Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/XCzrHO8aglqCfJYlZgPzvOIJ31E.roa
File:                     XCzrHO8aglqCfJYlZgPzvOIJ31E.roa (raw, json)
Hash identifier:          IffHfSnoW3m0Q0onEzvMmYE4D5MS4aSDXIvBmJFOBnU=
Subject key identifier:   5C:2C:EB:1C:EF:1A:82:5A:82:7C:96:25:66:03:F3:BC:E2:09:DF:51
Certificate issuer:       /CN=25a89539520004270d34253bdc16d87784156e1a
Certificate serial:       018CC72765396D88886B029A83E7DCFAB710
Authority key identifier: 25:A8:95:39:52:00:04:27:0D:34:25:3B:DC:16:D8:77:84:15:6E:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/XCzrHO8aglqCfJYlZgPzvOIJ31E.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62336
IP address blocks:        212.53.216.0/22 maxlen: 22
                          212.53.224.0/20 maxlen: 20
                          212.48.116.64/26 maxlen: 26
                          212.53.240.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:65:39:6d:88:88:6b:02:9a:83:e7:dc:fa:b7:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25a89539520004270d34253bdc16d87784156e1a
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c2ceb1cef1a825a827c96256603f3bce209df51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:eb:2d:df:12:ee:a0:82:1e:d1:21:cb:9a:89:
                    8c:b8:87:09:3a:21:94:ca:77:39:6b:a5:78:1d:a0:
                    e7:b0:c8:2e:d9:63:78:c8:58:7f:45:af:0c:82:17:
                    76:5a:a1:12:00:4a:36:5f:cd:87:a3:57:d7:ed:a3:
                    4e:d5:7d:e0:55:3c:d8:46:66:e0:c9:56:bb:11:21:
                    30:ac:aa:5f:88:34:a2:39:7c:52:4f:20:15:75:89:
                    8a:0c:f1:0b:d9:74:b7:55:1d:06:0d:d4:a8:dc:0e:
                    d8:18:36:9b:84:80:be:b3:ea:6f:91:aa:2f:ce:a4:
                    ab:d8:1d:ec:66:f0:44:9c:31:62:1e:2a:12:c0:1e:
                    ca:1b:11:12:f2:5a:74:eb:f0:73:2d:5b:ac:47:b1:
                    d5:0a:57:c3:33:d9:07:08:51:c8:01:4d:da:68:7b:
                    74:65:6c:18:5c:79:81:96:3a:5d:90:1c:85:f7:28:
                    36:5b:1c:e6:b5:a9:3d:cb:75:c4:f1:ad:da:80:79:
                    8b:f6:fe:80:7f:f6:48:06:b3:8a:b6:11:27:8b:85:
                    dc:f5:83:69:89:af:32:bc:79:2e:3a:f6:cd:90:78:
                    78:c3:e6:8a:9d:0e:cb:ab:2a:bb:19:ee:f0:58:49:
                    34:55:15:00:2b:80:01:23:de:70:2c:46:6d:78:6c:
                    53:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:2C:EB:1C:EF:1A:82:5A:82:7C:96:25:66:03:F3:BC:E2:09:DF:51
            X509v3 Authority Key Identifier:
                keyid:25:A8:95:39:52:00:04:27:0D:34:25:3B:DC:16:D8:77:84:15:6E:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JaiVOVIABCcNNCU73BbYd4QVbho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/XCzrHO8aglqCfJYlZgPzvOIJ31E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/bc15ec-6b0d-4734-a088-d00526b91605/1/JaiVOVIABCcNNCU73BbYd4QVbho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.48.116.64/26
