Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/UZM5MeupELXkU5YQNrG3mdIyM6U.roa
File:                     UZM5MeupELXkU5YQNrG3mdIyM6U.roa (raw, json)
Hash identifier:          2aFaUtrNYnw7SLvHS9p254TECTnzunyzVAH4DetQWAo=
Subject key identifier:   51:93:39:31:EB:A9:10:B5:E4:53:96:10:36:B1:B7:99:D2:32:33:A5
Certificate issuer:       /CN=b2d8ad027a9674edc936e78c5d4d1b64964d8440
Certificate serial:       018DAC1B3B3750699A5C47E573E2A7D3C695
Authority key identifier: B2:D8:AD:02:7A:96:74:ED:C9:36:E7:8C:5D:4D:1B:64:96:4D:84:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/stitAnqWdO3JNueMXU0bZJZNhEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/UZM5MeupELXkU5YQNrG3mdIyM6U.roa
Signing time:             Thu 15 Feb 2024 09:31:21 +0000
ROA not before:           Thu 15 Feb 2024 09:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198895
IP address blocks:        45.140.133.0/24 maxlen: 24
                          46.229.241.0/24 maxlen: 24
                          46.229.242.0/24 maxlen: 24
                          188.65.167.0/24 maxlen: 24
                          193.16.149.0/24 maxlen: 24
                          2a13:2580::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/stitAnqWdO3JNueMXU0bZJZNhEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/stitAnqWdO3JNueMXU0bZJZNhEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/stitAnqWdO3JNueMXU0bZJZNhEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:1b:3b:37:50:69:9a:5c:47:e5:73:e2:a7:d3:c6:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2d8ad027a9674edc936e78c5d4d1b64964d8440
        Validity
            Not Before: Feb 15 09:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51933931eba910b5e453961036b1b799d23233a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:17:78:c8:61:da:0d:fa:a0:5c:00:97:26:79:
                    63:29:8c:ed:fb:87:f9:10:fd:e2:0d:bf:3f:d4:5b:
                    d4:2f:14:ec:04:02:61:9b:b0:e9:f8:2c:a5:54:74:
                    55:af:73:2b:29:15:db:53:1a:30:eb:02:c5:ab:a2:
                    26:58:16:e4:e2:c6:95:64:4b:8c:08:99:04:5d:42:
                    e0:b8:16:0e:dc:e8:12:ca:d9:30:5f:02:75:36:a8:
                    4b:9f:30:ff:e6:e4:cc:82:ac:00:30:ba:27:df:ff:
                    00:cb:28:16:82:7e:16:5a:21:2b:15:bc:e0:f1:9c:
                    d2:4b:fb:a6:35:d1:2c:36:c2:ca:00:11:38:a7:d4:
                    08:28:23:e4:a7:63:2b:de:a8:71:84:1e:83:ea:fe:
                    e2:a9:ab:11:a0:5d:cc:23:ca:ad:f4:48:17:c9:bb:
                    d2:9d:ae:0a:e7:bf:f5:3b:c0:08:df:09:e2:12:5f:
                    37:cc:76:cd:24:1c:97:ed:91:4c:99:64:fb:fa:fd:
                    1a:c7:1a:3e:31:45:5a:e0:ac:e3:31:b6:3c:78:41:
                    71:7a:2c:03:55:c0:7a:c6:bf:5e:c6:28:0c:89:5d:
                    d6:a8:e5:ba:9a:01:55:46:b8:1a:46:f2:73:e0:a9:
                    de:58:a2:12:1e:af:52:48:80:3a:a5:86:f5:ab:e0:
                    18:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:93:39:31:EB:A9:10:B5:E4:53:96:10:36:B1:B7:99:D2:32:33:A5
            X509v3 Authority Key Identifier:
