Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/7588d0-33bd-49c9-885d-4c38bff1af18/1/jq3H6Nj50eI7BCR5M9Bqt_9JJrA.roa
File:                     jq3H6Nj50eI7BCR5M9Bqt_9JJrA.roa (raw, json)
Hash identifier:          M/GNJhSr3qWVEXUz2kiZh3WkiuNzb8m00wr8zIGpJkY=
Subject key identifier:   8E:AD:C7:E8:D8:F9:D1:E2:3B:04:24:79:33:D0:6A:B7:FF:49:26:B0
Certificate issuer:       /CN=7a3508be2a868d6ce54db9b3a864d4be985cae4d
Certificate serial:       018CC727389AE058D04397372027EEFED211
Authority key identifier: 7A:35:08:BE:2A:86:8D:6C:E5:4D:B9:B3:A8:64:D4:BE:98:5C:AE:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ejUIviqGjWzlTbmzqGTUvphcrk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/7588d0-33bd-49c9-885d-4c38bff1af18/1/jq3H6Nj50eI7BCR5M9Bqt_9JJrA.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57671
IP address blocks:        192.146.141.0/24 maxlen: 24
                          192.146.140.0/23 maxlen: 23
                          192.146.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/7588d0-33bd-49c9-885d-4c38bff1af18/1/ejUIviqGjWzlTbmzqGTUvphcrk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/7588d0-33bd-49c9-885d-4c38bff1af18/1/ejUIviqGjWzlTbmzqGTUvphcrk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ejUIviqGjWzlTbmzqGTUvphcrk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:38:9a:e0:58:d0:43:97:37:20:27:ee:fe:d2:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a3508be2a868d6ce54db9b3a864d4be985cae4d
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8eadc7e8d8f9d1e23b04247933d06ab7ff4926b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:20:8c:85:4a:f7:b4:57:f9:15:4c:9f:29:c3:
                    f5:b1:de:c6:39:f1:bc:c1:b5:e2:5d:08:c3:63:8a:
                    0a:39:7a:60:ae:64:d6:79:2c:ee:bf:b8:4a:cc:95:
                    ed:32:ab:56:8c:a9:a5:dc:69:bd:06:29:9a:4d:3e:
                    30:d3:aa:d1:22:8b:9b:f8:e0:08:44:d7:24:80:fe:
                    d2:c5:b4:a7:ac:66:bc:1b:a0:08:3c:53:69:d2:46:
                    09:0f:bd:da:95:9a:de:7b:bd:73:00:5c:6c:b3:f2:
                    35:4b:69:26:11:dc:53:0d:10:0d:e0:c0:61:4f:ed:
                    fc:92:d2:1b:a7:55:58:67:84:07:f7:59:67:7e:de:
                    7b:f0:fd:40:a1:bb:78:cb:15:c8:42:fb:64:22:26:
                    0b:93:7b:13:3d:40:cb:5b:11:af:01:a0:73:16:19:
                    ee:24:85:9d:b3:81:62:93:64:b5:a9:c4:dd:a9:8a:
                    8a:b4:0b:36:6d:73:14:23:20:ed:63:a5:ce:ea:ca:
                    75:c3:96:d1:ff:2b:d2:c0:88:f7:09:8f:4b:67:79:
                    2b:3a:57:84:d5:93:b8:c6:bd:e0:eb:8b:41:49:75:
                    7e:5d:05:d6:4e:2b:65:bb:ed:ad:30:8e:7f:38:fb:
                    b5:62:0c:31:d9:7a:93:49:5e:a3:04:88:5c:0c:30:
                    3a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:AD:C7:E8:D8:F9:D1:E2:3B:04:24:79:33:D0:6A:B7:FF:49:26:B0
            X509v3 Authority Key Identifier:
                keyid:7A:35:08:BE:2A:86:8D:6C:E5:4D:B9:B3:A8:64:D4:BE:98:5C:AE:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ejUIviqGjWzlTbmzqGTUvphcrk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/7588d0-33bd-49c9-885d-4c38bff1af18/1/jq3H6Nj50eI7BCR5M9Bqt_9JJrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/7588d0-33bd-49c9-885d-4c38bff1af18/1/ejUIviqGjWzlTbmzqGTUvphcrk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.146.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:d6:5c:76:f7:b2:58:d1:1f:82:7a:ae:76:19:96:cb:5b:9f:
         df:a8:f3:b1:7a:6f:11:f7:86:a1:2f:6f:7d:f5:1b:31:6b:b5:
         7b:a9:4a:30:4b:dd:83:79:19:ca:0c:14:ec:61:0a:0b:ba:0e:
         72:e8:ef:63:a7:76:45:9c:89:54:77:d3:d1:3e:31:3d:10:44:
         d6:12:82:88:56:60:d8:b2:0e:2b:0f:b7:4d:29:17:1a:27:fc:
         97:f3:67:ad:f7:11:6c:fe:ac:0b:03:12:3d:02:68:dd:7c:7c:
         fe:d6:ad:9f:13:df:71:07:4c:ca:6f:01:1e:c5:02:43:b2:6c:
         1d:a5:38:53:6c:4f:92:37:cb:c0:d4:98:bb:c3:67:fe:a6:33:
         9c:7d:fc:f7:a3:30:8e:b5:ba:3b:6f:1d:14:2a:05:52:14:e8:
         d7:2d:12:ed:5f:da:aa:f8:19:a0:1b:a8:00:9d:8d:f5:a1:56:
         af:e6:a4:10:80:aa:02:26:8b:f6:27:f6:37:5d:73:0a:95:b1:
         79:6d:c2:f4:2f:94:18:52:ec:d5:78:b2:36:d5:c2:0c:5d:93:
         5c:24:9b:01:82:dc:5d:d2:a9:02:e8:bd:6c:83:9b:68:66:71:
         b3:d0:03:6b:ed:6f:e0:18:0c:66:eb:24:81:4a:31:f1:56:7f:
         5b:70:0c:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzia4FjQQ5c3ICfu/tIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMzUwOGJlMmE4NjhkNmNlNTRkYjliM2E4NjRkNGJlOTg1
Y2FlNGQwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWFkYzdlOGQ4ZjlkMWUyM2IwNDI0NzkzM2QwNmFiN2ZmNDkyNmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCCMhUr3tFf5FUyfKcP1sd7GOfG8
wbXiXQjDY4oKOXpgrmTWeSzuv7hKzJXtMqtWjKml3Gm9BimaTT4w06rRIoub+OAI
RNckgP7SxbSnrGa8G6AIPFNp0kYJD73alZree71zAFxss/I1S2kmEdxTDRAN4MBh
T+38ktIbp1VYZ4QH91lnft578P1Aobt4yxXIQvtkIiYLk3sTPUDLWxGvAaBzFhnu
JIWds4Fik2S1qcTdqYqKtAs2bXMUIyDtY6XO6sp1w5bR/yvSwIj3CY9LZ3krOleE
1ZO4xr3g64tBSXV+XQXWTitlu+2tMI5/OPu1Ygwx2XqTSV6jBIhcDDA6RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6tx+jY+dHiOwQkeTPQarf/SSawMB8GA1UdIwQY
MBaAFHo1CL4qho1s5U25s6hk1L6YXK5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWpVSXZpcUdqV3psVGJtenFHVFV2cGhjcmswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS83NTg4ZDAtMzNiZC00OWM5LTg4NWQt
NGMzOGJmZjFhZjE4LzEvanEzSDZOajUwZUk3QkNSNU05QnF0XzlKSnJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS83NTg4ZDAtMzNiZC00OWM5LTg4NWQtNGMzOGJmZjFhZjE4
LzEvZWpVSXZpcUdqV3psVGJtenFHVFV2cGhjcmswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwJKMMA0G
CSqGSIb3DQEBCwUAA4IBAQCK1lx297JY0R+Ceq52GZbLW5/fqPOxem8R94ahL299
9Rsxa7V7qUowS92DeRnKDBTsYQoLug5y6O9jp3ZFnIlUd9PRPjE9EETWEoKIVmDY
sg4rD7dNKRcaJ/yX82et9xFs/qwLAxI9AmjdfHz+1q2fE99xB0zKbwEexQJDsmwd
pThTbE+SN8vA1Ji7w2f+pjOcffz3ozCOtbo7bx0UKgVSFOjXLRLtX9qq+BmgG6gA
nY31oVav5qQQgKoCJov2J/Y3XXMKlbF5bcL0L5QYUuzVeLI21cIMXZNcJJsBgtxd
0qkC6L1sg5toZnGz0ANr7W/gGAxm6ySBSjHxVn9bcAwg
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:16:26 2024 by rpki-client on console-ams.rpki-client.org