Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/1-t3HGzZl-9flS8CYvxooOMCL32o.roa
File:                     1-t3HGzZl-9flS8CYvxooOMCL32o.roa (raw, json)
Hash identifier:          18BNrTGSoVFOcuC6IH5mlM6XrV0adiQ3d+y/ItuoWIk=
Subject key identifier:   FA:DD:C7:1B:36:65:FB:D7:E5:4B:C0:98:BF:1A:28:38:C0:8B:DF:6A
Certificate issuer:       /CN=5056c750840fe5c0103a7f51022c7ceea8fe969b
Certificate serial:       018F31B79EC21FA6B57780195C564F81DC01
Authority key identifier: 50:56:C7:50:84:0F:E5:C0:10:3A:7F:51:02:2C:7C:EE:A8:FE:96:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFbHUIQP5cAQOn9RAix87qj-lps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/1-t3HGzZl-9flS8CYvxooOMCL32o.roa
Signing time:             Wed 01 May 2024 01:14:28 +0000
ROA not before:           Wed 01 May 2024 01:14:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        37.18.64.0/21 maxlen: 24
                          46.227.192.0/21 maxlen: 24
                          185.137.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/UFbHUIQP5cAQOn9RAix87qj-lps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/UFbHUIQP5cAQOn9RAix87qj-lps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFbHUIQP5cAQOn9RAix87qj-lps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:31:b7:9e:c2:1f:a6:b5:77:80:19:5c:56:4f:81:dc:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5056c750840fe5c0103a7f51022c7ceea8fe969b
        Validity
            Not Before: May  1 01:14:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faddc71b3665fbd7e54bc098bf1a2838c08bdf6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:09:e8:9d:51:dd:1e:2b:10:d8:29:3b:6c:df:
                    41:43:a3:af:fb:48:a0:fe:4c:42:2c:28:a4:7d:92:
                    86:1d:70:03:8b:48:ce:06:52:b8:35:f7:a3:c7:8e:
                    76:ba:44:3d:86:19:f6:17:ee:be:ad:7b:89:c5:6d:
                    ff:17:c1:8b:fb:a0:e1:79:b4:69:56:ab:80:61:2f:
                    56:bc:14:e0:aa:f0:d8:45:36:b6:76:73:a0:16:75:
                    83:52:4c:ba:0f:f6:7a:90:16:c1:0d:27:09:d9:0b:
                    0a:8c:57:91:02:e7:96:d2:38:b0:f2:50:3b:9f:2f:
                    00:5a:6a:b3:df:54:4f:14:e7:b8:73:b6:ba:9f:b1:
                    21:7e:ca:e1:f3:4f:52:be:df:66:74:61:1b:d4:d8:
                    c2:e1:d9:6c:ae:e2:1f:c6:d8:53:50:ef:f2:69:e6:
                    4a:14:d2:ee:03:b9:1b:d7:de:2f:71:b1:43:80:d2:
                    cd:57:f3:a3:2f:da:72:21:85:02:ab:46:7c:18:90:
                    38:7f:66:22:5a:2b:6b:d7:3e:0b:0b:95:ad:03:60:
                    81:a2:29:a7:fb:72:67:db:b7:af:24:9e:a7:4d:35:
                    b1:3e:59:bf:39:e7:45:cd:e1:3e:45:49:1b:44:ad:
                    a2:e9:49:a0:4f:04:93:85:1c:6f:61:14:08:95:c4:
                    a1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:DD:C7:1B:36:65:FB:D7:E5:4B:C0:98:BF:1A:28:38:C0:8B:DF:6A
            X509v3 Authority Key Identifier:
