Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/sTKsT3yqB5aV5OZc5oftIMxxBaw.roa
File:                     sTKsT3yqB5aV5OZc5oftIMxxBaw.roa (raw, json)
Hash identifier:          iD0wDrja6LQp1VVVA5RxlkPuofU0N1dcsTrc8hyWVas=
Subject key identifier:   B1:32:AC:4F:7C:AA:07:96:95:E4:E6:5C:E6:87:ED:20:CC:71:05:AC
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       018CC6B8A1069FD53600F3AEB77B9509090C
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/sTKsT3yqB5aV5OZc5oftIMxxBaw.roa
Signing time:             Mon 01 Jan 2024 20:30:37 +0000
ROA not before:           Mon 01 Jan 2024 20:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9123
IP address blocks:        212.113.120.0/24 maxlen: 24
                          212.113.121.0/24 maxlen: 24
                          212.113.122.0/24 maxlen: 24
                          212.113.123.0/24 maxlen: 24
                          212.113.117.0/24 maxlen: 24
                          212.113.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a1:06:9f:d5:36:00:f3:ae:b7:7b:95:09:09:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 20:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b132ac4f7caa079695e4e65ce687ed20cc7105ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:04:12:c5:d9:11:a9:48:f8:48:33:73:70:88:
                    9b:52:75:2c:78:0a:12:62:2d:58:bc:03:e4:75:b5:
                    96:cd:cf:fc:18:93:75:31:04:b1:09:18:24:a6:1d:
                    b3:de:06:d0:41:08:04:20:4d:0c:81:6f:56:e5:6b:
                    4f:c5:d6:22:cc:42:39:68:83:db:39:2e:c7:8e:8c:
                    bc:36:1e:a4:b8:a1:1f:dd:92:4f:dd:7f:44:8b:b5:
                    16:84:1e:d6:ed:b7:76:fa:32:6f:5b:b4:96:77:8b:
                    59:a0:74:07:08:cf:0d:a9:41:73:f4:7f:67:64:35:
                    4d:00:3d:cf:41:9f:cc:3c:8a:f4:0c:7d:10:11:fb:
                    f9:8e:01:32:18:17:e1:db:96:f5:3a:52:ae:6b:81:
                    22:54:a2:84:8e:4b:fc:4e:1e:96:d3:20:55:fa:37:
                    a9:64:d2:ac:e3:9b:30:29:89:ed:f1:5b:e1:5e:01:
                    ee:65:fd:4f:1e:dd:22:cd:5a:c7:82:69:06:5e:97:
                    aa:bb:82:c1:1b:cd:9e:22:75:0c:a7:3d:5d:d1:3b:
                    b7:ce:b4:8e:3b:de:67:c8:8e:e1:ec:ec:6d:75:ab:
                    e2:00:2a:8e:2f:fe:36:0e:43:53:44:1a:15:3f:20:
                    7c:66:ab:a2:f3:72:c7:2a:16:57:43:c3:6b:c7:c5:
                    9a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:32:AC:4F:7C:AA:07:96:95:E4:E6:5C:E6:87:ED:20:CC:71:05:AC
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/sTKsT3yqB5aV5OZc5oftIMxxBaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.117.0-212.113.118.255
                  212.113.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:a1:c7:88:38:54:9c:77:78:46:48:dd:70:6b:85:ef:14:05:
         61:f1:23:d8:2f:55:d3:e3:a8:3c:5e:77:b8:66:e5:d6:55:02:
         48:42:95:10:ff:7b:23:fb:ba:e5:0b:8b:bc:0e:df:3e:aa:d2:
         be:4f:53:de:0b:a6:7a:37:92:e4:6e:c3:e6:f8:4f:ba:5e:97:
         e0:0b:03:92:c9:ed:2f:85:07:3d:0e:83:55:c7:c0:1b:b1:80:
         08:6c:98:2e:1f:d0:ac:a8:e7:fb:87:d8:9d:1b:97:35:3b:3b:
         f1:a1:8d:70:40:9b:c9:e2:51:53:4d:ba:16:07:98:3d:98:6a:
         9e:b8:4f:cb:dc:40:d3:7b:a1:92:07:3b:f3:46:da:8e:cd:18:
         fc:f2:f4:52:de:00:b7:78:2c:e5:a9:1f:ad:1e:01:46:a7:27:
         39:f9:41:fc:ea:b8:4e:be:5e:93:39:6d:48:93:65:ed:3e:4b:
         fc:63:21:df:f3:a5:ab:25:f3:67:09:2c:05:ae:8f:ee:77:f1:
         50:8a:83:46:6c:f5:c8:12:c7:ff:cc:96:1f:b7:05:87:80:dd:
         54:6d:e1:7d:db:67:9f:ce:50:df:82:63:c6:6c:cf:36:fc:9a:
         bb:aa:06:be:6e:af:91:00:d0:62:02:82:39:76:77:83:42:a7:
         24:0c:1e:69
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGuKEGn9U2APOut3uVCQkMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjQwMTAxMjAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTMyYWM0ZjdjYWEwNzk2OTVlNGU2NWNlNjg3ZWQyMGNjNzEwNWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwQSxdkRqUj4SDNzcIibUnUseAoS
Yi1YvAPkdbWWzc/8GJN1MQSxCRgkph2z3gbQQQgEIE0MgW9W5WtPxdYizEI5aIPb
OS7Hjoy8Nh6kuKEf3ZJP3X9Ei7UWhB7W7bd2+jJvW7SWd4tZoHQHCM8NqUFz9H9n
ZDVNAD3PQZ/MPIr0DH0QEfv5jgEyGBfh25b1OlKua4EiVKKEjkv8Th6W0yBV+jep
ZNKs45swKYnt8VvhXgHuZf1PHt0izVrHgmkGXpequ4LBG82eInUMpz1d0Tu3zrSO
O95nyI7h7OxtdaviACqOL/42DkNTRBoVPyB8Zqui83LHKhZXQ8Nrx8WaCwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLEyrE98qgeWleTmXOaH7SDMcQWsMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvc1RLc1QzeXFCNWFWNU9aYzVvZnRJTXh4QmF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADUcXUD
BADUcXYDBALUcXgwDQYJKoZIhvcNAQELBQADggEBACWhx4g4VJx3eEZI3XBrhe8U
BWHxI9gvVdPjqDxed7hm5dZVAkhClRD/eyP7uuULi7wO3z6q0r5PU94Lpno3kuRu
w+b4T7pel+ALA5LJ7S+FBz0Og1XHwBuxgAhsmC4f0Kyo5/uH2J0blzU7O/GhjXBA
m8niUVNNuhYHmD2Yap64T8vcQNN7oZIHO/NG2o7NGPzy9FLeALd4LOWpH60eAUan
Jzn5QfzquE6+XpM5bUiTZe0+S/xjId/zpasl82cJLAWuj+538VCKg0Zs9cgSx//M
lh+3BYeA3VRt4X3bZ5/OUN+CY8Zszzb8mruqBr5ur5EA0GICgjl2d4NCpyQMHmk=
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:33:08 2024 by rpki-client on console-ams.rpki-client.org