Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/3ve26xtGzaFB5mUk150pC4Sm-Cg.roa
File:                     3ve26xtGzaFB5mUk150pC4Sm-Cg.roa (raw, json)
Hash identifier:          yPxQODKx5b2a29CgRtpjh46hUotvxeQjZJErIGg2Nus=
Subject key identifier:   DE:F7:B6:EB:1B:46:CD:A1:41:E6:65:24:D7:9D:29:0B:84:A6:F8:28
Certificate issuer:       /CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
Certificate serial:       018CC94C10F058120646260FC85AF99E531D
Authority key identifier: D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/3ve26xtGzaFB5mUk150pC4Sm-Cg.roa
Signing time:             Tue 02 Jan 2024 08:30:54 +0000
ROA not before:           Tue 02 Jan 2024 08:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211936
IP address blocks:        45.81.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:10:f0:58:12:06:46:26:0f:c8:5a:f9:9e:53:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
        Validity
            Not Before: Jan  2 08:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=def7b6eb1b46cda141e66524d79d290b84a6f828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2c:92:28:d7:24:e8:47:f4:9b:b1:64:74:b7:
                    b4:4f:8a:83:c7:27:9f:99:34:db:c2:0e:5b:c3:c3:
                    20:1a:0e:c7:98:a4:68:bb:95:01:af:10:b8:50:45:
                    e5:6c:b2:d3:3d:5e:7b:17:d8:b2:0a:ef:1c:f7:65:
                    5f:2a:5b:fb:7c:5d:7b:5b:f3:90:69:00:c3:93:84:
                    ab:ef:8d:3c:c9:3b:1a:3c:72:b8:b9:20:e8:88:4a:
                    21:89:16:f5:bc:08:21:80:f1:af:91:c3:24:de:a9:
                    95:60:2e:2b:af:4d:6c:fa:be:f7:79:9a:25:5a:ce:
                    d6:5c:62:1c:59:fd:8e:a1:f0:b2:b5:87:84:24:26:
                    30:fb:c5:12:fa:02:8d:e3:b8:95:da:19:71:9c:c5:
                    2d:0c:9d:b3:f3:b3:5c:d6:d7:4e:38:05:40:08:f1:
                    6f:7e:c5:06:9f:a0:c2:bb:02:4a:1c:7e:44:62:ef:
                    66:c7:c4:09:5e:f2:9c:d7:b5:dc:5e:68:f4:ac:1b:
                    c3:d4:0b:1f:87:7a:60:bd:8b:75:fa:ac:d6:d9:23:
                    f2:30:ec:2d:c7:9a:b0:40:25:c1:a3:98:8f:93:03:
                    84:a0:d1:52:53:bf:2d:ed:0d:2b:ae:62:c7:9c:0f:
                    5f:3f:61:60:fd:7a:6a:f6:e8:4f:b2:fc:27:e1:2e:
                    22:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F7:B6:EB:1B:46:CD:A1:41:E6:65:24:D7:9D:29:0B:84:A6:F8:28
            X509v3 Authority Key Identifier:
                keyid:D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/3ve26xtGzaFB5mUk150pC4Sm-Cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:70:ed:b3:18:ee:db:1a:85:13:8d:17:7e:db:2e:30:6c:88:
         a0:a3:fb:fb:ef:d4:a6:9f:18:c8:df:ce:9b:c4:04:ee:96:39:
         ac:d0:df:fa:ab:79:da:8e:c9:00:48:3a:9f:ba:7a:eb:e4:4d:
         1b:bb:dd:c2:d3:10:6f:f3:fa:52:5c:91:b1:28:a2:7c:cd:cf:
         4d:95:52:fe:5c:2b:a7:50:4e:65:3e:3a:21:11:d3:d4:70:e5:
         5a:1c:36:e7:6a:f1:90:e1:d9:f7:66:b5:c5:26:0f:6e:8a:c0:
         13:39:6b:83:ee:1c:ab:0d:28:70:00:43:02:01:3b:70:60:5a:
         07:c4:05:30:47:cf:71:03:06:7e:55:04:cc:32:2e:86:b6:67:
         63:d8:d3:66:e6:a9:ba:2f:f8:c9:20:10:37:92:9d:02:8b:d1:
         cf:13:54:69:90:fb:b6:97:f7:67:9c:7f:0c:c2:a7:e4:c6:34:
         cb:46:d7:0c:f5:77:c8:71:9f:50:94:d3:7b:f0:c5:91:6f:23:
         d5:ab:45:24:cd:74:13:58:27:3a:92:1a:c2:25:17:e1:a2:2d:
         f0:7e:8c:04:ba:1c:4a:1e:6c:16:94:65:76:96:fe:d4:89:c1:
         ec:f0:6c:0c:0d:35:eb:0e:22:e8:25:d9:c0:6c:d7:bb:c8:3a:
         52:7b:0e:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTBDwWBIGRiYPyFr5nlMdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZTY3MzNmYTIzOWM1ZmIwYzQzOGM4MmY3YzIzMGY1NWQ0
NzhjYjEwHhcNMjQwMTAyMDgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWY3YjZlYjFiNDZjZGExNDFlNjY1MjRkNzlkMjkwYjg0YTZmODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziySKNck6Ef0m7FkdLe0T4qDxyef
mTTbwg5bw8MgGg7HmKRou5UBrxC4UEXlbLLTPV57F9iyCu8c92VfKlv7fF17W/OQ
aQDDk4Sr7408yTsaPHK4uSDoiEohiRb1vAghgPGvkcMk3qmVYC4rr01s+r73eZol
Ws7WXGIcWf2OofCytYeEJCYw+8US+gKN47iV2hlxnMUtDJ2z87Nc1tdOOAVACPFv
fsUGn6DCuwJKHH5EYu9mx8QJXvKc17XcXmj0rBvD1Asfh3pgvYt1+qzW2SPyMOwt
x5qwQCXBo5iPkwOEoNFSU78t7Q0rrmLHnA9fP2Fg/Xpq9uhPsvwn4S4iewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN73tusbRs2hQeZlJNedKQuEpvgoMB8GA1UdIwQY
MBaAFNXmcz+iOcX7DEOMgvfCMPVdR4yxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQt
YTM4YjY3OTVmYjI0LzEvM3ZlMjZ4dEd6YUZCNW1VazE1MHBDNFNtLUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQtYTM4YjY3OTVmYjI0
LzEvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBdcO2zGO7bGoUTjRd+2y4wbIigo/v779SmnxjI386b
xATuljms0N/6q3najskASDqfunrr5E0bu93C0xBv8/pSXJGxKKJ8zc9NlVL+XCun
UE5lPjohEdPUcOVaHDbnavGQ4dn3ZrXFJg9uisATOWuD7hyrDShwAEMCATtwYFoH
xAUwR89xAwZ+VQTMMi6Gtmdj2NNm5qm6L/jJIBA3kp0Ci9HPE1RpkPu2l/dnnH8M
wqfkxjTLRtcM9XfIcZ9QlNN78MWRbyPVq0UkzXQTWCc6khrCJRfhoi3wfowEuhxK
HmwWlGV2lv7UicHs8GwMDTXrDiLoJdnAbNe7yDpSew7u
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:35:28 2024 by rpki-client on console-fra.rpki-client.org