Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/bb6f38-2369-446f-88f2-0b4575b69c57/1/JEtMnXTQyawMAG38SDyDKdZ4GFw.roa
File:                     JEtMnXTQyawMAG38SDyDKdZ4GFw.roa (raw, json)
Hash identifier:          KuFdXklgfowkNZXKzZPerXC9wRU61TsLmL+mTJJQ04w=
Subject key identifier:   24:4B:4C:9D:74:D0:C9:AC:0C:00:6D:FC:48:3C:83:29:D6:78:18:5C
Certificate issuer:       /CN=614c9585889f98e0c77f9b6cd80361aa02bdd68e
Certificate serial:       018CC5013FB30F6918F8BCD662F38730AA85
Authority key identifier: 61:4C:95:85:88:9F:98:E0:C7:7F:9B:6C:D8:03:61:AA:02:BD:D6:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YUyVhYifmODHf5ts2ANhqgK91o4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/bb6f38-2369-446f-88f2-0b4575b69c57/1/JEtMnXTQyawMAG38SDyDKdZ4GFw.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51790
IP address blocks:        185.92.228.0/24 maxlen: 24
                          185.57.145.0/24 maxlen: 24
                          185.57.144.0/23 maxlen: 23
                          185.57.146.0/24 maxlen: 24
                          185.97.52.0/22 maxlen: 24
                          217.61.252.0/24 maxlen: 24
                          46.19.10.0/23 maxlen: 24
                          46.19.8.0/23 maxlen: 24
                          46.19.14.0/23 maxlen: 24
                          46.19.12.0/23 maxlen: 24
                          209.16.152.0/22 maxlen: 23
                          2a02:28b0::/32 maxlen: 32
                          2a02:28b2::/32 maxlen: 32
                          2a02:28b1::/32 maxlen: 32
                          2a02:28b7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/bb6f38-2369-446f-88f2-0b4575b69c57/1/YUyVhYifmODHf5ts2ANhqgK91o4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/bb6f38-2369-446f-88f2-0b4575b69c57/1/YUyVhYifmODHf5ts2ANhqgK91o4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YUyVhYifmODHf5ts2ANhqgK91o4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3f:b3:0f:69:18:f8:bc:d6:62:f3:87:30:aa:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=614c9585889f98e0c77f9b6cd80361aa02bdd68e
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=244b4c9d74d0c9ac0c006dfc483c8329d678185c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:92:61:9a:19:27:e3:7a:38:74:2b:43:94:99:
                    1a:fe:7f:b5:85:d2:58:67:6c:6c:6c:25:6e:9b:63:
                    31:84:a6:36:88:37:34:eb:35:77:ed:bc:c9:70:37:
                    d4:d1:2f:97:81:71:94:7a:2a:ba:5c:29:c4:45:94:
                    90:aa:8c:a5:17:91:11:5f:63:4a:b4:27:52:2b:7b:
                    ed:97:d3:47:65:a1:c2:99:c8:d8:8d:98:98:d6:4f:
                    7e:1f:ef:85:6a:8d:4e:95:84:a1:22:5c:76:4a:27:
                    4e:d1:0b:26:d5:5f:58:c2:be:31:ca:8f:04:80:34:
                    84:f0:fd:39:1a:e7:4c:cf:df:bd:2a:42:e0:fb:0f:
                    6c:0c:56:57:22:25:44:42:b6:46:fd:3c:df:80:38:
                    01:fb:24:0c:ec:9b:ff:3e:f6:e3:0a:aa:cf:ff:de:
                    8f:bf:ab:c3:b9:d6:a5:ef:70:58:45:4d:ab:5c:ed:
                    d0:74:b4:a0:8c:e7:5c:cc:5b:cb:61:c5:dc:30:ba:
                    81:72:32:9a:84:db:94:b3:6e:ef:6d:e1:37:72:d7:
                    fb:e0:04:98:16:1a:16:da:ff:6b:52:be:cc:b4:7a:
                    4c:bf:39:2c:b5:21:0b:88:57:90:3a:bd:a2:5f:82:
                    de:4b:1c:4b:c8:bb:ee:0b:a0:0e:37:6f:66:be:31:
                    04:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:4B:4C:9D:74:D0:C9:AC:0C:00:6D:FC:48:3C:83:29:D6:78:18:5C
            X509v3 Authority Key Identifier:
