Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3gxLc-JXDOolgl3-vrz4tPzTwJ0.roa
File:                     3gxLc-JXDOolgl3-vrz4tPzTwJ0.roa (raw, json)
Hash identifier:          JBZ1ki4/wKYLZMKsj4tmUHaxZioWdg/m2wqA5xS+Lmw=
Subject key identifier:   DE:0C:4B:73:E2:57:0C:EA:25:82:5D:FE:BE:BC:F8:B4:FC:D3:C0:9D
Certificate issuer:       /CN=de0d9d6b697ca1c86570c256862e6858b4799c85
Certificate serial:       018CC50027EE403401CDB57B83DEC804A629
Authority key identifier: DE:0D:9D:6B:69:7C:A1:C8:65:70:C2:56:86:2E:68:58:B4:79:9C:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3gxLc-JXDOolgl3-vrz4tPzTwJ0.roa
Signing time:             Mon 01 Jan 2024 12:29:30 +0000
ROA not before:           Mon 01 Jan 2024 12:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198605
IP address blocks:        159.242.227.0/24 maxlen: 24
                          159.242.239.0/24 maxlen: 24
                          159.242.234.0/24 maxlen: 24
                          95.142.112.0/24 maxlen: 24
                          95.142.118.0/24 maxlen: 24
                          95.142.115.0/24 maxlen: 24
                          95.142.124.0/24 maxlen: 24
                          185.54.230.0/24 maxlen: 24
                          95.142.121.0/24 maxlen: 24
                          194.99.28.0/22 maxlen: 22
                          95.142.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:27:ee:40:34:01:cd:b5:7b:83:de:c8:04:a6:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de0d9d6b697ca1c86570c256862e6858b4799c85
        Validity
            Not Before: Jan  1 12:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de0c4b73e2570cea25825dfebebcf8b4fcd3c09d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b5:2b:a3:4e:b5:33:94:04:44:a3:9a:58:e1:
                    7d:1b:34:a4:f9:59:e3:7d:cf:22:62:37:e8:a9:2b:
                    86:1c:36:86:b4:a9:62:04:38:6c:4e:df:91:ec:c3:
                    41:48:65:37:26:8c:d3:93:97:53:0e:46:3d:fc:ae:
                    b3:9f:fa:66:fb:00:39:66:2a:81:65:1c:75:0d:f9:
                    4b:56:61:ff:b7:fa:7d:9b:73:bc:e8:ca:5a:59:46:
                    95:6a:9d:10:44:41:0f:94:06:d5:4f:e6:12:e9:7f:
                    df:fc:2a:63:aa:ba:6d:0b:54:03:d7:93:6e:12:9a:
                    cf:0c:67:43:cf:4c:35:67:d8:af:52:a1:cf:3c:00:
                    3b:06:84:7e:6d:ab:7f:6a:27:05:61:e6:bf:19:34:
                    08:57:48:c2:bf:03:ad:74:85:21:d4:4f:16:51:7b:
                    38:46:33:36:64:ee:e1:58:55:84:5f:8d:bc:a7:00:
                    76:26:39:02:f9:f7:73:89:5d:0c:9d:bd:6f:a0:9b:
                    74:df:bb:f7:e2:c7:17:66:e3:1a:35:03:db:6e:67:
                    7c:67:52:3d:28:59:51:77:6c:1a:c7:20:36:81:e2:
                    e5:1a:fc:5c:55:ad:51:a8:b5:39:0d:57:0b:f5:e2:
                    9f:c5:c7:b3:c4:00:ff:7f:85:b8:04:68:fc:c4:28:
                    9a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:0C:4B:73:E2:57:0C:EA:25:82:5D:FE:BE:BC:F8:B4:FC:D3:C0:9D
            X509v3 Authority Key Identifier:
                keyid:DE:0D:9D:6B:69:7C:A1:C8:65:70:C2:56:86:2E:68:58:B4:79:9C:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3gxLc-JXDOolgl3-vrz4tPzTwJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.142.112.0/24
