Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/3DLihgSRf464hCtmmtiok9j1KRA.roa
File:                     3DLihgSRf464hCtmmtiok9j1KRA.roa (raw, json)
Hash identifier:          Pd9gRmZ7LPnE/9ZRV8EfQ1Vyb8ksK1hAUwluVLy9Lek=
Subject key identifier:   DC:32:E2:86:04:91:7F:8E:B8:84:2B:66:9A:D8:A8:93:D8:F5:29:10
Certificate issuer:       /CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
Certificate serial:       018CC94E611E49349AE945E7EDADEEBC3D94
Authority key identifier: 12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/3DLihgSRf464hCtmmtiok9j1KRA.roa
Signing time:             Tue 02 Jan 2024 08:33:26 +0000
ROA not before:           Tue 02 Jan 2024 08:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25031
IP address blocks:        160.61.211.0/24 maxlen: 24
                          160.61.208.0/24 maxlen: 24
                          160.61.168.0/23 maxlen: 23
                          160.61.170.0/23 maxlen: 23
                          160.62.3.0/24 maxlen: 24
                          160.62.4.0/24 maxlen: 24
                          160.62.0.0/24 maxlen: 24
                          160.62.0.0/23 maxlen: 23
                          160.62.2.0/24 maxlen: 24
                          160.62.1.0/24 maxlen: 24
                          160.62.5.0/24 maxlen: 24
                          160.62.7.0/24 maxlen: 24
                          160.62.6.0/24 maxlen: 24
                          160.62.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:61:1e:49:34:9a:e9:45:e7:ed:ad:ee:bc:3d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
        Validity
            Not Before: Jan  2 08:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc32e28604917f8eb8842b669ad8a893d8f52910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e4:fe:7b:41:20:65:92:28:65:1c:a3:f2:10:
                    a9:9c:8a:a3:f1:8d:7f:5c:9f:68:bc:1f:f4:e4:69:
                    7c:a4:8d:61:27:8b:80:2b:4c:48:13:12:82:87:af:
                    b9:e2:da:6a:e0:8d:95:9e:c4:68:d7:b7:55:f1:3b:
                    66:43:dd:0a:2f:54:ce:0f:91:0b:fa:92:b8:23:b1:
                    33:84:e6:74:ba:a5:20:13:97:a3:f1:42:e5:da:91:
                    1c:ba:37:20:29:91:32:fd:28:9b:a0:e8:3c:2e:c2:
                    a0:db:1c:01:ac:2b:0d:96:82:38:e9:dc:2e:3f:c7:
                    f8:07:d3:24:d5:a1:ea:bd:9d:69:0e:ae:c2:fc:d1:
                    69:cf:b3:9a:99:c0:a4:8e:58:f0:cc:76:4e:6c:0a:
                    ee:04:8c:b2:1a:27:43:93:69:10:93:bf:78:34:15:
                    e3:b3:0a:14:d2:ae:a8:e4:40:b4:9e:ee:4f:37:b9:
                    68:ee:50:aa:00:53:35:f8:da:3a:ef:79:4d:ea:21:
                    68:46:52:b9:31:9a:86:c0:b9:ae:4b:b0:c4:b1:0d:
                    12:f9:fe:1d:32:24:fc:a7:2d:3d:83:a5:17:83:af:
                    83:36:a4:11:60:45:98:ca:c2:9a:65:7a:8a:d0:52:
                    f4:05:7e:81:4a:c1:0f:53:44:af:10:6d:20:4a:72:
                    cf:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:32:E2:86:04:91:7F:8E:B8:84:2B:66:9A:D8:A8:93:D8:F5:29:10
