Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/839d1c-4db3-45cc-b04f-b55d7d7f2c48/1/EWM70Br3vpfA4BJB_h7_VehyHB0.roa
File:                     EWM70Br3vpfA4BJB_h7_VehyHB0.roa (raw, json)
Hash identifier:          D38w296M/FbWKAPxv97qJrH8AaNY2fs3IawSxfKN8ug=
Subject key identifier:   11:63:3B:D0:1A:F7:BE:97:C0:E0:12:41:FE:1E:FF:55:E8:72:1C:1D
Certificate issuer:       /CN=c35adeebc28d7e27fd9eb9efb23551dae20b1d0f
Certificate serial:       018E46AE80950DE4EF845C030D0E83CCAADD
Authority key identifier: C3:5A:DE:EB:C2:8D:7E:27:FD:9E:B9:EF:B2:35:51:DA:E2:0B:1D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w1re68KNfif9nrnvsjVR2uILHQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/839d1c-4db3-45cc-b04f-b55d7d7f2c48/1/EWM70Br3vpfA4BJB_h7_VehyHB0.roa
Signing time:             Sat 16 Mar 2024 09:53:45 +0000
ROA not before:           Sat 16 Mar 2024 09:53:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47951
IP address blocks:        194.104.137.0/24 maxlen: 24
                          2a11:5fc0::/29 maxlen: 29
                          2a11:5fc0::/32 maxlen: 32
                          2a11:5fc1::/32 maxlen: 32
                          2a11:5fc2::/32 maxlen: 32
                          2a11:5fc3::/32 maxlen: 32
                          2a11:5fc4::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/839d1c-4db3-45cc-b04f-b55d7d7f2c48/1/w1re68KNfif9nrnvsjVR2uILHQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/839d1c-4db3-45cc-b04f-b55d7d7f2c48/1/w1re68KNfif9nrnvsjVR2uILHQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w1re68KNfif9nrnvsjVR2uILHQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:46:ae:80:95:0d:e4:ef:84:5c:03:0d:0e:83:cc:aa:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35adeebc28d7e27fd9eb9efb23551dae20b1d0f
        Validity
            Not Before: Mar 16 09:53:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11633bd01af7be97c0e01241fe1eff55e8721c1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5e:12:2a:db:0a:61:cb:48:33:e6:ad:03:0a:
                    cd:8a:3f:d3:02:3b:69:52:2d:f5:96:b8:5b:47:83:
                    ba:8e:c2:09:fa:a9:aa:06:5d:2d:1e:a2:54:73:65:
                    d0:fa:bb:9a:91:f9:8c:2b:03:da:74:6b:30:96:aa:
                    71:2f:a9:52:71:e0:bc:6b:6d:30:3e:0b:7f:dc:93:
                    61:27:da:a1:1e:95:67:01:c5:3a:52:b7:2c:b9:31:
                    54:65:64:dc:d3:f9:29:5a:b0:76:dd:17:90:88:52:
                    6b:48:1b:3c:06:ba:66:f9:bd:67:43:88:89:94:2e:
                    6e:a5:f6:fc:c8:15:fe:2f:50:d7:a5:2e:0b:08:88:
                    9d:d4:c5:4c:21:69:24:80:77:d2:15:01:6f:b6:fb:
                    de:e0:a4:41:d1:06:6e:ff:ce:ad:64:a6:5f:c9:ce:
                    71:d7:54:83:b2:49:86:26:bb:41:cf:6d:08:d5:17:
                    52:55:2e:9c:4d:1f:4e:cd:cc:e1:48:d1:e9:12:e2:
                    aa:c5:b2:91:9a:00:fd:de:9d:02:e8:5a:17:7a:10:
                    95:53:a3:3e:80:27:fd:13:7e:d1:ed:d0:6e:aa:33:
                    c7:78:6c:97:7f:78:4a:30:90:f1:ab:fd:b0:21:c0:
                    89:1a:b0:60:43:5a:d5:52:e9:b0:df:25:0d:40:1e:
                    b2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:63:3B:D0:1A:F7:BE:97:C0:E0:12:41:FE:1E:FF:55:E8:72:1C:1D
