Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/U5Zbtbs3iH8a0fd2lsUnCBN70x0.roa
File:                     U5Zbtbs3iH8a0fd2lsUnCBN70x0.roa (raw, json)
Hash identifier:          0djw0A5OUv4sClaPQqiTtpJjH5QLqluVOn/h4C9Dbm8=
Subject key identifier:   53:96:5B:B5:BB:37:88:7F:1A:D1:F7:76:96:C5:27:08:13:7B:D3:1D
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802F1F7505493983D68CF0375D9203F
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/U5Zbtbs3iH8a0fd2lsUnCBN70x0.roa
Signing time:             Tue 02 Jan 2024 02:31:25 +0000
ROA not before:           Tue 02 Jan 2024 02:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50572
IP address blocks:        193.180.0.0/24 maxlen: 24
                          193.182.253.0/24 maxlen: 24
                          193.182.251.0/24 maxlen: 24
                          193.182.252.0/24 maxlen: 24
                          194.68.229.0/24 maxlen: 24
                          194.103.228.0/22 maxlen: 22
                          192.36.242.0/24 maxlen: 24
                          194.14.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:f1:f7:50:54:93:98:3d:68:cf:03:75:d9:20:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53965bb5bb37887f1ad1f77696c52708137bd31d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:58:e4:09:b9:7b:f1:92:f9:a5:9f:8a:e0:d3:
                    8e:e1:ba:c5:94:22:dc:08:97:e1:dc:a3:4c:07:9f:
                    fa:d3:32:d0:df:34:df:ed:c3:1c:20:1a:55:d3:20:
                    70:02:e5:a8:ad:1a:89:95:15:d9:fd:2f:a0:43:b5:
                    e9:85:6b:3e:c1:aa:77:32:98:1e:a1:5e:a9:3f:15:
                    d4:fd:af:9a:1b:4d:c5:cb:4d:f0:4a:f2:11:9a:26:
                    e3:bc:f8:a1:25:32:2c:df:8d:db:1c:d8:f1:05:45:
                    48:3b:94:48:8d:13:10:dc:66:4b:12:81:49:2f:0b:
                    b5:3e:07:5b:da:93:1a:b7:2d:2d:10:20:80:f5:ae:
                    7c:f9:8d:04:ce:c3:e9:d0:3e:9f:08:ac:a3:34:5c:
                    bd:7d:26:7d:ee:04:cd:95:fe:12:f8:79:a8:ae:b0:
                    6d:3b:3d:a6:10:af:47:4e:81:a1:f6:92:1d:60:bf:
                    87:d3:43:8b:9e:36:50:7c:5d:44:80:46:ee:ea:76:
                    6e:49:19:e4:eb:5a:fa:21:7e:07:87:17:e9:16:b2:
                    f9:b0:fa:ce:49:de:ee:ca:62:06:56:a3:5a:fe:6e:
                    62:ad:93:bd:e0:09:0c:a3:c2:2d:70:4a:6e:86:80:
                    ce:1a:31:6d:c4:c4:d0:df:78:64:36:58:8e:36:db:
                    e2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:96:5B:B5:BB:37:88:7F:1A:D1:F7:76:96:C5:27:08:13:7B:D3:1D
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/U5Zbtbs3iH8a0fd2lsUnCBN70x0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.242.0/24
                  193.180.0.0/24
                  193.182.251.0-193.182.253.255
                  194.14.104.0/24
                  194.68.229.0/24
                  194.103.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:71:50:ea:09:e8:63:8a:33:0f:63:5d:54:47:75:74:bd:d1:
         92:3b:6b:9f:77:1c:81:22:14:d4:c5:9a:ac:b1:75:5f:40:de:
         c9:2e:f6:03:ba:75:f5:56:03:23:2a:51:73:4e:7f:bf:d0:31:
         56:14:b4:12:4a:d5:9e:bb:10:87:cf:26:f5:dc:18:22:8b:c1:
         d3:cb:63:76:3f:3e:ee:28:e8:ae:e8:30:1a:58:28:5c:ec:c4:
         32:d0:ff:4f:2f:a3:5d:b9:ce:a7:21:cf:35:1d:34:0c:e5:ab:
         14:38:22:2c:da:17:65:b8:01:77:3b:6f:43:8c:27:cb:46:ce:
         17:f1:48:4a:94:0b:21:e0:6d:a6:86:b9:f0:d7:86:df:31:d2:
         bb:24:76:59:11:e6:2f:ed:c7:76:a6:e4:6b:01:0c:62:c7:4d:
         e4:b3:8b:b8:f4:fe:07:e0:1a:4d:2a:a2:22:80:3b:60:35:0b:
         ba:6f:ae:1c:2e:57:5d:e5:4d:0d:1e:95:f4:5f:46:3b:31:22:
         58:04:f3:8f:80:f7:61:7c:90:16:17:eb:35:b3:cd:09:f3:d9:
         e1:33:47:1b:c6:5d:05:de:f9:3d:13:f5:17:91:07:c0:45:7a:
         e1:41:05:77:ae:23:2f:0d:4a:e5:c6:2a:9b:cd:f9:0f:6f:24:
         b5:95:24:41
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYzIAvH3UFSTmD1ozwN12SA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzk2NWJiNWJiMzc4ODdmMWFkMWY3NzY5NmM1MjcwODEzN2JkMzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFjkCbl78ZL5pZ+K4NOO4brFlCLc
CJfh3KNMB5/60zLQ3zTf7cMcIBpV0yBwAuWorRqJlRXZ/S+gQ7XphWs+wap3Mpge
oV6pPxXU/a+aG03Fy03wSvIRmibjvPihJTIs343bHNjxBUVIO5RIjRMQ3GZLEoFJ
Lwu1Pgdb2pMaty0tECCA9a58+Y0EzsPp0D6fCKyjNFy9fSZ97gTNlf4S+HmorrBt
Oz2mEK9HToGh9pIdYL+H00OLnjZQfF1EgEbu6nZuSRnk61r6IX4HhxfpFrL5sPrO
Sd7uymIGVqNa/m5irZO94AkMo8ItcEpuhoDOGjFtxMTQ33hkNliONtvi/QIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFFOWW7W7N4h/GtH3dpbFJwgTe9MdMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvVTVaYnRiczNpSDhhMGZkMmxzVW5DQk43MHgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAwCTyAwQA
wbQAMAwDBADBtvsDBAHBtvwDBADCDmgDBADCROUDBALCZ+QwDQYJKoZIhvcNAQEL
BQADggEBAD5xUOoJ6GOKMw9jXVRHdXS90ZI7a593HIEiFNTFmqyxdV9A3sku9gO6
dfVWAyMqUXNOf7/QMVYUtBJK1Z67EIfPJvXcGCKLwdPLY3Y/Pu4o6K7oMBpYKFzs
xDLQ/08vo125zqchzzUdNAzlqxQ4IizaF2W4AXc7b0OMJ8tGzhfxSEqUCyHgbaaG
ufDXht8x0rskdlkR5i/tx3am5GsBDGLHTeSzi7j0/gfgGk0qoiKAO2A1C7pvrhwu
V13lTQ0elfRfRjsxIlgE84+A92F8kBYX6zWzzQnz2eEzRxvGXQXe+T0T9ReRB8BF
euFBBXeuIy8NSuXGKpvN+Q9vJLWVJEE=
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:31:19 2024 by rpki-client on console-fra.rpki-client.org