Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/1Hdm4Yb6uudKtF7Z6GZsQybyHjU.roa
File:                     1Hdm4Yb6uudKtF7Z6GZsQybyHjU.roa (raw, json)
Hash identifier:          W7Iji0sZOuTaW08iAlZ0I50hV2fJR5fIhMcUjQTgllQ=
Subject key identifier:   D4:77:66:E1:86:FA:BA:E7:4A:B4:5E:D9:E8:66:6C:43:26:F2:1E:35
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       01964A8F0A7F4BA547B16A1116B2033312B8
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/1Hdm4Yb6uudKtF7Z6GZsQybyHjU.roa
Signing time:             Fri 18 Apr 2025 20:20:10 +0000
ROA not before:           Fri 18 Apr 2025 20:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        158.120.49.0/24 maxlen: 24
                          158.120.51.0/24 maxlen: 24
                          158.120.53.0/24 maxlen: 24
                          158.120.55.0/24 maxlen: 24
                          158.120.57.0/24 maxlen: 24
                          158.120.59.0/24 maxlen: 24
                          158.120.61.0/24 maxlen: 24
                          158.120.63.0/24 maxlen: 24
                          192.46.184.0/21 maxlen: 21
                          192.46.184.0/22 maxlen: 22
                          192.46.188.0/24 maxlen: 24
                          192.46.200.0/22 maxlen: 22
                          192.53.64.0/22 maxlen: 22
                          192.53.68.0/22 maxlen: 22
                          192.53.136.0/22 maxlen: 22
                          192.53.140.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 14:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4a:8f:0a:7f:4b:a5:47:b1:6a:11:16:b2:03:33:12:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Apr 18 20:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d47766e186fabae74ab45ed9e8666c4326f21e35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ef:ad:31:d5:fb:27:a8:43:77:f1:18:68:8b:
                    ae:01:05:0c:6e:a1:dc:ce:12:51:52:40:de:ba:8a:
                    72:71:78:e1:a4:cf:50:f8:19:b8:1b:c3:a5:2d:44:
                    1c:b3:dd:96:e9:8a:1b:43:24:0c:28:aa:07:a7:cf:
                    cf:3a:31:c9:13:f1:2f:94:99:42:7c:37:ec:ad:9b:
                    f9:c7:8d:b2:b4:b0:eb:46:57:05:32:9b:02:12:8f:
                    0e:ab:17:d3:50:5a:40:c1:44:5a:fd:42:17:db:02:
                    1b:3d:cc:e4:3c:87:bd:19:88:8d:8e:be:40:b2:85:
                    31:d9:a4:4e:13:bb:bd:c2:44:6c:74:30:76:1b:a1:
                    57:c8:f4:33:9d:fd:38:07:04:e1:d3:f6:9b:9e:82:
                    86:0b:ab:59:e3:0b:2c:91:75:fc:9b:a9:5c:9a:74:
                    5a:f6:f0:44:0e:22:27:a7:b1:78:49:59:53:33:d8:
                    b4:5e:91:e4:30:ac:3a:21:36:b7:db:0f:b6:5a:de:
                    ec:76:2c:17:5b:78:6e:7a:32:4f:0e:28:4c:7c:5c:
                    59:a8:ee:68:41:19:95:a0:cf:e0:18:e0:55:8f:81:
                    89:2d:93:16:74:9e:0f:6d:e4:9b:78:fa:81:96:1f:
                    dc:cd:2e:32:7c:a4:87:b7:1d:22:cc:7c:7a:b7:e5:
