Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/DUewrUtiiApQYEFHyR6xRhVurwk.roa
File:                     DUewrUtiiApQYEFHyR6xRhVurwk.roa (raw, json)
Hash identifier:          /wWjSpWKXht6mkB/zHQ6rf+0IQkV7zekSdFQLAQyU18=
Subject key identifier:   0D:47:B0:AD:4B:62:88:0A:50:60:41:47:C9:1E:B1:46:15:6E:AF:09
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC79456C6FD04EB0F6656CCCFD15A1AF4
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/DUewrUtiiApQYEFHyR6xRhVurwk.roa
Signing time:             Tue 02 Jan 2024 00:30:36 +0000
ROA not before:           Tue 02 Jan 2024 00:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202468
IP address blocks:        78.39.156.0/24 maxlen: 24
                          2.178.254.0/24 maxlen: 24
                          2.178.255.0/24 maxlen: 24
                          78.39.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:56:c6:fd:04:eb:0f:66:56:cc:cf:d1:5a:1a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d47b0ad4b62880a50604147c91eb146156eaf09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3e:d2:bc:db:e4:e3:63:e2:91:0f:26:58:14:
                    68:bb:29:1e:2b:0e:a8:07:d2:09:c5:c4:a9:52:80:
                    d2:fe:83:0a:29:9b:65:f3:e5:ca:3f:c4:0e:32:e3:
                    b3:95:5b:9b:21:45:77:50:33:f5:9a:0e:e5:e7:c0:
                    42:c5:9d:05:49:b8:0d:80:a5:cd:5c:b6:81:43:15:
                    fe:ca:00:a6:66:38:87:8b:af:82:97:83:c7:2c:09:
                    8a:70:0b:47:70:3e:f5:17:fc:1f:37:fd:0a:6f:8c:
                    16:e1:cd:50:c4:61:8d:96:b0:aa:45:02:57:1b:5a:
                    07:0d:5a:d8:87:d1:ed:f9:a1:ca:9a:98:a1:35:cf:
                    56:fa:9f:31:f8:81:36:7b:b4:fb:b7:38:f1:98:15:
                    f0:d5:e4:2a:29:0b:6f:b1:55:fd:3f:fb:37:91:89:
                    af:4a:18:c6:70:c3:21:f5:75:68:75:3b:28:a1:ae:
                    21:08:28:f5:83:c5:cf:d1:c2:bb:0d:32:75:0e:1a:
                    81:32:c8:e9:fe:64:92:81:ba:98:7c:7b:d5:27:a1:
                    a8:e6:ed:bd:9e:8a:79:cb:63:e9:be:9f:b6:e7:80:
                    bc:60:6b:a6:f7:e1:2f:d9:98:13:fe:23:7e:23:d7:
                    a2:b4:99:6d:95:a1:ba:99:81:68:f0:6f:a3:f3:c1:
                    12:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:47:B0:AD:4B:62:88:0A:50:60:41:47:C9:1E:B1:46:15:6E:AF:09
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/DUewrUtiiApQYEFHyR6xRhVurwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.178.254.0/23
                  78.39.156.0/24
                  78.39.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:76:3a:57:a6:18:da:51:96:7e:15:92:28:00:e6:6f:ec:3e:
         c8:2a:38:de:33:2f:70:35:e5:e5:bf:7f:0f:70:38:df:d9:30:
         3d:7f:f8:78:43:c0:68:e3:e5:08:95:dd:d5:05:b8:41:32:4e:
         63:25:78:60:fc:93:f0:a4:35:98:4b:f3:61:fc:07:f2:4f:a9:
         b9:3f:bd:14:8b:9c:5d:a4:cc:1b:25:f6:b6:bf:92:73:cb:c8:
         f9:22:20:dc:3b:3c:f4:fe:cd:99:52:ed:7e:33:38:68:33:34:
         0d:40:34:3d:8d:53:b0:64:1b:d2:55:d7:5a:84:02:34:3c:bd:
         08:62:81:0f:dc:e1:95:67:70:5d:9e:72:f3:3b:61:66:02:2a:
         4c:fb:07:2d:c9:51:ca:08:35:95:a5:6d:17:12:49:f8:9b:42:
         c8:4e:13:47:62:ff:18:2d:d4:55:57:3f:2d:8f:27:86:a1:e0:
         82:ea:ad:84:5d:bd:29:5a:42:c7:f7:f5:06:a3:fd:47:08:c9:
         b7:69:7f:8b:9d:e8:b4:cd:8e:9f:ca:95:24:43:d9:6f:29:71:
         0e:94:c9:52:24:55:e5:3d:90:3b:46:c8:7a:9a:48:55:73:cb:
         f9:c7:ff:09:de:e8:5c:af:9f:02:f8:f1:d5:26:83:6d:dc:5f:
         dc:8b:e0:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlFbG/QTrD2ZWzM/RWhr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQ3YjBhZDRiNjI4ODBhNTA2MDQxNDdjOTFlYjE0NjE1NmVhZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzT7SvNvk42PikQ8mWBRouykeKw6o
B9IJxcSpUoDS/oMKKZtl8+XKP8QOMuOzlVubIUV3UDP1mg7l58BCxZ0FSbgNgKXN
XLaBQxX+ygCmZjiHi6+Cl4PHLAmKcAtHcD71F/wfN/0Kb4wW4c1QxGGNlrCqRQJX
G1oHDVrYh9Ht+aHKmpihNc9W+p8x+IE2e7T7tzjxmBXw1eQqKQtvsVX9P/s3kYmv
ShjGcMMh9XVodTsooa4hCCj1g8XP0cK7DTJ1DhqBMsjp/mSSgbqYfHvVJ6Go5u29
nop5y2Ppvp+254C8YGum9+Ev2ZgT/iN+I9eitJltlaG6mYFo8G+j88ESkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA1HsK1LYogKUGBBR8kesUYVbq8JMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvRFVld3JVdGlpQXBRWUVGSHlSNnhSaFZ1cndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBArL+AwQA
TiecAwQATifGMA0GCSqGSIb3DQEBCwUAA4IBAQCLdjpXphjaUZZ+FZIoAOZv7D7I
KjjeMy9wNeXlv38PcDjf2TA9f/h4Q8Bo4+UIld3VBbhBMk5jJXhg/JPwpDWYS/Nh
/AfyT6m5P70Ui5xdpMwbJfa2v5Jzy8j5IiDcOzz0/s2ZUu1+MzhoMzQNQDQ9jVOw
ZBvSVddahAI0PL0IYoEP3OGVZ3BdnnLzO2FmAipM+wctyVHKCDWVpW0XEkn4m0LI
ThNHYv8YLdRVVz8tjyeGoeCC6q2EXb0pWkLH9/UGo/1HCMm3aX+Lnei0zY6fypUk
Q9lvKXEOlMlSJFXlPZA7Rsh6mkhVc8v5x/8J3uhcr58C+PHVJoNt3F/ci+Bl
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:03:26 2024 by rpki-client on console-ams.rpki-client.org