            X509v3 Authority Key Identifier:
                keyid:12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/3DLihgSRf464hCtmmtiok9j1KRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.61.168.0/22
                  160.61.208.0/24
                  160.61.211.0/24
                  160.62.0.0/21
                  160.62.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:ba:b9:c1:98:2e:cc:74:29:48:a1:f7:bf:99:ed:f0:f5:73:
         b4:87:c9:36:22:cb:f6:43:a9:80:07:de:b6:3a:df:a2:d7:b9:
         24:b2:39:1e:8d:0e:7c:20:7c:1d:b1:55:87:92:bb:2b:d5:ab:
         e9:a6:fb:58:10:84:c7:84:69:10:d6:91:91:e6:fb:fc:fa:4b:
         11:b1:85:da:c2:b7:76:61:b3:26:6e:0c:ef:34:e6:46:39:4b:
         9e:ba:13:ee:81:92:8f:61:aa:11:87:a8:ce:23:86:38:a4:4e:
         23:73:8b:bf:c3:fb:47:8b:c3:66:9e:6f:8e:c6:80:db:90:51:
         94:52:4f:23:c3:d4:dc:11:0f:b2:1d:42:64:d9:19:c2:bc:6b:
         05:23:da:49:77:50:ac:8c:23:a8:ec:01:15:a2:36:1e:f6:76:
         09:c6:eb:1a:fd:c2:2d:81:3f:aa:ec:3e:3d:c4:ad:b6:eb:d5:
         6e:a8:ad:98:d1:a3:9e:12:f7:71:29:7c:5a:79:0f:df:f7:1c:
         44:a5:69:80:6f:78:33:3f:f2:4d:0b:b0:d8:65:6a:36:7e:86:
         08:d4:dd:5a:32:98:00:7d:2f:ea:4e:42:03:09:00:ee:b0:ae:
         0d:ac:68:86:3e:14:97:18:bc:45:47:7c:fe:53:05:3c:8c:d6:
         2c:e7:fc:14
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzJTmEeSTSa6UXn7a3uvD2UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjRlNWVmZjFhYmMwZTZkOGJmMDI5ZTRmNzMyZTBhYjcx
YmMxNmEwHhcNMjQwMTAyMDgzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzMyZTI4NjA0OTE3ZjhlYjg4NDJiNjY5YWQ4YTg5M2Q4ZjUyOTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuT+e0EgZZIoZRyj8hCpnIqj8Y1/
XJ9ovB/05Gl8pI1hJ4uAK0xIExKCh6+54tpq4I2VnsRo17dV8TtmQ90KL1TOD5EL
+pK4I7EzhOZ0uqUgE5ej8ULl2pEcujcgKZEy/SiboOg8LsKg2xwBrCsNloI46dwu
P8f4B9Mk1aHqvZ1pDq7C/NFpz7OamcCkjljwzHZObAruBIyyGidDk2kQk794NBXj
swoU0q6o5EC0nu5PN7lo7lCqAFM1+No673lN6iFoRlK5MZqGwLmuS7DEsQ0S+f4d
MiT8py09g6UXg6+DNqQRYEWYysKaZXqK0FL0BX6BSsEPU0SvEG0gSnLPxQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNwy4oYEkX+OuIQrZprYqJPY9SkQMB8GA1UdIwQY
MBaAFBIk5e/xq8Dm2L8Cnk9zLgq3G8FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEt
NTM4NmIxZDk2M2JjLzEvM0RMaWhnU1JmNDY0aEN0bW10aW9rOWoxS1JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEtNTM4NmIxZDk2M2Jj
LzEvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCoD2oAwQA
oD3QAwQAoD3TAwQDoD4AAwQAoD4WMA0GCSqGSIb3DQEBCwUAA4IBAQAzurnBmC7M
dClIofe/me3w9XO0h8k2Isv2Q6mAB962Ot+i17kksjkejQ58IHwdsVWHkrsr1avp
pvtYEITHhGkQ1pGR5vv8+ksRsYXawrd2YbMmbgzvNOZGOUueuhPugZKPYaoRh6jO
I4Y4pE4jc4u/w/tHi8Nmnm+OxoDbkFGUUk8jw9TcEQ+yHUJk2RnCvGsFI9pJd1Cs
jCOo7AEVojYe9nYJxusa/cItgT+q7D49xK2269VuqK2Y0aOeEvdxKXxaeQ/f9xxE
pWmAb3gzP/JNC7DYZWo2foYI1N1aMpgAfS/qTkIDCQDusK4NrGiGPhSXGLxFR3z+
UwU8jNYs5/wU
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:30:07 2024 by rpki-client on console-fra.rpki-client.org