Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/XblaV3BRLJ5D7Cal5m0GpfbVEb4.roa
File:                     XblaV3BRLJ5D7Cal5m0GpfbVEb4.roa (raw, json)
Hash identifier:          TV7qKKs/36hlzb3ODdEARD+SsvLNUQdnJSw3r+YMmM4=
Subject key identifier:   5D:B9:5A:57:70:51:2C:9E:43:EC:26:A5:E6:6D:06:A5:F6:D5:11:BE
Certificate issuer:       /CN=ad9681f144db1430ac315c8306e1c14730c5fec2
Certificate serial:       0191D5CAA33B3185440382847402B4DEC8A5
Authority key identifier: AD:96:81:F1:44:DB:14:30:AC:31:5C:83:06:E1:C1:47:30:C5:FE:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rZaB8UTbFDCsMVyDBuHBRzDF_sI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/XblaV3BRLJ5D7Cal5m0GpfbVEb4.roa
Signing time:             Mon 09 Sep 2024 07:58:32 +0000
ROA not before:           Mon 09 Sep 2024 07:58:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62442
IP address blocks:        78.157.32.0/19 maxlen: 19
                          78.157.32.0/24 maxlen: 24
                          78.157.34.0/24 maxlen: 24
                          78.157.35.0/24 maxlen: 24
                          78.157.36.0/24 maxlen: 24
                          78.157.37.0/24 maxlen: 24
                          78.157.38.0/24 maxlen: 24
                          78.157.39.0/24 maxlen: 24
                          78.157.40.0/24 maxlen: 24
                          78.157.41.0/24 maxlen: 24
                          78.157.42.0/24 maxlen: 24
                          78.157.43.0/24 maxlen: 24
                          78.157.44.0/24 maxlen: 24
                          78.157.45.0/24 maxlen: 24
                          78.157.46.0/24 maxlen: 24
                          78.157.47.0/24 maxlen: 24
                          78.157.48.0/21 maxlen: 21
                          78.157.48.0/24 maxlen: 24
                          78.157.49.0/24 maxlen: 24
                          78.157.50.0/24 maxlen: 24
                          78.157.51.0/24 maxlen: 24
                          78.157.52.0/24 maxlen: 24
                          78.157.53.0/24 maxlen: 24
                          78.157.54.0/23 maxlen: 23
                          78.157.54.0/24 maxlen: 24
                          78.157.55.0/24 maxlen: 24
                          78.157.56.0/21 maxlen: 21
                          78.157.56.0/24 maxlen: 24
                          78.157.57.0/24 maxlen: 24
                          78.157.58.0/24 maxlen: 24
                          78.157.59.0/24 maxlen: 24
                          78.157.60.0/23 maxlen: 23
                          78.157.60.0/24 maxlen: 24
                          78.157.61.0/24 maxlen: 24
                          78.157.62.0/24 maxlen: 24
                          78.157.63.0/24 maxlen: 24
                          89.221.84.0/22 maxlen: 22
                          89.221.88.0/21 maxlen: 21
                          2a10:8180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/rZaB8UTbFDCsMVyDBuHBRzDF_sI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/rZaB8UTbFDCsMVyDBuHBRzDF_sI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rZaB8UTbFDCsMVyDBuHBRzDF_sI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d5:ca:a3:3b:31:85:44:03:82:84:74:02:b4:de:c8:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad9681f144db1430ac315c8306e1c14730c5fec2
        Validity
            Not Before: Sep  9 07:58:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5db95a5770512c9e43ec26a5e66d06a5f6d511be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:b1:ab:89:a8:47:5b:86:61:77:1b:96:56:a7:
                    e3:cb:51:bf:0d:37:06:44:eb:b4:d6:bb:f5:26:c4:
                    14:f5:89:fe:66:e0:f0:ee:17:12:da:8a:63:11:5b:
                    73:1c:5d:95:5b:ff:cd:a3:29:81:de:fc:3e:42:45:
                    99:76:17:ac:d0:df:63:ed:70:88:5a:87:b9:08:14:
                    7d:59:92:e6:a1:7a:40:99:6b:d3:51:d7:ce:7e:36:
                    fd:09:cd:0c:08:ad:e5:10:02:ba:7e:b1:24:3d:18:
                    4d:59:78:0a:ec:b8:5c:a9:9f:56:b3:02:a2:3e:da:
