Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/m5jR3Hta1q0XEtKmUkRA_DG_UUc.roa
File:                     m5jR3Hta1q0XEtKmUkRA_DG_UUc.roa (raw, json)
Hash identifier:          iddOC8ev9d69WwmvUYyCj7AjlR4GSK3MQN8L0J5no8I=
Subject key identifier:   9B:98:D1:DC:7B:5A:D6:AD:17:12:D2:A6:52:44:40:FC:31:BF:51:47
Certificate issuer:       /CN=449b18e3296d795d3a9c959be25c70aaab365200
Certificate serial:       018CC492F486291954353274A0B968029B42
Authority key identifier: 44:9B:18:E3:29:6D:79:5D:3A:9C:95:9B:E2:5C:70:AA:AB:36:52:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RJsY4ylteV06nJWb4lxwqqs2UgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/m5jR3Hta1q0XEtKmUkRA_DG_UUc.roa
Signing time:             Mon 01 Jan 2024 10:30:14 +0000
ROA not before:           Mon 01 Jan 2024 10:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49808
IP address blocks:        63.247.208.0/20 maxlen: 24
                          185.21.96.0/22 maxlen: 23
                          162.211.104.0/22 maxlen: 24
                          109.68.104.0/21 maxlen: 21
                          185.44.210.0/23 maxlen: 24
                          198.89.232.0/21 maxlen: 24
                          5.159.0.0/21 maxlen: 22
                          139.178.96.0/19 maxlen: 19
                          85.193.160.0/20 maxlen: 24
                          31.193.160.0/21 maxlen: 21
                          85.118.184.0/21 maxlen: 21
                          185.16.112.0/22 maxlen: 22
                          89.249.184.0/21 maxlen: 21
                          86.109.24.0/21 maxlen: 24
                          145.40.32.0/19 maxlen: 24
                          193.41.207.0/24 maxlen: 24
                          162.213.160.0/22 maxlen: 24
                          194.107.144.0/24 maxlen: 32
                          2a03:c100::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/RJsY4ylteV06nJWb4lxwqqs2UgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/RJsY4ylteV06nJWb4lxwqqs2UgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RJsY4ylteV06nJWb4lxwqqs2UgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f4:86:29:19:54:35:32:74:a0:b9:68:02:9b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=449b18e3296d795d3a9c959be25c70aaab365200
        Validity
            Not Before: Jan  1 10:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b98d1dc7b5ad6ad1712d2a6524440fc31bf5147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:95:c1:8e:08:c4:1d:13:2d:a3:af:ac:e4:24:
                    46:d4:60:bd:1d:df:49:68:52:d8:3a:48:26:7e:3b:
                    37:8f:75:40:82:90:cd:62:f3:1d:7a:a2:03:ce:c8:
                    7f:c6:90:c8:c5:7d:55:b6:17:fc:87:b9:88:11:05:
                    89:ac:7d:6e:b3:43:af:ef:c3:10:5b:a0:0b:e3:cc:
                    4a:13:71:a8:1d:30:65:a2:08:d0:60:e7:12:1a:e3:
                    e4:df:0f:70:07:f4:ae:dc:ea:14:ea:94:07:71:de:
                    d9:35:b8:f5:de:88:c1:1c:2b:5a:0e:cc:12:3f:44:
                    58:29:8e:3f:09:de:57:aa:b6:ff:9a:42:aa:74:ec:
                    66:8e:fa:bc:69:e2:4e:18:2d:f1:61:54:d8:f5:0a:
                    76:99:20:18:3e:b0:0b:56:7f:c0:a2:24:67:a3:c0:
                    50:8e:a5:68:ec:fe:bb:4a:f5:35:18:4b:d5:50:76:
                    4c:69:af:10:25:0c:5e:6e:f0:f0:9b:a5:c6:8a:54:
                    b5:8e:6c:be:3b:af:f1:da:92:88:20:83:73:29:11:
                    f5:bb:ff:16:a2:24:b1:7a:7b:67:ec:ce:6e:05:11:
                    ab:b4:0d:60:51:7d:4e:c5:e2:35:41:bf:74:0d:1b:
                    f2:15:d0:51:64:7b:db:e2:93:f1:58:f2:f4:44:cd:
                    02:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:98:D1:DC:7B:5A:D6:AD:17:12:D2:A6:52:44:40:FC:31:BF:51:47
            X509v3 Authority Key Identifier:
