Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/86hG3shlfKdUSvkVBOCwgUfnFak.roa
File:                     86hG3shlfKdUSvkVBOCwgUfnFak.roa (raw, json)
Hash identifier:          g6hFGZB5sjfd6uG+fw6dsamoiAjOAVOgtyEoTXA5WQA=
Subject key identifier:   F3:A8:46:DE:C8:65:7C:A7:54:4A:F9:15:04:E0:B0:81:47:E7:15:A9
Certificate issuer:       /CN=3545a7200164912041bb931efb1feac123b43a18
Certificate serial:       018E7ADCF69338427C85CBED90A705472840
Authority key identifier: 35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/86hG3shlfKdUSvkVBOCwgUfnFak.roa
Signing time:             Tue 26 Mar 2024 13:04:45 +0000
ROA not before:           Tue 26 Mar 2024 13:04:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24768
IP address blocks:        5.253.181.0/24 maxlen: 24
                          5.253.182.0/24 maxlen: 24
                          5.253.183.0/24 maxlen: 24
                          82.102.7.0/24 maxlen: 24
                          94.46.12.0/22 maxlen: 22
                          94.46.12.0/24 maxlen: 24
                          94.46.13.0/24 maxlen: 24
                          94.46.14.0/24 maxlen: 24
                          94.46.15.0/24 maxlen: 24
                          94.46.16.0/22 maxlen: 22
                          94.46.16.0/24 maxlen: 24
                          94.46.20.0/22 maxlen: 22
                          94.46.20.0/24 maxlen: 24
                          94.46.21.0/24 maxlen: 24
                          94.46.22.0/24 maxlen: 24
                          94.46.23.0/24 maxlen: 24
                          94.46.25.0/24 maxlen: 24
                          94.46.26.0/24 maxlen: 24
                          94.46.27.0/24 maxlen: 24
                          94.46.28.0/22 maxlen: 22
                          94.46.28.0/24 maxlen: 24
                          94.46.29.0/24 maxlen: 24
                          94.46.30.0/24 maxlen: 24
                          94.46.128.0/21 maxlen: 21
                          94.46.132.0/24 maxlen: 24
                          94.46.133.0/24 maxlen: 24
                          94.46.160.0/20 maxlen: 24
                          94.46.176.0/21 maxlen: 21
                          109.71.40.0/21 maxlen: 21
                          109.71.40.0/24 maxlen: 24
                          109.71.41.0/24 maxlen: 24
                          109.71.42.0/24 maxlen: 24
                          109.71.43.0/24 maxlen: 24
                          109.71.44.0/24 maxlen: 24
                          109.71.45.0/24 maxlen: 24
                          109.71.46.0/24 maxlen: 24
                          109.71.47.0/24 maxlen: 24
                          130.185.80.0/21 maxlen: 21
                          130.185.81.0/24 maxlen: 24
                          130.185.82.0/24 maxlen: 24
                          130.185.83.0/24 maxlen: 24
                          130.185.84.0/24 maxlen: 24
                          130.185.85.0/24 maxlen: 24
                          130.185.86.0/24 maxlen: 24
                          130.185.87.0/24 maxlen: 24
                          185.15.20.0/22 maxlen: 22
                          185.15.20.0/24 maxlen: 24
                          185.15.22.0/24 maxlen: 24
                          185.15.23.0/24 maxlen: 24
                          2a00:1650::/33 maxlen: 33
                          2a00:1650:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7a:dc:f6:93:38:42:7c:85:cb:ed:90:a7:05:47:28:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3545a7200164912041bb931efb1feac123b43a18
        Validity
            Not Before: Mar 26 13:04:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3a846dec8657ca7544af91504e0b08147e715a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:78:a9:f1:cd:c4:f3:a6:1f:19:04:41:d0:a8:
                    2b:fe:c1:3e:1b:6c:cc:ef:81:d5:70:01:2e:b4:d8:
                    b5:33:be:06:da:33:12:51:0c:be:bd:c2:90:b9:15:
                    08:ef:ff:81:f6:b0:80:45:c7:07:1e:82:1b:42:9c:
                    4a:17:ca:5c:3b:a8:05:80:64:f4:ca:a8:61:2b:f2:
                    2a:3b:3f:af:e6:1d:95:30:a1:3d:95:46:89:cb:53:
                    ff:f6:3d:88:b6:cc:0c:94:24:33:ca:3e:ad:76:d5:
                    35:e0:68:49:dd:73:46:de:f6:be:c8:6e:50:80:93:
                    8b:46:a8:58:57:03:54:1b:e4:d6:01:ec:b0:6c:a9:
                    6c:bf:19:37:30:b6:b4:78:8b:38:02:de:cb:88:ab:
                    5b:21:26:1c:d2:7d:2a:3f:ae:8c:a2:63:52:d5:3d:
                    5e:f7:f9:aa:38:29:a1:4c:39:9e:13:f6:2a:5a:82:
                    e6:c0:4b:cb:b5:84:77:71:ce:1c:77:64:3c:ee:05:
                    32:59:77:71:56:75:29:7d:71:31:08:f8:85:33:ba:
                    e2:4c:3f:93:78:55:a7:bd:11:56:9a:f1:72:7b:08:
                    ca:64:ec:b5:d9:ef:9b:74:78:7e:a1:4d:7c:ae:9b:
                    f2:cd:24:e5:c5:78:ce:4a:c3:f3:21:77:ad:63:4e:
                    6c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:A8:46:DE:C8:65:7C:A7:54:4A:F9:15:04:E0:B0:81:47:E7:15:A9
            X509v3 Authority Key Identifier:
                keyid:35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/86hG3shlfKdUSvkVBOCwgUfnFak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.181.0-5.253.183.255
                  82.102.7.0/24
                  94.46.12.0-94.46.23.255
                  94.46.25.0-94.46.31.255
                  94.46.128.0/21
                  94.46.160.0-94.46.183.255
                  109.71.40.0/21
                  130.185.80.0/21
                  185.15.20.0/22
                IPv6:
                  2a00:1650::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:1c:4d:ed:e6:79:7b:62:59:f6:9d:97:d9:03:46:5e:76:c5:
         a6:f0:67:c2:8a:4f:f9:87:27:4f:46:2b:a7:4e:08:41:99:d6:
         15:75:5b:df:26:5c:63:09:f0:e7:5a:29:cc:0b:b1:f6:12:89:
         72:ad:5a:3a:ec:7b:07:18:50:e4:8b:e8:bc:93:5c:fd:54:2d:
         bb:f8:dc:ef:8d:47:8e:09:f9:db:f5:5a:45:61:21:db:fa:9d:
         e3:1e:c4:30:25:80:05:10:38:13:34:f1:ad:ff:18:fd:02:60:
         9a:df:44:f9:bf:0e:6a:2c:46:8b:fc:99:92:a6:e6:b8:69:8a:
         9c:94:69:b9:89:0d:fe:ff:6f:ae:10:b2:9b:5f:ac:a2:bb:b6:
         37:02:73:38:1b:58:de:6d:33:f6:7f:e7:be:58:20:93:0e:3a:
         9e:f9:6d:07:9c:a2:e1:b6:60:d6:e8:a8:d2:60:3a:85:f7:07:
         c7:d6:25:62:bc:57:b6:de:e9:d4:5e:00:08:ea:82:47:c9:5d:
         53:0b:cd:c9:f7:a8:72:8c:65:1e:bd:16:17:64:64:df:53:f8:
         30:32:55:d3:ca:0f:68:86:c6:88:1f:84:7a:df:fe:b3:c8:8d:
         90:69:9b:d6:cd:b5:c5:6e:c5:25:ef:28:11:63:32:b7:d2:b7:
         29:64:ad:e5
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAY563PaTOEJ8hcvtkKcFRyhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDVhNzIwMDE2NDkxMjA0MWJiOTMxZWZiMWZlYWMxMjNi
NDNhMTgwHhcNMjQwMzI2MTMwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2E4NDZkZWM4NjU3Y2E3NTQ0YWY5MTUwNGUwYjA4MTQ3ZTcxNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Xip8c3E86YfGQRB0Kgr/sE+G2zM
74HVcAEutNi1M74G2jMSUQy+vcKQuRUI7/+B9rCARccHHoIbQpxKF8pcO6gFgGT0
yqhhK/IqOz+v5h2VMKE9lUaJy1P/9j2ItswMlCQzyj6tdtU14GhJ3XNG3va+yG5Q
gJOLRqhYVwNUG+TWAeywbKlsvxk3MLa0eIs4At7LiKtbISYc0n0qP66MomNS1T1e
9/mqOCmhTDmeE/YqWoLmwEvLtYR3cc4cd2Q87gUyWXdxVnUpfXExCPiFM7riTD+T
eFWnvRFWmvFyewjKZOy12e+bdHh+oU18rpvyzSTlxXjOSsPzIXetY05sEwIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFPOoRt7IZXynVEr5FQTgsIFH5xWpMB8GA1UdIwQY
MBaAFDVFpyABZJEgQbuTHvsf6sEjtDoYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDkt
YWFiYjA2MmU0MGRiLzEvODZoRzNzaGxmS2RVU3ZrVkJPQ3dnVWZuRmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDktYWFiYjA2MmU0MGRi
LzEvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBcBAIAATBWMAwDBAAF/bUD
BAMF/bADBABSZgcwDAMEAl4uDAMEA14uEDAMAwQAXi4ZAwQFXi4AAwQDXi6AMAwD
BAVeLqADBANeLrADBANtRygDBAOCuVADBAK5DxQwDQQCAAIwBwMFACoAFlAwDQYJ
KoZIhvcNAQELBQADggEBAFMcTe3meXtiWfadl9kDRl52xabwZ8KKT/mHJ09GK6dO
CEGZ1hV1W98mXGMJ8OdaKcwLsfYSiXKtWjrsewcYUOSL6LyTXP1ULbv43O+NR44J
+dv1WkVhIdv6neMexDAlgAUQOBM08a3/GP0CYJrfRPm/DmosRov8mZKm5rhpipyU
abmJDf7/b64QsptfrKK7tjcCczgbWN5tM/Z/575YIJMOOp75bQecouG2YNboqNJg
OoX3B8fWJWK8V7be6dReAAjqgkfJXVMLzcn3qHKMZR69FhdkZN9T+DAyVdPKD2iG
xogfhHrf/rPIjZBpm9bNtcVuxSXvKBFjMrfStylkreU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:01:57 2024 by rpki-client on console-ams.rpki-client.org