Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/e10057-99bb-44f9-9774-2752b3759066/1/b3UsCmXQ5pwPOOactdEo-6zojUI.roa
File:                     b3UsCmXQ5pwPOOactdEo-6zojUI.roa (raw, json)
Hash identifier:          MM+5vgXjQtlDDQb0cuCZ+yuDblXz68p3MzbYE2fq7Cw=
Subject key identifier:   6F:75:2C:0A:65:D0:E6:9C:0F:38:E6:9C:B5:D1:28:FB:AC:E8:8D:42
Certificate issuer:       /CN=5a1a31909780e81734af6607272d18525db7657d
Certificate serial:       018CCA29F0263730210FC4075AEF4A0BDC91
Authority key identifier: 5A:1A:31:90:97:80:E8:17:34:AF:66:07:27:2D:18:52:5D:B7:65:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WhoxkJeA6Bc0r2YHJy0YUl23ZX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/e10057-99bb-44f9-9774-2752b3759066/1/b3UsCmXQ5pwPOOactdEo-6zojUI.roa
Signing time:             Tue 02 Jan 2024 12:33:15 +0000
ROA not before:           Tue 02 Jan 2024 12:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39730
IP address blocks:        185.195.132.0/22 maxlen: 22
                          178.250.176.0/21 maxlen: 21
                          2a0a:23c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/e10057-99bb-44f9-9774-2752b3759066/1/WhoxkJeA6Bc0r2YHJy0YUl23ZX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/e10057-99bb-44f9-9774-2752b3759066/1/WhoxkJeA6Bc0r2YHJy0YUl23ZX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WhoxkJeA6Bc0r2YHJy0YUl23ZX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f0:26:37:30:21:0f:c4:07:5a:ef:4a:0b:dc:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a1a31909780e81734af6607272d18525db7657d
        Validity
            Not Before: Jan  2 12:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f752c0a65d0e69c0f38e69cb5d128fbace88d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6f:31:55:78:2e:e6:e7:28:35:65:43:22:aa:
                    a8:3a:7a:b6:5c:1c:e7:3d:7c:c1:28:71:ad:44:2d:
                    d4:fe:02:98:11:52:d7:12:dd:27:b9:f5:75:b9:5e:
                    3c:2c:eb:86:6a:e3:01:7e:c4:db:06:66:1f:66:e4:
                    5b:b3:cf:86:01:01:0e:b6:c2:f2:f1:12:b7:2e:f1:
                    e7:e2:aa:f6:06:6a:fe:98:83:a9:0f:ba:42:bf:1a:
                    98:0f:bc:95:f1:cb:a5:59:f4:6f:0e:dc:a4:7c:4a:
                    8d:8f:76:7d:0a:1b:e1:6a:d5:1a:70:98:c7:64:7f:
                    31:fa:27:d5:09:14:02:ee:22:16:36:da:1f:34:31:
                    f1:82:f6:fa:52:62:4c:34:97:bc:2d:f6:66:97:32:
                    86:bd:af:a5:ff:d3:70:87:f3:7e:7a:09:61:7d:a1:
                    fa:2b:ee:ac:b3:c7:cf:3c:8c:14:d0:89:7a:f0:37:
                    de:bb:46:65:0f:5f:41:c1:92:7e:5c:1c:43:52:ff:
                    f1:91:a0:49:03:8a:3c:94:91:0d:c9:b0:75:db:1f:
                    df:88:05:ce:0e:15:32:47:be:79:90:37:c1:e3:16:
                    8d:ed:eb:b4:d5:a0:cf:63:70:c4:aa:ad:bc:1e:e3:
                    5b:11:8c:76:bf:f6:e7:66:36:fe:f2:f7:76:5c:a6:
                    68:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:75:2C:0A:65:D0:E6:9C:0F:38:E6:9C:B5:D1:28:FB:AC:E8:8D:42
            X509v3 Authority Key Identifier:
                keyid:5A:1A:31:90:97:80:E8:17:34:AF:66:07:27:2D:18:52:5D:B7:65:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhoxkJeA6Bc0r2YHJy0YUl23ZX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/e10057-99bb-44f9-9774-2752b3759066/1/b3UsCmXQ5pwPOOactdEo-6zojUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/e10057-99bb-44f9-9774-2752b3759066/1/WhoxkJeA6Bc0r2YHJy0YUl23ZX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.176.0/21
                  185.195.132.0/22
                IPv6:
                  2a0a:23c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:91:5e:c7:4d:0a:11:15:94:c4:d5:37:8d:ae:ca:92:2e:77:
         1d:e7:36:4d:86:b7:7e:20:fd:0b:0e:7e:da:85:62:72:ff:39:
         c3:3b:1e:73:55:b2:d5:7b:57:9a:3a:a1:2e:92:e1:4d:9b:1f:
         e0:3f:8c:87:73:a8:dd:56:d9:9d:1a:8a:5b:24:ee:6f:11:2e:
         78:f1:cd:1b:5d:4d:17:70:c8:6e:64:42:90:63:15:35:2d:ed:
         c6:45:bd:49:40:14:75:41:d2:a6:5d:53:5c:cf:56:96:22:14:
         24:c6:df:9c:0f:88:56:71:52:74:ae:34:ef:68:5b:93:4f:43:
         12:6a:cc:f7:79:0c:d9:ae:db:52:bd:1b:9e:e2:99:8a:4e:33:
         0a:4d:09:45:85:67:a3:8c:74:5b:12:d8:4a:89:dc:23:4f:37:
         7e:d2:d0:29:7c:61:86:3d:17:2a:9c:6f:40:20:fa:70:85:3e:
         8b:2e:ab:a6:e2:12:e6:9c:32:b7:78:04:95:ed:97:bc:8e:7d:
         16:dd:09:40:8e:80:ce:bf:de:d3:04:8a:af:a1:2b:b0:85:a7:
         5b:f3:36:27:e5:f8:42:c0:b5:45:8b:56:64:40:36:ad:79:19:
         4d:6a:f9:15:35:73:c0:68:87:61:6a:07:9c:b4:5e:6c:67:6b:
         8c:e9:2c:60
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKfAmNzAhD8QHWu9KC9yRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMWEzMTkwOTc4MGU4MTczNGFmNjYwNzI3MmQxODUyNWRi
NzY1N2QwHhcNMjQwMTAyMTIzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjc1MmMwYTY1ZDBlNjljMGYzOGU2OWNiNWQxMjhmYmFjZTg4ZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG8xVXgu5ucoNWVDIqqoOnq2XBzn
PXzBKHGtRC3U/gKYEVLXEt0nufV1uV48LOuGauMBfsTbBmYfZuRbs8+GAQEOtsLy
8RK3LvHn4qr2Bmr+mIOpD7pCvxqYD7yV8culWfRvDtykfEqNj3Z9ChvhatUacJjH
ZH8x+ifVCRQC7iIWNtofNDHxgvb6UmJMNJe8LfZmlzKGva+l/9Nwh/N+eglhfaH6
K+6ss8fPPIwU0Il68Dfeu0ZlD19BwZJ+XBxDUv/xkaBJA4o8lJENybB12x/fiAXO
DhUyR755kDfB4xaN7eu01aDPY3DEqq28HuNbEYx2v/bnZjb+8vd2XKZojQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFG91LApl0OacDzjmnLXRKPus6I1CMB8GA1UdIwQY
MBaAFFoaMZCXgOgXNK9mByctGFJdt2V9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hveGtKZUE2QmMwcjJZSEp5MFlVbDIzWlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9lMTAwNTctOTliYi00NGY5LTk3NzQt
Mjc1MmIzNzU5MDY2LzEvYjNVc0NtWFE1cHdQT09hY3RkRW8tNnpvalVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9lMTAwNTctOTliYi00NGY5LTk3NzQtMjc1MmIzNzU5MDY2
LzEvV2hveGtKZUE2QmMwcjJZSEp5MFlVbDIzWlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsvqwAwQC
ucOEMA0EAgACMAcDBQMqCiPAMA0GCSqGSIb3DQEBCwUAA4IBAQAikV7HTQoRFZTE
1TeNrsqSLncd5zZNhrd+IP0LDn7ahWJy/znDOx5zVbLVe1eaOqEukuFNmx/gP4yH
c6jdVtmdGopbJO5vES548c0bXU0XcMhuZEKQYxU1Le3GRb1JQBR1QdKmXVNcz1aW
IhQkxt+cD4hWcVJ0rjTvaFuTT0MSasz3eQzZrttSvRue4pmKTjMKTQlFhWejjHRb
EthKidwjTzd+0tApfGGGPRcqnG9AIPpwhT6LLqum4hLmnDK3eASV7Ze8jn0W3QlA
joDOv97TBIqvoSuwhadb8zYn5fhCwLVFi1ZkQDateRlNavkVNXPAaIdhagectF5s
Z2uM6Sxg
-----END CERTIFICATE-----
Generated at Sat Jun 15 19:48:55 2024 by rpki-client on console-fra.rpki-client.org