Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/3H8QrvtI4HxEa3TYtV2oFlO3jGw.roa
File:                     3H8QrvtI4HxEa3TYtV2oFlO3jGw.roa (raw, json)
Hash identifier:          k5KrFk0WwK7EdhcxjuOQJaOjuFODFRcU3ggA4ZLuSWQ=
Subject key identifier:   DC:7F:10:AE:FB:48:E0:7C:44:6B:74:D8:B5:5D:A8:16:53:B7:8C:6C
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       018CC801359342EA9F3DBA157B01D39E748A
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/3H8QrvtI4HxEa3TYtV2oFlO3jGw.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13132
IP address blocks:        153.96.252.0/24 maxlen: 24
                          153.96.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:35:93:42:ea:9f:3d:ba:15:7b:01:d3:9e:74:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc7f10aefb48e07c446b74d8b55da81653b78c6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:56:ed:f1:e5:19:be:d2:56:53:d3:b7:6d:ae:
                    53:19:e3:ce:d5:44:24:78:5a:b8:fa:c9:ed:ba:90:
                    e1:48:86:37:45:b2:f9:95:79:83:e7:00:b4:59:8f:
                    35:4e:ec:93:a4:d9:92:9f:c0:4f:b2:c9:aa:65:f5:
                    69:3b:41:b6:40:cf:8f:3e:82:28:53:10:c0:04:6b:
                    a9:84:07:f6:d1:f2:ed:09:b9:d1:e1:a2:a4:a5:23:
                    ee:24:ff:1e:0c:d2:03:72:e4:44:0a:0b:ac:37:b4:
                    b7:32:be:d7:ac:06:20:3b:b5:fb:a0:33:5a:44:bb:
                    94:60:94:e6:b6:63:cb:9f:05:73:04:42:ac:33:6f:
                    d6:cc:d6:a2:b3:2a:40:74:44:55:00:cd:7e:6b:1e:
                    a4:1c:b9:fc:2b:7d:59:50:70:77:1a:20:5e:6b:a7:
                    44:7d:62:bd:9c:b1:91:6f:36:86:c1:4e:77:47:41:
                    62:4f:f0:17:80:69:bb:6c:85:7c:44:bd:ce:9d:17:
                    9b:23:8a:f8:69:ed:d6:90:1b:02:3b:34:fe:4a:3c:
                    b0:ec:ae:b3:cf:74:34:f7:a0:1e:e9:bd:1c:c3:b2:
                    b4:0a:e9:0a:c5:87:02:38:ab:c6:c4:fb:7f:da:ce:
                    c5:a4:c2:1c:54:45:a0:ba:b0:5d:8c:ab:3e:76:e4:
                    9e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7F:10:AE:FB:48:E0:7C:44:6B:74:D8:B5:5D:A8:16:53:B7:8C:6C
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/3H8QrvtI4HxEa3TYtV2oFlO3jGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.251.0-153.96.252.255

    Signature Algorithm: sha256WithRSAEncryption
         39:c6:1c:5d:4f:29:1b:55:e3:c4:e9:e8:4a:47:52:06:e8:89:
         77:23:3d:03:43:3d:25:32:01:d7:1e:c8:30:df:d6:69:f1:b5:
         8d:ec:f4:5d:ad:b8:09:1a:da:f7:39:2a:8e:6a:ed:a5:b1:a1:
         94:e2:16:60:80:33:51:6c:dd:0a:84:c6:8b:c9:7b:90:d1:2a:
         80:53:8a:32:d2:16:0e:00:82:37:5c:03:64:31:f3:7b:33:ad:
         0d:d3:a4:5d:ef:19:0c:5f:d1:75:44:04:90:77:01:a6:94:ae:
         1b:fb:76:3b:ba:ff:15:77:00:4e:0a:78:aa:2e:5e:82:ee:64:
         ed:f6:bf:bb:25:c7:8c:6d:8a:c8:9a:df:b3:7c:49:e1:09:11:
         ac:79:d2:d8:04:fb:40:c7:bd:25:bc:47:35:59:0a:3b:1b:1d:
         92:d5:bd:0d:4a:40:57:20:de:10:16:b7:69:ef:aa:0a:aa:64:
         dd:b7:df:49:cd:54:93:9c:b9:09:9a:43:fa:03:c8:89:52:d9:
         0d:4c:d9:2d:f7:56:a8:4d:38:c1:b7:70:45:0e:1b:00:ac:ea:
         37:0c:36:13:4f:87:e0:b1:1f:7d:67:ed:5b:3d:af:d4:21:da:
         f5:a5:63:f5:07:4f:33:92:52:2f:36:69:1b:29:10:18:d0:53:
         66:ee:b6:a3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIATWTQuqfPboVewHTnnSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzdmMTBhZWZiNDhlMDdjNDQ2Yjc0ZDhiNTVkYTgxNjUzYjc4YzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1bt8eUZvtJWU9O3ba5TGePO1UQk
eFq4+sntupDhSIY3RbL5lXmD5wC0WY81TuyTpNmSn8BPssmqZfVpO0G2QM+PPoIo
UxDABGuphAf20fLtCbnR4aKkpSPuJP8eDNIDcuRECgusN7S3Mr7XrAYgO7X7oDNa
RLuUYJTmtmPLnwVzBEKsM2/WzNaisypAdERVAM1+ax6kHLn8K31ZUHB3GiBea6dE
fWK9nLGRbzaGwU53R0FiT/AXgGm7bIV8RL3OnRebI4r4ae3WkBsCOzT+Sjyw7K6z
z3Q096Ae6b0cw7K0CukKxYcCOKvGxPt/2s7FpMIcVEWgurBdjKs+duSehwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNx/EK77SOB8RGt02LVdqBZTt4xsMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvM0g4UXJ2dEk0SHhFYTNUWXRWMm9GbE8zakd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACZYPsD
BACZYPwwDQYJKoZIhvcNAQELBQADggEBADnGHF1PKRtV48Tp6EpHUgboiXcjPQND
PSUyAdceyDDf1mnxtY3s9F2tuAka2vc5Ko5q7aWxoZTiFmCAM1Fs3QqExovJe5DR
KoBTijLSFg4AgjdcA2Qx83szrQ3TpF3vGQxf0XVEBJB3AaaUrhv7dju6/xV3AE4K
eKouXoLuZO32v7slx4xtisia37N8SeEJEax50tgE+0DHvSW8RzVZCjsbHZLVvQ1K
QFcg3hAWt2nvqgqqZN2330nNVJOcuQmaQ/oDyIlS2Q1M2S33VqhNOMG3cEUOGwCs
6jcMNhNPh+CxH31n7Vs9r9Qh2vWlY/UHTzOSUi82aRspEBjQU2butqM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:12:33 2024 by rpki-client on console-fra.rpki-client.org