Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/NuoH07lrjioUbYobQv22IBUxWR4.roa
File:                     NuoH07lrjioUbYobQv22IBUxWR4.roa (raw, json)
Hash identifier:          /1r1or4Kj1Bc0bjkaGE1lqWuSvsvNANGARbI4Rgtuso=
Subject key identifier:   36:EA:07:D3:B9:6B:8E:2A:14:6D:8A:1B:42:FD:B6:20:15:31:59:1E
Certificate issuer:       /CN=0e64f81b9e36b849917787678d014db4bfcef311
Certificate serial:       018CCEFABDE40D0882FF36A16830F32872C9
Authority key identifier: 0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/NuoH07lrjioUbYobQv22IBUxWR4.roa
Signing time:             Wed 03 Jan 2024 10:59:48 +0000
ROA not before:           Wed 03 Jan 2024 10:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3258
IP address blocks:        146.19.163.0/24 maxlen: 32
                          194.50.154.0/24 maxlen: 32
                          146.19.19.0/24 maxlen: 32
                          2a14:1f80::/29 maxlen: 128
                          2a12:a300::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:fa:bd:e4:0d:08:82:ff:36:a1:68:30:f3:28:72:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e64f81b9e36b849917787678d014db4bfcef311
        Validity
            Not Before: Jan  3 10:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36ea07d3b96b8e2a146d8a1b42fdb6201531591e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:af:a1:cd:91:52:07:85:9a:40:a6:2b:d8:c9:
                    c5:1c:94:78:49:f3:02:b4:c4:11:60:00:b7:8e:7d:
                    ae:85:85:28:20:82:21:0a:b1:5a:dc:4f:6c:a1:b2:
                    9e:9b:09:2d:05:da:42:d7:e0:0a:98:a7:d8:1d:31:
                    82:1d:bd:6d:ee:7e:a8:bf:be:34:3e:2a:b4:86:88:
                    e2:28:b6:03:05:e1:d3:33:90:23:a3:34:7b:35:4f:
                    4a:7d:b5:f1:3e:8a:c7:0e:58:5b:38:df:ab:a9:e7:
                    3e:8b:1b:f1:65:5c:31:80:8a:2c:e2:9c:70:57:f6:
                    b8:a1:5e:ea:75:68:af:c2:84:4e:bc:fc:e0:ac:17:
                    b7:45:c4:0e:e4:2d:61:bd:83:bc:91:e7:ae:c0:dd:
                    65:d4:4a:8f:55:33:79:6b:38:49:c2:8b:01:a4:65:
                    6b:e4:26:ac:e9:dd:5d:01:4f:bc:18:3d:9f:c4:7b:
                    98:8c:f6:a8:78:a8:26:2c:ff:22:cc:f8:43:6d:d9:
                    77:05:85:d6:0f:69:17:2e:9c:cf:d7:36:9c:b2:0e:
                    5b:d3:50:e0:2c:11:6c:f5:d3:7d:00:46:6a:1d:ee:
                    aa:27:4d:4b:75:e1:49:ca:49:90:65:6d:fd:c3:60:
                    ea:d5:f4:6d:67:3a:a0:75:2c:21:cf:f0:79:d4:3e:
                    08:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:EA:07:D3:B9:6B:8E:2A:14:6D:8A:1B:42:FD:B6:20:15:31:59:1E
            X509v3 Authority Key Identifier:
                keyid:0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/NuoH07lrjioUbYobQv22IBUxWR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.19.0/24
