Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/qFD0AFr9siC2lPz8IHM4Ta0Uqso.roa
File:                     qFD0AFr9siC2lPz8IHM4Ta0Uqso.roa (raw, json)
Hash identifier:          qTfYZo6fuJc/XUsw+63rGk9Vc2Vitdlm28gBPvP6EDw=
Subject key identifier:   A8:50:F4:00:5A:FD:B2:20:B6:94:FC:FC:20:73:38:4D:AD:14:AA:CA
Certificate issuer:       /CN=38f9c54f19193e06548163f895c3a46b9f8bfbb5
Certificate serial:       018CC49364FD1CB908BEB122EC536907D6D7
Authority key identifier: 38:F9:C5:4F:19:19:3E:06:54:81:63:F8:95:C3:A4:6B:9F:8B:FB:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/qFD0AFr9siC2lPz8IHM4Ta0Uqso.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12713
IP address blocks:        62.75.58.0/24 maxlen: 24
                          62.75.54.0/24 maxlen: 24
                          62.75.52.0/24 maxlen: 24
                          62.75.64.0/24 maxlen: 24
                          62.75.62.0/24 maxlen: 24
                          62.75.3.0/24 maxlen: 24
                          62.75.1.0/24 maxlen: 24
                          62.75.2.0/24 maxlen: 24
                          62.75.10.0/24 maxlen: 24
                          62.75.8.0/24 maxlen: 24
                          62.75.15.0/24 maxlen: 24
                          62.75.13.0/24 maxlen: 24
                          62.75.16.0/23 maxlen: 23
                          62.75.22.0/24 maxlen: 24
                          62.75.23.0/24 maxlen: 24
                          62.75.20.0/24 maxlen: 24
                          62.75.21.0/24 maxlen: 24
                          62.75.24.0/23 maxlen: 23
                          62.75.18.0/23 maxlen: 23
                          62.75.107.0/24 maxlen: 24
                          62.75.108.0/24 maxlen: 24
                          2a00:1cb8:1::/48 maxlen: 48
                          2a00:1cb8:2:3::/64 maxlen: 64
                          2a00:1cb8:2:8::/64 maxlen: 64
                          2a00:1cb8:2:d::/64 maxlen: 64
                          2a00:1cb8:2:a::/64 maxlen: 64
                          2a00:1cb8:2::/48 maxlen: 48
                          2a00:1cb8:2:7::/64 maxlen: 64
                          2a00:1cb8:2:2::/64 maxlen: 64
                          2a00:1cb8:2:c::/64 maxlen: 64
                          2a00:1cb8:2000::/35 maxlen: 35
                          2a00:1cb8:2:6::/64 maxlen: 64
                          2a00:1cb8:2:b::/64 maxlen: 64
                          2a00:1cb8:2:1::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:64:fd:1c:b9:08:be:b1:22:ec:53:69:07:d6:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38f9c54f19193e06548163f895c3a46b9f8bfbb5
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a850f4005afdb220b694fcfc2073384dad14aaca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:50:77:12:07:ac:bc:a2:ad:89:51:e6:eb:ab:
                    2f:b4:1f:13:10:dc:8b:43:e8:79:3b:a0:43:05:12:
                    d0:a8:a5:b3:d9:a8:e5:6e:3c:91:de:fa:0e:b3:a5:
                    3d:86:ea:ee:3a:7a:e1:58:38:6a:15:dc:13:56:99:
                    f7:f5:4f:19:1c:cf:1b:57:1b:c0:93:4e:a6:62:70:
                    8d:99:ab:15:b0:40:83:be:78:49:2f:55:89:f3:c5:
                    93:b7:61:6b:b6:8c:b1:f9:9a:0f:96:47:7d:ee:05:
                    ce:71:4b:08:cb:3c:26:ac:01:9a:02:27:25:36:d1:
                    b2:bb:12:28:31:e4:08:94:63:15:20:32:b4:46:48:
                    43:2a:70:c0:a3:b9:53:db:e5:7f:53:7b:3f:19:27:
                    0c:fa:f6:09:fd:e5:06:44:49:b3:1e:14:72:d7:1d:
                    da:9c:08:a9:93:e4:89:d9:4d:13:2a:2a:d9:37:6b:
                    73:10:7e:b5:b1:e8:39:6e:42:17:79:dc:70:85:58:
                    fd:91:06:16:ae:4d:65:3b:d9:cc:fd:95:8c:fe:fc:
                    ca:03:41:c9:ee:85:84:d0:80:b5:6e:44:db:de:82:
                    60:35:1c:b4:fc:c9:68:66:65:de:f4:cf:a4:f6:7f:
                    35:ce:db:35:a0:f8:e4:4a:ff:71:cd:fb:99:70:74:
                    d5:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:50:F4:00:5A:FD:B2:20:B6:94:FC:FC:20:73:38:4D:AD:14:AA:CA
            X509v3 Authority Key Identifier:
                keyid:38:F9:C5:4F:19:19:3E:06:54:81:63:F8:95:C3:A4:6B:9F:8B:FB:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/qFD0AFr9siC2lPz8IHM4Ta0Uqso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.75.1.0-62.75.3.255
                  62.75.8.0/24
                  62.75.10.0/24
                  62.75.13.0/24
                  62.75.15.0-62.75.25.255
                  62.75.52.0/24
                  62.75.54.0/24
                  62.75.58.0/24
                  62.75.62.0/24
                  62.75.64.0/24
                  62.75.107.0-62.75.108.255
                IPv6:
                  2a00:1cb8:1::-2a00:1cb8:2:ffff:ffff:ffff:ffff:ffff
                  2a00:1cb8:2000::/35

    Signature Algorithm: sha256WithRSAEncryption
         5d:20:ae:3b:02:59:cf:ba:93:cc:91:4d:2d:40:9d:d6:9a:af:
         25:8b:21:ba:41:55:cc:57:54:34:77:23:e5:a1:66:4b:3e:ec:
         d0:0d:b2:57:bc:8a:d9:97:01:15:c0:19:38:9d:05:27:f8:a0:
         4a:c4:83:cf:02:a5:40:ac:cd:57:14:7c:6d:de:19:8f:4a:55:
         89:5f:d6:7a:e7:70:d0:a3:e6:84:f0:6f:66:3c:c8:fc:31:c1:
         b6:3c:a6:0b:5a:3c:fa:46:a2:e2:73:0c:bb:cf:89:0a:6f:16:
         28:d7:ee:ff:96:a0:82:4e:8f:c9:f8:81:6c:9f:42:1e:b8:34:
         c1:c3:9d:f3:44:96:82:52:3c:10:bc:0c:b1:9b:ac:36:ff:08:
         58:c8:e0:27:cf:87:70:12:03:8c:80:cb:76:b6:87:93:ec:f7:
         37:3e:8e:b4:87:87:4c:45:07:47:90:be:45:f1:2c:08:2d:3a:
         7a:9a:51:a6:aa:fa:84:88:05:10:6d:4c:1c:98:ac:1a:3a:52:
         97:af:4d:97:80:0b:ca:e9:91:4e:9d:5f:a1:54:e8:a6:ca:2d:
         8a:90:7d:3f:ff:74:d4:7f:c5:72:48:41:06:cb:40:c5:27:ce:
         c2:bd:25:89:f0:89:35:8d:5e:a0:90:4d:63:dc:77:91:2f:a5:
         c6:b1:ee:60
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEk2T9HLkIvrEi7FNpB9bXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZjljNTRmMTkxOTNlMDY1NDgxNjNmODk1YzNhNDZiOWY4
YmZiYjUwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODUwZjQwMDVhZmRiMjIwYjY5NGZjZmMyMDczMzg0ZGFkMTRhYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFB3EgesvKKtiVHm66svtB8TENyL
Q+h5O6BDBRLQqKWz2ajlbjyR3voOs6U9huruOnrhWDhqFdwTVpn39U8ZHM8bVxvA
k06mYnCNmasVsECDvnhJL1WJ88WTt2Frtoyx+ZoPlkd97gXOcUsIyzwmrAGaAicl
NtGyuxIoMeQIlGMVIDK0RkhDKnDAo7lT2+V/U3s/GScM+vYJ/eUGREmzHhRy1x3a
nAipk+SJ2U0TKirZN2tzEH61seg5bkIXedxwhVj9kQYWrk1lO9nM/ZWM/vzKA0HJ
7oWE0IC1bkTb3oJgNRy0/MloZmXe9M+k9n81zts1oPjkSv9xzfuZcHTVewIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFKhQ9ABa/bIgtpT8/CBzOE2tFKrKMB8GA1UdIwQY
MBaAFDj5xU8ZGT4GVIFj+JXDpGufi/u1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1BuRlR4a1pQZ1pVZ1dQNGxjT2thNS1MLTdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9mMGI2YmEtODY3NS00OTFjLTg1OTMt
NzI0OTQ5YjQ2MGU5LzEvcUZEMEFGcjlzaUMybFB6OElITTRUYTBVcXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9mMGI2YmEtODY3NS00OTFjLTg1OTMtNzI0OTQ5YjQ2MGU5
LzEvT1BuRlR4a1pQZ1pVZ1dQNGxjT2thNS1MLTdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjBgBAIAATBaMAwDBAA+
SwEDBAI+SwADBAA+SwgDBAA+SwoDBAA+Sw0wDAMEAD5LDwMEAT5LGAMEAD5LNAME
AD5LNgMEAD5LOgMEAD5LPgMEAD5LQDAMAwQAPktrAwQAPktsMCIEAgACMBwwEgMH
ACoAHLgAAQMHACoAHLgAAgMGBSoAHLggMA0GCSqGSIb3DQEBCwUAA4IBAQBdIK47
AlnPupPMkU0tQJ3Wmq8liyG6QVXMV1Q0dyPloWZLPuzQDbJXvIrZlwEVwBk4nQUn
+KBKxIPPAqVArM1XFHxt3hmPSlWJX9Z653DQo+aE8G9mPMj8McG2PKYLWjz6RqLi
cwy7z4kKbxYo1+7/lqCCTo/J+IFsn0IeuDTBw53zRJaCUjwQvAyxm6w2/whYyOAn
z4dwEgOMgMt2toeT7Pc3Po60h4dMRQdHkL5F8SwILTp6mlGmqvqEiAUQbUwcmKwa
OlKXr02XgAvK6ZFOnV+hVOimyi2KkH0//3TUf8VySEEGy0DFJ87CvSWJ8Ik1jV6g
kE1j3HeRL6XGse5g
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:13:35 2024 by rpki-client on console-ams.rpki-client.org