                  95.142.115.0/24
                  95.142.118.0/24
                  95.142.121.0/24
                  95.142.124.0/24
                  95.142.127.0/24
                  159.242.227.0/24
                  159.242.234.0/24
                  159.242.239.0/24
                  185.54.230.0/24
                  194.99.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:ce:df:19:0f:da:48:41:20:aa:8f:69:b4:42:b0:c6:1f:da:
         c5:ea:42:32:8b:ad:a1:ad:bd:30:95:3a:4c:3a:27:ee:02:e1:
         bb:d6:5e:a9:8f:2a:3c:d0:92:c8:be:cc:e5:06:01:e1:8b:05:
         0d:28:70:ff:46:dd:36:d2:5d:f2:5e:fd:f0:f4:6a:57:78:7e:
         da:c0:e4:57:52:5f:6d:0f:6f:f1:e1:86:07:09:c9:ca:d3:38:
         d1:ff:b9:c7:26:0a:1e:75:a8:e5:56:f3:f1:64:98:9d:29:aa:
         f3:22:7d:96:57:68:fb:ec:82:76:85:9b:62:d0:3f:d7:f0:81:
         3e:2e:03:28:12:07:e0:d0:8d:5d:f4:95:ad:e4:8b:d9:0f:8c:
         05:55:97:08:0d:da:cc:b9:93:14:36:c1:91:a1:82:3c:ab:c8:
         c7:a3:f7:09:eb:d7:3d:c1:81:3e:f4:4f:ae:96:9b:ba:7a:04:
         3d:87:3d:42:1d:0c:ac:d1:fd:f5:ba:3f:b4:35:39:11:9a:8a:
         18:2b:3d:26:77:1d:6d:e6:d0:37:75:96:97:81:d2:96:db:7b:
         c1:a1:6a:3b:79:57:02:61:40:5c:3f:1c:8a:9c:ac:a8:c9:e4:
         0b:57:dd:e8:56:01:24:3b:57:13:96:11:91:d6:eb:22:0f:ac:
         a3:ba:fd:db
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYzFACfuQDQBzbV7g97IBKYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMGQ5ZDZiNjk3Y2ExYzg2NTcwYzI1Njg2MmU2ODU4YjQ3
OTljODUwHhcNMjQwMTAxMTIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTBjNGI3M2UyNTcwY2VhMjU4MjVkZmViZWJjZjhiNGZjZDNjMDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLUro061M5QERKOaWOF9GzSk+Vnj
fc8iYjfoqSuGHDaGtKliBDhsTt+R7MNBSGU3JozTk5dTDkY9/K6zn/pm+wA5ZiqB
ZRx1DflLVmH/t/p9m3O86MpaWUaVap0QREEPlAbVT+YS6X/f/CpjqrptC1QD15Nu
EprPDGdDz0w1Z9ivUqHPPAA7BoR+bat/aicFYea/GTQIV0jCvwOtdIUh1E8WUXs4
RjM2ZO7hWFWEX428pwB2JjkC+fdziV0Mnb1voJt037v34scXZuMaNQPbbmd8Z1I9
KFlRd2waxyA2geLlGvxcVa1RqLU5DVcL9eKfxcezxAD/f4W4BGj8xCiaoQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFN4MS3PiVwzqJYJd/r68+LT808CdMB8GA1UdIwQY
MBaAFN4NnWtpfKHIZXDCVoYuaFi0eZyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2cyZGEybDhvY2hsY01KV2hpNW9XTFI1bklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82OGRjM2MtZGYyZS00NDYxLWI3YTYt
MDFjYmZjMGU5NGU3LzEvM2d4TGMtSlhET29sZ2wzLXZyejR0UHpUd0owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82OGRjM2MtZGYyZS00NDYxLWI3YTYtMDFjYmZjMGU5NGU3
LzEvM2cyZGEybDhvY2hsY01KV2hpNW9XTFI1bklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAX45wAwQA
X45zAwQAX452AwQAX455AwQAX458AwQAX45/AwQAn/LjAwQAn/LqAwQAn/LvAwQA
uTbmAwQCwmMcMA0GCSqGSIb3DQEBCwUAA4IBAQA/zt8ZD9pIQSCqj2m0QrDGH9rF
6kIyi62hrb0wlTpMOifuAuG71l6pjyo80JLIvszlBgHhiwUNKHD/Rt020l3yXv3w
9GpXeH7awORXUl9tD2/x4YYHCcnK0zjR/7nHJgoedajlVvPxZJidKarzIn2WV2j7
7IJ2hZti0D/X8IE+LgMoEgfg0I1d9JWt5IvZD4wFVZcIDdrMuZMUNsGRoYI8q8jH
o/cJ69c9wYE+9E+ulpu6egQ9hz1CHQys0f31uj+0NTkRmooYKz0mdx1t5tA3dZaX
gdKW23vBoWo7eVcCYUBcPxyKnKyoyeQLV93oVgEkO1cTlhGR1usiD6yjuv3b
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:36:34 2024 by rpki-client on console-ams.rpki-client.org