Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/nQnAnlPJebG7244qFFDuRF2JQfE.roa
File:                     nQnAnlPJebG7244qFFDuRF2JQfE.roa (raw, json)
Hash identifier:          XcMHujCUb0tO9VnBSEqYuGtxUeuSywhoznOkTWsw1a0=
Subject key identifier:   9D:09:C0:9E:53:C9:79:B1:BB:DB:8E:2A:14:50:EE:44:5D:89:41:F1
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       018F3E21D8FBBA8341C41C5492BF29F54A68
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/nQnAnlPJebG7244qFFDuRF2JQfE.roa
Signing time:             Fri 03 May 2024 11:05:56 +0000
ROA not before:           Fri 03 May 2024 11:05:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216127
IP address blocks:        212.113.107.0/24 maxlen: 24
                          212.113.109.0/24 maxlen: 24
                          212.113.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3e:21:d8:fb:ba:83:41:c4:1c:54:92:bf:29:f5:4a:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: May  3 11:05:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d09c09e53c979b1bbdb8e2a1450ee445d8941f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bb:d0:a3:69:83:ae:b5:ad:37:f3:cd:00:7c:
                    42:5c:f4:f0:7f:6f:37:a5:64:5e:52:b5:9d:7d:cf:
                    a5:99:a8:5c:bf:5f:d9:5a:5c:e4:f8:e5:57:63:1c:
                    87:a5:36:7e:94:87:c5:c9:d9:8f:e7:dd:c7:45:37:
                    d7:6d:d0:df:75:e0:1f:53:5d:b8:c6:57:77:f6:be:
                    65:5b:c2:b6:ed:8f:49:05:5e:2a:17:94:47:16:6a:
                    6b:52:51:84:55:9e:10:5e:1c:a0:14:00:c8:2f:b3:
                    61:95:7d:60:94:50:12:50:74:45:60:27:fe:ee:81:
                    15:59:20:73:a0:3a:5e:3c:ce:cf:5d:72:74:bd:c4:
                    4b:91:95:5d:30:47:50:3a:08:a5:a0:a3:33:fa:54:
                    7b:bd:ca:21:42:4f:d1:5c:ab:d8:5c:2c:72:2d:a1:
                    02:a2:2c:be:88:e8:06:21:af:be:62:ea:4a:2d:31:
                    5a:be:f1:83:09:39:c9:f7:eb:c8:69:65:59:a6:fd:
                    8e:60:69:5d:40:5e:f2:0a:a5:a7:04:d4:4c:2b:49:
                    80:e9:c1:a4:ea:8e:6f:1d:5c:eb:44:9c:f2:06:69:
                    42:3d:84:65:28:c3:e0:6e:36:6c:66:32:ee:5a:5b:
                    e5:f0:39:98:61:f9:ad:6f:45:47:1e:28:b4:5b:d5:
                    f0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:09:C0:9E:53:C9:79:B1:BB:DB:8E:2A:14:50:EE:44:5D:89:41:F1
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/nQnAnlPJebG7244qFFDuRF2JQfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.107.0/24
                  212.113.109.0/24
                  212.113.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:39:fc:f8:35:29:f5:0d:e3:d8:be:1d:bc:77:e7:47:f8:a3:
         23:21:76:99:c5:da:76:50:0e:e6:c9:eb:32:92:69:17:4a:67:
         6f:31:4e:f3:9f:be:bb:5e:30:da:1c:d8:3d:0d:4c:a8:d0:3a:
         c5:1b:b4:49:61:15:59:ba:17:ad:1a:ec:38:6f:7b:f7:0f:9a:
         15:2a:7e:af:25:15:24:8a:8e:22:30:8f:9e:df:a9:23:e9:e1:
         ba:63:79:10:e6:6c:d3:67:f6:ef:df:d4:29:ae:81:5a:69:6b:
         3c:79:52:53:77:2b:b5:9f:cc:a2:96:9e:9c:54:87:8e:1f:90:
         ed:1a:93:a5:d5:5b:55:c7:0d:48:5c:74:ef:e0:dd:b2:54:14:
         8f:b8:ff:f5:c1:10:4a:4c:5b:0e:a6:c0:98:1e:c8:24:90:33:
         0c:13:36:ae:c2:b7:f5:f2:88:a7:9b:6f:53:25:c3:a3:7a:76:
         ba:4a:30:03:a4:5c:6d:dd:9c:bd:86:ca:32:05:98:fd:e5:a6:
         72:74:ea:57:f4:72:96:ac:78:d4:ea:21:40:60:82:ee:5a:4d:
         5f:2e:ae:e1:94:aa:2c:b4:1f:e2:8d:ce:0f:a9:fc:e8:85:f0:
         f9:43:b0:41:46:4d:c3:ab:92:79:b7:3d:a9:9b:cd:02:15:21:
         76:76:95:79
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8+Idj7uoNBxBxUkr8p9UpoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjQwNTAzMTEwNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDA5YzA5ZTUzYzk3OWIxYmJkYjhlMmExNDUwZWU0NDVkODk0MWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbvQo2mDrrWtN/PNAHxCXPTwf283
pWReUrWdfc+lmahcv1/ZWlzk+OVXYxyHpTZ+lIfFydmP593HRTfXbdDfdeAfU124
xld39r5lW8K27Y9JBV4qF5RHFmprUlGEVZ4QXhygFADIL7NhlX1glFASUHRFYCf+
7oEVWSBzoDpePM7PXXJ0vcRLkZVdMEdQOgiloKMz+lR7vcohQk/RXKvYXCxyLaEC
oiy+iOgGIa++YupKLTFavvGDCTnJ9+vIaWVZpv2OYGldQF7yCqWnBNRMK0mA6cGk
6o5vHVzrRJzyBmlCPYRlKMPgbjZsZjLuWlvl8DmYYfmtb0VHHii0W9XwTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ0JwJ5TyXmxu9uOKhRQ7kRdiUHxMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvblFuQW5sUEplYkc3MjQ0cUZGRHVSRjJKUWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1HFrAwQA
1HFtAwQA1HFwMA0GCSqGSIb3DQEBCwUAA4IBAQBHOfz4NSn1DePYvh28d+dH+KMj
IXaZxdp2UA7myesykmkXSmdvMU7zn767XjDaHNg9DUyo0DrFG7RJYRVZuhetGuw4
b3v3D5oVKn6vJRUkio4iMI+e36kj6eG6Y3kQ5mzTZ/bv39QproFaaWs8eVJTdyu1
n8yilp6cVIeOH5DtGpOl1VtVxw1IXHTv4N2yVBSPuP/1wRBKTFsOpsCYHsgkkDMM
Ezauwrf18oinm29TJcOjena6SjADpFxt3Zy9hsoyBZj95aZydOpX9HKWrHjU6iFA
YILuWk1fLq7hlKostB/ijc4PqfzohfD5Q7BBRk3Dq5J5tz2pm80CFSF2dpV5
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:34:50 2024 by rpki-client on console-fra.rpki-client.org