Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/eULibZXQaYuQ0ZCNXik9higfmK0.roa
File:                     eULibZXQaYuQ0ZCNXik9higfmK0.roa (raw, json)
Hash identifier:          JDnlkJbcuuwk0FxjeCGl4DWlb0UKqMjwqV+2zFlDBi4=
Subject key identifier:   79:42:E2:6D:95:D0:69:8B:90:D1:90:8D:5E:29:3D:86:28:1F:98:AD
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0191989E65777D42BA297E706DE4851DF406
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/eULibZXQaYuQ0ZCNXik9higfmK0.roa
Signing time:             Wed 28 Aug 2024 10:53:23 +0000
ROA not before:           Wed 28 Aug 2024 10:53:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13118
IP address blocks:        46.237.0.0/18 maxlen: 18
                          46.237.0.0/19 maxlen: 19
                          46.237.48.0/20 maxlen: 20
                          77.234.0.0/19 maxlen: 19
                          85.113.192.0/19 maxlen: 19
                          85.113.192.0/20 maxlen: 20
                          85.113.204.0/24 maxlen: 24
                          87.253.0.0/19 maxlen: 19
                          87.253.0.0/20 maxlen: 20
                          87.253.13.0/24 maxlen: 24
                          87.253.16.0/21 maxlen: 21
                          87.253.24.0/21 maxlen: 21
                          93.181.208.0/20 maxlen: 20
                          93.181.224.0/24 maxlen: 24
                          93.181.225.0/24 maxlen: 24
                          93.181.240.0/20 maxlen: 20
                          95.86.192.0/18 maxlen: 18
                          95.86.192.0/19 maxlen: 19
                          95.86.206.0/24 maxlen: 24
                          95.86.207.0/24 maxlen: 24
                          95.86.208.0/24 maxlen: 24
                          95.86.209.0/24 maxlen: 24
                          95.86.224.0/19 maxlen: 19
                          95.106.160.0/19 maxlen: 19
                          109.161.0.0/17 maxlen: 17
                          109.161.0.0/19 maxlen: 19
                          109.161.0.0/21 maxlen: 21
                          109.161.8.0/21 maxlen: 21
                          109.161.32.0/19 maxlen: 19
                          109.161.52.0/24 maxlen: 24
                          109.161.57.0/24 maxlen: 24
                          109.161.60.0/22 maxlen: 22
                          109.161.64.0/19 maxlen: 19
                          109.161.64.0/20 maxlen: 20
                          217.15.128.0/19 maxlen: 24
                          217.15.134.0/24 maxlen: 24
                          217.15.144.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:98:9e:65:77:7d:42:ba:29:7e:70:6d:e4:85:1d:f4:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Aug 28 10:53:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7942e26d95d0698b90d1908d5e293d86281f98ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:4c:c2:16:7f:16:61:6a:a0:dc:a9:91:7a:9a:
                    c1:89:fe:51:8b:4a:d2:c4:b1:ab:76:b1:47:71:99:
                    e8:52:39:8d:bd:0d:96:c7:e6:2b:91:7f:a0:33:c8:
                    5d:4d:bd:b7:7c:c9:a2:2d:ea:ee:f1:71:3f:6b:39:
                    be:42:36:da:82:7f:a0:6d:d8:d5:45:98:30:31:21:
                    a2:f8:9a:d2:3a:d0:70:2d:af:ed:ae:f7:6a:e1:8c:
                    e1:99:db:12:e5:ec:c0:ee:2c:fc:7f:31:49:bb:ac:
                    55:96:bb:a3:8f:e8:47:55:91:9c:35:8c:21:24:d8:
                    59:7d:7b:e4:b6:22:46:13:68:f2:39:3f:94:1e:44:
                    3a:e7:c4:30:21:5d:6c:33:02:d0:72:54:fe:27:e8:
                    56:17:7d:10:08:14:0f:1c:a5:c3:b2:ba:f0:00:3c:
                    58:1e:09:78:e9:c0:30:0b:ea:b1:cb:ef:ff:29:11:
                    bc:df:a0:e6:00:0b:ff:fb:34:9f:56:78:10:a7:ae:
                    50:ac:36:bf:09:24:23:3f:9f:e5:4d:60:e0:7c:fa:
                    48:e8:5e:78:5b:18:34:1a:a2:c0:7d:18:7d:34:30:
                    36:7c:30:8f:b2:65:7c:0f:9f:9b:cb:b5:39:fe:7d:
                    02:ed:f5:c7:76:8e:3d:cb:79:2e:e1:5a:de:9b:8d:
                    20:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:42:E2:6D:95:D0:69:8B:90:D1:90:8D:5E:29:3D:86:28:1F:98:AD
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/eULibZXQaYuQ0ZCNXik9higfmK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.237.0.0/18
                  77.234.0.0/19
                  85.113.192.0/19
                  87.253.0.0/19
                  93.181.208.0-93.181.225.255
                  93.181.240.0/20
                  95.86.192.0/18
                  95.106.160.0/19
                  109.161.0.0/17
                  217.15.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         41:f5:6a:47:1b:30:92:58:04:66:f1:a8:e0:7b:ed:e5:bd:3e:
         09:3c:5d:be:3a:29:28:3c:64:2f:04:33:45:a2:80:8c:80:94:
         8d:0c:44:a9:b1:90:d4:c0:b7:87:4c:1f:cf:c0:27:d5:a3:dc:
         f5:a2:b2:70:ba:f2:fc:9c:ab:2f:00:b6:a9:d3:46:62:ca:48:
         24:54:71:07:01:53:69:cc:f1:e1:0b:ef:73:ed:45:a7:06:fe:
         0a:f0:cb:c9:a2:6c:e4:c4:ad:22:2d:48:3d:0d:27:1d:a2:7a:
         e5:6f:63:4e:65:e0:90:cf:d4:b9:80:a3:ef:95:06:c8:53:80:
         0a:e5:15:a9:92:2c:5a:5f:26:c6:95:c3:98:2b:6e:c1:d5:66:
         ce:fd:9f:ab:83:77:51:ac:44:1a:20:2f:56:9f:b2:27:67:ac:
         5f:bc:b6:e2:58:ad:54:41:ae:cf:ac:fa:27:6a:98:3c:38:7d:
         0d:45:74:f2:71:a7:24:cc:11:bd:b5:78:d3:09:ea:37:a9:62:
         20:51:34:77:f0:86:22:a7:41:47:2e:58:3c:d6:56:24:26:e2:
         ae:05:76:f7:4b:ff:65:f8:43:56:94:e1:f8:8b:55:ad:33:3f:
         94:b6:e9:6c:82:b9:bd:74:50:71:37:a3:ff:f5:c3:ab:21:a8:
         5c:2f:e3:ae
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZGYnmV3fUK6KX5wbeSFHfQGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwODI4MTA1MzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTQyZTI2ZDk1ZDA2OThiOTBkMTkwOGQ1ZTI5M2Q4NjI4MWY5OGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6UzCFn8WYWqg3KmReprBif5Ri0rS
xLGrdrFHcZnoUjmNvQ2Wx+YrkX+gM8hdTb23fMmiLeru8XE/azm+Qjbagn+gbdjV
RZgwMSGi+JrSOtBwLa/trvdq4YzhmdsS5ezA7iz8fzFJu6xVlrujj+hHVZGcNYwh
JNhZfXvktiJGE2jyOT+UHkQ658QwIV1sMwLQclT+J+hWF30QCBQPHKXDsrrwADxY
Hgl46cAwC+qxy+//KRG836DmAAv/+zSfVngQp65QrDa/CSQjP5/lTWDgfPpI6F54
Wxg0GqLAfRh9NDA2fDCPsmV8D5+by7U5/n0C7fXHdo49y3ku4Vrem40gwwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFHlC4m2V0GmLkNGQjV4pPYYoH5itMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvZVVMaWJaWFFhWXVRMFpDTlhpazloaWdmbUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQGLu0AAwQF
TeoAAwQFVXHAAwQFV/0AMAwDBARdtdADBAFdteADBARdtfADBAZfVsADBAVfaqAD
BAdtoQADBAXZD4AwDQYJKoZIhvcNAQELBQADggEBAEH1akcbMJJYBGbxqOB77eW9
Pgk8Xb46KSg8ZC8EM0WigIyAlI0MRKmxkNTAt4dMH8/AJ9Wj3PWisnC68vycqy8A
tqnTRmLKSCRUcQcBU2nM8eEL73PtRacG/grwy8mibOTErSItSD0NJx2ieuVvY05l
4JDP1LmAo++VBshTgArlFamSLFpfJsaVw5grbsHVZs79n6uDd1GsRBogL1afsidn
rF+8tuJYrVRBrs+s+idqmDw4fQ1FdPJxpyTMEb21eNMJ6jepYiBRNHfwhiKnQUcu
WDzWViQm4q4FdvdL/2X4Q1aU4fiLVa0zP5S26WyCub10UHE3o//1w6shqFwv464=
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:43:26 2024 by rpki-client on console-fra.rpki-client.org