Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/RSx6bzEVqpQ6i-MeqE7HgEl1pwY.roa
File:                     RSx6bzEVqpQ6i-MeqE7HgEl1pwY.roa (raw, json)
Hash identifier:          doFGST7H4FGaqUkcC9MEYcQJWOEBp7Ld3C4tBsTNqFo=
Subject key identifier:   45:2C:7A:6F:31:15:AA:94:3A:8B:E3:1E:A8:4E:C7:80:49:75:A7:06
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018F4E3D629D735E414BBE5B5932FB979DB2
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/RSx6bzEVqpQ6i-MeqE7HgEl1pwY.roa
Signing time:             Mon 06 May 2024 14:09:56 +0000
ROA not before:           Mon 06 May 2024 14:09:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62235
IP address blocks:        5.183.56.0/22 maxlen: 24
                          5.183.56.0/23 maxlen: 24
                          5.183.58.0/23 maxlen: 24
                          37.156.76.0/22 maxlen: 24
                          37.156.108.0/22 maxlen: 24
                          37.156.108.0/23 maxlen: 24
                          37.156.110.0/23 maxlen: 24
                          45.14.204.0/22 maxlen: 24
                          45.14.204.0/23 maxlen: 24
                          45.14.206.0/24 maxlen: 24
                          45.14.207.0/24 maxlen: 24
                          45.86.184.0/23 maxlen: 24
                          45.86.186.0/23 maxlen: 24
                          85.204.200.0/21 maxlen: 24
                          85.204.200.0/22 maxlen: 24
                          85.204.204.0/22 maxlen: 24
                          87.247.128.0/22 maxlen: 24
                          87.247.128.0/23 maxlen: 24
                          87.247.130.0/23 maxlen: 24
                          89.35.231.0/24 maxlen: 24
                          89.39.167.0/24 maxlen: 24
                          89.44.82.0/24 maxlen: 24
                          89.45.220.0/22 maxlen: 24
                          89.45.220.0/23 maxlen: 24
                          89.45.222.0/23 maxlen: 24
                          89.46.32.0/24 maxlen: 24
                          89.46.35.0/24 maxlen: 24
                          89.46.37.0/24 maxlen: 24
                          89.46.39.0/24 maxlen: 24
                          89.46.247.0/24 maxlen: 24
                          92.119.0.0/22 maxlen: 24
                          92.119.0.0/23 maxlen: 24
                          92.119.2.0/23 maxlen: 24
                          94.177.0.0/22 maxlen: 24
                          94.177.0.0/23 maxlen: 24
                          94.177.2.0/23 maxlen: 24
                          139.28.88.0/22 maxlen: 24
                          185.41.244.0/22 maxlen: 24
                          185.41.244.0/23 maxlen: 24
                          185.41.246.0/23 maxlen: 24
                          185.56.76.0/22 maxlen: 24
                          185.56.76.0/23 maxlen: 24
                          185.56.78.0/23 maxlen: 24
                          185.87.128.0/22 maxlen: 24
                          185.87.128.0/23 maxlen: 24
                          185.87.130.0/23 maxlen: 24
                          185.228.244.0/22 maxlen: 24
                          185.228.246.0/23 maxlen: 24
                          188.212.16.0/22 maxlen: 24
                          188.212.16.0/23 maxlen: 24
                          188.212.18.0/23 maxlen: 24
                          188.213.80.0/22 maxlen: 24
                          188.213.80.0/23 maxlen: 24
                          188.213.82.0/23 maxlen: 24
                          188.213.83.0/24 maxlen: 24
                          188.214.112.0/21 maxlen: 24
                          188.214.112.0/22 maxlen: 24
                          188.214.116.0/22 maxlen: 24
                          188.214.118.0/24 maxlen: 24
                          194.124.56.0/22 maxlen: 24
                          194.124.56.0/23 maxlen: 24
                          194.124.58.0/23 maxlen: 24
                          195.82.98.0/23 maxlen: 24
                          195.82.98.0/24 maxlen: 24
                          195.82.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4e:3d:62:9d:73:5e:41:4b:be:5b:59:32:fb:97:9d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: May  6 14:09:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=452c7a6f3115aa943a8be31ea84ec7804975a706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:22:e9:88:16:8e:fa:81:67:ab:95:82:85:e4:
                    98:94:0c:80:72:9e:f0:1f:62:ca:c1:3f:5c:dd:24:
                    51:48:4e:c0:33:fe:6c:aa:bf:f6:26:e7:dd:7d:f1:
                    80:b6:4a:18:7e:47:d4:4b:0a:c4:bb:a4:e7:99:f4:
                    d3:77:6b:8a:fc:b7:a2:5d:ef:ed:65:b6:8a:7b:84:
                    25:78:3f:8f:fa:9f:a6:c0:2c:de:94:a5:de:5b:6c:
                    c4:55:b5:6d:db:c0:09:c4:4b:0f:96:63:98:2e:20:
                    5c:b5:b9:6f:eb:21:96:f1:d1:d8:df:02:3e:f5:9e:
                    54:23:46:60:4b:e5:b9:65:c2:92:73:4e:32:5d:bd:
                    af:8b:18:14:b8:15:88:6c:af:65:03:43:85:01:90:
                    a3:6d:51:8c:c7:03:43:6a:91:72:96:a7:ae:e6:80:
                    58:89:f1:16:fb:a1:ca:d3:d2:b4:7e:10:38:99:10:
                    8c:1d:21:44:b0:2c:72:eb:4d:82:c5:e3:79:aa:43:
                    59:83:51:61:44:4c:c7:b8:e7:c7:46:5d:b3:3b:d4:
                    2c:44:d9:1a:ff:22:cf:dd:cf:ca:ab:1f:86:76:c4:
                    fc:4e:40:10:bc:a9:26:64:40:a8:bb:d2:b1:2b:cd:
                    fd:1e:3a:24:2f:39:94:97:a2:03:d8:a1:9c:4c:e5:
                    e0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:2C:7A:6F:31:15:AA:94:3A:8B:E3:1E:A8:4E:C7:80:49:75:A7:06
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/RSx6bzEVqpQ6i-MeqE7HgEl1pwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.56.0/22
                  37.156.76.0/22
                  37.156.108.0/22
                  45.14.204.0/22
                  45.86.184.0/22
                  85.204.200.0/21
                  87.247.128.0/22
                  89.35.231.0/24
                  89.39.167.0/24
                  89.44.82.0/24
                  89.45.220.0/22
                  89.46.32.0/24
                  89.46.35.0/24
                  89.46.37.0/24
                  89.46.39.0/24
                  89.46.247.0/24
                  92.119.0.0/22
                  94.177.0.0/22
                  139.28.88.0/22
                  185.41.244.0/22
                  185.56.76.0/22
                  185.87.128.0/22
                  185.228.244.0/22
                  188.212.16.0/22
                  188.213.80.0/22
                  188.214.112.0/21
                  194.124.56.0/22
                  195.82.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:63:ca:0e:8d:1a:40:c1:1d:57:1f:14:47:b4:c4:6c:ed:63:
         fb:b7:f4:6f:25:f5:11:f5:75:f1:99:b0:88:86:d7:e0:cb:21:
         6d:68:ea:0a:7f:f1:eb:0b:d9:7a:ef:bb:30:d0:bb:4a:43:d3:
         cb:b0:60:f8:6a:12:64:97:b2:ff:bb:96:53:48:71:e3:3c:6a:
         39:0e:b6:0e:cb:ce:ec:dc:e0:9c:da:ae:78:93:43:77:c2:1d:
         25:d6:f8:fb:94:5b:fa:eb:62:f5:1d:fb:b9:90:b5:8c:85:4a:
         24:85:ff:4e:78:92:bf:0a:4b:a3:84:18:05:43:d5:ad:f6:af:
         d7:40:65:d1:29:5e:c1:47:f0:d1:df:8e:8c:33:ac:3c:41:b1:
         5b:96:78:bb:c0:8d:08:e7:13:98:b9:65:ae:2d:d0:c2:7e:70:
         9b:a3:70:4c:b3:69:d6:37:2c:19:28:47:a0:5c:0b:30:b9:fb:
         18:99:49:c8:3c:31:4a:38:02:af:5a:63:1b:a6:2c:e2:05:da:
         60:53:02:73:76:d6:c5:fd:c2:fd:bc:5b:fe:9a:8e:22:f4:a3:
         5b:50:03:af:08:2d:75:b9:9a:ef:3e:0f:1f:78:19:0b:b5:b8:
         f3:ae:26:cd:f0:99:87:d7:fa:92:63:ad:05:66:e0:17:53:bf:
         a4:d6:f3:ea
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAY9OPWKdc15BS75bWTL7l52yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwNTA2MTQwOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTJjN2E2ZjMxMTVhYTk0M2E4YmUzMWVhODRlYzc4MDQ5NzVhNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iLpiBaO+oFnq5WCheSYlAyAcp7w
H2LKwT9c3SRRSE7AM/5sqr/2JufdffGAtkoYfkfUSwrEu6TnmfTTd2uK/LeiXe/t
ZbaKe4QleD+P+p+mwCzelKXeW2zEVbVt28AJxEsPlmOYLiBctblv6yGW8dHY3wI+
9Z5UI0ZgS+W5ZcKSc04yXb2vixgUuBWIbK9lA0OFAZCjbVGMxwNDapFylqeu5oBY
ifEW+6HK09K0fhA4mRCMHSFEsCxy602CxeN5qkNZg1FhREzHuOfHRl2zO9QsRNka
/yLP3c/Kqx+GdsT8TkAQvKkmZECou9KxK839HjokLzmUl6ID2KGcTOXguwIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFEUsem8xFaqUOovjHqhOx4BJdacGMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvUlN4NmJ6RVZxcFE2aS1NZXFFN0hnRWwxcHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagDBAIF
tzgDBAIlnEwDBAIlnGwDBAItDswDBAItVrgDBANVzMgDBAJX94ADBABZI+cDBABZ
J6cDBABZLFIDBAJZLdwDBABZLiADBABZLiMDBABZLiUDBABZLicDBABZLvcDBAJc
dwADBAJesQADBAKLHFgDBAK5KfQDBAK5OEwDBAK5V4ADBAK55PQDBAK81BADBAK8
1VADBAO81nADBALCfDgDBAHDUmIwDQYJKoZIhvcNAQELBQADggEBABFjyg6NGkDB
HVcfFEe0xGztY/u39G8l9RH1dfGZsIiG1+DLIW1o6gp/8esL2XrvuzDQu0pD08uw
YPhqEmSXsv+7llNIceM8ajkOtg7Lzuzc4JzarniTQ3fCHSXW+PuUW/rrYvUd+7mQ
tYyFSiSF/054kr8KS6OEGAVD1a32r9dAZdEpXsFH8NHfjowzrDxBsVuWeLvAjQjn
E5i5Za4t0MJ+cJujcEyzadY3LBkoR6BcCzC5+xiZScg8MUo4Aq9aYxumLOIF2mBT
AnN21sX9wv28W/6ajiL0o1tQA68ILXW5mu8+Dx94GQu1uPOuJs3wmYfX+pJjrQVm
4BdTv6TW8+o=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:26:08 2024 by rpki-client on console-ams.rpki-client.org