Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/UDSPZJoIjLRczSAzjq-dS4TDOqw.roa
File:                     UDSPZJoIjLRczSAzjq-dS4TDOqw.roa (raw, json)
Hash identifier:          bqFG7AR+ednRnhbqy/knPYf9kWZPrXkG6ii9ru3Sgb4=
Subject key identifier:   50:34:8F:64:9A:08:8C:B4:5C:CD:20:33:8E:AF:9D:4B:84:C3:3A:AC
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EC7F5004802D2170313EECFCAE691FCC4
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/UDSPZJoIjLRczSAzjq-dS4TDOqw.roa
Signing time:             Wed 10 Apr 2024 12:21:46 +0000
ROA not before:           Wed 10 Apr 2024 12:21:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21378
IP address blocks:        80.246.64.0/19 maxlen: 19
                          80.246.64.0/21 maxlen: 21
                          84.42.0.0/19 maxlen: 19
                          84.42.0.0/21 maxlen: 21
                          84.42.8.0/21 maxlen: 21
                          84.42.16.0/21 maxlen: 21
                          84.42.24.0/21 maxlen: 21
                          2a02:2708::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:f5:00:48:02:d2:17:03:13:ee:cf:ca:e6:91:fc:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 10 12:21:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50348f649a088cb45ccd20338eaf9d4b84c33aac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:17:35:ce:38:94:1c:37:5a:91:8b:8d:bf:cd:
                    31:51:90:de:4b:02:16:94:6c:63:4b:42:3f:54:41:
                    2a:3d:87:56:a6:b6:64:7d:59:dc:61:12:d7:7c:6c:
                    a1:bb:55:39:a5:d2:51:a3:bf:00:ae:95:b5:1e:a8:
                    46:8c:94:22:6c:7b:06:7e:e2:80:7a:ba:14:78:d0:
                    12:d6:90:87:2b:a9:1e:c2:68:7a:f8:9c:c0:68:db:
                    92:e3:48:0c:e6:8c:69:bd:0e:68:50:8f:06:bd:4f:
                    97:75:52:23:db:0a:21:f1:6a:96:08:7e:c6:8b:48:
                    ee:d8:45:85:6d:20:b6:08:aa:33:ff:8f:c7:f9:60:
                    a9:2a:d4:14:d9:18:37:a9:14:2b:d3:f9:b9:da:17:
                    07:36:bd:ad:15:b1:a7:56:53:d6:8f:87:e9:70:91:
                    e3:a9:f1:69:87:c0:bb:08:a9:a1:14:af:55:3f:02:
                    83:1e:a7:52:a1:d3:d6:ff:e6:fb:09:ae:d8:f4:ec:
                    c8:29:c7:eb:ca:6d:37:2b:fe:c3:4c:34:f8:60:de:
                    8f:89:cc:44:57:0c:0d:60:ff:dd:bf:b7:01:29:c9:
                    60:6d:48:76:bf:2b:1f:5b:2d:11:1d:81:61:03:2d:
                    21:f9:b8:c5:ff:bc:95:0b:1e:8e:3a:19:4b:e4:27:
                    c3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:34:8F:64:9A:08:8C:B4:5C:CD:20:33:8E:AF:9D:4B:84:C3:3A:AC
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/UDSPZJoIjLRczSAzjq-dS4TDOqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.64.0/19
                  84.42.0.0/19
                IPv6:
                  2a02:2708::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:f6:de:86:2a:80:d8:41:7b:a4:ca:bf:73:53:a1:2d:05:df:
         81:ef:af:ce:0c:be:ae:70:3e:ad:1b:04:e4:80:a3:0b:37:98:
         c4:ec:e2:bb:20:00:f7:83:10:b7:a5:89:8e:0b:16:57:5a:e0:
         ac:fa:c3:31:5f:a2:e0:4a:70:91:de:f9:22:9d:93:ea:47:2a:
         37:cf:ba:48:25:4b:36:37:89:23:91:4c:cc:5e:d0:fa:ae:e9:
         ac:be:3c:21:ee:9b:5e:87:e3:a4:83:95:3f:73:1c:7d:7e:a5:
         ad:ac:ed:ed:70:b1:95:1b:b7:62:20:39:73:6f:5c:4f:bc:3b:
         42:87:a1:e5:1a:fd:ba:ae:89:0b:08:dd:d1:8d:91:b5:9c:f5:
         58:e3:f8:48:78:05:6e:85:39:22:1d:d2:f0:2f:e3:4e:54:0d:
         83:f6:e9:25:46:82:a6:e8:29:fc:fd:51:fb:af:65:78:04:46:
         67:97:3b:07:c3:8f:c5:c7:20:02:71:fb:0f:db:34:84:31:59:
         83:59:64:20:c5:2f:74:ca:b0:b8:de:e0:f5:34:4a:f8:a7:dc:
         2c:d9:95:5f:91:a8:6d:bc:7c:0a:f3:7d:30:b4:b6:da:cf:4f:
         46:52:99:ba:e9:7c:bb:9b:5a:1d:5d:0c:44:3d:22:71:3d:02:
         07:20:44:f7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY7H9QBIAtIXAxPuz8rmkfzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDEwMTIyMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDM0OGY2NDlhMDg4Y2I0NWNjZDIwMzM4ZWFmOWQ0Yjg0YzMzYWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRc1zjiUHDdakYuNv80xUZDeSwIW
lGxjS0I/VEEqPYdWprZkfVncYRLXfGyhu1U5pdJRo78ArpW1HqhGjJQibHsGfuKA
eroUeNAS1pCHK6kewmh6+JzAaNuS40gM5oxpvQ5oUI8GvU+XdVIj2woh8WqWCH7G
i0ju2EWFbSC2CKoz/4/H+WCpKtQU2Rg3qRQr0/m52hcHNr2tFbGnVlPWj4fpcJHj
qfFph8C7CKmhFK9VPwKDHqdSodPW/+b7Ca7Y9OzIKcfrym03K/7DTDT4YN6PicxE
VwwNYP/dv7cBKclgbUh2vysfWy0RHYFhAy0h+bjF/7yVCx6OOhlL5CfD8wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFA0j2SaCIy0XM0gM46vnUuEwzqsMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvVURTUFpKb0lqTFJjelNBempxLWRTNFRET3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFUPZAAwQF
VCoAMA0EAgACMAcDBQAqAicIMA0GCSqGSIb3DQEBCwUAA4IBAQAG9t6GKoDYQXuk
yr9zU6EtBd+B76/ODL6ucD6tGwTkgKMLN5jE7OK7IAD3gxC3pYmOCxZXWuCs+sMx
X6LgSnCR3vkinZPqRyo3z7pIJUs2N4kjkUzMXtD6rumsvjwh7pteh+Okg5U/cxx9
fqWtrO3tcLGVG7diIDlzb1xPvDtCh6HlGv26rokLCN3RjZG1nPVY4/hIeAVuhTki
HdLwL+NOVA2D9uklRoKm6Cn8/VH7r2V4BEZnlzsHw4/FxyACcfsP2zSEMVmDWWQg
xS90yrC43uD1NEr4p9ws2ZVfkahtvHwK830wtLbaz09GUpm66Xy7m1odXQxEPSJx
PQIHIET3
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:27:56 2024 by rpki-client on console-ams.rpki-client.org