Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/1-81lWEuDpcO7Wa7rr13KdIqPJlI.roa
File:                     1-81lWEuDpcO7Wa7rr13KdIqPJlI.roa (raw, json)
Hash identifier:          C234E2zu3+VdYs+mz0O2x+MWDiJ4OuXfsrsza52U6Xc=
Subject key identifier:   FB:CD:65:58:4B:83:A5:C3:BB:59:AE:EB:AF:5D:CA:74:8A:8F:26:52
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       0190EA1ECBB47BC39C19F853D991F93E4A7F
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/1-81lWEuDpcO7Wa7rr13KdIqPJlI.roa
Signing time:             Thu 25 Jul 2024 13:40:04 +0000
ROA not before:           Thu 25 Jul 2024 13:40:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        159.148.134.0/24 maxlen: 24
                          159.148.136.0/24 maxlen: 24
                          159.148.137.0/24 maxlen: 24
                          159.148.140.0/24 maxlen: 24
                          159.148.184.0/24 maxlen: 24
                          159.148.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ea:1e:cb:b4:7b:c3:9c:19:f8:53:d9:91:f9:3e:4a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jul 25 13:40:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbcd65584b83a5c3bb59aeebaf5dca748a8f2652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:15:eb:2b:37:2f:78:37:f4:9e:29:5e:ca:b0:
                    9e:b9:e3:7c:0b:05:b4:13:84:39:bc:d4:1f:c9:ad:
                    17:67:cb:73:d7:47:d7:33:41:4f:d2:67:06:c8:38:
                    c0:1d:4d:f0:36:46:42:ef:7e:42:aa:c5:b1:22:c4:
                    4e:12:4d:45:39:f1:a7:4a:fc:68:6e:b9:95:dd:c5:
                    c6:ef:b5:b8:7d:26:82:69:82:1f:d8:f2:a8:20:0e:
                    c6:96:b5:3c:35:7a:10:f9:16:c4:94:3b:a6:8d:7c:
                    2c:31:6e:32:48:6b:8d:52:db:bd:b8:de:0a:d8:4f:
                    43:ce:60:9e:b9:f7:dd:d2:ad:03:66:8f:3b:2d:f7:
                    96:29:9b:10:a7:25:51:9f:36:64:71:60:33:3e:4c:
                    98:5a:41:3c:39:3a:89:67:ca:a0:34:96:b9:1e:be:
                    79:d0:f1:7b:36:1d:8b:72:16:c1:60:82:52:de:27:
                    e0:8d:27:c5:fd:72:7d:1b:08:10:8f:89:1b:bc:4e:
                    0f:ba:16:18:aa:1a:bb:1d:76:4a:06:24:f0:0f:9f:
                    29:02:f9:e1:15:72:cd:e6:8a:bb:c8:79:f8:a9:d6:
                    f6:07:1a:98:c6:68:e2:c8:e2:1c:f0:79:e1:bb:8f:
                    2d:12:35:98:f1:24:6c:43:0b:27:3d:6e:79:b2:d7:
                    e8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:CD:65:58:4B:83:A5:C3:BB:59:AE:EB:AF:5D:CA:74:8A:8F:26:52
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/1-81lWEuDpcO7Wa7rr13KdIqPJlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.134.0/24
                  159.148.136.0/23
                  159.148.140.0/24
                  159.148.184.0/24
                  159.148.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:52:06:15:20:56:69:a5:a8:d3:c2:4e:3f:bd:4b:df:13:c5:
         8e:b1:7f:7a:7d:b6:b1:40:86:77:01:d3:84:bf:fe:ac:a5:a5:
         64:bb:04:20:ad:d9:ce:31:0a:3d:f8:c8:74:06:3a:08:18:e2:
         c5:d8:ed:ff:0b:0d:9e:58:48:fc:ee:bb:f2:99:3e:15:4f:82:
         cf:41:32:e2:da:75:42:eb:ad:79:cb:28:52:60:0e:82:47:77:
         5d:51:d9:29:07:d0:20:8e:e9:1c:21:9d:9a:e3:b7:1b:c8:c0:
         80:7f:4f:c5:e4:ba:a6:a2:f4:f7:46:64:3f:71:80:0f:88:4e:
         55:1c:50:a6:c8:3a:71:ea:dc:3e:80:69:16:79:8d:2c:52:be:
         89:bb:e7:c0:81:45:71:1d:4c:2d:de:91:0e:f9:a8:fb:22:63:
         b2:39:53:4e:56:1b:10:83:95:a4:49:f2:cd:cb:6e:dd:19:82:
         64:dc:14:ae:84:10:c8:a0:07:d7:54:33:f4:50:e3:fc:f0:2f:
         0d:70:d1:31:e7:e4:b2:4b:2a:f7:db:8e:2e:22:ca:7d:09:a9:
         78:88:4b:48:2c:64:9b:76:49:92:2d:6a:ed:9e:d0:c6:33:94:
         25:33:6f:04:e1:d6:aa:aa:d3:21:7c:ee:88:bb:b8:3f:47:e8:
         a0:8a:61:39
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZDqHsu0e8OcGfhT2ZH5Pkp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwNzI1MTM0MDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmNkNjU1ODRiODNhNWMzYmI1OWFlZWJhZjVkY2E3NDhhOGYyNjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxXrKzcveDf0nileyrCeueN8CwW0
E4Q5vNQfya0XZ8tz10fXM0FP0mcGyDjAHU3wNkZC735CqsWxIsROEk1FOfGnSvxo
brmV3cXG77W4fSaCaYIf2PKoIA7GlrU8NXoQ+RbElDumjXwsMW4ySGuNUtu9uN4K
2E9DzmCeuffd0q0DZo87LfeWKZsQpyVRnzZkcWAzPkyYWkE8OTqJZ8qgNJa5Hr55
0PF7Nh2LchbBYIJS3ifgjSfF/XJ9GwgQj4kbvE4PuhYYqhq7HXZKBiTwD58pAvnh
FXLN5oq7yHn4qdb2BxqYxmjiyOIc8Hnhu48tEjWY8SRsQwsnPW55stfoNQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPvNZVhLg6XDu1mu669dynSKjyZSMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvMS04MWxXRXVEcGNPN1dhN3JyMTNLZElxUEpsSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGUvMzU1NWZlLTEyY2QtNDAyYS1hODEwLTU1NTRkNmUxNjg2
Zi8xL3F3bFN5THFOcmJIVFRlYkdxVGhrcGduOFFldy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA3BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAJ+UhgME
AZ+UiAMEAJ+UjAMEAJ+UuAMEAJ+U4jANBgkqhkiG9w0BAQsFAAOCAQEAjFIGFSBW
aaWo08JOP71L3xPFjrF/en22sUCGdwHThL/+rKWlZLsEIK3ZzjEKPfjIdAY6CBji
xdjt/wsNnlhI/O678pk+FU+Cz0Ey4tp1QuutecsoUmAOgkd3XVHZKQfQII7pHCGd
muO3G8jAgH9PxeS6pqL090ZkP3GAD4hOVRxQpsg6cercPoBpFnmNLFK+ibvnwIFF
cR1MLd6RDvmo+yJjsjlTTlYbEIOVpEnyzctu3RmCZNwUroQQyKAH11Qz9FDj/PAv
DXDRMefksksq99uOLiLKfQmpeIhLSCxkm3ZJki1q7Z7QxjOUJTNvBOHWqqrTIXzu
iLu4P0fooIphOQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:26:46 2024 by rpki-client on console-fra.rpki-client.org