            X509v3 Authority Key Identifier:
                keyid:C3:5A:DE:EB:C2:8D:7E:27:FD:9E:B9:EF:B2:35:51:DA:E2:0B:1D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w1re68KNfif9nrnvsjVR2uILHQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/839d1c-4db3-45cc-b04f-b55d7d7f2c48/1/EWM70Br3vpfA4BJB_h7_VehyHB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/839d1c-4db3-45cc-b04f-b55d7d7f2c48/1/w1re68KNfif9nrnvsjVR2uILHQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.137.0/24
                IPv6:
                  2a11:5fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:53:27:cc:cd:47:25:90:7b:7e:0b:41:01:04:b9:99:a3:e3:
         56:31:25:cf:ce:3f:f8:00:00:10:a4:7a:01:74:86:11:ea:47:
         5b:2d:40:5c:13:bc:57:f2:e0:59:68:bf:48:30:42:39:9d:1b:
         3d:97:80:1c:48:37:dd:e7:f1:4d:7f:8c:bf:a9:f2:ac:7f:2a:
         ce:f3:44:d8:ea:9e:96:3c:eb:03:4c:5f:10:a2:d9:fa:2a:f7:
         12:44:4f:d9:b5:85:60:db:64:cc:ae:14:ce:18:94:29:a2:98:
         cc:00:1b:80:de:46:8f:91:67:29:87:76:0d:ad:71:b9:62:15:
         cd:14:c8:c8:31:d6:45:80:c8:03:89:a1:cc:f4:ea:cb:e1:c1:
         77:51:d8:94:78:72:8f:61:b3:df:d5:b4:f8:ba:b6:76:e1:ba:
         7f:8e:88:a7:83:1e:32:a0:8c:53:8d:d4:f1:1f:7d:ba:d8:dc:
         b3:72:2a:a5:53:4b:19:18:c0:fb:11:10:51:d1:27:2b:94:2a:
         7c:cf:0a:f4:12:a6:f8:ac:03:dc:5b:37:29:5d:db:d2:bf:e9:
         29:9e:92:c0:3c:1b:b0:c0:46:ba:32:48:65:17:bc:a8:2d:ed:
         25:fa:c7:eb:01:4c:c4:d7:94:e0:fd:ff:ef:e3:18:5e:6e:dc:
         42:55:ec:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5GroCVDeTvhFwDDQ6DzKrdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWFkZWViYzI4ZDdlMjdmZDllYjllZmIyMzU1MWRhZTIw
YjFkMGYwHhcNMjQwMzE2MDk1MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTYzM2JkMDFhZjdiZTk3YzBlMDEyNDFmZTFlZmY1NWU4NzIxYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj14SKtsKYctIM+atAwrNij/TAjtp
Ui31lrhbR4O6jsIJ+qmqBl0tHqJUc2XQ+ruakfmMKwPadGswlqpxL6lSceC8a20w
Pgt/3JNhJ9qhHpVnAcU6UrcsuTFUZWTc0/kpWrB23ReQiFJrSBs8Brpm+b1nQ4iJ
lC5upfb8yBX+L1DXpS4LCIid1MVMIWkkgHfSFQFvtvve4KRB0QZu/86tZKZfyc5x
11SDskmGJrtBz20I1RdSVS6cTR9OzczhSNHpEuKqxbKRmgD93p0C6FoXehCVU6M+
gCf9E37R7dBuqjPHeGyXf3hKMJDxq/2wIcCJGrBgQ1rVUumw3yUNQB6ydwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBFjO9Aa976XwOASQf4e/1XochwdMB8GA1UdIwQY
MBaAFMNa3uvCjX4n/Z6577I1UdriCx0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzFyZTY4S05maWY5bnJudnNqVlIydUlMSFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy84MzlkMWMtNGRiMy00NWNjLWIwNGYt
YjU1ZDdkN2YyYzQ4LzEvRVdNNzBCcjN2cGZBNEJKQl9oN19WZWh5SEIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy84MzlkMWMtNGRiMy00NWNjLWIwNGYtYjU1ZDdkN2YyYzQ4
LzEvdzFyZTY4S05maWY5bnJudnNqVlIydUlMSFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwmiJMA0E
AgACMAcDBQMqEV/AMA0GCSqGSIb3DQEBCwUAA4IBAQBEUyfMzUclkHt+C0EBBLmZ
o+NWMSXPzj/4AAAQpHoBdIYR6kdbLUBcE7xX8uBZaL9IMEI5nRs9l4AcSDfd5/FN
f4y/qfKsfyrO80TY6p6WPOsDTF8Qotn6KvcSRE/ZtYVg22TMrhTOGJQpopjMABuA
3kaPkWcph3YNrXG5YhXNFMjIMdZFgMgDiaHM9OrL4cF3UdiUeHKPYbPf1bT4urZ2
4bp/joingx4yoIxTjdTxH3262NyzciqlU0sZGMD7ERBR0ScrlCp8zwr0Eqb4rAPc
WzcpXdvSv+kpnpLAPBuwwEa6MkhlF7yoLe0l+sfrAUzE15Tg/f/v4xhebtxCVeyL
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:03:04 2024 by rpki-client on console-ams.rpki-client.org