                keyid:50:56:C7:50:84:0F:E5:C0:10:3A:7F:51:02:2C:7C:EE:A8:FE:96:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFbHUIQP5cAQOn9RAix87qj-lps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/1-t3HGzZl-9flS8CYvxooOMCL32o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/UFbHUIQP5cAQOn9RAix87qj-lps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.64.0/21
                  46.227.192.0/21
                  185.137.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:f6:7a:07:32:cc:46:57:1e:42:ed:fd:9c:fc:3b:2f:b7:f2:
         29:21:8c:bd:19:00:b5:b6:37:92:fa:ec:44:6f:43:b0:f6:10:
         a7:bb:e0:7a:23:78:7e:5e:88:31:be:56:ba:06:4d:f1:3d:28:
         98:b1:5e:8d:5f:49:4a:a2:48:b7:c4:8d:12:4d:35:71:8d:d4:
         7c:a7:cc:ac:4a:35:32:cf:62:fd:12:d8:f9:14:1c:70:19:4a:
         c8:8c:09:c9:6c:ff:f3:c9:d1:33:97:ba:cd:f1:29:74:30:2d:
         87:e3:21:c4:1c:fe:fa:a1:ce:85:0e:59:13:8c:d4:38:be:ab:
         7c:33:52:7c:a0:ad:05:24:d3:83:6b:d3:ba:d9:1d:7e:e1:c4:
         a7:c4:0e:4b:15:67:8d:c0:9c:0d:6e:f8:62:01:6c:1a:6f:e5:
         c0:19:56:06:12:41:7a:76:1a:80:ba:6d:0b:45:d6:a6:80:24:
         5e:e6:07:1d:81:ee:09:86:54:48:60:a7:35:2b:58:00:8a:d4:
         63:bf:62:9e:35:d7:bc:6a:98:36:0f:b9:91:58:d8:f8:2b:a3:
         d6:95:be:c2:ae:59:a1:98:9a:62:54:76:95:e2:18:38:69:f6:
         62:23:8c:9d:e4:f2:bb:0a:4d:f0:b0:89:8b:6d:42:2b:25:12:
         7d:3f:d3:f0
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAY8xt57CH6a1d4AZXFZPgdwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTZjNzUwODQwZmU1YzAxMDNhN2Y1MTAyMmM3Y2VlYThm
ZTk2OWIwHhcNMjQwNTAxMDExNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWRkYzcxYjM2NjVmYmQ3ZTU0YmMwOThiZjFhMjgzOGMwOGJkZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAnonVHdHisQ2Ck7bN9BQ6Ov+0ig
/kxCLCikfZKGHXADi0jOBlK4Nfejx452ukQ9hhn2F+6+rXuJxW3/F8GL+6DhebRp
VquAYS9WvBTgqvDYRTa2dnOgFnWDUky6D/Z6kBbBDScJ2QsKjFeRAueW0jiw8lA7
ny8AWmqz31RPFOe4c7a6n7Ehfsrh809Svt9mdGEb1NjC4dlsruIfxthTUO/yaeZK
FNLuA7kb194vcbFDgNLNV/OjL9pyIYUCq0Z8GJA4f2YiWitr1z4LC5WtA2CBoimn
+3Jn27evJJ6nTTWxPlm/OedFzeE+RUkbRK2i6UmgTwSThRxvYRQIlcShSQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPrdxxs2ZfvX5UvAmL8aKDjAi99qMB8GA1UdIwQY
MBaAFFBWx1CED+XAEDp/UQIsfO6o/pabMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZiSFVJUVA1Y0FRT245UkFpeDg3cWotbHBzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8yNTI5NjgtYjhiYS00ZTE5LTg0ZDct
MzIyODI4NmRhNjAxLzEvMS10M0hHelpsLTlmbFM4Q1l2eG9vT01DTDMyby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzIvMjUyOTY4LWI4YmEtNGUxOS04NGQ3LTMyMjgyODZkYTYw
MS8xL1VGYkhVSVFQNWNBUU9uOVJBaXg4N3FqLWxwcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAyUSQAME
Ay7jwAMEArmJBDANBgkqhkiG9w0BAQsFAAOCAQEApPZ6BzLMRlceQu39nPw7L7fy
KSGMvRkAtbY3kvrsRG9DsPYQp7vgeiN4fl6IMb5WugZN8T0omLFejV9JSqJIt8SN
Ek01cY3UfKfMrEo1Ms9i/RLY+RQccBlKyIwJyWz/88nRM5e6zfEpdDAth+MhxBz+
+qHOhQ5ZE4zUOL6rfDNSfKCtBSTTg2vTutkdfuHEp8QOSxVnjcCcDW74YgFsGm/l
wBlWBhJBenYagLptC0XWpoAkXuYHHYHuCYZUSGCnNStYAIrUY79injXXvGqYNg+5
kVjY+Cuj1pW+wq5ZoZiaYlR2leIYOGn2YiOMneTyuwpN8LCJi21CKyUSfT/T8A==
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:17:19 2024 by rpki-client on console-fra.rpki-client.org