                keyid:61:4C:95:85:88:9F:98:E0:C7:7F:9B:6C:D8:03:61:AA:02:BD:D6:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YUyVhYifmODHf5ts2ANhqgK91o4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/bb6f38-2369-446f-88f2-0b4575b69c57/1/JEtMnXTQyawMAG38SDyDKdZ4GFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/bb6f38-2369-446f-88f2-0b4575b69c57/1/YUyVhYifmODHf5ts2ANhqgK91o4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.8.0/21
                  185.57.144.0-185.57.146.255
                  185.92.228.0/24
                  185.97.52.0/22
                  209.16.152.0/22
                  217.61.252.0/24
                IPv6:
                  2a02:28b0::-2a02:28b2:ffff:ffff:ffff:ffff:ffff:ffff
                  2a02:28b7::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:b0:16:1a:d6:99:e1:4a:fb:f3:0c:fe:cb:d6:dc:67:ca:4d:
         97:44:a7:6e:3e:2c:d6:10:91:00:3e:00:f7:97:80:d4:d9:6c:
         a1:02:5c:41:bb:d3:0b:7c:d1:1a:ed:55:8e:20:42:d7:fd:e9:
         fd:2d:88:69:18:06:aa:55:cb:a9:6c:6d:08:29:22:37:e2:30:
         cc:79:de:1c:b1:82:ee:5a:31:82:cc:b6:bf:07:9f:6f:e5:ad:
         43:66:53:42:e5:72:80:2f:ea:aa:c5:e0:8c:e7:98:f0:80:1f:
         0a:6d:8a:33:a2:b8:14:2f:6f:06:8b:9e:b9:f5:45:4d:73:0b:
         99:94:e6:1e:b8:e7:7b:0b:cc:75:bb:31:7c:17:67:50:78:b2:
         ee:12:9b:56:d4:b8:8d:e8:8c:6d:ce:ee:53:92:bd:62:15:30:
         5b:58:a5:4f:ac:b3:53:c2:ea:8b:9f:29:b8:5f:24:fd:11:24:
         e1:3c:12:7a:db:7a:f0:ec:ec:f1:3c:96:d9:f0:42:8c:11:ca:
         83:b5:a9:03:0c:5b:6f:01:a7:26:18:49:5f:57:66:3e:f3:34:
         b2:49:a8:a0:2d:99:27:a6:e5:fa:95:2e:ae:65:a8:da:c9:c3:
         4e:28:99:17:b6:9f:bc:10:5b:41:8d:df:a4:cd:ac:2f:41:3d:
         7a:c8:40:6f
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYzFAT+zD2kY+LzWYvOHMKqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNGM5NTg1ODg5Zjk4ZTBjNzdmOWI2Y2Q4MDM2MWFhMDJi
ZGQ2OGUwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDRiNGM5ZDc0ZDBjOWFjMGMwMDZkZmM0ODNjODMyOWQ2NzgxODVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJJhmhkn43o4dCtDlJka/n+1hdJY
Z2xsbCVum2MxhKY2iDc06zV37bzJcDfU0S+XgXGUeiq6XCnERZSQqoylF5ERX2NK
tCdSK3vtl9NHZaHCmcjYjZiY1k9+H++Fao1OlYShIlx2SidO0Qsm1V9Ywr4xyo8E
gDSE8P05GudMz9+9KkLg+w9sDFZXIiVEQrZG/TzfgDgB+yQM7Jv/PvbjCqrP/96P
v6vDudal73BYRU2rXO3QdLSgjOdczFvLYcXcMLqBcjKahNuUs27vbeE3ctf74ASY
FhoW2v9rUr7MtHpMvzkstSELiFeQOr2iX4LeSxxLyLvuC6AON29mvjEEGQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFCRLTJ100MmsDABt/Eg8gynWeBhcMB8GA1UdIwQY
MBaAFGFMlYWIn5jgx3+bbNgDYaoCvdaOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVV5VmhZaWZtT0RIZjV0czJBTmhxZ0s5MW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9iYjZmMzgtMjM2OS00NDZmLTg4ZjIt
MGI0NTc1YjY5YzU3LzEvSkV0TW5YVFF5YXdNQUczOFNEeURLZFo0R0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9iYjZmMzgtMjM2OS00NDZmLTg4ZjItMGI0NTc1YjY5YzU3
LzEvWVV5VmhZaWZtT0RIZjV0czJBTmhxZ0s5MW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzAyBAIAATAsAwQDLhMIMAwD
BAS5OZADBAC5OZIDBAC5XOQDBAK5YTQDBALREJgDBADZPfwwHQQCAAIwFzAOAwUE
KgIosAMFACoCKLIDBQAqAii3MA0GCSqGSIb3DQEBCwUAA4IBAQBQsBYa1pnhSvvz
DP7L1txnyk2XRKduPizWEJEAPgD3l4DU2WyhAlxBu9MLfNEa7VWOIELX/en9LYhp
GAaqVcupbG0IKSI34jDMed4csYLuWjGCzLa/B59v5a1DZlNC5XKAL+qqxeCM55jw
gB8KbYozorgUL28Gi5659UVNcwuZlOYeuOd7C8x1uzF8F2dQeLLuEptW1LiN6Ixt
zu5Tkr1iFTBbWKVPrLNTwuqLnym4XyT9ESThPBJ623rw7OzxPJbZ8EKMEcqDtakD
DFtvAacmGElfV2Y+8zSySaigLZknpuX6lS6uZajaycNOKJkXtp+8EFtBjd+kzawv
QT16yEBv
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:14:33 2024 by rpki-client on console-ams.rpki-client.org