Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5ourqJCTMlDAv4y47Jth2YGTjdQ.roa
File:                     5ourqJCTMlDAv4y47Jth2YGTjdQ.roa (raw, json)
Hash identifier:          tgfN+iFvwG+FChDoBPMD0HXidged9qEoo1ckYIIYiEU=
Subject key identifier:   E6:8B:AB:A8:90:93:32:50:C0:BF:8C:B8:EC:9B:61:D9:81:93:8D:D4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0196809278684672A40361844D1DB73B86FC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5ourqJCTMlDAv4y47Jth2YGTjdQ.roa
Signing time:             Tue 29 Apr 2025 08:03:24 +0000
ROA not before:           Tue 29 Apr 2025 08:03:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        79.99.150.0/23 maxlen: 24
                          82.152.55.0/24 maxlen: 24
                          82.163.0.0/24 maxlen: 24
                          82.163.10.0/23 maxlen: 24
                          89.213.226.0/24 maxlen: 24
                          109.176.30.0/24 maxlen: 24
                          109.176.208.0/24 maxlen: 24
                          109.176.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:80:92:78:68:46:72:a4:03:61:84:4d:1d:b7:3b:86:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 29 08:03:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e68baba890933250c0bf8cb8ec9b61d981938dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:77:6a:ee:c9:ec:a8:5f:8f:de:9a:8f:bb:dd:
                    0a:4f:98:e0:e6:55:f1:cb:56:42:19:59:4c:34:52:
                    82:89:e8:88:51:19:ec:0e:96:17:b3:69:d5:6b:f6:
                    dc:6e:90:9c:8c:05:4b:af:08:a2:27:65:a5:a6:46:
                    10:62:d8:b8:5f:55:5f:36:5b:6e:d8:35:54:95:93:
                    42:a3:5a:49:b4:0d:4a:b7:f9:76:66:8e:12:7c:cf:
                    5d:70:52:5a:c9:c3:b9:4c:24:d0:6c:1c:b8:1d:d4:
                    38:7a:bb:37:88:4e:0a:5b:63:4c:d9:2b:5a:81:f6:
                    11:81:f0:d7:20:df:05:17:6c:9b:98:c6:c2:74:ec:
                    05:3c:20:d9:d4:87:4b:5c:80:00:73:15:03:6b:06:
                    a0:c3:ab:80:12:70:64:55:1c:57:b9:81:d2:0e:9f:
                    fe:e2:b0:e8:41:e0:b1:28:37:ec:f8:30:7e:a9:ed:
                    d4:79:91:82:67:73:b5:9a:f8:91:df:7c:35:88:60:
                    df:2a:ab:75:84:94:36:d4:88:3d:c0:47:37:d8:77:
                    1a:38:64:ff:1c:94:07:74:d1:71:00:33:4f:77:4a:
                    de:61:cf:9e:f6:c9:ad:22:8e:40:4f:e8:a7:40:37:
                    eb:08:46:03:ab:98:53:bb:9f:3a:da:b3:79:37:28:
                    91:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:8B:AB:A8:90:93:32:50:C0:BF:8C:B8:EC:9B:61:D9:81:93:8D:D4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5ourqJCTMlDAv4y47Jth2YGTjdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.150.0/23
                  82.152.55.0/24
                  82.163.0.0/24
                  82.163.10.0/23
                  89.213.226.0/24
                  109.176.30.0/24
                  109.176.208.0/24
                  109.176.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:86:8c:78:80:b1:83:27:3b:ce:4e:6a:62:4b:1b:50:e5:9e:
         d2:5e:d9:9e:59:cb:52:ae:e6:cc:bc:c9:99:7d:b7:d5:77:7d:
         b2:d8:ed:52:49:0c:1b:23:23:89:80:d1:46:2e:05:fe:e9:5d:
         a8:67:30:19:c6:31:29:3d:2a:0a:d7:ce:30:96:1e:d4:6f:01:
         f7:29:6a:c6:74:31:08:8d:25:ec:7b:7b:c5:b9:1a:94:2b:49:
         ac:a7:ba:ec:b5:e3:43:01:57:69:4c:24:e6:ac:b5:7d:84:ed:
         47:91:63:29:6f:ae:e0:ae:dd:0b:5d:41:14:42:71:9b:19:77:
         13:f2:73:71:8f:5b:11:ca:33:47:e5:82:d1:72:40:6c:ac:94:
         bf:a1:db:21:03:87:cf:74:40:e6:25:8d:d6:d5:f9:b6:34:af:
         dd:bf:9a:75:98:e6:95:88:a9:fb:57:4e:57:1d:0e:4a:e0:09:
         6c:07:a7:e9:17:3d:01:37:43:94:ce:ec:ca:29:c9:3b:20:c8:
         4e:3f:4f:c0:63:ee:3a:98:2a:ac:4a:1d:55:50:55:e9:4e:49:
         0d:64:6a:19:4e:f9:a6:61:ef:80:6f:0d:b2:8a:e3:23:91:00:
         c5:0e:8c:ad:2c:63:bf:57:ab:00:6d:12:9a:45:86:d9:95:a8:
         9b:db:f6:92
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZaAknhoRnKkA2GETR23O4b8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDI5MDgwMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjhiYWJhODkwOTMzMjUwYzBiZjhjYjhlYzliNjFkOTgxOTM4ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3dq7snsqF+P3pqPu90KT5jg5lXx
y1ZCGVlMNFKCieiIURnsDpYXs2nVa/bcbpCcjAVLrwiiJ2WlpkYQYti4X1VfNltu
2DVUlZNCo1pJtA1Kt/l2Zo4SfM9dcFJaycO5TCTQbBy4HdQ4ers3iE4KW2NM2Sta
gfYRgfDXIN8FF2ybmMbCdOwFPCDZ1IdLXIAAcxUDawagw6uAEnBkVRxXuYHSDp/+
4rDoQeCxKDfs+DB+qe3UeZGCZ3O1mviR33w1iGDfKqt1hJQ21Ig9wEc32HcaOGT/
HJQHdNFxADNPd0reYc+e9smtIo5AT+inQDfrCEYDq5hTu5862rN5NyiRGQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOaLq6iQkzJQwL+MuOybYdmBk43UMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNW91cnFKQ1RNbERBdjR5NDdKdGgyWUdUamRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBT2OWAwQA
Upg3AwQAUqMAAwQBUqMKAwQAWdXiAwQAbbAeAwQAbbDQAwQAbbD8MA0GCSqGSIb3
DQEBCwUAA4IBAQBbhox4gLGDJzvOTmpiSxtQ5Z7SXtmeWctSrubMvMmZfbfVd32y
2O1SSQwbIyOJgNFGLgX+6V2oZzAZxjEpPSoK184wlh7UbwH3KWrGdDEIjSXse3vF
uRqUK0msp7rsteNDAVdpTCTmrLV9hO1HkWMpb67grt0LXUEUQnGbGXcT8nNxj1sR
yjNH5YLRckBsrJS/odshA4fPdEDmJY3W1fm2NK/dv5p1mOaViKn7V05XHQ5K4Als
B6fpFz0BN0OUzuzKKck7IMhOP0/AY+46mCqsSh1VUFXpTkkNZGoZTvmmYe+Abw2y
iuMjkQDFDoytLGO/V6sAbRKaRYbZlaib2/aS
-----END CERTIFICATE-----
Generated at Thu May 1 04:27:59 2025 by rpki-client