Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/58d15b-9f02-42c4-b02d-a01eea65fd33/1/llIXoFlQO2GRcBLYHFOyIKnQqAo.roa
File:                     llIXoFlQO2GRcBLYHFOyIKnQqAo.roa (raw, json)
Hash identifier:          wXm+3q9ilDz9LQxjzYjtzGFCBKeC3s9tHhp3o93W8Us=
Subject key identifier:   96:52:17:A0:59:50:3B:61:91:70:12:D8:1C:53:B2:20:A9:D0:A8:0A
Certificate issuer:       /CN=09a9e2ee8bcea6d5b919c4a33d26d9bbf982a843
Certificate serial:       018CC79524518F622454D52F3F4E5E5E87A3
Authority key identifier: 09:A9:E2:EE:8B:CE:A6:D5:B9:19:C4:A3:3D:26:D9:BB:F9:82:A8:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cani7ovOptW5GcSjPSbZu_mCqEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/58d15b-9f02-42c4-b02d-a01eea65fd33/1/llIXoFlQO2GRcBLYHFOyIKnQqAo.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201505
IP address blocks:        86.48.60.0/22 maxlen: 22
                          86.58.216.0/21 maxlen: 21
                          185.187.144.0/22 maxlen: 22
                          2a13:2540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/58d15b-9f02-42c4-b02d-a01eea65fd33/1/Cani7ovOptW5GcSjPSbZu_mCqEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/58d15b-9f02-42c4-b02d-a01eea65fd33/1/Cani7ovOptW5GcSjPSbZu_mCqEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cani7ovOptW5GcSjPSbZu_mCqEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:24:51:8f:62:24:54:d5:2f:3f:4e:5e:5e:87:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09a9e2ee8bcea6d5b919c4a33d26d9bbf982a843
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=965217a059503b61917012d81c53b220a9d0a80a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:39:01:d9:78:fe:ee:b8:22:23:3c:de:3d:37:
                    43:82:bf:e2:32:98:1e:89:e0:2f:c3:b6:4b:aa:10:
                    2a:7a:ae:84:3e:82:be:cd:83:b6:cd:cc:c9:50:d2:
                    f2:5f:32:41:88:98:d8:4d:33:20:8d:41:bc:c3:ec:
                    60:b7:cf:87:67:ab:a2:4a:e4:6c:d0:7c:64:36:01:
                    49:8e:a8:fe:3a:24:4f:a1:dd:2d:5c:36:80:b5:00:
                    8e:1a:ca:3a:b6:bc:54:ae:f1:fc:d2:72:01:1b:57:
                    f5:3d:93:14:59:47:4d:04:65:48:d3:c4:90:e7:a8:
                    37:d0:47:2b:5c:55:23:79:a8:fa:11:89:15:3a:49:
                    c6:2e:fa:8e:5b:8e:e3:cb:b9:59:33:47:23:13:f7:
                    79:85:7b:3c:52:a2:38:80:47:43:51:61:c3:79:c4:
                    7d:6f:60:16:85:37:ab:be:26:71:27:86:c9:e8:83:
                    6c:0c:ee:b1:33:ed:db:fc:32:41:b8:42:04:b5:13:
                    3d:9f:5a:cb:ba:35:92:62:de:b5:94:92:3a:9a:26:
                    af:a3:c0:b9:0c:0c:b6:df:ed:88:83:af:91:fe:3c:
                    6b:7a:7e:40:55:50:35:7b:f6:59:e5:92:65:a6:ca:
                    ee:e5:69:d8:90:d9:46:17:7d:83:8b:65:ff:0f:0a:
                    12:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:52:17:A0:59:50:3B:61:91:70:12:D8:1C:53:B2:20:A9:D0:A8:0A
            X509v3 Authority Key Identifier:
                keyid:09:A9:E2:EE:8B:CE:A6:D5:B9:19:C4:A3:3D:26:D9:BB:F9:82:A8:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cani7ovOptW5GcSjPSbZu_mCqEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/58d15b-9f02-42c4-b02d-a01eea65fd33/1/llIXoFlQO2GRcBLYHFOyIKnQqAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/58d15b-9f02-42c4-b02d-a01eea65fd33/1/Cani7ovOptW5GcSjPSbZu_mCqEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.48.60.0/22
                  86.58.216.0/21
                  185.187.144.0/22
                IPv6:
                  2a13:2540::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:75:ce:20:e9:4c:88:fd:7a:49:c9:f3:e1:7a:b4:20:89:0c:
         88:1a:84:39:63:44:49:95:47:20:d5:44:ff:ae:f6:34:a6:1e:
         2e:4c:12:53:f4:d8:cd:40:c5:77:14:93:9c:c2:d2:8e:5c:25:
         cb:82:b9:12:47:d3:8f:56:20:8a:be:e6:ba:af:01:93:27:95:
         4f:6d:53:75:68:ea:d4:12:ba:0f:4d:3e:6c:42:c4:5a:68:e6:
         ff:b6:59:51:01:f6:92:a9:d6:19:d3:d7:3f:da:55:64:c9:49:
         85:cc:2e:47:69:46:42:12:3f:17:e5:92:cd:63:53:13:ec:9e:
         d9:ae:8c:7e:6f:02:a6:d0:29:24:38:8b:4e:30:f3:ea:46:d8:
         c6:c7:ad:1b:c2:76:fc:52:e3:fe:84:6f:d3:01:89:2d:c9:e6:
         d6:7d:44:ef:77:e3:de:96:98:b3:f9:c0:f3:f3:a2:8f:b2:29:
         ed:6e:5c:b3:5a:c5:17:be:b5:fc:d9:f1:af:27:e2:d4:0c:ba:
         31:87:f2:6d:21:92:b7:b3:11:11:bd:28:9a:59:4d:05:d7:73:
         29:95:41:e1:85:f7:be:7e:c4:6c:28:fc:7c:ad:f3:24:19:b4:
         b8:1d:3e:fa:14:b3:b9:e8:4d:6b:d9:43:48:37:91:39:3d:8f:
         cf:c0:be:52
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzHlSRRj2IkVNUvP05eXoejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YTllMmVlOGJjZWE2ZDViOTE5YzRhMzNkMjZkOWJiZjk4
MmE4NDMwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjUyMTdhMDU5NTAzYjYxOTE3MDEyZDgxYzUzYjIyMGE5ZDBhODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7TkB2Xj+7rgiIzzePTdDgr/iMpge
ieAvw7ZLqhAqeq6EPoK+zYO2zczJUNLyXzJBiJjYTTMgjUG8w+xgt8+HZ6uiSuRs
0HxkNgFJjqj+OiRPod0tXDaAtQCOGso6trxUrvH80nIBG1f1PZMUWUdNBGVI08SQ
56g30EcrXFUjeaj6EYkVOknGLvqOW47jy7lZM0cjE/d5hXs8UqI4gEdDUWHDecR9
b2AWhTerviZxJ4bJ6INsDO6xM+3b/DJBuEIEtRM9n1rLujWSYt61lJI6miavo8C5
DAy23+2Ig6+R/jxren5AVVA1e/ZZ5ZJlpsru5WnYkNlGF32Di2X/DwoSewIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJZSF6BZUDthkXAS2BxTsiCp0KgKMB8GA1UdIwQY
MBaAFAmp4u6LzqbVuRnEoz0m2bv5gqhDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2FuaTdvdk9wdFc1R2NTalBTYlp1X21DcUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81OGQxNWItOWYwMi00MmM0LWIwMmQt
YTAxZWVhNjVmZDMzLzEvbGxJWG9GbFFPMkdSY0JMWUhGT3lJS25RcUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81OGQxNWItOWYwMi00MmM0LWIwMmQtYTAxZWVhNjVmZDMz
LzEvQ2FuaTdvdk9wdFc1R2NTalBTYlp1X21DcUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCVjA8AwQD
VjrYAwQCubuQMA0EAgACMAcDBQMqEyVAMA0GCSqGSIb3DQEBCwUAA4IBAQBfdc4g
6UyI/XpJyfPherQgiQyIGoQ5Y0RJlUcg1UT/rvY0ph4uTBJT9NjNQMV3FJOcwtKO
XCXLgrkSR9OPViCKvua6rwGTJ5VPbVN1aOrUEroPTT5sQsRaaOb/tllRAfaSqdYZ
09c/2lVkyUmFzC5HaUZCEj8X5ZLNY1MT7J7Zrox+bwKm0CkkOItOMPPqRtjGx60b
wnb8UuP+hG/TAYktyebWfUTvd+Pelpiz+cDz86KPsintblyzWsUXvrX82fGvJ+LU
DLoxh/JtIZK3sxERvSiaWU0F13MplUHhhfe+fsRsKPx8rfMkGbS4HT76FLO56E1r
2UNIN5E5PY/PwL5S
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:53:09 2024 by rpki-client on console-fra.rpki-client.org