Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pbRnEKy35OIur1byAlEZ7NczUH8.roa
File:                     pbRnEKy35OIur1byAlEZ7NczUH8.roa (raw, json)
Hash identifier:          /kzRKlyUb2SUK4mIXbDuF8XZ3zCvXcX6tO5XLbCzoBw=
Subject key identifier:   A5:B4:67:10:AC:B7:E4:E2:2E:AF:56:F2:02:51:19:EC:D7:33:50:7F
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C7ED052801EDCD33509AE9764E32
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pbRnEKy35OIur1byAlEZ7NczUH8.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211332
IP address blocks:        62.3.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c7:ed:05:28:01:ed:cd:33:50:9a:e9:76:4e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5b46710acb7e4e22eaf56f2025119ecd733507f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:df:03:02:ae:2e:3d:d1:f8:2a:07:e1:13:7b:
                    0f:5c:71:1d:cd:2c:30:dd:fe:30:e5:0d:56:a3:b2:
                    5d:4f:21:81:76:98:83:68:76:61:8d:0a:06:2a:a4:
                    be:79:7d:26:f4:60:e3:da:33:c7:4b:c2:72:86:76:
                    07:d2:4e:6a:03:cf:6c:be:7e:e2:6e:2f:ae:d3:91:
                    2a:3d:2d:96:9b:7e:4b:c8:32:7a:40:ab:d2:5d:11:
                    09:86:67:82:dd:8a:bf:f5:a5:71:46:e5:d0:65:85:
                    8f:3b:aa:00:42:13:e1:44:3d:b0:81:65:90:ec:48:
                    d7:53:63:b0:be:2f:b6:58:c8:eb:7b:01:9c:3d:38:
                    db:b7:ce:84:c9:14:c8:13:5f:8e:ae:f3:e1:57:0c:
                    06:f3:35:7c:09:ec:91:9b:c5:9c:35:00:13:69:76:
                    3d:12:e2:5f:fc:b2:08:32:88:43:cf:3c:1b:37:33:
                    e5:f3:ef:10:4d:6f:9c:2a:f0:33:22:49:42:24:37:
                    53:3c:6b:12:fa:73:eb:6e:0e:0c:c7:5b:e9:1c:c4:
                    d5:d1:60:0d:60:a2:bd:81:eb:23:86:a5:14:31:cc:
                    37:0e:68:bc:38:22:49:59:e7:59:63:22:ac:b3:e5:
                    40:75:83:18:c6:e8:fb:3b:49:11:5f:38:7d:95:1a:
                    90:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B4:67:10:AC:B7:E4:E2:2E:AF:56:F2:02:51:19:EC:D7:33:50:7F
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pbRnEKy35OIur1byAlEZ7NczUH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:0e:fd:fd:55:6e:05:8e:56:ba:5b:50:13:6c:4e:b8:0d:bd:
         6e:e2:88:2f:0e:49:02:82:d3:b1:69:3a:41:5d:91:cc:8a:69:
         d6:57:e1:36:3f:1c:b4:37:55:d5:2c:51:60:10:f2:93:20:3c:
         cc:db:11:9e:57:aa:db:18:bf:6e:eb:05:21:22:80:84:3d:09:
         aa:8a:fb:6a:30:90:30:67:70:23:0a:c8:00:e6:ab:bf:aa:f6:
         c2:3f:02:d0:06:13:ba:b5:33:1a:68:a5:01:6c:b0:6b:4c:59:
         bf:2c:f3:c9:12:5f:14:2e:fc:29:3a:80:d9:7e:e6:58:55:cb:
         9f:90:ef:a9:f7:67:b4:30:49:6b:c5:36:38:7e:c9:95:0d:4e:
         ec:39:1c:8f:36:ce:df:06:cc:1f:c5:89:cc:a2:85:18:07:4f:
         b1:65:27:81:9b:a8:46:12:33:9f:3e:95:ad:9b:5b:8b:14:ca:
         52:fe:88:9c:d1:c5:92:22:47:e3:b4:da:17:9e:ac:91:81:c2:
         c2:d0:ae:dc:38:55:7b:6d:7b:22:a8:3d:bf:ba:b0:1c:c9:a8:
         44:d8:52:5e:6c:ac:6a:25:6c:33:c4:05:7c:bb:ca:c6:43:2d:
         53:0a:7b:ed:2d:65:54:3b:d2:24:52:d2:86:1d:f2:a9:2e:63:
         01:b5:51:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMftBSgB7c0zUJrpdk4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWI0NjcxMGFjYjdlNGUyMmVhZjU2ZjIwMjUxMTllY2Q3MzM1MDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAot8DAq4uPdH4KgfhE3sPXHEdzSww
3f4w5Q1Wo7JdTyGBdpiDaHZhjQoGKqS+eX0m9GDj2jPHS8JyhnYH0k5qA89svn7i
bi+u05EqPS2Wm35LyDJ6QKvSXREJhmeC3Yq/9aVxRuXQZYWPO6oAQhPhRD2wgWWQ
7EjXU2Owvi+2WMjrewGcPTjbt86EyRTIE1+OrvPhVwwG8zV8CeyRm8WcNQATaXY9
EuJf/LIIMohDzzwbNzPl8+8QTW+cKvAzIklCJDdTPGsS+nPrbg4Mx1vpHMTV0WAN
YKK9gesjhqUUMcw3Dmi8OCJJWedZYyKss+VAdYMYxuj7O0kRXzh9lRqQVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKW0ZxCst+TiLq9W8gJRGezXM1B/MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvcGJSbkVLeTM1T0l1cjFieUFsRVo3TmN6VUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMaMA0G
CSqGSIb3DQEBCwUAA4IBAQBiDv39VW4Fjla6W1ATbE64Db1u4ogvDkkCgtOxaTpB
XZHMimnWV+E2Pxy0N1XVLFFgEPKTIDzM2xGeV6rbGL9u6wUhIoCEPQmqivtqMJAw
Z3AjCsgA5qu/qvbCPwLQBhO6tTMaaKUBbLBrTFm/LPPJEl8ULvwpOoDZfuZYVcuf
kO+p92e0MElrxTY4fsmVDU7sORyPNs7fBswfxYnMooUYB0+xZSeBm6hGEjOfPpWt
m1uLFMpS/oic0cWSIkfjtNoXnqyRgcLC0K7cOFV7bXsiqD2/urAcyahE2FJebKxq
JWwzxAV8u8rGQy1TCnvtLWVUO9IkUtKGHfKpLmMBtVFh
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:42:38 2024 by rpki-client on console-ams.rpki-client.org