Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/JDdNc9x4PMAfsdvEjTiaN3M0YSQ.roa
File:                     JDdNc9x4PMAfsdvEjTiaN3M0YSQ.roa (raw, json)
Hash identifier:          MxxMu0QZhFtvrIDUF13X9srIaDOelnPUsvdQ1VhLYRc=
Subject key identifier:   24:37:4D:73:DC:78:3C:C0:1F:B1:DB:C4:8D:38:9A:37:73:34:61:24
Certificate issuer:       /CN=a4f8436003d37602026b65531755ca8fcd31bed2
Certificate serial:       018FA05344D971A97288467F237F5B45BD9E
Authority key identifier: A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/JDdNc9x4PMAfsdvEjTiaN3M0YSQ.roa
Signing time:             Wed 22 May 2024 12:42:42 +0000
ROA not before:           Wed 22 May 2024 12:42:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28717
IP address blocks:        5.83.24.0/21 maxlen: 21
                          78.111.160.0/20 maxlen: 20
                          88.212.64.0/18 maxlen: 18
                          91.143.112.0/20 maxlen: 20
                          94.18.0.0/16 maxlen: 16
                          109.202.128.0/19 maxlen: 19
                          176.222.232.0/21 maxlen: 21
                          188.120.64.0/19 maxlen: 19
                          212.60.96.0/19 maxlen: 19
                          2a01:4f0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:53:44:d9:71:a9:72:88:46:7f:23:7f:5b:45:bd:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f8436003d37602026b65531755ca8fcd31bed2
        Validity
            Not Before: May 22 12:42:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24374d73dc783cc01fb1dbc48d389a3773346124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b8:3f:c9:93:42:c7:6b:6b:bc:4f:6f:15:aa:
                    93:26:e4:93:6a:b3:11:02:d2:34:21:da:fe:ce:3f:
                    ed:77:9c:92:61:5f:26:77:d7:68:48:21:04:a7:b4:
                    ff:d8:23:17:da:8c:7a:96:04:78:63:97:a8:e7:3e:
                    eb:3e:8c:02:4c:da:07:6f:af:db:3b:d9:36:30:46:
                    4a:23:be:7d:f9:f7:21:d8:0a:44:83:19:f3:3d:3d:
                    5f:75:6f:08:a6:89:ac:cd:36:98:cb:a7:32:1c:a9:
                    ce:3d:6d:09:9d:2e:76:b9:07:78:35:6c:70:ce:08:
                    5d:0f:f2:b4:a3:a7:e8:75:98:02:01:62:77:73:56:
                    47:fb:31:a6:98:d9:1b:ff:a5:fe:c5:fa:a6:ef:eb:
                    af:eb:ac:aa:e1:9e:14:23:36:ed:aa:d1:c6:4e:e7:
                    6f:f9:67:07:fc:6b:ae:4e:d6:ec:ca:b5:a2:b2:84:
                    68:28:31:7b:e3:13:e8:1e:76:3f:5d:9f:6a:e5:78:
                    67:cd:33:62:e9:9f:79:7d:61:d6:1f:ec:b0:c8:11:
                    48:b8:d7:be:98:9c:86:ab:80:01:7b:16:04:56:fd:
                    1b:e4:7f:35:cd:c9:01:09:31:2a:1b:40:1f:71:71:
                    ec:78:57:9a:ca:6f:63:0e:6b:51:4a:ad:6e:82:4f:
                    91:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:37:4D:73:DC:78:3C:C0:1F:B1:DB:C4:8D:38:9A:37:73:34:61:24
            X509v3 Authority Key Identifier:
                keyid:A4:F8:43:60:03:D3:76:02:02:6B:65:53:17:55:CA:8F:CD:31:BE:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPhDYAPTdgICa2VTF1XKj80xvtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/JDdNc9x4PMAfsdvEjTiaN3M0YSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/515608-5012-4a40-b324-27bf83cded6b/1/pPhDYAPTdgICa2VTF1XKj80xvtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.24.0/21
