39:dc:c2:d6:42:be:e4:6c:37:60:64:dd:e6:ed:6f:65:34:46:
         ff:ae:58:3d:60:e5:6b:ce:29:c6:bf:b6:b1:1b:3a:80:8b:38:
         5b:63:7e:42:79:b5:d9:be:94:a6:5d:db:cc:b4:17:50:60:12:
         42:cf:bf:5d:5f:db:3e:09:ca:6d:11:d9:f6:2a:14:87:79:b0:
         1a:d4:8d:78:db:ee:dd:d0:08:21:92:e7:91:c3:98:20:ee:06:
         cc:83:16:ff:40:dd:3d:8e:9a:43:0a:4f:2e:94:f2:b9:22:1d:
         2f:dc:67:99:e2:c7:b9:7c:3a:1f:27:02:58:6c:da:aa:ea:e6:
         03:3d:0f:38:ad:3e:d6:63:22:40:0b:98:81:ec:eb:d1:44:34:
         32:74:5b:40:34:58:15:21:1a:f8:0d:fe:eb:bb:47:03:8a:c8:
         00:55:e9:7e:cf:81:e5:c8:51:97:3a:1a:90:de:ea:4c:b9:97:
         92:48:93:ac:1a:e8:48:a2:ec:2e:f1:65:9a:bf:4a:4f:af:fe:
         d5:d1:e0:73:43:64:0d:68:d1:20:89:2b:d0:02:ed:60:9d:c4:
         1a:b3:71:d3:18:fd:cf:ad:46:c2:c0:29:78:d7:4b:ef:f6:eb:
         0c:42:2d:d8
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAY7BwFniYLnPP0ytTDKOiD/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYWY0NmE0MGMyNDZkNjU0MGQ5OTJjMzIxYjFjYzM2MjNk
NjU5OTUwHhcNMjQwNDA5MDcyNjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODM5NzU3N2YyZjA0NzdmYTNiMTA2ODVhNWE0NDlkZDg3YmU2ZTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJdlQGEITuD+LLCiLJEeyoFmq8Jf
ob3FEkb5fl4rW4Lbo6fagKiXvxU1WdCbZ0/mKEvYB0m+BZsF8EfupwZUWC6BFAxt
TSDxWNl261XINSf9YQJ9StY64hUHw5b8uk+UfCiteX/Z6Ae87raRmVW24OsR0gPn
p+jtas8QyAgPrjNB5Ba15WawACJvVVJn8LJFOzWi/WgQ/OSYW/K7PL20SvFIz5x7
AlXyYhdrpylPkQMbeffYFPOyB8hB6b4ZDGCv3+af7IpAFzZ/GY2bz+JVtzbzLgWa
KC6n+93ehrnYWv/fwqmV4RfdX7CcgEFoZYEWjGSDktSlxEUxcFezryiVfQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFEg5dXfy8Ed/o7EGhaWkSd2Hvm5JMB8GA1UdIwQY
MBaAFB2vRqQMJG1lQNmSwyGxzDYj1lmVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYt
NzlmMDQ4YmQyYTdhLzEvU0RsMWRfTHdSMy1qc1FhRnBhUkozWWUtYmtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80NGMwZWYtNWRhNi00ZmYyLWI1ZWYtNzlmMDQ4YmQyYTdh
LzEvSGE5R3BBd2tiV1ZBMlpMREliSE1OaVBXV1pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDBWjgAwQD
JZSgAwQDTV/gAwQDTinIAwQDWc+AAwQEgMzAAwQCuT44AwQBwSE8AwQBwSKmAwQB
wxTMMA0EAgACMAcDBQAqAHuAMA0GCSqGSIb3DQEBCwUAA4IBAQA46ddBUtyKSoSQ
NEY1D6L2bhw53MLWQr7kbDdgZN3m7W9lNEb/rlg9YOVrzinGv7axGzqAizhbY35C
ebXZvpSmXdvMtBdQYBJCz79dX9s+CcptEdn2KhSHebAa1I142+7d0AghkueRw5gg
7gbMgxb/QN09jppDCk8ulPK5Ih0v3GeZ4se5fDofJwJYbNqq6uYDPQ84rT7WYyJA
C5iB7OvRRDQydFtANFgVIRr4Df7ru0cDisgAVel+z4HlyFGXOhqQ3upMuZeSSJOs
GuhIouwu8WWav0pPr/7V0eBzQ2QNaNEgiSvQAu1gncQas3HTGP3PrUbCwCl410vv
9usMQi3Y
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:13:40 2024 by rpki-client on console-fra.rpki-client.org