Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/J8qsROn5rTJFBFUh5Cw0wXAfgzw.roa
File:                     J8qsROn5rTJFBFUh5Cw0wXAfgzw.roa (raw, json)
Hash identifier:          ufNefUD+cPBWDDaN5CeaWG8uacllwX12gx/EkBSpHxw=
Subject key identifier:   27:CA:AC:44:E9:F9:AD:32:45:04:55:21:E4:2C:34:C1:70:1F:83:3C
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018CC500BD86A06D77376DDF236751A8004E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/J8qsROn5rTJFBFUh5Cw0wXAfgzw.roa
Signing time:             Mon 01 Jan 2024 12:30:09 +0000
ROA not before:           Mon 01 Jan 2024 12:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47670
IP address blocks:        94.249.152.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:bd:86:a0:6d:77:37:6d:df:23:67:51:a8:00:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 12:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27caac44e9f9ad3245045521e42c34c1701f833c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0b:54:58:a2:d0:80:38:e2:04:7b:1d:3d:a7:
                    b3:91:8a:a5:14:1b:ce:5c:0a:2a:c9:02:09:85:3c:
                    90:c3:f6:dd:b0:38:4a:23:46:87:54:4f:52:a7:7a:
                    6b:af:4a:48:df:fc:07:9d:1d:0b:a1:46:2b:85:5a:
                    54:12:09:35:11:ec:30:2e:99:55:f1:6a:70:58:5e:
                    68:da:04:48:5f:1f:f1:2a:48:51:c6:74:c9:8c:25:
                    8f:be:85:d6:12:07:e7:82:d8:bb:04:69:60:4f:cc:
                    43:da:2c:dc:90:51:94:38:69:e9:12:66:11:0c:f0:
                    12:8d:60:f4:e1:34:16:9a:e1:0e:00:1c:5b:d9:28:
                    e6:0c:2c:57:2b:55:99:95:08:a0:40:c3:43:ed:2e:
                    9f:a5:90:36:cf:d8:e5:fa:9f:44:09:07:ea:05:ef:
                    58:2d:62:89:fc:38:7f:0b:6a:e4:f5:4c:7e:4f:67:
                    2b:70:01:84:79:97:82:5e:c3:d9:eb:bc:9d:64:b2:
                    4f:5b:07:7e:be:db:d3:3d:66:6f:b7:76:67:8d:88:
                    a5:93:99:b5:eb:64:f7:c8:b5:1f:4a:0e:65:d4:75:
                    75:7c:4c:9c:05:51:27:fd:67:a2:7d:93:99:a7:13:
                    6b:c4:6d:a2:b5:46:5e:76:1f:0b:dc:f3:7c:d5:df:
                    ed:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:CA:AC:44:E9:F9:AD:32:45:04:55:21:E4:2C:34:C1:70:1F:83:3C
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/J8qsROn5rTJFBFUh5Cw0wXAfgzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.249.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:38:4c:15:9c:e2:06:ec:e9:64:82:ff:61:65:ad:ed:6e:5f:
         d1:bd:81:66:f1:fe:f5:12:e6:0d:65:0c:d9:20:c0:60:93:de:
         97:92:ff:b9:6c:66:9f:20:d9:8b:e6:1c:09:3e:6a:57:ab:0b:
         92:18:88:5f:98:1f:a5:bb:5f:6e:f9:5c:6e:dd:4c:8c:0b:97:
         61:0f:46:6d:21:3a:d4:e1:6e:98:ec:cc:42:4f:6c:64:48:f8:
         47:0c:1a:66:2c:33:5c:27:56:1f:83:b6:02:2d:c7:83:f2:5a:
         26:d4:b2:2b:15:44:31:3d:cd:e2:44:f7:42:8d:b1:12:4c:df:
         86:d3:05:46:50:f6:08:dc:9c:a5:12:17:ea:c3:2f:83:ca:8d:
         03:1f:d1:a5:5b:49:15:a5:1f:3b:98:1f:ac:e0:5a:3b:2c:94:
         ff:10:d4:5a:dc:79:bc:8b:33:b6:5e:b5:72:c6:cf:36:1f:f2:
         f2:a2:5a:5e:f5:35:fd:81:ae:bf:8b:b3:78:e3:73:77:d7:7d:
         bb:2b:d0:19:62:09:47:f3:08:15:a3:a4:df:59:80:0e:cb:dd:
         08:ae:99:49:32:bd:f6:89:ed:e7:27:bc:06:cb:c6:bd:b1:d3:
         25:ca:94:ed:a3:bd:4e:09:03:60:2a:9a:64:53:39:e2:2d:2a:
         14:15:a3:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAL2GoG13N23fI2dRqABOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMTAxMTIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2NhYWM0NGU5ZjlhZDMyNDUwNDU1MjFlNDJjMzRjMTcwMWY4MzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugtUWKLQgDjiBHsdPaezkYqlFBvO
XAoqyQIJhTyQw/bdsDhKI0aHVE9Sp3prr0pI3/wHnR0LoUYrhVpUEgk1EewwLplV
8WpwWF5o2gRIXx/xKkhRxnTJjCWPvoXWEgfngti7BGlgT8xD2izckFGUOGnpEmYR
DPASjWD04TQWmuEOABxb2SjmDCxXK1WZlQigQMND7S6fpZA2z9jl+p9ECQfqBe9Y
LWKJ/Dh/C2rk9Ux+T2crcAGEeZeCXsPZ67ydZLJPWwd+vtvTPWZvt3ZnjYilk5m1
62T3yLUfSg5l1HV1fEycBVEn/WeifZOZpxNrxG2itUZedh8L3PN81d/tFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfKrETp+a0yRQRVIeQsNMFwH4M8MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvSjhxc1JPbjVyVEpGQkZVaDVDdzB3WEFmZ3p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvmYMA0G
CSqGSIb3DQEBCwUAA4IBAQCIOEwVnOIG7Olkgv9hZa3tbl/RvYFm8f71EuYNZQzZ
IMBgk96Xkv+5bGafINmL5hwJPmpXqwuSGIhfmB+lu19u+Vxu3UyMC5dhD0ZtITrU
4W6Y7MxCT2xkSPhHDBpmLDNcJ1Yfg7YCLceD8lom1LIrFUQxPc3iRPdCjbESTN+G
0wVGUPYI3JylEhfqwy+Dyo0DH9GlW0kVpR87mB+s4Fo7LJT/ENRa3Hm8izO2XrVy
xs82H/Lyolpe9TX9ga6/i7N443N31327K9AZYglH8wgVo6TfWYAOy90IrplJMr32
ie3nJ7wGy8a9sdMlypTto71OCQNgKppkUzniLSoUFaMb
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:27:16 2024 by rpki-client on console-fra.rpki-client.org