Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/SwcgVnhGmzMWqIm_KFB-KKc0RJo.roa
File:                     SwcgVnhGmzMWqIm_KFB-KKc0RJo.roa (raw, json)
Hash identifier:          zsctMXkFR2wIfF/ZZB2QR24YMG6LeLpv/U7aSRBkmeo=
Subject key identifier:   4B:07:20:56:78:46:9B:33:16:A8:89:BF:28:50:7E:28:A7:34:44:9A
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       01964D7B06FE3C275DDFF822CB4B87E2376B
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/SwcgVnhGmzMWqIm_KFB-KKc0RJo.roa
Signing time:             Sat 19 Apr 2025 09:57:10 +0000
ROA not before:           Sat 19 Apr 2025 09:57:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210976
IP address blocks:        5.44.46.0/24 maxlen: 24
                          5.44.47.0/24 maxlen: 24
                          37.220.81.0/24 maxlen: 24
                          37.220.82.0/24 maxlen: 24
                          37.220.83.0/24 maxlen: 24
                          37.220.84.0/24 maxlen: 24
                          37.220.85.0/24 maxlen: 24
                          45.95.235.0/24 maxlen: 24
                          46.19.68.0/24 maxlen: 24
                          46.19.69.0/24 maxlen: 24
                          81.200.154.0/24 maxlen: 24
                          81.200.155.0/24 maxlen: 24
                          81.200.156.0/24 maxlen: 24
                          81.200.157.0/24 maxlen: 24
                          85.92.108.0/24 maxlen: 24
                          89.191.226.0/24 maxlen: 24
                          141.98.235.0/24 maxlen: 24
                          185.166.196.0/24 maxlen: 24
                          185.166.197.0/24 maxlen: 24
                          194.31.173.0/24 maxlen: 24
                          194.31.174.0/24 maxlen: 24
                          194.31.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 15:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4d:7b:06:fe:3c:27:5d:df:f8:22:cb:4b:87:e2:37:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Apr 19 09:57:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b07205678469b3316a889bf28507e28a734449a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f7:47:7f:58:04:e0:18:a1:1c:b3:e1:9f:1f:
                    b4:ea:cc:21:c5:58:02:e8:d7:15:97:f3:8b:07:53:
                    e0:f7:83:cb:c3:6f:56:81:93:8e:9d:f5:57:1f:83:
                    47:8c:bc:6d:10:dd:1a:5c:c7:c1:c4:64:06:11:98:
                    d6:e7:c3:53:be:13:73:50:9a:de:10:09:70:6a:11:
                    3c:69:83:0d:89:5b:6d:36:b9:b2:df:c2:b8:09:de:
                    30:90:92:5e:76:55:77:fb:d9:f3:7b:25:eb:fa:57:
                    4f:0a:d2:4a:2d:3f:0b:07:2b:9b:ed:4b:93:a4:0b:
                    12:02:df:9a:b7:4e:5f:af:84:7d:97:23:f0:f5:ef:
                    09:6f:e4:37:68:04:d9:e8:6a:17:a5:0f:31:97:2b:
                    34:bf:36:c0:af:37:5d:c3:4b:bc:c1:a3:1c:e2:0f:
                    c0:e0:47:6a:b2:f3:e8:85:d7:a1:ae:e0:db:35:90:
                    f0:d2:bc:e5:bb:77:cd:55:e8:0a:ad:2a:6e:5d:a8:
                    da:48:9d:24:05:65:e5:24:96:22:fe:56:d9:02:f3:
                    8c:f6:3b:9f:cd:31:da:60:14:b9:5c:3c:e1:5c:3b:
                    65:0b:1f:7c:20:ea:93:f6:b1:a7:4b:15:f0:77:cf:
                    42:a6:9d:8b:52:1c:94:04:a6:32:6d:ce:2f:4f:a5:
                    3d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:07:20:56:78:46:9B:33:16:A8:89:BF:28:50:7E:28:A7:34:44:9A
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/SwcgVnhGmzMWqIm_KFB-KKc0RJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.46.0/23
                  37.220.81.0-37.220.85.255
                  45.95.235.0/24
                  46.19.68.0/23
                  81.200.154.0-81.200.157.255
                  85.92.108.0/24
                  89.191.226.0/24
                  141.98.235.0/24
                  185.166.196.0/23
                  194.31.173.0-194.31.175.255

    Signature Algorithm: sha256WithRSAEncryption
         6b:2a:f8:0a:12:e7:ca:07:c9:7c:cd:1b:ee:b8:6a:03:88:b0:
         c5:19:8d:91:90:81:77:f0:a4:b9:e0:92:51:18:6f:b3:40:3c:
         45:27:b5:8d:83:6b:5e:7b:c5:3d:b3:0a:78:79:c7:79:bb:77:
         d2:aa:ea:c3:42:41:40:6f:a2:06:70:b1:76:bf:11:bf:53:59:
         64:49:53:13:a7:e1:37:0d:fe:dc:1f:fd:45:b3:8a:87:91:e5:
         48:66:31:4d:60:fa:26:47:9c:53:e9:22:1a:bb:03:f4:a6:ad:
         df:c4:d8:d2:58:2a:09:5d:88:80:80:0a:43:60:cc:fd:69:72:
         27:ef:a7:46:07:a0:66:dc:ac:d2:44:36:18:d6:cf:9a:7d:ad:
         9a:a4:f5:68:57:a1:fe:cc:43:51:f7:fa:2c:14:d3:e7:af:ae:
         62:f5:36:32:5a:71:ef:41:f1:c4:ef:f0:32:18:59:ed:55:e2:
         52:93:c2:fa:15:15:68:87:7b:bb:1c:cb:8e:ca:93:c1:d1:8d:
         bc:af:c2:e1:eb:cf:d1:b4:e0:72:83:4f:34:ac:93:66:23:b6:
         3f:dd:12:50:0a:6f:d2:ab:99:fe:9d:68:08:0d:ac:79:2b:65:
         a7:79:4c:94:43:19:d7:fa:7a:b4:61:42:82:9f:f2:9c:80:5e:
         c9:00:38:72
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZZNewb+PCdd3/giy0uH4jdrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjUwNDE5MDk1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjA3MjA1Njc4NDY5YjMzMTZhODg5YmYyODUwN2UyOGE3MzQ0NDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovdHf1gE4BihHLPhnx+06swhxVgC
6NcVl/OLB1Pg94PLw29WgZOOnfVXH4NHjLxtEN0aXMfBxGQGEZjW58NTvhNzUJre
EAlwahE8aYMNiVttNrmy38K4Cd4wkJJedlV3+9nzeyXr+ldPCtJKLT8LByub7UuT
pAsSAt+at05fr4R9lyPw9e8Jb+Q3aATZ6GoXpQ8xlys0vzbArzddw0u8waMc4g/A
4EdqsvPohdehruDbNZDw0rzlu3fNVegKrSpuXajaSJ0kBWXlJJYi/lbZAvOM9juf
zTHaYBS5XDzhXDtlCx98IOqT9rGnSxXwd89Cpp2LUhyUBKYybc4vT6U93wIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFEsHIFZ4RpszFqiJvyhQfiinNESaMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvU3djZ1ZuaEdtek1XcUltX0tGQi1LS2MwUkpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQBBSwuMAwD
BAAl3FEDBAEl3FQDBAAtX+sDBAEuE0QwDAMEAVHImgMEAVHInAMEAFVcbAMEAFm/
4gMEAI1i6wMEAbmmxDAMAwQAwh+tAwQEwh+gMA0GCSqGSIb3DQEBCwUAA4IBAQBr
KvgKEufKB8l8zRvuuGoDiLDFGY2RkIF38KS54JJRGG+zQDxFJ7WNg2tee8U9swp4
ecd5u3fSqurDQkFAb6IGcLF2vxG/U1lkSVMTp+E3Df7cH/1Fs4qHkeVIZjFNYPom
R5xT6SIauwP0pq3fxNjSWCoJXYiAgApDYMz9aXIn76dGB6Bm3KzSRDYY1s+afa2a
pPVoV6H+zENR9/osFNPnr65i9TYyWnHvQfHE7/AyGFntVeJSk8L6FRVoh3u7HMuO
ypPB0Y28r8Lh68/RtOByg080rJNmI7Y/3RJQCm/Sq5n+nWgIDax5K2WneUyUQxnX
+nq0YUKCn/KcgF7JADhy
-----END CERTIFICATE-----
Generated at Tue Apr 29 22:42:04 2025 by rpki-client