Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/XWAfMIrbHXEKOC2GaCDngDJTUFk.roa
File:                     XWAfMIrbHXEKOC2GaCDngDJTUFk.roa (raw, json)
Hash identifier:          AvWAYYMnFGxb2SvfYDS3TPO+NBjNQxqKBLMg7PuEtyY=
Subject key identifier:   5D:60:1F:30:8A:DB:1D:71:0A:38:2D:86:68:20:E7:80:32:53:50:59
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AE77DB383DAA04B802E717934DE02
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/XWAfMIrbHXEKOC2GaCDngDJTUFk.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204063
IP address blocks:        5.1.64.0/21 maxlen: 32
                          94.247.47.0/24 maxlen: 32
                          185.90.161.0/24 maxlen: 32
                          185.90.160.0/24 maxlen: 32
                          185.90.163.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e7:7d:b3:83:da:a0:4b:80:2e:71:79:34:de:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d601f308adb1d710a382d866820e78032535059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1d:f3:73:66:e3:68:50:ec:96:1d:e5:c7:32:
                    3c:77:20:b3:aa:da:60:5d:f0:11:7d:fc:36:94:67:
                    59:10:7c:f3:4d:f4:63:57:95:c5:c0:df:cb:64:21:
                    82:34:6f:8a:44:5b:94:be:43:24:02:9d:67:88:4d:
                    76:37:e2:69:05:cf:ef:73:a5:54:b4:82:95:0a:63:
                    84:02:ec:71:0f:f8:b6:06:a0:d3:e8:f8:35:fb:4b:
                    4b:fc:01:59:ac:fb:93:19:c9:5b:eb:16:0d:0f:b2:
                    54:7d:ec:fb:38:83:a5:06:7b:12:4d:75:ec:d3:dc:
                    a8:c8:29:fc:2a:e8:1f:7d:62:6e:36:b6:42:d1:6f:
                    b9:f0:43:b0:91:3a:01:b2:49:b5:04:53:a1:da:9e:
                    ef:8c:31:74:48:a5:eb:1c:88:16:5b:51:27:ec:3c:
                    7e:ca:96:37:cd:95:3a:b5:f9:ef:a8:04:bf:40:92:
                    00:5a:14:5e:21:41:2a:ee:9c:b6:c0:61:c2:55:ed:
                    63:a8:f5:28:05:ae:8a:88:79:03:67:6f:cd:be:12:
                    f5:06:42:84:cd:0b:9e:46:b8:61:a4:d9:01:27:03:
                    63:6d:33:aa:db:59:f6:f9:a0:c8:25:ac:c3:48:86:
                    fc:7f:5d:83:51:03:ac:9b:31:f2:91:34:a1:7c:63:
                    63:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:60:1F:30:8A:DB:1D:71:0A:38:2D:86:68:20:E7:80:32:53:50:59
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/XWAfMIrbHXEKOC2GaCDngDJTUFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.64.0/21
                  94.247.47.0/24
                  185.90.160.0/23
                  185.90.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:7d:5a:e6:6a:c0:9e:9e:d6:11:01:84:2e:50:ca:d6:fc:e6:
         72:4b:52:de:7b:b5:1d:78:e2:c4:31:33:a9:dc:42:e9:0a:e2:
         04:5c:52:1c:20:3e:c4:c3:05:79:20:63:ce:92:27:45:85:fe:
         0a:61:7d:d2:21:13:48:d2:fc:cb:e7:ef:3f:df:9f:cb:2a:fa:
         0b:84:69:81:01:4a:db:4b:53:3f:9e:5d:21:cd:86:f8:63:ea:
         ce:11:89:28:06:64:de:5b:98:ac:4f:72:c1:88:39:b2:76:04:
         df:ad:84:64:06:0a:08:ce:e8:33:3a:f6:8b:f5:22:68:93:8a:
         7b:66:d1:64:cb:fb:ea:c8:ce:4c:9c:37:f0:d2:98:89:be:db:
         e9:00:b4:8b:7f:60:c2:b2:4b:d6:bb:0b:14:12:d1:c5:d2:7a:
         67:f0:60:b7:86:33:8d:d5:8a:73:43:a4:13:bb:f7:7e:8b:fe:
         aa:e6:bb:5b:7f:9f:87:b3:93:3c:4d:33:7d:9e:81:73:b9:65:
         27:75:08:d6:91:c9:1d:64:c1:e8:18:7e:07:fb:bc:6f:f7:85:
         78:6f:7c:22:e3:b1:0f:65:be:b8:a0:c3:bc:18:27:6a:d0:11:
         a8:e0:a7:3f:a7:09:e9:fa:1c:d2:2b:a1:22:15:1c:d2:ab:6c:
         a7:d5:a2:fe
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGSud9s4PaoEuALnF5NN4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDYwMWYzMDhhZGIxZDcxMGEzODJkODY2ODIwZTc4MDMyNTM1MDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoB3zc2bjaFDslh3lxzI8dyCzqtpg
XfARffw2lGdZEHzzTfRjV5XFwN/LZCGCNG+KRFuUvkMkAp1niE12N+JpBc/vc6VU
tIKVCmOEAuxxD/i2BqDT6Pg1+0tL/AFZrPuTGclb6xYND7JUfez7OIOlBnsSTXXs
09yoyCn8KugffWJuNrZC0W+58EOwkToBskm1BFOh2p7vjDF0SKXrHIgWW1En7Dx+
ypY3zZU6tfnvqAS/QJIAWhReIUEq7py2wGHCVe1jqPUoBa6KiHkDZ2/NvhL1BkKE
zQueRrhhpNkBJwNjbTOq21n2+aDIJazDSIb8f12DUQOsmzHykTShfGNjjQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFF1gHzCK2x1xCjgthmgg54AyU1BZMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvWFdBZk1JcmJIWEVLT0MyR2FDRG5nREpUVUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBQFAAwQA
XvcvAwQBuVqgAwQAuVqjMA0GCSqGSIb3DQEBCwUAA4IBAQBAfVrmasCentYRAYQu
UMrW/OZyS1Lee7UdeOLEMTOp3ELpCuIEXFIcID7EwwV5IGPOkidFhf4KYX3SIRNI
0vzL5+8/35/LKvoLhGmBAUrbS1M/nl0hzYb4Y+rOEYkoBmTeW5isT3LBiDmydgTf
rYRkBgoIzugzOvaL9SJok4p7ZtFky/vqyM5MnDfw0piJvtvpALSLf2DCskvWuwsU
EtHF0npn8GC3hjON1YpzQ6QTu/d+i/6q5rtbf5+Hs5M8TTN9noFzuWUndQjWkckd
ZMHoGH4H+7xv94V4b3wi47EPZb64oMO8GCdq0BGo4Kc/pwnp+hzSK6EiFRzSq2yn
1aL+
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:03:34 2024 by rpki-client on console-fra.rpki-client.org