Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/7edbcf-b90f-4707-b289-a3d377c6feef/1/Lwx08QP9m967BYPDvTy5JB19YyU.roa
File:                     Lwx08QP9m967BYPDvTy5JB19YyU.roa (raw, json)
Hash identifier:          Iqkm61omZ0y+6InhbRxPIliHOVxKQuxrZK9Ict4bJu4=
Subject key identifier:   2F:0C:74:F1:03:FD:9B:DE:BB:05:83:C3:BD:3C:B9:24:1D:7D:63:25
Certificate issuer:       /CN=b6fe63ee8a23f4916e4053531e6950db6c31e805
Certificate serial:       018CC79336DCDAC8D9F93C71FAC8076645C5
Authority key identifier: B6:FE:63:EE:8A:23:F4:91:6E:40:53:53:1E:69:50:DB:6C:31:E8:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tv5j7ooj9JFuQFNTHmlQ22wx6AU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/7edbcf-b90f-4707-b289-a3d377c6feef/1/Lwx08QP9m967BYPDvTy5JB19YyU.roa
Signing time:             Tue 02 Jan 2024 00:29:22 +0000
ROA not before:           Tue 02 Jan 2024 00:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199434
IP address blocks:        5.57.24.0/21 maxlen: 21
                          5.57.24.0/24 maxlen: 24
                          5.57.26.0/24 maxlen: 24
                          5.57.28.0/22 maxlen: 22
                          5.57.27.0/24 maxlen: 24
                          5.57.25.0/24 maxlen: 24
                          185.197.48.0/22 maxlen: 22
                          2a0a:6280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/7edbcf-b90f-4707-b289-a3d377c6feef/1/tv5j7ooj9JFuQFNTHmlQ22wx6AU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/7edbcf-b90f-4707-b289-a3d377c6feef/1/tv5j7ooj9JFuQFNTHmlQ22wx6AU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tv5j7ooj9JFuQFNTHmlQ22wx6AU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:36:dc:da:c8:d9:f9:3c:71:fa:c8:07:66:45:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6fe63ee8a23f4916e4053531e6950db6c31e805
        Validity
            Not Before: Jan  2 00:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f0c74f103fd9bdebb0583c3bd3cb9241d7d6325
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:27:75:e9:b3:53:3a:47:c2:49:08:69:fd:14:
                    99:d1:77:fe:3a:a2:91:0e:6b:07:ae:b5:07:a4:ee:
                    d4:0a:40:9c:bb:96:08:95:41:c0:e4:d6:61:57:61:
                    39:82:86:1f:7d:37:89:d6:0d:92:fb:ab:a5:eb:66:
                    7e:df:b7:00:48:cf:50:af:cd:b7:d5:d7:6c:b1:17:
                    bb:09:d9:90:f3:91:e6:3e:a0:42:5f:ba:55:41:e2:
                    7b:fc:32:df:3d:6d:23:41:d8:28:f8:73:69:1e:2c:
                    76:71:a9:c0:08:9f:11:95:d2:22:6c:68:13:93:4b:
                    ee:69:8e:2c:3d:f6:5c:a9:0e:36:3c:e5:94:5d:21:
                    6a:90:0e:a8:a6:1f:82:a1:8e:5e:90:2c:07:34:4d:
                    18:af:eb:cc:72:31:f0:3d:ce:f8:f4:ba:61:4c:26:
                    ce:91:19:ca:ca:09:b6:a9:32:6d:29:87:e8:6c:3e:
                    de:8c:16:b2:87:33:0f:7f:24:d3:83:0b:4b:c0:d3:
                    ad:44:4f:52:41:1d:d7:e0:85:89:ad:75:80:16:62:
                    76:e8:66:66:ee:f0:e0:8b:1b:32:1b:e0:2a:92:aa:
                    99:7d:c7:92:47:db:f3:ac:29:03:5f:f4:3b:78:d2:
                    3c:c0:4e:03:36:41:da:dc:fe:b4:50:5f:ac:fb:c6:
                    d8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:0C:74:F1:03:FD:9B:DE:BB:05:83:C3:BD:3C:B9:24:1D:7D:63:25
            X509v3 Authority Key Identifier:
