Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/8yqU5YTNWMTQpmMCHvZGuWfFtYw.roa
File:                     8yqU5YTNWMTQpmMCHvZGuWfFtYw.roa (raw, json)
Hash identifier:          Z0f7wsRfXNqqadxnRsY88EJegn+HRljfSWRDxAqUD40=
Subject key identifier:   F3:2A:94:E5:84:CD:58:C4:D0:A6:63:02:1E:F6:46:B9:67:C5:B5:8C
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       018CC6B8A236AE2FBA319304A270F9A471FD
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/8yqU5YTNWMTQpmMCHvZGuWfFtYw.roa
Signing time:             Mon 01 Jan 2024 20:30:38 +0000
ROA not before:           Mon 01 Jan 2024 20:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        212.113.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a2:36:ae:2f:ba:31:93:04:a2:70:f9:a4:71:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 20:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f32a94e584cd58c4d0a663021ef646b967c5b58c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:30:eb:40:30:7e:62:ce:53:66:f6:bf:33:1a:
                    b8:ae:37:65:0c:60:c7:e2:6f:d0:71:fc:ad:88:b1:
                    52:7e:df:01:06:5a:d3:3a:3a:a9:bc:28:d0:e7:d4:
                    e7:6a:0c:1c:13:ca:fe:fa:3f:e8:72:0f:a2:ea:09:
                    f6:ed:b4:35:87:d2:91:d2:4f:08:f8:32:2c:29:83:
                    3d:21:1b:3b:c7:4a:db:32:46:78:ae:1c:49:65:d0:
                    99:5c:0d:b1:4e:81:ab:3e:3e:c1:9b:52:46:84:ac:
                    39:3e:93:d3:31:b7:43:2a:c5:e8:99:d1:55:57:e8:
                    4e:87:9c:ab:d3:1d:5c:61:46:1c:59:e3:51:4b:a9:
                    f9:ea:c8:59:98:ae:9b:f6:b8:b0:77:94:7d:f9:6a:
                    27:e7:f8:49:fb:06:83:af:b0:29:d0:ed:66:b3:ea:
                    ed:fc:ba:6f:18:48:44:23:61:ee:70:b5:d5:8b:ab:
                    66:b3:e9:b8:9f:39:51:26:5c:a1:42:02:a5:55:15:
                    a5:fb:41:9e:1c:c4:3e:6b:69:40:db:82:0e:12:9d:
                    ae:68:c0:71:28:89:04:3a:fb:6c:7f:37:5a:c3:d9:
                    89:ca:b4:1c:37:73:79:0f:7b:05:65:4c:bf:2f:fb:
                    16:50:d1:f0:82:c9:91:cf:f4:10:d7:45:b1:6d:d8:
                    a6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:2A:94:E5:84:CD:58:C4:D0:A6:63:02:1E:F6:46:B9:67:C5:B5:8C
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/8yqU5YTNWMTQpmMCHvZGuWfFtYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:e0:f2:ed:14:23:79:4d:2b:34:ff:6b:bb:8c:ef:19:61:9e:
         f4:c0:a6:02:48:1d:da:16:4b:20:23:99:82:80:2d:cf:e3:44:
         f5:4c:71:a0:94:43:b0:37:43:8d:24:5b:ab:86:c5:72:9e:fb:
         00:0f:95:d7:1d:31:06:2e:01:c6:b9:f0:24:13:b8:59:00:a8:
         4b:50:47:5d:b9:1b:02:30:d0:61:7c:2f:b7:8d:6c:f9:83:d8:
         19:cc:01:68:d4:6c:bc:3e:35:2f:69:7e:07:40:b3:db:8f:a5:
         a5:80:36:2c:cf:0f:45:4c:7d:f4:1b:fd:c5:f6:25:08:5e:00:
         86:64:ab:28:0c:56:ae:84:0b:e6:e6:19:37:be:0b:07:3f:bd:
         2d:b3:fc:31:d4:9c:30:3c:b8:5c:d4:f1:1c:df:5e:d7:0b:9c:
         1f:74:d2:55:42:43:d8:40:03:e8:78:7f:4f:83:6d:05:ba:9a:
         18:a3:be:9a:75:ac:6f:21:f6:eb:42:81:86:da:30:9a:42:8c:
         5b:cf:63:2f:33:ed:b2:a3:11:b3:00:0c:9b:50:33:28:21:f2:
         9b:94:6a:e0:3e:25:d4:23:89:94:70:67:60:8f:41:44:21:a4:
         b8:93:b1:55:32:21:b9:d9:c2:2b:aa:7a:c1:4e:92:5f:aa:0c:
         40:91:e4:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuKI2ri+6MZMEonD5pHH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjQwMTAxMjAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzJhOTRlNTg0Y2Q1OGM0ZDBhNjYzMDIxZWY2NDZiOTY3YzViNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTDrQDB+Ys5TZva/Mxq4rjdlDGDH
4m/QcfytiLFSft8BBlrTOjqpvCjQ59TnagwcE8r++j/ocg+i6gn27bQ1h9KR0k8I
+DIsKYM9IRs7x0rbMkZ4rhxJZdCZXA2xToGrPj7Bm1JGhKw5PpPTMbdDKsXomdFV
V+hOh5yr0x1cYUYcWeNRS6n56shZmK6b9riwd5R9+Won5/hJ+waDr7Ap0O1ms+rt
/LpvGEhEI2HucLXVi6tms+m4nzlRJlyhQgKlVRWl+0GeHMQ+a2lA24IOEp2uaMBx
KIkEOvtsfzdaw9mJyrQcN3N5D3sFZUy/L/sWUNHwgsmRz/QQ10WxbdimlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMqlOWEzVjE0KZjAh72RrlnxbWMMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvOHlxVTVZVE5XTVRRcG1NQ0h2Wkd1V2ZGdFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HF0MA0G
CSqGSIb3DQEBCwUAA4IBAQA04PLtFCN5TSs0/2u7jO8ZYZ70wKYCSB3aFksgI5mC
gC3P40T1THGglEOwN0ONJFurhsVynvsAD5XXHTEGLgHGufAkE7hZAKhLUEdduRsC
MNBhfC+3jWz5g9gZzAFo1Gy8PjUvaX4HQLPbj6WlgDYszw9FTH30G/3F9iUIXgCG
ZKsoDFauhAvm5hk3vgsHP70ts/wx1JwwPLhc1PEc317XC5wfdNJVQkPYQAPoeH9P
g20FupoYo76adaxvIfbrQoGG2jCaQoxbz2MvM+2yoxGzAAybUDMoIfKblGrgPiXU
I4mUcGdgj0FEIaS4k7FVMiG52cIrqnrBTpJfqgxAkeT+
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:30:00 2024 by rpki-client on console-fra.rpki-client.org