                  78.111.160.0/20
                  88.212.64.0/18
                  91.143.112.0/20
                  94.18.0.0/16
                  109.202.128.0/19
                  176.222.232.0/21
                  188.120.64.0/19
                  212.60.96.0/19
                IPv6:
                  2a01:4f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:a6:34:68:40:3b:f3:9a:0e:2f:8c:fb:a6:0c:76:2c:ea:93:
         00:1c:bc:5d:dc:9b:c7:5f:37:52:66:c6:a7:26:5f:9c:d8:85:
         75:bc:dc:0d:0c:3e:ee:17:06:03:e6:42:8c:54:7e:36:91:97:
         8e:ee:eb:45:80:fd:2f:45:56:16:c3:9f:b3:c2:3f:53:32:02:
         63:c9:26:ee:bb:3b:09:97:1c:e3:2e:ee:41:6c:3f:a4:0e:ca:
         3c:ca:f0:f6:9e:fa:72:dd:b4:5a:7e:b7:b3:5a:53:4e:3d:2e:
         26:b1:c5:db:9a:df:ac:fb:5c:f5:00:e6:4c:0c:25:05:b2:25:
         6c:8e:19:c6:6d:32:1e:73:b3:90:f1:de:4c:ee:16:45:66:61:
         ca:37:86:ba:86:f8:6b:e5:71:52:dd:ed:7b:8d:d7:a3:0c:3a:
         8e:be:1e:ed:49:4a:35:ed:ec:f3:44:af:38:29:9e:f6:fe:3d:
         5a:68:55:25:2a:da:4a:32:33:fe:9f:6c:7f:29:44:e5:b7:8b:
         1f:b3:43:fd:ac:31:27:c2:bb:05:65:a1:6a:65:74:78:21:d9:
         aa:02:bd:ee:93:85:d1:04:d3:90:3d:8c:29:aa:fb:10:49:f4:
         9d:e7:5b:09:9c:98:9e:d4:25:28:32:64:ec:28:24:24:7a:85:
         dc:ef:f7:b4
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY+gU0TZcalyiEZ/I39bRb2eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Zjg0MzYwMDNkMzc2MDIwMjZiNjU1MzE3NTVjYThmY2Qz
MWJlZDIwHhcNMjQwNTIyMTI0MjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDM3NGQ3M2RjNzgzY2MwMWZiMWRiYzQ4ZDM4OWEzNzczMzQ2MTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrg/yZNCx2trvE9vFaqTJuSTarMR
AtI0Idr+zj/td5ySYV8md9doSCEEp7T/2CMX2ox6lgR4Y5eo5z7rPowCTNoHb6/b
O9k2MEZKI759+fch2ApEgxnzPT1fdW8IpomszTaYy6cyHKnOPW0JnS52uQd4NWxw
zghdD/K0o6fodZgCAWJ3c1ZH+zGmmNkb/6X+xfqm7+uv66yq4Z4UIzbtqtHGTudv
+WcH/GuuTtbsyrWisoRoKDF74xPoHnY/XZ9q5XhnzTNi6Z95fWHWH+ywyBFIuNe+
mJyGq4ABexYEVv0b5H81zckBCTEqG0AfcXHseFeaym9jDmtRSq1ugk+RswIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFCQ3TXPceDzAH7HbxI04mjdzNGEkMB8GA1UdIwQY
MBaAFKT4Q2AD03YCAmtlUxdVyo/NMb7SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQt
MjdiZjgzY2RlZDZiLzEvSkRkTmM5eDRQTUFmc2R2RWpUaWFOM00wWVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS81MTU2MDgtNTAxMi00YTQwLWIzMjQtMjdiZjgzY2RlZDZi
LzEvcFBoRFlBUFRkZ0lDYTJWVEYxWEtqODB4dnRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA7BAIAATA1AwQDBVMYAwQE
Tm+gAwQGWNRAAwQEW49wAwMAXhIDBAVtyoADBAOw3ugDBAW8eEADBAXUPGAwDQQC
AAIwBwMFACoBBPAwDQYJKoZIhvcNAQELBQADggEBAGumNGhAO/OaDi+M+6YMdizq
kwAcvF3cm8dfN1JmxqcmX5zYhXW83A0MPu4XBgPmQoxUfjaRl47u60WA/S9FVhbD
n7PCP1MyAmPJJu67OwmXHOMu7kFsP6QOyjzK8Pae+nLdtFp+t7NaU049Liaxxdua
36z7XPUA5kwMJQWyJWyOGcZtMh5zs5Dx3kzuFkVmYco3hrqG+GvlcVLd7XuN16MM
Oo6+Hu1JSjXt7PNErzgpnvb+PVpoVSUq2koyM/6fbH8pROW3ix+zQ/2sMSfCuwVl
oWpldHgh2aoCve6ThdEE05A9jCmq+xBJ9J3nWwmcmJ7UJSgyZOwoJCR6hdzv97Q=
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:14:39 2024 by rpki-client on console-fra.rpki-client.org