Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/3BNH5IEXaq9-7zGNXK2rPTQGPNE.roa
File:                     3BNH5IEXaq9-7zGNXK2rPTQGPNE.roa (raw, json)
Hash identifier:          OTIkEQu5REolNTG2Ilw35d28N7J3Lnf9Un8dFroargA=
Subject key identifier:   DC:13:47:E4:81:17:6A:AF:7E:EF:31:8D:5C:AD:AB:3D:34:06:3C:D1
Certificate issuer:       /CN=007e6b5aa437d3693151502a211496e37d4ae2c5
Certificate serial:       018CC64B732A79101D050F5F18ACDAE35387
Authority key identifier: 00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/3BNH5IEXaq9-7zGNXK2rPTQGPNE.roa
Signing time:             Mon 01 Jan 2024 18:31:22 +0000
ROA not before:           Mon 01 Jan 2024 18:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        193.58.80.0/21 maxlen: 24
                          160.92.0.0/16 maxlen: 24
                          193.16.186.0/23 maxlen: 24
                          193.16.188.0/22 maxlen: 24
                          193.201.76.0/23 maxlen: 24
                          192.136.30.0/24 maxlen: 24
                          89.106.184.0/21 maxlen: 24
                          193.56.46.0/24 maxlen: 24
                          2a01:20:6::/48 maxlen: 48
                          2a01:20:4::/48 maxlen: 48
                          2a01:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:73:2a:79:10:1d:05:0f:5f:18:ac:da:e3:53:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=007e6b5aa437d3693151502a211496e37d4ae2c5
        Validity
            Not Before: Jan  1 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc1347e481176aaf7eef318d5cadab3d34063cd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ea:40:b3:ac:65:d2:13:14:f9:7e:4b:0a:ef:
                    04:bf:b9:26:8c:79:d7:ea:6f:8f:d0:ce:3c:29:05:
                    ec:8a:39:a1:df:83:55:9e:c6:8a:aa:22:2a:18:e2:
                    b4:26:74:29:79:6b:9d:7e:b3:ca:17:e1:b0:1d:a3:
                    cf:df:b4:dc:a2:81:db:d7:42:eb:67:24:7b:73:05:
                    e3:c2:3a:80:07:c2:86:e4:68:f0:de:4c:1c:34:aa:
                    23:df:b7:3b:1d:d7:d8:aa:8c:42:a5:77:12:9a:83:
                    60:a8:0a:1e:18:5f:eb:5a:ea:53:e2:42:ab:4f:86:
                    a8:2e:0a:83:fd:8f:c8:0e:68:5a:e1:a9:3e:79:c2:
                    69:06:4c:99:ec:fe:f9:30:19:3d:68:b0:76:d7:bf:
                    78:e1:4a:2d:c7:aa:42:7b:23:c8:47:e3:aa:88:0d:
                    fd:05:90:fa:0c:d4:40:ed:cc:81:ce:81:2b:d8:1e:
                    51:06:58:0f:de:1c:51:22:20:58:bd:6e:82:6e:48:
                    ed:9c:1b:bc:ae:5d:dd:90:e7:64:c3:e9:06:31:44:
                    b5:d7:df:53:62:04:65:a0:c8:71:bd:4d:05:51:d0:
                    86:66:ac:ce:47:55:5d:e4:52:2c:9c:c8:5c:3c:c3:
                    bb:ae:76:df:0b:b7:d3:84:ec:b5:18:6a:d9:1f:c5:
                    63:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:13:47:E4:81:17:6A:AF:7E:EF:31:8D:5C:AD:AB:3D:34:06:3C:D1
            X509v3 Authority Key Identifier:
                keyid:00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/3BNH5IEXaq9-7zGNXK2rPTQGPNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.184.0/21