                  212.53.216.0/22
                  212.53.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         56:b5:e9:ce:e7:d1:65:49:45:23:f5:9c:45:d2:81:97:32:03:
         dc:c5:fb:37:5b:32:bf:74:a5:c5:97:d4:67:e0:79:74:d4:3d:
         8b:41:00:93:88:4a:9a:97:eb:5f:f4:5d:50:38:dd:7c:62:ad:
         ba:98:c6:fc:20:e3:81:21:b9:38:13:2d:79:e0:f4:42:22:f8:
         cb:6e:ee:46:09:f4:64:61:15:b9:69:28:9a:fb:f8:f4:44:cc:
         a1:ff:75:71:e4:ba:2d:07:e0:cb:bd:46:64:44:40:37:b9:66:
         68:92:68:64:f2:22:6c:1e:1a:fe:25:be:56:a7:41:3c:1c:42:
         e0:8a:83:e1:07:1c:71:76:59:be:c5:0c:b6:6f:bc:f5:1c:85:
         30:85:17:70:8b:b3:1c:38:4e:39:26:43:59:b0:7c:cd:ca:fb:
         11:09:02:27:fc:88:ae:33:6f:74:6b:59:f2:d5:a7:2c:7d:32:
         81:81:35:97:72:f0:46:8e:e6:83:3f:50:6e:d6:c5:2b:79:a6:
         83:c1:50:c4:bd:1c:a3:6b:2b:be:1f:e7:e1:f4:b5:4d:12:cd:
         4f:a9:f6:3e:39:00:71:c3:81:04:e8:73:15:4c:b4:38:ce:4b:
         aa:42:4b:15:fe:05:9d:b3:eb:c7:b5:51:d3:53:c4:16:a8:5c:
         7e:bb:41:34
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzHJ2U5bYiIawKag+fc+rcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YTg5NTM5NTIwMDA0MjcwZDM0MjUzYmRjMTZkODc3ODQx
NTZlMWEwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzJjZWIxY2VmMWE4MjVhODI3Yzk2MjU2NjAzZjNiY2UyMDlkZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+st3xLuoIIe0SHLmomMuIcJOiGU
ync5a6V4HaDnsMgu2WN4yFh/Ra8Mghd2WqESAEo2X82Ho1fX7aNO1X3gVTzYRmbg
yVa7ESEwrKpfiDSiOXxSTyAVdYmKDPEL2XS3VR0GDdSo3A7YGDabhIC+s+pvkaov
zqSr2B3sZvBEnDFiHioSwB7KGxES8lp06/BzLVusR7HVClfDM9kHCFHIAU3aaHt0
ZWwYXHmBljpdkByF9yg2Wxzmtak9y3XE8a3agHmL9v6Af/ZIBrOKthEni4Xc9YNp
ia8yvHkuOvbNkHh4w+aKnQ7Lqyq7Ge7wWEk0VRUAK4ABI95wLEZteGxTOQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFFws6xzvGoJagnyWJWYD87ziCd9RMB8GA1UdIwQY
MBaAFCWolTlSAAQnDTQlO9wW2HeEFW4aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmFpVk9WSUFCQ2NOTkNVNzNCYllkNFFWYmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iYzE1ZWMtNmIwZC00NzM0LWEwODgt
ZDAwNTI2YjkxNjA1LzEvWEN6ckhPOGFnbHFDZkpZbFpnUHp2T0lKMzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iYzE1ZWMtNmIwZC00NzM0LWEwODgtZDAwNTI2YjkxNjA1
LzEvSmFpVk9WSUFCQ2NOTkNVNzNCYllkNFFWYmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwUG1DB0QAME
AtQ12AMEBdQ14DANBgkqhkiG9w0BAQsFAAOCAQEAVrXpzufRZUlFI/WcRdKBlzID
3MX7N1syv3SlxZfUZ+B5dNQ9i0EAk4hKmpfrX/RdUDjdfGKtupjG/CDjgSG5OBMt
eeD0QiL4y27uRgn0ZGEVuWkomvv49ETMof91ceS6LQfgy71GZERAN7lmaJJoZPIi
bB4a/iW+VqdBPBxC4IqD4QcccXZZvsUMtm+89RyFMIUXcIuzHDhOOSZDWbB8zcr7
EQkCJ/yIrjNvdGtZ8tWnLH0ygYE1l3LwRo7mgz9QbtbFK3mmg8FQxL0co2srvh/n
4fS1TRLNT6n2PjkAccOBBOhzFUy0OM5LqkJLFf4FnbPrx7VR01PEFqhcfrtBNA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:35:04 2024 by rpki-client on console-ams.rpki-client.org