                keyid:44:9B:18:E3:29:6D:79:5D:3A:9C:95:9B:E2:5C:70:AA:AB:36:52:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RJsY4ylteV06nJWb4lxwqqs2UgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/m5jR3Hta1q0XEtKmUkRA_DG_UUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/fb39ed-7c73-4478-901d-65a899a60366/1/RJsY4ylteV06nJWb4lxwqqs2UgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.0.0/21
                  31.193.160.0/21
                  63.247.208.0/20
                  85.118.184.0/21
                  85.193.160.0/20
                  86.109.24.0/21
                  89.249.184.0/21
                  109.68.104.0/21
                  139.178.96.0/19
                  145.40.32.0/19
                  162.211.104.0/22
                  162.213.160.0/22
                  185.16.112.0/22
                  185.21.96.0/22
                  185.44.210.0/23
                  193.41.207.0/24
                  194.107.144.0/24
                  198.89.232.0/21
                IPv6:
                  2a03:c100::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:49:43:af:c3:11:53:5d:a7:f3:eb:a6:64:47:64:d0:f2:f1:
         13:67:90:bb:d1:ff:ab:23:66:cc:cd:77:b3:9f:14:43:42:a5:
         bf:be:0f:a8:6b:a4:68:8f:f1:ef:77:5f:c1:40:99:55:ac:32:
         08:89:08:68:d5:3f:b8:bb:0a:61:f5:d6:a0:b0:29:74:d6:7f:
         18:0a:ea:4c:8b:65:33:25:3f:1e:75:c2:45:9c:6f:7c:7f:30:
         8a:4e:d9:35:a6:7c:52:b9:14:71:5a:9d:10:a0:6d:d7:55:9d:
         80:45:8a:ef:76:e8:50:d7:92:ee:d3:d6:94:b4:7a:11:c4:ac:
         cb:0a:13:be:d6:6e:33:2f:7b:d3:88:32:6e:ee:f2:f4:53:8a:
         e9:90:99:b2:ab:5a:4a:ae:89:5b:03:cb:67:ae:f1:bb:cc:63:
         17:bf:3d:ff:7a:99:fc:2b:e0:fc:06:4b:91:4a:6a:28:20:7c:
         48:56:dc:4a:ed:10:7a:d4:63:64:cc:99:0b:6a:1d:63:0f:28:
         86:c1:eb:a7:74:bc:76:a2:9f:fd:64:19:6c:92:ba:9e:48:ad:
         90:47:72:82:20:b4:8c:93:09:4e:27:1a:4e:7d:ce:90:e4:bf:
         4a:10:c2:b3:18:08:e8:bc:f3:6d:3b:31:9f:26:0a:f3:86:f9:
         3c:83:bd:72
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAYzEkvSGKRlUNTJ0oLloAptCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0OWIxOGUzMjk2ZDc5NWQzYTljOTU5YmUyNWM3MGFhYWIz
NjUyMDAwHhcNMjQwMTAxMTAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjk4ZDFkYzdiNWFkNmFkMTcxMmQyYTY1MjQ0NDBmYzMxYmY1MTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpXBjgjEHRMto6+s5CRG1GC9Hd9J
aFLYOkgmfjs3j3VAgpDNYvMdeqIDzsh/xpDIxX1Vthf8h7mIEQWJrH1us0Ov78MQ
W6AL48xKE3GoHTBlogjQYOcSGuPk3w9wB/Su3OoU6pQHcd7ZNbj13ojBHCtaDswS
P0RYKY4/Cd5Xqrb/mkKqdOxmjvq8aeJOGC3xYVTY9Qp2mSAYPrALVn/AoiRno8BQ
jqVo7P67SvU1GEvVUHZMaa8QJQxebvDwm6XGilS1jmy+O6/x2pKIIINzKRH1u/8W
oiSxentn7M5uBRGrtA1gUX1OxeI1Qb90DRvyFdBRZHvb4pPxWPL0RM0CHQIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFJuY0dx7WtatFxLSplJEQPwxv1FHMB8GA1UdIwQY
MBaAFESbGOMpbXldOpyVm+JccKqrNlIAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkpzWTR5bHRlVjA2bkpXYjRseHdxcXMyVWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9mYjM5ZWQtN2M3My00NDc4LTkwMWQt
NjVhODk5YTYwMzY2LzEvbTVqUjNIdGExcTBYRXRLbVVrUkFfREdfVVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9mYjM5ZWQtN2M3My00NDc4LTkwMWQtNjVhODk5YTYwMzY2
LzEvUkpzWTR5bHRlVjA2bkpXYjRseHdxcXMyVWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzByBAIAATBsAwQDBZ8A
AwQDH8GgAwQEP/fQAwQDVXa4AwQEVcGgAwQDVm0YAwQDWfm4AwQDbURoAwQFi7Jg
AwQFkSggAwQCotNoAwQCotWgAwQCuRBwAwQCuRVgAwQBuSzSAwQAwSnPAwQAwmuQ
AwQDxlnoMA0EAgACMAcDBQAqA8EAMA0GCSqGSIb3DQEBCwUAA4IBAQBDSUOvwxFT
Xafz66ZkR2TQ8vETZ5C70f+rI2bMzXeznxRDQqW/vg+oa6Roj/Hvd1/BQJlVrDII
iQho1T+4uwph9dagsCl01n8YCupMi2UzJT8edcJFnG98fzCKTtk1pnxSuRRxWp0Q
oG3XVZ2ARYrvduhQ15Lu09aUtHoRxKzLChO+1m4zL3vTiDJu7vL0U4rpkJmyq1pK
rolbA8tnrvG7zGMXvz3/epn8K+D8BkuRSmooIHxIVtxK7RB61GNkzJkLah1jDyiG
weundLx2op/9ZBlskrqeSK2QR3KCILSMkwlOJxpOfc6Q5L9KEMKzGAjovPNtOzGf
Jgrzhvk8g71y
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:58:55 2024 by rpki-client on console-ams.rpki-client.org