                    55:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:77:66:E1:86:FA:BA:E7:4A:B4:5E:D9:E8:66:6C:43:26:F2:1E:35
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/1Hdm4Yb6uudKtF7Z6GZsQybyHjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.120.49.0/24
                  158.120.51.0/24
                  158.120.53.0/24
                  158.120.55.0/24
                  158.120.57.0/24
                  158.120.59.0/24
                  158.120.61.0/24
                  158.120.63.0/24
                  192.46.184.0/21
                  192.46.200.0/22
                  192.53.64.0/21
                  192.53.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         44:09:cf:c2:d7:8a:08:ef:fd:1c:a8:4e:95:9f:32:9d:8e:8c:
         3d:26:11:94:98:a1:ae:dc:68:a7:ca:dc:95:93:f0:4b:74:c5:
         4a:b6:b4:f5:2b:c0:68:72:89:42:9d:29:07:45:21:c3:ee:33:
         49:b0:7f:30:61:0b:c1:38:83:bf:34:7a:31:5c:1b:a9:80:86:
         b7:c0:0f:b7:8e:b9:d0:b8:b1:38:5b:26:7f:09:17:07:5e:7f:
         b8:13:c6:50:7d:cf:1e:0a:30:70:40:f1:d0:c1:38:2f:2e:96:
         f4:5b:ed:94:cf:fb:18:60:9d:d0:9d:63:1c:fd:72:31:99:98:
         7d:78:1d:1b:d2:08:02:a6:9d:0c:23:07:86:74:eb:11:75:1f:
         f6:4d:be:26:bc:4e:60:ef:c4:cf:36:d2:a1:2a:3c:f3:a1:18:
         91:48:0f:ef:78:2f:0e:a0:51:2a:fa:87:a4:ec:1d:ca:35:ad:
         a3:ed:af:69:5e:d7:6d:78:8d:cf:a2:34:b0:c5:aa:77:1d:23:
         29:cb:52:05:ba:79:8d:58:7b:14:ef:71:8b:c4:c6:68:76:d7:
         ab:09:61:2c:55:54:e7:3c:b6:16:27:d2:e4:21:ec:af:fb:47:
         b1:dc:34:7a:c9:31:d3:a1:f9:49:0b:d9:6f:0c:83:0e:df:ef:
         26:16:b5:32
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZZKjwp/S6VHsWoRFrIDMxK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjUwNDE4MjAyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDc3NjZlMTg2ZmFiYWU3NGFiNDVlZDllODY2NmM0MzI2ZjIxZTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt++tMdX7J6hDd/EYaIuuAQUMbqHc
zhJRUkDeuopycXjhpM9Q+Bm4G8OlLUQcs92W6YobQyQMKKoHp8/POjHJE/EvlJlC
fDfsrZv5x42ytLDrRlcFMpsCEo8OqxfTUFpAwURa/UIX2wIbPczkPIe9GYiNjr5A
soUx2aROE7u9wkRsdDB2G6FXyPQznf04BwTh0/abnoKGC6tZ4wsskXX8m6lcmnRa
9vBEDiInp7F4SVlTM9i0XpHkMKw6ITa32w+2Wt7sdiwXW3huejJPDihMfFxZqO5o
QRmVoM/gGOBVj4GJLZMWdJ4PbeSbePqBlh/czS4yfKSHtx0izHx6t+VV8QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNR3ZuGG+rrnSrRe2ehmbEMm8h41MB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvMUhkbTRZYjZ1dWRLdEY3WjZHWnNReWJ5SGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAnngxAwQA
nngzAwQAnng1AwQAnng3AwQAnng5AwQAnng7AwQAnng9AwQAnng/AwQDwC64AwQC
wC7IAwQDwDVAAwQDwDWIMA0GCSqGSIb3DQEBCwUAA4IBAQBECc/C14oI7/0cqE6V
nzKdjow9JhGUmKGu3GinytyVk/BLdMVKtrT1K8BocolCnSkHRSHD7jNJsH8wYQvB
OIO/NHoxXBupgIa3wA+3jrnQuLE4WyZ/CRcHXn+4E8ZQfc8eCjBwQPHQwTgvLpb0
W+2Uz/sYYJ3QnWMc/XIxmZh9eB0b0ggCpp0MIweGdOsRdR/2Tb4mvE5g78TPNtKh
KjzzoRiRSA/veC8OoFEq+oek7B3KNa2j7a9pXtdteI3PojSwxap3HSMpy1IFunmN
WHsU73GLxMZodterCWEsVVTnPLYWJ9LkIeyv+0ex3DR6yTHToflJC9lvDIMO3+8m
FrUy
-----END CERTIFICATE-----
Generated at Fri May 2 00:05:32 2025 by rpki-client