Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/f08d45-543c-49f7-9e78-903c198590fa/1/UizrqC8wWRX57ztTM4vDeGUEBHI.roa
File:                     UizrqC8wWRX57ztTM4vDeGUEBHI.roa (raw, json)
Hash identifier:          JJ3pexXSVSQ4/neNTxS/NVKY3ENlLhNVmZ2bq7hT/mI=
Subject key identifier:   52:2C:EB:A8:2F:30:59:15:F9:EF:3B:53:33:8B:C3:78:65:04:04:72
Certificate issuer:       /CN=f215a277949711b2c01cdc669e40e171395855bb
Certificate serial:       018CC8DD176C2F614E5DA657855D09236A30
Authority key identifier: F2:15:A2:77:94:97:11:B2:C0:1C:DC:66:9E:40:E1:71:39:58:55:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8hWid5SXEbLAHNxmnkDhcTlYVbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/f08d45-543c-49f7-9e78-903c198590fa/1/UizrqC8wWRX57ztTM4vDeGUEBHI.roa
Signing time:             Tue 02 Jan 2024 06:29:41 +0000
ROA not before:           Tue 02 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39116
IP address blocks:        212.31.128.0/19 maxlen: 21
                          85.90.32.0/19 maxlen: 19
                          85.90.32.0/21 maxlen: 21
                          85.90.44.0/23 maxlen: 23
                          85.90.40.0/22 maxlen: 22
                          85.90.48.0/22 maxlen: 22
                          85.90.52.0/22 maxlen: 22
                          85.90.56.0/22 maxlen: 22
                          85.90.60.0/22 maxlen: 22
                          46.254.192.0/21 maxlen: 21
                          46.254.192.0/23 maxlen: 23
                          46.254.196.0/23 maxlen: 23
                          46.254.194.0/23 maxlen: 23
                          46.254.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/f08d45-543c-49f7-9e78-903c198590fa/1/8hWid5SXEbLAHNxmnkDhcTlYVbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/f08d45-543c-49f7-9e78-903c198590fa/1/8hWid5SXEbLAHNxmnkDhcTlYVbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8hWid5SXEbLAHNxmnkDhcTlYVbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:17:6c:2f:61:4e:5d:a6:57:85:5d:09:23:6a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f215a277949711b2c01cdc669e40e171395855bb
        Validity
            Not Before: Jan  2 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=522ceba82f305915f9ef3b53338bc37865040472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:73:71:8d:a1:4b:57:da:50:4f:2a:8f:4f:87:
                    d4:91:d5:ad:dd:88:1d:d5:f7:89:04:2a:9e:f3:86:
                    05:25:68:27:af:7f:ff:35:2c:6a:3e:79:d5:55:73:
                    24:2a:58:ed:7e:d7:14:db:aa:8c:34:a0:cd:54:65:
                    e8:c5:47:a6:b5:8a:e1:61:38:41:37:1b:07:22:4f:
                    65:64:6a:d8:8b:f2:c3:c7:fb:97:d0:9f:6f:79:ee:
                    61:32:c8:3f:e9:3e:aa:d1:de:05:7a:90:ad:92:29:
                    04:d4:7d:45:65:b1:94:a6:be:5c:04:b6:62:3c:cb:
                    54:d0:7b:99:aa:02:86:42:45:46:c3:8d:91:ca:3f:
                    ae:ff:94:86:03:17:68:62:0a:fd:af:63:ec:01:a4:
                    a3:aa:1d:2c:08:5d:dc:ef:c5:8b:fb:4c:ba:54:44:
                    6b:b8:1a:1e:44:b4:94:82:a6:9c:ca:62:c8:b0:2f:
                    ae:e3:2a:d9:7f:2a:ff:0a:60:3b:52:75:ec:56:b3:
                    0d:e7:98:f2:65:54:bf:07:ad:6b:f9:a0:c4:0d:ac:
                    b1:98:08:b0:42:30:90:44:5f:eb:25:0a:2c:15:e1:
                    35:fb:a9:37:d3:cb:5e:96:22:21:77:74:5d:1a:6b:
                    6c:79:dc:43:a9:14:c7:dd:77:96:ef:84:56:a9:c0:
                    87:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:2C:EB:A8:2F:30:59:15:F9:EF:3B:53:33:8B:C3:78:65:04:04:72
            X509v3 Authority Key Identifier:
                keyid:F2:15:A2:77:94:97:11:B2:C0:1C:DC:66:9E:40:E1:71:39:58:55:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8hWid5SXEbLAHNxmnkDhcTlYVbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f08d45-543c-49f7-9e78-903c198590fa/1/UizrqC8wWRX57ztTM4vDeGUEBHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f08d45-543c-49f7-9e78-903c198590fa/1/8hWid5SXEbLAHNxmnkDhcTlYVbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.192.0/21
                  85.90.32.0/19
                  212.31.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         72:83:fc:bf:9a:bb:e4:be:e5:4e:b0:6c:98:3c:a3:94:01:fe:
         c0:9c:f2:ca:a3:2c:44:72:83:66:47:19:5e:e5:58:b8:95:37:
         93:5b:14:b6:31:ab:3d:5f:3a:34:b5:7f:54:22:d6:fa:e0:8b:
         02:3c:5b:5e:17:a1:a0:1d:e4:83:3d:49:a0:78:56:f2:c2:82:
         0e:ac:e9:43:83:a4:ae:12:01:e9:8a:ba:4b:c6:e3:c9:ca:62:
         6e:1c:60:f2:fd:4b:1a:d9:6e:8f:7c:d3:7e:1e:31:92:3d:21:
         4e:a1:24:31:f4:7f:41:9f:d1:6f:fd:49:27:50:77:26:98:2b:
         9a:42:e5:56:6a:5a:7b:82:7e:90:5e:d9:de:77:d0:0c:6a:71:
         22:c3:61:61:52:aa:cb:ef:32:d6:06:e2:6a:f5:42:d3:19:54:
         7a:fc:53:11:54:1f:2d:7e:0e:ca:0c:1c:a0:f2:d9:7f:c1:3d:
         e3:f4:8a:38:c3:2e:3b:4d:5b:c1:64:d8:b2:fb:13:86:b9:96:
         b0:1d:54:0c:43:93:81:60:ec:e1:f8:4a:37:60:b6:4d:d0:aa:
         6f:e8:d6:d5:a1:04:b6:7e:dc:39:ef:76:26:3d:7c:61:a2:45:
         30:e1:8b:1c:2b:a7:ea:45:73:b7:25:c9:f9:8f:67:e8:f4:87:
         3f:b4:11:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3RdsL2FOXaZXhV0JI2owMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMTVhMjc3OTQ5NzExYjJjMDFjZGM2NjllNDBlMTcxMzk1
ODU1YmIwHhcNMjQwMTAyMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjJjZWJhODJmMzA1OTE1ZjllZjNiNTMzMzhiYzM3ODY1MDQwNDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonNxjaFLV9pQTyqPT4fUkdWt3Ygd
1feJBCqe84YFJWgnr3//NSxqPnnVVXMkKljtftcU26qMNKDNVGXoxUemtYrhYThB
NxsHIk9lZGrYi/LDx/uX0J9vee5hMsg/6T6q0d4FepCtkikE1H1FZbGUpr5cBLZi
PMtU0HuZqgKGQkVGw42Ryj+u/5SGAxdoYgr9r2PsAaSjqh0sCF3c78WL+0y6VERr
uBoeRLSUgqacymLIsC+u4yrZfyr/CmA7UnXsVrMN55jyZVS/B61r+aDEDayxmAiw
QjCQRF/rJQosFeE1+6k308teliIhd3RdGmtsedxDqRTH3XeW74RWqcCH5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFIs66gvMFkV+e87UzOLw3hlBARyMB8GA1UdIwQY
MBaAFPIVoneUlxGywBzcZp5A4XE5WFW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGhXaWQ1U1hFYkxBSE54bW5rRGhjVGxZVmJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9mMDhkNDUtNTQzYy00OWY3LTllNzgt
OTAzYzE5ODU5MGZhLzEvVWl6cnFDOHdXUlg1N3p0VE00dkRlR1VFQkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9mMDhkNDUtNTQzYy00OWY3LTllNzgtOTAzYzE5ODU5MGZh
LzEvOGhXaWQ1U1hFYkxBSE54bW5rRGhjVGxZVmJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLv7AAwQF
VVogAwQF1B+AMA0GCSqGSIb3DQEBCwUAA4IBAQByg/y/mrvkvuVOsGyYPKOUAf7A
nPLKoyxEcoNmRxle5Vi4lTeTWxS2Mas9Xzo0tX9UItb64IsCPFteF6GgHeSDPUmg
eFbywoIOrOlDg6SuEgHpirpLxuPJymJuHGDy/Usa2W6PfNN+HjGSPSFOoSQx9H9B
n9Fv/UknUHcmmCuaQuVWalp7gn6QXtned9AManEiw2FhUqrL7zLWBuJq9ULTGVR6
/FMRVB8tfg7KDByg8tl/wT3j9Io4wy47TVvBZNiy+xOGuZawHVQMQ5OBYOzh+Eo3
YLZN0Kpv6NbVoQS2ftw573YmPXxhokUw4YscK6fqRXO3Jcn5j2fo9Ic/tBEi
-----END CERTIFICATE-----
Generated at Sat Dec 28 03:01:09 2024 by rpki-client on console-ams.rpki-client.org