Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/Mj5w8Qrm0dOfDMPL23dbbjwkg3s.roa
File:                     Mj5w8Qrm0dOfDMPL23dbbjwkg3s.roa (raw, json)
Hash identifier:          6RyRT+sB4hA/IBzFFcwlm/DK96+dI8KR/y7F45BmMTk=
Subject key identifier:   32:3E:70:F1:0A:E6:D1:D3:9F:0C:C3:CB:DB:77:5B:6E:3C:24:83:7B
Certificate issuer:       /CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Certificate serial:       018CC3B6D4D438AC0032183A5BD73E8AAB0E
Authority key identifier: 8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/Mj5w8Qrm0dOfDMPL23dbbjwkg3s.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213296
IP address blocks:        158.46.192.0/22 maxlen: 22
                          158.46.191.0/24 maxlen: 24
                          158.46.188.0/24 maxlen: 24
                          178.171.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d4:d4:38:ac:00:32:18:3a:5b:d7:3e:8a:ab:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=323e70f10ae6d1d39f0cc3cbdb775b6e3c24837b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:20:42:f6:bb:90:fc:cc:d3:84:9e:1d:59:93:
                    b5:80:da:b8:a6:4b:fa:8c:f0:3e:15:be:fc:c2:37:
                    47:91:c3:b1:a5:09:8d:08:2d:db:b4:8f:39:e3:89:
                    03:f7:0e:55:6c:12:0a:d4:6e:4b:1e:b6:4e:fc:d2:
                    7a:2a:63:92:0e:3b:2d:30:4e:fd:d4:4b:f9:5a:75:
                    02:55:0d:f9:b5:17:df:81:71:de:23:30:0e:cd:49:
                    32:16:e4:b2:dc:14:dd:ee:6d:f0:fa:63:dc:29:d3:
                    95:0c:01:bf:b4:1e:fc:4d:d2:d4:9f:00:53:38:50:
                    9f:eb:74:54:eb:76:bf:40:ad:db:0e:be:08:ef:32:
                    c1:50:ba:84:e0:31:17:07:fd:e8:0c:99:dd:c4:65:
                    65:d3:ce:4a:1d:69:23:f0:d4:37:8e:a4:71:59:7e:
                    e5:e7:86:a2:6f:05:a4:5c:14:41:22:ee:53:82:26:
                    b8:1e:dd:51:72:b2:b6:09:bb:26:d0:92:89:27:f3:
                    48:a5:75:23:d0:21:35:a4:e7:5b:0e:d7:df:f7:00:
                    9f:92:27:80:99:c7:67:1c:e4:41:f7:7c:20:de:42:
                    27:4c:a6:24:9e:c9:f8:f4:6d:3b:5c:d0:99:19:80:
                    31:fa:02:98:12:11:20:6a:8a:ec:35:79:da:ca:69:
                    e4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:3E:70:F1:0A:E6:D1:D3:9F:0C:C3:CB:DB:77:5B:6E:3C:24:83:7B
            X509v3 Authority Key Identifier:
                keyid:8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/Mj5w8Qrm0dOfDMPL23dbbjwkg3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.46.188.0/24
                  158.46.191.0-158.46.195.255
                  178.171.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:2e:8c:be:cf:de:1f:78:46:d7:c7:f9:3e:12:dd:d2:81:23:
         e3:96:23:51:1b:08:a6:47:af:85:8b:c5:77:fa:e6:4f:6f:7e:
         82:9b:cf:b3:7c:eb:6f:7f:fc:31:fc:01:33:b0:6d:3d:96:d7:
         bf:8e:71:05:e8:a9:f9:52:27:07:ab:de:d8:1f:dd:70:4d:2c:
         0b:7a:1b:0e:59:83:fe:60:32:50:6d:ee:6a:d5:42:37:99:15:
         01:81:47:5d:da:08:be:39:ab:01:dc:26:db:2f:ee:3b:ba:a4:
         85:c7:db:58:e4:93:80:67:14:ca:6b:f0:94:fd:68:dc:e8:d5:
         3d:1b:6f:f0:0a:7f:37:57:de:ea:19:b9:aa:1d:b3:ff:66:24:
         e8:d8:50:2d:fa:09:d8:bd:e6:65:82:67:b0:9d:89:3b:65:85:
         eb:4d:16:b9:21:eb:a8:71:15:be:f3:68:bc:17:c7:8c:d3:cd:
         8f:a6:88:76:4e:7e:36:00:ce:42:85:89:14:6a:ed:bb:8f:42:
         4e:f4:92:c6:f7:92:03:ea:31:a3:81:93:22:b2:ff:9e:45:a6:
         6d:f6:cd:ed:4b:dd:5f:29:66:b6:89:a5:3f:9c:3a:60:b8:64:
         71:71:56:a4:b6:dc:2e:a7:fa:38:46:01:cb:2e:42:5d:cc:b2:
         95:7a:3f:90
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzDttTUOKwAMhg6W9c+iqsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMTFjYjAxNWRmOWJhYWI2MTIyOGRiYmNlMTdkZDRlMDBl
NjNjMTMwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjNlNzBmMTBhZTZkMWQzOWYwY2MzY2JkYjc3NWI2ZTNjMjQ4MzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiBC9ruQ/MzThJ4dWZO1gNq4pkv6
jPA+Fb78wjdHkcOxpQmNCC3btI8544kD9w5VbBIK1G5LHrZO/NJ6KmOSDjstME79
1Ev5WnUCVQ35tRffgXHeIzAOzUkyFuSy3BTd7m3w+mPcKdOVDAG/tB78TdLUnwBT
OFCf63RU63a/QK3bDr4I7zLBULqE4DEXB/3oDJndxGVl085KHWkj8NQ3jqRxWX7l
54aibwWkXBRBIu5Tgia4Ht1RcrK2Cbsm0JKJJ/NIpXUj0CE1pOdbDtff9wCfkieA
mcdnHORB93wg3kInTKYknsn49G07XNCZGYAx+gKYEhEgaorsNXnaymnkeQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDI+cPEK5tHTnwzDy9t3W248JIN7MB8GA1UdIwQY
MBaAFI0RywFd+bqrYSKNu84X3U4A5jwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEt
YmE3NzFmZmQyNjljLzEvTWo1dzhRcm0wZE9mRE1QTDIzZGJiandrZzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEtYmE3NzFmZmQyNjlj
LzEvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAni68MAwD
BACeLr8DBAKeLsADBACyqxYwDQYJKoZIhvcNAQELBQADggEBALoujL7P3h94RtfH
+T4S3dKBI+OWI1EbCKZHr4WLxXf65k9vfoKbz7N8629//DH8ATOwbT2W17+OcQXo
qflSJwer3tgf3XBNLAt6Gw5Zg/5gMlBt7mrVQjeZFQGBR13aCL45qwHcJtsv7ju6
pIXH21jkk4BnFMpr8JT9aNzo1T0bb/AKfzdX3uoZuaods/9mJOjYUC36Cdi95mWC
Z7CdiTtlhetNFrkh66hxFb7zaLwXx4zTzY+miHZOfjYAzkKFiRRq7buPQk70ksb3
kgPqMaOBkyKy/55Fpm32ze1L3V8pZraJpT+cOmC4ZHFxVqS23C6n+jhGAcsuQl3M
spV6P5A=
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:08:08 2024 by rpki-client on console-fra.rpki-client.org