Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/04c239-8869-46e2-95b7-93b392525175/1/3auDNGNWxS9ief7KHmGI9EQmBxo.roa
File:                     3auDNGNWxS9ief7KHmGI9EQmBxo.roa (raw, json)
Hash identifier:          Ke6nRvNz8fF/WTJWuhpAW3zRAM7IWaMYJ30RhJTuaQs=
Subject key identifier:   DD:AB:83:34:63:56:C5:2F:62:79:FE:CA:1E:61:88:F4:44:26:07:1A
Certificate issuer:       /CN=991c934e08f57a03ef4eba36b5a4da798a252207
Certificate serial:       018CC94D7842E4DEAB65F8C548DBECF991E6
Authority key identifier: 99:1C:93:4E:08:F5:7A:03:EF:4E:BA:36:B5:A4:DA:79:8A:25:22:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRyTTgj1egPvTro2taTaeYolIgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/04c239-8869-46e2-95b7-93b392525175/1/3auDNGNWxS9ief7KHmGI9EQmBxo.roa
Signing time:             Tue 02 Jan 2024 08:32:26 +0000
ROA not before:           Tue 02 Jan 2024 08:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211317
IP address blocks:        193.104.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/04c239-8869-46e2-95b7-93b392525175/1/mRyTTgj1egPvTro2taTaeYolIgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/04c239-8869-46e2-95b7-93b392525175/1/mRyTTgj1egPvTro2taTaeYolIgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mRyTTgj1egPvTro2taTaeYolIgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 20:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:78:42:e4:de:ab:65:f8:c5:48:db:ec:f9:91:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=991c934e08f57a03ef4eba36b5a4da798a252207
        Validity
            Not Before: Jan  2 08:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddab83346356c52f6279feca1e6188f44426071a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:90:b8:d0:17:4a:f5:72:52:c9:3a:71:81:d3:
                    1b:8e:cb:c0:8b:3f:f6:87:89:fa:e2:3c:31:05:71:
                    88:fd:f9:2f:81:23:68:d8:87:03:62:38:44:a4:99:
                    d6:cb:df:e4:6f:67:25:ec:62:24:f8:9e:fd:a4:fc:
                    18:cf:a1:0a:27:33:0f:8d:5b:89:ab:84:a3:8f:cd:
                    a4:86:df:4c:5f:e7:0a:7a:53:50:da:86:4a:c8:bc:
                    41:1d:55:1b:b1:84:5d:27:fe:fb:d1:79:fb:95:3d:
                    4a:37:e3:ee:30:63:c3:91:66:93:c8:fa:98:58:39:
                    a9:46:16:44:eb:9e:c2:8d:7f:f5:d9:40:31:f2:cf:
                    51:20:43:e0:4b:12:e4:fb:9c:99:71:9e:4c:12:91:
                    80:d6:36:a2:ff:94:78:78:7b:ea:2b:7a:51:23:79:
                    f5:35:72:1b:38:c3:28:d1:4d:3f:4b:a4:c6:de:f0:
                    9c:a2:00:40:53:e6:21:82:a0:ba:a9:18:7c:5e:22:
                    41:c3:e5:9c:70:bd:12:d4:37:e4:f0:a5:c8:97:fc:
                    61:47:f6:22:f0:d1:53:89:ad:8d:87:1b:74:4d:c6:
                    83:8d:8f:e0:48:cb:87:86:5e:df:25:b3:f4:b9:06:
                    58:bb:5f:7c:4d:40:40:c8:22:9f:f4:e4:f9:af:30:
                    76:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:AB:83:34:63:56:C5:2F:62:79:FE:CA:1E:61:88:F4:44:26:07:1A
            X509v3 Authority Key Identifier:
                keyid:99:1C:93:4E:08:F5:7A:03:EF:4E:BA:36:B5:A4:DA:79:8A:25:22:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRyTTgj1egPvTro2taTaeYolIgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/04c239-8869-46e2-95b7-93b392525175/1/3auDNGNWxS9ief7KHmGI9EQmBxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/04c239-8869-46e2-95b7-93b392525175/1/mRyTTgj1egPvTro2taTaeYolIgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:45:74:9a:32:e2:d3:8f:82:bc:a2:ce:93:66:33:4e:79:6e:
         00:d9:7c:74:c7:b9:d0:93:58:6a:db:9f:84:fa:f5:49:ec:3e:
         e0:f9:ad:3c:90:6e:5b:c8:2c:c0:7f:43:16:c8:97:d3:2c:99:
         c6:de:5e:92:60:dc:48:fa:a4:88:c6:d7:47:01:e3:d7:88:60:
         2c:33:c6:58:5e:b6:c3:6b:45:f5:f1:6f:cf:39:12:d2:0c:08:
         77:bd:f6:a9:68:31:cd:73:9b:86:af:a4:2e:99:1d:20:f3:89:
         7b:ae:aa:a6:00:55:7d:37:09:b4:c6:d6:3e:74:77:e4:59:45:
         9a:d5:59:ba:44:0f:2a:02:52:55:a9:d8:8a:e1:3e:16:6e:6e:
         b8:3e:d2:04:49:05:05:25:03:29:be:f5:e7:b1:79:87:4b:73:
         99:41:25:6a:e7:a0:f8:69:c6:96:7c:fe:67:20:6e:cc:64:e0:
         08:7e:b7:a2:18:bd:66:c2:88:b0:d7:33:3b:b8:89:ea:09:4e:
         c9:e8:4b:93:1c:4a:5e:8e:b2:7e:02:f7:bf:69:89:eb:00:18:
         92:96:c9:05:79:f5:1f:ac:d8:c7:59:cc:18:c8:4e:bf:65:98:
         7b:38:26:ab:a8:15:97:6f:64:17:4c:9f:c1:eb:bf:28:19:9c:
         75:94:2a:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTXhC5N6rZfjFSNvs+ZHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MWM5MzRlMDhmNTdhMDNlZjRlYmEzNmI1YTRkYTc5OGEy
NTIyMDcwHhcNMjQwMTAyMDgzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGFiODMzNDYzNTZjNTJmNjI3OWZlY2ExZTYxODhmNDQ0MjYwNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZC40BdK9XJSyTpxgdMbjsvAiz/2
h4n64jwxBXGI/fkvgSNo2IcDYjhEpJnWy9/kb2cl7GIk+J79pPwYz6EKJzMPjVuJ
q4Sjj82kht9MX+cKelNQ2oZKyLxBHVUbsYRdJ/770Xn7lT1KN+PuMGPDkWaTyPqY
WDmpRhZE657CjX/12UAx8s9RIEPgSxLk+5yZcZ5MEpGA1jai/5R4eHvqK3pRI3n1
NXIbOMMo0U0/S6TG3vCcogBAU+YhgqC6qRh8XiJBw+WccL0S1Dfk8KXIl/xhR/Yi
8NFTia2Nhxt0TcaDjY/gSMuHhl7fJbP0uQZYu198TUBAyCKf9OT5rzB29wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2rgzRjVsUvYnn+yh5hiPREJgcaMB8GA1UdIwQY
MBaAFJkck04I9XoD7066NrWk2nmKJSIHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVJ5VFRnajFlZ1B2VHJvMnRhVGFlWW9sSWdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8wNGMyMzktODg2OS00NmUyLTk1Yjct
OTNiMzkyNTI1MTc1LzEvM2F1RE5HTld4UzlpZWY3S0htR0k5RVFtQnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8wNGMyMzktODg2OS00NmUyLTk1YjctOTNiMzkyNTI1MTc1
LzEvbVJ5VFRnajFlZ1B2VHJvMnRhVGFlWW9sSWdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWieMA0G
CSqGSIb3DQEBCwUAA4IBAQBRRXSaMuLTj4K8os6TZjNOeW4A2Xx0x7nQk1hq25+E
+vVJ7D7g+a08kG5byCzAf0MWyJfTLJnG3l6SYNxI+qSIxtdHAePXiGAsM8ZYXrbD
a0X18W/PORLSDAh3vfapaDHNc5uGr6QumR0g84l7rqqmAFV9Nwm0xtY+dHfkWUWa
1Vm6RA8qAlJVqdiK4T4Wbm64PtIESQUFJQMpvvXnsXmHS3OZQSVq56D4acaWfP5n
IG7MZOAIfreiGL1mwoiw1zM7uInqCU7J6EuTHEpejrJ+Ave/aYnrABiSlskFefUf
rNjHWcwYyE6/ZZh7OCarqBWXb2QXTJ/B678oGZx1lCqU
-----END CERTIFICATE-----
Generated at Tue Nov 26 03:02:38 2024 by rpki-client on console-ams.rpki-client.org