                    d9:7b:7f:58:7b:15:6e:b3:8c:67:e4:09:61:51:c0:
                    fc:50:9f:6f:44:da:bb:25:d7:c7:d4:1e:03:a5:d5:
                    ce:44:97:f8:c9:f1:c0:70:46:ac:9e:c4:76:44:97:
                    39:8d:a6:f7:c6:66:69:47:21:81:70:88:e1:55:8f:
                    94:fb:9b:a1:82:36:14:0e:06:c0:9f:64:f6:fb:03:
                    7f:42:0b:94:6e:6a:68:bc:c9:da:16:a2:97:1c:dd:
                    54:f9:6f:c1:4f:4b:91:45:ac:0b:c8:7f:b2:46:d0:
                    3b:fa:a1:6a:59:a6:41:27:5c:1c:d3:56:13:0c:cf:
                    ea:33:b0:18:e6:3a:eb:70:a9:68:cd:9e:c9:27:b5:
                    1a:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B9:5A:57:70:51:2C:9E:43:EC:26:A5:E6:6D:06:A5:F6:D5:11:BE
            X509v3 Authority Key Identifier:
                keyid:AD:96:81:F1:44:DB:14:30:AC:31:5C:83:06:E1:C1:47:30:C5:FE:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rZaB8UTbFDCsMVyDBuHBRzDF_sI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/XblaV3BRLJ5D7Cal5m0GpfbVEb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/405b5f-8d26-4ee3-b87f-a3a13e3a7d80/1/rZaB8UTbFDCsMVyDBuHBRzDF_sI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.157.32.0/19
                  89.221.84.0-89.221.95.255
                IPv6:
                  2a10:8180::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:27:21:ef:9d:0a:79:cf:5d:b8:ea:5f:05:d7:f2:bf:e4:cb:
         26:a2:3b:4c:c5:ab:cd:5f:2c:bf:4c:f7:53:ee:90:fb:6d:cc:
         c2:b8:8c:2f:9f:de:7c:35:61:8f:b9:d5:4f:10:06:56:09:03:
         89:ff:9e:c7:91:ec:fb:60:27:cc:b8:5a:d3:09:54:48:2c:29:
         4d:e2:9c:17:b5:02:89:ce:69:da:03:25:50:bd:4d:bc:cb:a9:
         44:7b:45:b9:d3:ad:78:a5:8a:2e:10:8e:84:1c:6d:95:7d:f8:
         84:7b:9f:71:b1:47:1d:eb:77:6e:46:b7:ee:77:a4:ab:11:c6:
         99:2e:1a:54:7c:f9:e2:d4:99:47:9c:b3:f6:f9:2a:f9:26:bd:
         47:04:5b:35:53:7a:6f:ef:e3:b6:fa:b1:49:94:e5:dd:f8:71:
         d8:ca:c7:cc:ed:64:0d:d7:17:f7:8f:78:2c:97:f4:06:15:42:
         d8:91:17:23:a9:3e:ad:37:86:f8:33:ad:b0:db:71:9f:2b:3b:
         cf:08:8c:1d:91:f2:6a:70:4d:6e:b9:15:4f:e0:59:e5:6b:32:
         a7:48:19:36:24:da:26:4c:fb:aa:10:c2:aa:10:04:f9:b3:2f:
         cb:84:1a:82:96:2e:2b:cb:76:8a:0f:07:97:af:ea:9f:4e:9c:
         7f:5a:9f:b1
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZHVyqM7MYVEA4KEdAK03silMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkOTY4MWYxNDRkYjE0MzBhYzMxNWM4MzA2ZTFjMTQ3MzBj
NWZlYzIwHhcNMjQwOTA5MDc1ODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI5NWE1NzcwNTEyYzllNDNlYzI2YTVlNjZkMDZhNWY2ZDUxMWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6bGriahHW4ZhdxuWVqfjy1G/DTcG
ROu01rv1JsQU9Yn+ZuDw7hcS2opjEVtzHF2VW//NoymB3vw+QkWZdhes0N9j7XCI
Woe5CBR9WZLmoXpAmWvTUdfOfjb9Cc0MCK3lEAK6frEkPRhNWXgK7LhcqZ9WswKi
PtrZe39YexVus4xn5AlhUcD8UJ9vRNq7JdfH1B4DpdXORJf4yfHAcEasnsR2RJc5
jab3xmZpRyGBcIjhVY+U+5uhgjYUDgbAn2T2+wN/QguUbmpovMnaFqKXHN1U+W/B
T0uRRawLyH+yRtA7+qFqWaZBJ1wc01YTDM/qM7AY5jrrcKlozZ7JJ7UalwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFF25WldwUSyeQ+wmpeZtBqX21RG+MB8GA1UdIwQY
MBaAFK2WgfFE2xQwrDFcgwbhwUcwxf7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclphQjhVVGJGRENzTVZ5REJ1SEJSekRGX3NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy80MDViNWYtOGQyNi00ZWUzLWI4N2Yt
YTNhMTNlM2E3ZDgwLzEvWGJsYVYzQlJMSjVEN0NhbDVtMEdwZmJWRWI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy80MDViNWYtOGQyNi00ZWUzLWI4N2YtYTNhMTNlM2E3ZDgw
LzEvclphQjhVVGJGRENzTVZ5REJ1SEJSekRGX3NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQFTp0gMAwD
BAJZ3VQDBAVZ3UAwDQQCAAIwBwMFAyoQgYAwDQYJKoZIhvcNAQELBQADggEBAJYn
Ie+dCnnPXbjqXwXX8r/kyyaiO0zFq81fLL9M91PukPttzMK4jC+f3nw1YY+51U8Q
BlYJA4n/nseR7PtgJ8y4WtMJVEgsKU3inBe1AonOadoDJVC9TbzLqUR7RbnTrXil
ii4QjoQcbZV9+IR7n3GxRx3rd25Gt+53pKsRxpkuGlR8+eLUmUecs/b5KvkmvUcE
WzVTem/v47b6sUmU5d34cdjKx8ztZA3XF/ePeCyX9AYVQtiRFyOpPq03hvgzrbDb
cZ8rO88IjB2R8mpwTW65FU/gWeVrMqdIGTYk2iZM+6oQwqoQBPmzL8uEGoKWLivL
dooPB5ev6p9OnH9an7E=
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:22:55 2024 by rpki-client on console-ams.rpki-client.org