                keyid:B2:D8:AD:02:7A:96:74:ED:C9:36:E7:8C:5D:4D:1B:64:96:4D:84:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/stitAnqWdO3JNueMXU0bZJZNhEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/UZM5MeupELXkU5YQNrG3mdIyM6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/88c9d7-e377-4874-9868-715247c3dcdc/1/stitAnqWdO3JNueMXU0bZJZNhEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.133.0/24
                  46.229.241.0-46.229.242.255
                  188.65.167.0/24
                  193.16.149.0/24
                IPv6:
                  2a13:2580::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:e2:0d:15:26:52:f1:7a:25:d8:b1:79:48:7a:f6:b6:8b:04:
         ac:d9:a3:27:0d:2b:fe:68:91:10:17:f2:ef:8f:e8:96:a7:7f:
         e1:8c:49:36:4e:55:6e:6d:c7:ca:b4:b6:cb:5e:be:82:c3:70:
         11:e6:75:af:d0:47:af:d7:e4:43:7f:8c:7d:4f:12:82:67:86:
         7d:49:9f:03:e2:93:97:c0:f4:88:a5:75:ed:94:21:12:da:10:
         76:a7:dd:18:dd:37:3d:f0:86:96:c1:40:9c:41:35:40:4c:14:
         46:79:bc:82:9f:90:00:73:70:9f:0d:16:79:3b:1a:6a:e4:41:
         7e:d2:cc:25:c9:1b:55:7e:8e:9a:a1:34:29:bb:2d:7e:27:80:
         01:e5:79:02:28:7d:71:25:68:1e:fe:51:4c:cd:a9:98:ae:f6:
         5e:8b:d5:3c:38:b4:dd:b9:e8:11:13:d4:6e:51:1d:a4:21:2b:
         85:09:06:30:53:8d:e3:f9:9f:17:10:24:46:71:75:6b:ae:a8:
         9c:bf:58:39:a1:45:15:d1:f9:92:66:5c:86:3a:70:17:2f:6f:
         1f:74:d8:c3:d9:49:46:8a:50:1f:13:9a:aa:32:80:8e:f4:5c:
         7e:ab:fa:5e:9d:fc:58:66:c6:e1:eb:9f:95:85:91:75:e9:fd:
         5c:90:0d:a8
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAY2sGzs3UGmaXEflc+Kn08aVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZDhhZDAyN2E5Njc0ZWRjOTM2ZTc4YzVkNGQxYjY0OTY0
ZDg0NDAwHhcNMjQwMjE1MDkzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTkzMzkzMWViYTkxMGI1ZTQ1Mzk2MTAzNmIxYjc5OWQyMzIzM2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhd4yGHaDfqgXACXJnljKYzt+4f5
EP3iDb8/1FvULxTsBAJhm7Dp+CylVHRVr3MrKRXbUxow6wLFq6ImWBbk4saVZEuM
CJkEXULguBYO3OgSytkwXwJ1NqhLnzD/5uTMgqwAMLon3/8AyygWgn4WWiErFbzg
8ZzSS/umNdEsNsLKABE4p9QIKCPkp2Mr3qhxhB6D6v7iqasRoF3MI8qt9EgXybvS
na4K57/1O8AI3wniEl83zHbNJByX7ZFMmWT7+v0axxo+MUVa4KzjMbY8eEFxeiwD
VcB6xr9exigMiV3WqOW6mgFVRrgaRvJz4KneWKISHq9SSIA6pYb1q+AY9wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFFGTOTHrqRC15FOWEDaxt5nSMjOlMB8GA1UdIwQY
MBaAFLLYrQJ6lnTtyTbnjF1NG2SWTYRAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3RpdEFucVdkTzNKTnVlTVhVMGJaSlpOaEVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84OGM5ZDctZTM3Ny00ODc0LTk4Njgt
NzE1MjQ3YzNkY2RjLzEvVVpNNU1ldXBFTFhrVTVZUU5yRzNtZEl5TTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84OGM5ZDctZTM3Ny00ODc0LTk4NjgtNzE1MjQ3YzNkY2Rj
LzEvc3RpdEFucVdkTzNKTnVlTVhVMGJaSlpOaEVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQALYyFMAwD
BAAu5fEDBAAu5fIDBAC8QacDBADBEJUwDQQCAAIwBwMFAyoTJYAwDQYJKoZIhvcN
AQELBQADggEBADjiDRUmUvF6JdixeUh69raLBKzZoycNK/5okRAX8u+P6Janf+GM
STZOVW5tx8q0tstevoLDcBHmda/QR6/X5EN/jH1PEoJnhn1JnwPik5fA9Iilde2U
IRLaEHan3RjdNz3whpbBQJxBNUBMFEZ5vIKfkABzcJ8NFnk7GmrkQX7SzCXJG1V+
jpqhNCm7LX4ngAHleQIofXElaB7+UUzNqZiu9l6L1Tw4tN256BET1G5RHaQhK4UJ
BjBTjeP5nxcQJEZxdWuuqJy/WDmhRRXR+ZJmXIY6cBcvbx902MPZSUaKUB8Tmqoy
gI70XH6r+l6d/FhmxuHrn5WFkXXp/VyQDag=
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:12:48 2024 by rpki-client on console-ams.rpki-client.org