Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/l38XdcgaDhJcLqxgSCorTlFF4uI.roa
File:                     l38XdcgaDhJcLqxgSCorTlFF4uI.roa (raw, json)
Hash identifier:          n7OH9EYdfMf4f1LQ1hk+/9jMmI/3XxrDiOGrJps3BeA=
Subject key identifier:   97:7F:17:75:C8:1A:0E:12:5C:2E:AC:60:48:2A:2B:4E:51:45:E2:E2
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0193CC86BF08EBAF287B242874EA8DD74314
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/l38XdcgaDhJcLqxgSCorTlFF4uI.roa
Signing time:             Sun 15 Dec 2024 22:53:22 +0000
ROA not before:           Sun 15 Dec 2024 22:53:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215292
IP address blocks:        5.175.248.0/24 maxlen: 24
                          77.90.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Dec 2024 00:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:cc:86:bf:08:eb:af:28:7b:24:28:74:ea:8d:d7:43:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Dec 15 22:53:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=977f1775c81a0e125c2eac60482a2b4e5145e2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:05:76:62:4a:2c:cd:1a:d4:8d:3b:b7:96:93:
                    8e:33:88:d4:bf:54:22:bc:2d:cd:c4:e8:78:00:52:
                    4b:0a:33:ad:73:cf:46:e6:10:42:ce:39:9a:4c:a9:
                    6c:88:0d:fc:e8:c3:58:93:76:39:d1:57:97:e4:b0:
                    a5:fb:91:3f:e9:1e:98:64:c5:aa:cb:a7:dc:3e:cd:
                    b8:59:04:2e:6a:48:4b:09:5c:49:c9:e8:72:37:81:
                    e0:cc:f1:91:cc:ba:a9:c8:9f:20:eb:ab:7c:fb:77:
                    f9:77:e5:2e:79:36:a6:07:a4:2f:e1:db:67:e2:bf:
                    40:fe:72:77:4d:c3:8c:1e:65:b9:1e:f5:4b:ce:55:
                    9f:ab:02:b0:6a:ac:5c:db:81:73:0f:0b:d3:8d:ff:
                    47:47:a2:8d:76:0a:18:b1:d1:19:69:32:e5:48:f7:
                    05:eb:6d:d3:55:7b:0d:94:c1:d1:a8:9c:67:f9:75:
                    b6:5e:bc:52:7d:82:00:1e:09:70:ab:3c:25:35:43:
                    49:a6:31:c6:06:0b:58:33:c9:ca:10:2d:51:7d:94:
                    14:99:81:1c:61:8d:4b:ad:ee:aa:1e:d0:e3:4a:34:
                    59:71:99:12:b6:14:a0:bc:47:9e:b3:b7:5b:98:2d:
                    13:70:76:07:c6:09:4c:7c:d2:da:ec:f0:ca:48:7e:
                    20:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:7F:17:75:C8:1A:0E:12:5C:2E:AC:60:48:2A:2B:4E:51:45:E2:E2
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/l38XdcgaDhJcLqxgSCorTlFF4uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.248.0/24
                  77.90.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:ae:d4:a3:f1:d2:00:5e:87:20:77:c9:1a:68:cf:8c:27:95:
         76:db:00:b8:83:3b:b2:ff:b2:66:66:bd:a9:31:f7:f9:0b:73:
         45:af:3e:39:de:d5:28:68:b0:2c:de:f1:54:c3:8a:02:30:13:
         62:c6:f4:04:bf:f9:2d:f0:fc:38:30:2a:44:58:7f:ea:9d:e7:
         9f:79:f7:b3:c4:5f:95:e2:e5:0f:d1:49:01:89:de:8d:7d:e8:
         cf:3f:0a:11:62:d7:fa:c1:70:1c:4c:52:4e:81:97:dd:6e:9a:
         58:4a:8c:3e:75:db:f3:f4:e6:34:20:09:bd:1c:e2:c8:3f:91:
         09:9a:70:dc:fb:31:6c:8a:7f:bb:ea:70:c2:58:74:2f:1c:7d:
         42:92:7a:67:9b:46:ff:10:ea:87:ad:93:a8:63:12:07:2e:4b:
         46:28:52:56:5c:20:ab:0d:ae:93:37:1d:61:8f:75:47:b8:b9:
         d8:fd:7e:96:d1:50:6e:34:a6:89:04:9e:8d:82:e7:39:a7:2a:
         ce:32:99:01:fa:c8:05:bd:36:ad:ab:05:84:aa:d4:d6:4b:5c:
         b5:1f:1f:50:f0:87:0a:fd:6f:c4:f0:2e:e5:4b:d3:83:ef:4f:
         5c:36:29:af:18:96:d6:b2:9e:8e:53:3e:6b:fe:bc:9c:e3:05:
         81:48:9b:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZPMhr8I668oeyQodOqN10MUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMjE1MjI1MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzdmMTc3NWM4MWEwZTEyNWMyZWFjNjA0ODJhMmI0ZTUxNDVlMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wV2YkoszRrUjTu3lpOOM4jUv1Qi
vC3NxOh4AFJLCjOtc89G5hBCzjmaTKlsiA386MNYk3Y50VeX5LCl+5E/6R6YZMWq
y6fcPs24WQQuakhLCVxJyehyN4HgzPGRzLqpyJ8g66t8+3f5d+UueTamB6Qv4dtn
4r9A/nJ3TcOMHmW5HvVLzlWfqwKwaqxc24FzDwvTjf9HR6KNdgoYsdEZaTLlSPcF
623TVXsNlMHRqJxn+XW2XrxSfYIAHglwqzwlNUNJpjHGBgtYM8nKEC1RfZQUmYEc
YY1Lre6qHtDjSjRZcZkSthSgvEees7dbmC0TcHYHxglMfNLa7PDKSH4g0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJd/F3XIGg4SXC6sYEgqK05RReLiMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbDM4WGRjZ2FEaEpjTHF4Z1NDb3JUbEZGNHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABa/4AwQA
TVooMA0GCSqGSIb3DQEBCwUAA4IBAQBYrtSj8dIAXocgd8kaaM+MJ5V22wC4gzuy
/7JmZr2pMff5C3NFrz453tUoaLAs3vFUw4oCMBNixvQEv/kt8Pw4MCpEWH/qneef
efezxF+V4uUP0UkBid6NfejPPwoRYtf6wXAcTFJOgZfdbppYSow+ddvz9OY0IAm9
HOLIP5EJmnDc+zFsin+76nDCWHQvHH1Cknpnm0b/EOqHrZOoYxIHLktGKFJWXCCr
Da6TNx1hj3VHuLnY/X6W0VBuNKaJBJ6Nguc5pyrOMpkB+sgFvTatqwWEqtTWS1y1
Hx9Q8IcK/W/E8C7lS9OD709cNimvGJbWsp6OUz5r/ryc4wWBSJsD
-----END CERTIFICATE-----
Generated at Wed Dec 18 03:20:41 2024 by rpki-client on console-fra.rpki-client.org