Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/X7KqRAfmZwA9ZhYBLwxabn_6BrM.roa
File:                     X7KqRAfmZwA9ZhYBLwxabn_6BrM.roa (raw, json)
Hash identifier:          HsezpaYn7VytGuqUIYiiBt7PCZMnIhvTiLN7nCKwqqY=
Subject key identifier:   5F:B2:AA:44:07:E6:67:00:3D:66:16:01:2F:0C:5A:6E:7F:FA:06:B3
Certificate issuer:       /CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Certificate serial:       018EBC47ECB16AF96A1158513DF606A86841
Authority key identifier: 81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/X7KqRAfmZwA9ZhYBLwxabn_6BrM.roa
Signing time:             Mon 08 Apr 2024 05:56:53 +0000
ROA not before:           Mon 08 Apr 2024 05:56:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213176
IP address blocks:        209.35.224.0/24 maxlen: 24
                          209.35.225.0/24 maxlen: 24
                          209.35.226.0/24 maxlen: 24
                          209.35.227.0/24 maxlen: 24
                          209.35.228.0/24 maxlen: 24
                          209.35.229.0/24 maxlen: 24
                          209.35.230.0/24 maxlen: 24
                          209.35.231.0/24 maxlen: 24
                          209.35.233.0/24 maxlen: 24
                          212.59.64.0/24 maxlen: 24
                          212.59.65.0/24 maxlen: 24
                          212.59.66.0/24 maxlen: 24
                          212.59.67.0/24 maxlen: 24
                          212.59.68.0/24 maxlen: 24
                          212.59.69.0/24 maxlen: 24
                          212.59.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bc:47:ec:b1:6a:f9:6a:11:58:51:3d:f6:06:a8:68:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
        Validity
            Not Before: Apr  8 05:56:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fb2aa4407e667003d6616012f0c5a6e7ffa06b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:3c:5e:0c:58:85:ed:f7:97:b9:d8:4c:17:14:
                    00:c6:1f:23:51:f6:84:61:bc:4c:a8:09:6d:77:aa:
                    57:7f:c6:38:c9:18:ed:41:bb:5c:69:c9:29:c4:8c:
                    8c:23:d4:aa:d1:52:45:70:95:ff:27:32:07:cf:26:
                    bc:32:51:42:08:43:a2:71:e1:77:d1:3e:f5:80:69:
                    4b:ff:ca:5a:ed:f1:28:0d:82:02:c7:0c:c5:b2:d3:
                    4c:d3:3b:c9:d6:00:9a:a1:29:4f:08:19:4a:84:0d:
                    b9:cf:a7:03:80:38:ec:05:66:d1:8f:3b:93:25:e4:
                    f3:d5:97:d3:03:7a:ea:07:6a:80:25:31:58:74:4a:
                    69:29:d0:52:89:2d:5c:7e:33:a3:48:87:89:43:ee:
                    15:ab:f7:04:e6:eb:ca:8f:e2:bf:5d:2e:6f:dc:3c:
                    33:16:6e:06:fa:c5:e2:4d:45:6c:4d:41:e9:04:65:
                    35:67:e1:07:2d:ff:34:58:9f:cd:41:01:25:3a:f9:
                    44:ef:ed:d3:9f:ff:46:75:19:ad:86:99:af:5a:05:
                    92:84:f4:bc:64:d4:dc:dd:50:66:fe:b7:1c:57:98:
                    48:aa:8b:9d:42:e0:27:cd:eb:61:6b:fc:6a:27:98:
                    86:9a:7f:b6:a2:62:29:43:2f:e3:dc:f7:45:a4:02:
                    bb:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B2:AA:44:07:E6:67:00:3D:66:16:01:2F:0C:5A:6E:7F:FA:06:B3
            X509v3 Authority Key Identifier:
                keyid:81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/X7KqRAfmZwA9ZhYBLwxabn_6BrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.35.224.0/21
                  209.35.233.0/24
                  212.59.64.0-212.59.70.255

    Signature Algorithm: sha256WithRSAEncryption
         04:ef:2e:6a:f2:19:d3:5c:fe:3a:58:0f:58:b4:dc:2d:bb:b4:
         38:5f:54:4b:c7:ed:df:fd:12:a2:a7:ce:c0:d8:92:94:db:d3:
         99:61:b1:8b:cc:be:c8:21:2d:79:96:e1:41:d2:17:e6:49:86:
         76:cb:e3:36:6f:a5:8d:48:a3:b9:cc:4f:93:6c:76:f9:df:b2:
         8d:4c:13:a0:cc:d6:18:0c:87:63:a7:81:08:0d:80:71:45:ff:
         a4:a9:3a:b0:6a:83:e6:a3:96:52:6d:74:eb:d2:6a:8f:38:2d:
         ed:1b:21:21:3d:48:67:1d:be:b0:99:ad:eb:71:34:f6:ec:1e:
         4c:39:89:49:b4:20:48:41:49:3d:a9:97:54:c3:52:8a:4c:31:
         e4:8c:96:9f:3e:8c:ca:04:fd:49:70:e8:4e:92:0f:66:c4:bb:
         1c:80:c0:dc:34:9e:5f:5d:88:b7:b0:2b:9e:07:7c:e2:76:6f:
         fd:65:27:be:41:21:a7:5d:99:b9:05:57:01:69:31:87:88:fc:
         de:42:e4:49:a6:73:a3:ed:72:f4:30:99:ac:b9:5a:79:c8:d9:
         f2:dc:fc:aa:f1:52:22:b7:af:a2:4a:75:9b:b0:47:cd:6a:16:
         a5:18:24:69:99:98:c6:99:84:54:c5:63:9e:80:5a:1f:d4:0f:
         81:5d:cb:57
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY68R+yxavlqEVhRPfYGqGhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTJkMGRjZDUwYTY4MmY5NzVlYTNkOGMzOGU1ZTY3YmIw
MzIyZjkwHhcNMjQwNDA4MDU1NjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmIyYWE0NDA3ZTY2NzAwM2Q2NjE2MDEyZjBjNWE2ZTdmZmEwNmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDxeDFiF7feXudhMFxQAxh8jUfaE
YbxMqAltd6pXf8Y4yRjtQbtcackpxIyMI9Sq0VJFcJX/JzIHzya8MlFCCEOiceF3
0T71gGlL/8pa7fEoDYICxwzFstNM0zvJ1gCaoSlPCBlKhA25z6cDgDjsBWbRjzuT
JeTz1ZfTA3rqB2qAJTFYdEppKdBSiS1cfjOjSIeJQ+4Vq/cE5uvKj+K/XS5v3Dwz
Fm4G+sXiTUVsTUHpBGU1Z+EHLf80WJ/NQQElOvlE7+3Tn/9GdRmthpmvWgWShPS8
ZNTc3VBm/rccV5hIqoudQuAnzetha/xqJ5iGmn+2omIpQy/j3PdFpAK7jQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFF+yqkQH5mcAPWYWAS8MWm5/+gazMB8GA1UdIwQY
MBaAFIGi0NzVCmgvl16j2MOOXme7AyL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQt
ZmU0NWQ1MTYwYzM5LzEvWDdLcVJBZm1ad0E5WmhZQkx3eGFibl82QnJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQtZmU0NWQ1MTYwYzM5
LzEvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQD0SPgAwQA
0SPpMAwDBAbUO0ADBADUO0YwDQYJKoZIhvcNAQELBQADggEBAATvLmryGdNc/jpY
D1i03C27tDhfVEvH7d/9EqKnzsDYkpTb05lhsYvMvsghLXmW4UHSF+ZJhnbL4zZv
pY1Io7nMT5Nsdvnfso1ME6DM1hgMh2OngQgNgHFF/6SpOrBqg+ajllJtdOvSao84
Le0bISE9SGcdvrCZretxNPbsHkw5iUm0IEhBST2pl1TDUopMMeSMlp8+jMoE/Ulw
6E6SD2bEuxyAwNw0nl9diLewK54HfOJ2b/1lJ75BIaddmbkFVwFpMYeI/N5C5Emm
c6PtcvQwmay5WnnI2fLc/KrxUiK3r6JKdZuwR81qFqUYJGmZmMaZhFTFY56AWh/U
D4Fdy1c=
-----END CERTIFICATE-----
Generated at Sat Jun 15 13:24:39 2024 by rpki-client on console-fra.rpki-client.org