Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/5e0994-94d2-46e1-8066-cec22ea79513/1/qyHLXm2OQcgseK9h-t2g9Lu5Ec4.roa
File:                     qyHLXm2OQcgseK9h-t2g9Lu5Ec4.roa (raw, json)
Hash identifier:          YNT2mRKizx1FX7u+UHZvlqK93lAk1uCUPDeUJgC1SYs=
Subject key identifier:   AB:21:CB:5E:6D:8E:41:C8:2C:78:AF:61:FA:DD:A0:F4:BB:B9:11:CE
Certificate issuer:       /CN=79b5134b11f940911f0ff315c948daa53f732ee0
Certificate serial:       01973AC0B925AF51C5807D45837FA4915BD2
Authority key identifier: 79:B5:13:4B:11:F9:40:91:1F:0F:F3:15:C9:48:DA:A5:3F:73:2E:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ebUTSxH5QJEfD_MVyUjapT9zLuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/5e0994-94d2-46e1-8066-cec22ea79513/1/qyHLXm2OQcgseK9h-t2g9Lu5Ec4.roa
Signing time:             Wed 04 Jun 2025 11:43:18 +0000
ROA not before:           Wed 04 Jun 2025 11:43:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52033
IP address blocks:        46.254.48.0/21 maxlen: 21
                          46.254.48.0/24 maxlen: 24
                          46.254.49.0/24 maxlen: 24
                          46.254.50.0/24 maxlen: 24
                          46.254.51.0/24 maxlen: 24
                          46.254.52.0/24 maxlen: 24
                          46.254.53.0/24 maxlen: 24
                          46.254.54.0/24 maxlen: 24
                          46.254.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/5e0994-94d2-46e1-8066-cec22ea79513/1/ebUTSxH5QJEfD_MVyUjapT9zLuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/5e0994-94d2-46e1-8066-cec22ea79513/1/ebUTSxH5QJEfD_MVyUjapT9zLuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ebUTSxH5QJEfD_MVyUjapT9zLuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:c0:b9:25:af:51:c5:80:7d:45:83:7f:a4:91:5b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79b5134b11f940911f0ff315c948daa53f732ee0
        Validity
            Not Before: Jun  4 11:43:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab21cb5e6d8e41c82c78af61fadda0f4bbb911ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:fd:32:8a:d7:fe:cd:ac:5d:79:81:a7:a6:3a:
                    22:28:f4:30:6b:6d:96:cb:27:ab:2e:eb:54:ca:8e:
                    e3:49:4a:53:a5:c8:1e:08:ae:75:13:16:2c:b4:19:
                    de:86:5a:e6:43:90:6f:ef:c7:96:b0:77:05:45:fa:
                    6a:8d:35:95:20:70:b8:5a:db:d6:33:be:e6:7e:cf:
                    27:6f:e2:5e:32:f3:d2:ac:06:52:4c:57:93:73:19:
                    39:f1:36:5e:9a:aa:94:84:e9:fc:53:1a:5c:a9:d9:
                    91:75:d6:fc:76:60:10:c1:96:4c:c4:0e:22:1f:a5:
                    6e:80:a9:aa:f1:d8:0d:ff:50:ae:e2:ca:54:ef:b5:
                    29:f1:35:c6:a8:80:ec:d9:f1:80:12:0f:71:82:18:
                    86:d2:06:21:24:21:3b:77:45:9f:15:71:e3:a1:fa:
                    b2:1f:d0:aa:dc:7c:98:2a:e7:8b:a3:79:a5:19:c2:
                    d2:90:70:f1:2e:81:51:85:bd:98:46:f9:1e:71:96:
                    dd:11:45:a4:89:c0:cd:8e:c6:a8:a4:69:1c:6a:8b:
                    15:da:c7:69:6c:3f:d6:cf:60:fd:36:51:63:e1:42:
                    31:4d:df:72:76:27:23:b1:1a:f9:8c:e0:10:4b:bf:
                    39:33:ed:0b:c9:ff:38:e3:90:0f:57:6c:9d:93:35:
                    c0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:21:CB:5E:6D:8E:41:C8:2C:78:AF:61:FA:DD:A0:F4:BB:B9:11:CE
            X509v3 Authority Key Identifier:
                keyid:79:B5:13:4B:11:F9:40:91:1F:0F:F3:15:C9:48:DA:A5:3F:73:2E:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ebUTSxH5QJEfD_MVyUjapT9zLuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/5e0994-94d2-46e1-8066-cec22ea79513/1/qyHLXm2OQcgseK9h-t2g9Lu5Ec4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/5e0994-94d2-46e1-8066-cec22ea79513/1/ebUTSxH5QJEfD_MVyUjapT9zLuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         23:3e:e0:29:c2:d3:8e:ff:80:72:b2:fc:aa:02:d1:6b:94:f0:
         ad:4d:1d:a8:77:ff:8d:fb:56:24:88:9f:7b:43:cd:03:11:46:
         b4:b2:7a:f2:dd:69:4c:4c:c6:06:d1:b9:ef:52:82:7c:d4:d1:
         40:51:3f:0a:c6:9b:50:43:7f:54:b7:aa:a3:c1:f0:da:9f:37:
         2a:51:b2:fe:a7:b0:5a:5b:e9:be:d6:57:39:c9:14:f1:65:01:
         9b:96:80:23:54:74:de:70:3c:fb:57:7b:7d:f2:f7:c0:a1:fa:
         b7:9f:45:ee:e4:dc:f8:cf:44:f6:27:ec:37:5d:44:bc:75:08:
         a2:4e:80:5f:de:5f:29:c5:8e:b2:75:7b:e4:25:75:d4:20:ea:
         e2:84:7b:09:90:8d:6b:6a:e6:9b:c7:fb:19:c1:1d:ef:02:f3:
         38:8f:83:22:03:36:e9:f4:a2:28:e9:cb:34:c1:73:ce:16:27:
         8e:fe:bc:96:54:22:d5:43:a4:08:3b:48:3b:11:42:45:bd:c4:
         5d:7c:f6:1d:55:ca:d2:a8:46:d5:55:65:1a:29:aa:82:99:e5:
         52:91:dc:99:c0:8a:e6:76:6d:6a:c5:3a:0b:49:65:26:f0:05:
         dd:e2:a3:b5:a0:47:4a:1b:0c:d3:04:d2:0d:df:df:54:d9:50:
         e2:3f:a8:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc6wLklr1HFgH1Fg3+kkVvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YjUxMzRiMTFmOTQwOTExZjBmZjMxNWM5NDhkYWE1M2Y3
MzJlZTAwHhcNMjUwNjA0MTE0MzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjIxY2I1ZTZkOGU0MWM4MmM3OGFmNjFmYWRkYTBmNGJiYjkxMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2v0yitf+zaxdeYGnpjoiKPQwa22W
yyerLutUyo7jSUpTpcgeCK51ExYstBnehlrmQ5Bv78eWsHcFRfpqjTWVIHC4WtvW
M77mfs8nb+JeMvPSrAZSTFeTcxk58TZemqqUhOn8UxpcqdmRddb8dmAQwZZMxA4i
H6VugKmq8dgN/1Cu4spU77Up8TXGqIDs2fGAEg9xghiG0gYhJCE7d0WfFXHjofqy
H9Cq3HyYKueLo3mlGcLSkHDxLoFRhb2YRvkecZbdEUWkicDNjsaopGkcaosV2sdp
bD/Wz2D9NlFj4UIxTd9ydicjsRr5jOAQS785M+0Lyf8445APV2ydkzXAFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKshy15tjkHILHivYfrdoPS7uRHOMB8GA1UdIwQY
MBaAFHm1E0sR+UCRHw/zFclI2qU/cy7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWJVVFN4SDVRSkVmRF9NVnlVamFwVDl6THVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS81ZTA5OTQtOTRkMi00NmUxLTgwNjYt
Y2VjMjJlYTc5NTEzLzEvcXlITFhtMk9RY2dzZUs5aC10Mmc5THU1RWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS81ZTA5OTQtOTRkMi00NmUxLTgwNjYtY2VjMjJlYTc5NTEz
LzEvZWJVVFN4SDVRSkVmRF9NVnlVamFwVDl6THVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLv4wMA0G
CSqGSIb3DQEBCwUAA4IBAQAjPuApwtOO/4BysvyqAtFrlPCtTR2od/+N+1YkiJ97
Q80DEUa0snry3WlMTMYG0bnvUoJ81NFAUT8KxptQQ39Ut6qjwfDanzcqUbL+p7Ba
W+m+1lc5yRTxZQGbloAjVHTecDz7V3t98vfAofq3n0Xu5Nz4z0T2J+w3XUS8dQii
ToBf3l8pxY6ydXvkJXXUIOrihHsJkI1rauabx/sZwR3vAvM4j4MiAzbp9KIo6cs0
wXPOFieO/ryWVCLVQ6QIO0g7EUJFvcRdfPYdVcrSqEbVVWUaKaqCmeVSkdyZwIrm
dm1qxToLSWUm8AXd4qO1oEdKGwzTBNIN399U2VDiP6j6
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:17:51 2025 by rpki-client