                  160.92.0.0/16
                  192.136.30.0/24
                  193.16.186.0-193.16.191.255
                  193.56.46.0/24
                  193.58.80.0/21
                  193.201.76.0/23
                IPv6:
                  2a01:20::/48
                  2a01:20:4::/48
                  2a01:20:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:d3:f5:e8:e3:93:e4:c6:c3:6a:30:e0:6c:2a:9d:f6:76:e5:
         8b:16:39:eb:6a:c5:85:95:67:9d:4b:05:86:9e:36:b4:87:92:
         78:09:2e:9b:73:10:4b:13:51:fe:24:c8:f6:17:c1:73:32:22:
         1c:f9:7e:be:4c:12:b0:bf:cb:d1:3b:c9:25:18:ef:d0:63:6e:
         1b:f7:42:ae:fd:bb:06:f6:04:6c:09:f8:45:ad:77:ed:3f:3b:
         5a:e4:10:8a:72:69:44:9e:6b:34:02:d6:fa:f0:1e:d2:b0:c6:
         52:94:5e:c4:df:7c:df:b8:92:e6:ba:93:90:40:98:ce:2f:19:
         c3:ee:c5:e4:98:1e:ae:8b:6d:9e:3e:92:51:47:41:fc:30:c3:
         97:2f:13:b6:76:29:97:d9:5d:70:82:ff:a1:3a:2d:4f:b1:a6:
         fc:ab:ee:9b:95:2c:12:6a:b5:c4:c5:2d:18:02:e0:92:d9:06:
         73:74:5e:f1:c7:66:97:27:0e:fc:06:4c:be:df:83:be:98:6a:
         6b:07:15:2e:2a:2a:24:b9:30:5c:78:9f:1e:b4:72:c1:9a:e1:
         cb:c3:b2:ef:d4:8f:30:77:70:02:e4:61:64:4e:9a:b1:1f:fb:
         00:41:3e:c3:83:98:10:d0:d5:4d:fe:a9:5e:95:ee:7b:38:48:
         0d:37:df:89
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYzGS3MqeRAdBQ9fGKza41OHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwN2U2YjVhYTQzN2QzNjkzMTUxNTAyYTIxMTQ5NmUzN2Q0
YWUyYzUwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzEzNDdlNDgxMTc2YWFmN2VlZjMxOGQ1Y2FkYWIzZDM0MDYzY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjupAs6xl0hMU+X5LCu8Ev7kmjHnX
6m+P0M48KQXsijmh34NVnsaKqiIqGOK0JnQpeWudfrPKF+GwHaPP37TcooHb10Lr
ZyR7cwXjwjqAB8KG5Gjw3kwcNKoj37c7HdfYqoxCpXcSmoNgqAoeGF/rWupT4kKr
T4aoLgqD/Y/IDmha4ak+ecJpBkyZ7P75MBk9aLB217944Uotx6pCeyPIR+OqiA39
BZD6DNRA7cyBzoEr2B5RBlgP3hxRIiBYvW6CbkjtnBu8rl3dkOdkw+kGMUS1199T
YgRloMhxvU0FUdCGZqzOR1Vd5FIsnMhcPMO7rnbfC7fThOy1GGrZH8VjwwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFNwTR+SBF2qvfu8xjVytqz00BjzRMB8GA1UdIwQY
MBaAFAB+a1qkN9NpMVFQKiEUluN9SuLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYt
NWE4YzY3ODQyMzg5LzEvM0JOSDVJRVhhcTktN3pHTlhLMnJQVFFHUE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYtNWE4YzY3ODQyMzg5
LzEvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDA3BAIAATAxAwQDWWq4AwMA
oFwDBADAiB4wDAMEAcEQugMEBsEQgAMEAME4LgMEA8E6UAMEAcHJTDAhBAIAAjAb
AwcAKgEAIAAAAwcAKgEAIAAEAwcAKgEAIAAGMA0GCSqGSIb3DQEBCwUAA4IBAQCM
0/Xo45PkxsNqMOBsKp32duWLFjnrasWFlWedSwWGnja0h5J4CS6bcxBLE1H+JMj2
F8FzMiIc+X6+TBKwv8vRO8klGO/QY24b90Ku/bsG9gRsCfhFrXftPzta5BCKcmlE
nms0Atb68B7SsMZSlF7E33zfuJLmupOQQJjOLxnD7sXkmB6ui22ePpJRR0H8MMOX
LxO2dimX2V1wgv+hOi1Psab8q+6blSwSarXExS0YAuCS2QZzdF7xx2aXJw78Bky+
34O+mGprBxUuKiokuTBceJ8etHLBmuHLw7Lv1I8wd3AC5GFkTpqxH/sAQT7Dg5gQ
0NVN/qlele57OEgNN9+J
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:30:09 2024 by rpki-client on console-fra.rpki-client.org