                  146.19.163.0/24
                  194.50.154.0/24
                IPv6:
                  2a12:a300::/29
                  2a14:1f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:15:4f:ba:a1:f6:53:80:02:e4:b2:54:a9:89:a3:80:c3:f3:
         0c:83:01:10:87:b3:56:7c:7e:e4:77:17:55:99:90:ae:97:4f:
         61:97:bc:70:f2:c4:bb:b3:11:d3:e9:65:1f:94:2f:2a:de:f3:
         67:ab:94:06:0f:a1:01:32:aa:28:0b:5a:eb:a5:c1:b8:b2:02:
         dc:86:fb:4f:d8:fc:88:44:23:72:a4:8d:3b:6f:f7:17:b2:e3:
         53:d8:91:b4:53:5d:ab:e1:c0:be:5d:78:8f:fa:d3:57:ea:70:
         c2:88:9b:7b:e2:e3:c5:de:31:df:85:0b:56:4a:cc:96:5a:4c:
         ff:70:5c:ea:3a:30:69:0e:8c:9b:9f:30:e2:a4:61:bb:64:dd:
         63:7f:86:c4:c3:d1:16:d8:02:f7:59:36:f6:fc:42:86:15:b7:
         ac:f5:61:70:59:4b:e6:c9:cd:47:5b:1c:8a:6b:ce:f3:14:e7:
         5f:b9:66:6c:5c:e3:01:3b:59:d3:00:22:6d:c4:76:d2:60:40:
         3b:1b:09:24:3f:9b:3f:2d:97:ce:65:fc:d6:ba:1d:61:93:5c:
         7e:75:db:70:06:43:98:b2:f2:71:03:3a:5b:b3:9e:57:db:56:
         80:76:0c:79:31:af:cc:5d:5d:15:45:32:6d:b6:f8:fb:15:53:
         0d:6f:db:3f
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzO+r3kDQiC/zahaDDzKHLJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjRmODFiOWUzNmI4NDk5MTc3ODc2NzhkMDE0ZGI0YmZj
ZWYzMTEwHhcNMjQwMTAzMTA1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmVhMDdkM2I5NmI4ZTJhMTQ2ZDhhMWI0MmZkYjYyMDE1MzE1OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmq+hzZFSB4WaQKYr2MnFHJR4SfMC
tMQRYAC3jn2uhYUoIIIhCrFa3E9sobKemwktBdpC1+AKmKfYHTGCHb1t7n6ov740
Piq0hojiKLYDBeHTM5AjozR7NU9KfbXxPorHDlhbON+rqec+ixvxZVwxgIos4pxw
V/a4oV7qdWivwoROvPzgrBe3RcQO5C1hvYO8keeuwN1l1EqPVTN5azhJwosBpGVr
5Cas6d1dAU+8GD2fxHuYjPaoeKgmLP8izPhDbdl3BYXWD2kXLpzP1zacsg5b01Dg
LBFs9dN9AEZqHe6qJ01LdeFJykmQZW39w2Dq1fRtZzqgdSwhz/B51D4ICQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFDbqB9O5a44qFG2KG0L9tiAVMVkeMB8GA1UdIwQY
MBaAFA5k+BueNrhJkXeHZ40BTbS/zvMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTct
YzhmMTgyZTk1ZWE1LzEvTnVvSDA3bHJqaW9VYllvYlF2MjJJQlV4V1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTctYzhmMTgyZTk1ZWE1
LzEvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQAkhMTAwQA
khOjAwQAwjKaMBQEAgACMA4DBQMqEqMAAwUDKhQfgDANBgkqhkiG9w0BAQsFAAOC
AQEAIhVPuqH2U4AC5LJUqYmjgMPzDIMBEIezVnx+5HcXVZmQrpdPYZe8cPLEu7MR
0+llH5QvKt7zZ6uUBg+hATKqKAta66XBuLIC3Ib7T9j8iEQjcqSNO2/3F7LjU9iR
tFNdq+HAvl14j/rTV+pwwoibe+Ljxd4x34ULVkrMllpM/3Bc6jowaQ6Mm58w4qRh
u2TdY3+GxMPRFtgC91k29vxChhW3rPVhcFlL5snNR1scimvO8xTnX7lmbFzjATtZ
0wAibcR20mBAOxsJJD+bPy2XzmX81rodYZNcfnXbcAZDmLLycQM6W7OeV9tWgHYM
eTGvzF1dFUUybbb4+xVTDW/bPw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:44:44 2024 by rpki-client on console-ams.rpki-client.org