                keyid:B6:FE:63:EE:8A:23:F4:91:6E:40:53:53:1E:69:50:DB:6C:31:E8:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tv5j7ooj9JFuQFNTHmlQ22wx6AU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/7edbcf-b90f-4707-b289-a3d377c6feef/1/Lwx08QP9m967BYPDvTy5JB19YyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/7edbcf-b90f-4707-b289-a3d377c6feef/1/tv5j7ooj9JFuQFNTHmlQ22wx6AU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.24.0/21
                  185.197.48.0/22
                IPv6:
                  2a0a:6280::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:69:19:82:24:c8:70:6a:f0:7c:7b:28:5e:fa:d4:1f:bb:43:
         3c:9b:cf:22:28:f4:ca:45:29:0f:6a:97:a5:c6:3a:c7:09:45:
         e0:a6:55:75:21:39:8e:74:37:21:d8:26:95:d8:9c:04:02:38:
         42:9d:ee:14:f3:a7:cd:63:df:ed:03:63:61:c9:fe:f1:92:0b:
         07:df:d5:d6:b1:f7:9d:a3:a8:1c:61:5e:c5:f8:3a:d1:4d:c1:
         27:4a:ce:4c:3c:a4:65:ec:e5:80:a6:4c:48:1f:8e:9f:fc:b4:
         86:52:8b:fd:72:90:55:5c:cb:a2:ab:2c:ee:b7:71:cb:ab:ea:
         4a:3f:5b:8b:2a:2b:66:05:41:02:a9:15:8c:b5:41:d6:99:74:
         43:f2:28:06:62:ad:e5:a5:bf:24:f7:d7:10:a2:87:6d:eb:5e:
         08:5d:68:b3:55:27:42:35:de:e1:97:19:c4:b6:bb:e5:8b:54:
         71:46:3f:99:b8:5e:0d:28:58:fb:a7:6c:b5:90:e3:c2:75:b5:
         94:7e:03:7a:73:d4:4c:7b:09:5e:8c:b1:a2:e0:5a:78:54:0b:
         d5:b4:b5:c5:7f:95:58:da:e4:c4:70:02:d7:39:f9:f0:24:76:
         0f:7c:c8:96:3c:84:a7:dc:07:4f:a6:59:15:07:6b:09:6d:85:
         95:1a:3c:c7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHkzbc2sjZ+Txx+sgHZkXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZmU2M2VlOGEyM2Y0OTE2ZTQwNTM1MzFlNjk1MGRiNmMz
MWU4MDUwHhcNMjQwMTAyMDAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjBjNzRmMTAzZmQ5YmRlYmIwNTgzYzNiZDNjYjkyNDFkN2Q2MzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCd16bNTOkfCSQhp/RSZ0Xf+OqKR
DmsHrrUHpO7UCkCcu5YIlUHA5NZhV2E5goYffTeJ1g2S+6ul62Z+37cASM9Qr823
1ddssRe7CdmQ85HmPqBCX7pVQeJ7/DLfPW0jQdgo+HNpHix2canACJ8RldIibGgT
k0vuaY4sPfZcqQ42POWUXSFqkA6oph+CoY5ekCwHNE0Yr+vMcjHwPc749LphTCbO
kRnKygm2qTJtKYfobD7ejBayhzMPfyTTgwtLwNOtRE9SQR3X4IWJrXWAFmJ26GZm
7vDgixsyG+AqkqqZfceSR9vzrCkDX/Q7eNI8wE4DNkHa3P60UF+s+8bYnwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFC8MdPED/ZveuwWDw708uSQdfWMlMB8GA1UdIwQY
MBaAFLb+Y+6KI/SRbkBTUx5pUNtsMegFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHY1ajdvb2o5SkZ1UUZOVEhtbFEyMnd4NkFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS83ZWRiY2YtYjkwZi00NzA3LWIyODkt
YTNkMzc3YzZmZWVmLzEvTHd4MDhRUDltOTY3QllQRHZUeTVKQjE5WXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS83ZWRiY2YtYjkwZi00NzA3LWIyODktYTNkMzc3YzZmZWVm
LzEvdHY1ajdvb2o5SkZ1UUZOVEhtbFEyMnd4NkFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBTkYAwQC
ucUwMA0EAgACMAcDBQMqCmKAMA0GCSqGSIb3DQEBCwUAA4IBAQCWaRmCJMhwavB8
eyhe+tQfu0M8m88iKPTKRSkPapelxjrHCUXgplV1ITmOdDch2CaV2JwEAjhCne4U
86fNY9/tA2Nhyf7xkgsH39XWsfedo6gcYV7F+DrRTcEnSs5MPKRl7OWApkxIH46f
/LSGUov9cpBVXMuiqyzut3HLq+pKP1uLKitmBUECqRWMtUHWmXRD8igGYq3lpb8k
99cQoodt614IXWizVSdCNd7hlxnEtrvli1RxRj+ZuF4NKFj7p2y1kOPCdbWUfgN6
c9RMewlejLGi4Fp4VAvVtLXFf5VY2uTEcALXOfnwJHYPfMiWPISn3AdPplkVB2sJ
bYWVGjzH
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:58:35 2024 by rpki-client on console-ams.rpki-client.org