Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/b8e940-2201-406e-8aaf-4060e9eeeb9e/1/3CPpP1_XU7y2325EguJDTajCoL8.roa
File:                     3CPpP1_XU7y2325EguJDTajCoL8.roa (raw, json)
Hash identifier:          UAN36mhMg9KE+6NnklbmfkbKftroTSnagoR99wpA5Ow=
Subject key identifier:   DC:23:E9:3F:5F:D7:53:BC:B6:DF:6E:44:82:E2:43:4D:A8:C2:A0:BF
Certificate issuer:       /CN=68383ffa9f20bf021c090262994212d71667ed02
Certificate serial:       018CC7934B7F66F80F9535738CD274F0E323
Authority key identifier: 68:38:3F:FA:9F:20:BF:02:1C:09:02:62:99:42:12:D7:16:67:ED:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDg_-p8gvwIcCQJimUIS1xZn7QI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/b8e940-2201-406e-8aaf-4060e9eeeb9e/1/3CPpP1_XU7y2325EguJDTajCoL8.roa
Signing time:             Tue 02 Jan 2024 00:29:28 +0000
ROA not before:           Tue 02 Jan 2024 00:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25048
IP address blocks:        81.90.128.0/20 maxlen: 24
                          2a00:e20::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/b8e940-2201-406e-8aaf-4060e9eeeb9e/1/aDg_-p8gvwIcCQJimUIS1xZn7QI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/b8e940-2201-406e-8aaf-4060e9eeeb9e/1/aDg_-p8gvwIcCQJimUIS1xZn7QI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDg_-p8gvwIcCQJimUIS1xZn7QI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:4b:7f:66:f8:0f:95:35:73:8c:d2:74:f0:e3:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68383ffa9f20bf021c090262994212d71667ed02
        Validity
            Not Before: Jan  2 00:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc23e93f5fd753bcb6df6e4482e2434da8c2a0bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3f:7f:e2:9f:b2:e2:e4:92:9d:af:5d:bb:2f:
                    10:b6:05:56:5a:fd:22:3a:a1:ee:e7:24:19:d8:15:
                    44:c9:c8:6f:74:b4:06:5f:8d:e2:f6:f4:90:67:0d:
                    3e:bc:8b:0f:a9:48:ef:a3:50:79:cd:df:e7:73:14:
                    e8:9b:8e:a1:07:d3:18:b4:73:e8:31:8c:27:04:d6:
                    5c:26:b1:a9:ec:89:de:0e:29:dd:13:7a:78:8a:64:
                    49:95:c9:11:67:0a:a0:9b:8a:b0:b5:aa:2d:ec:5d:
                    f9:92:68:3f:c8:71:5d:d7:e3:2c:72:db:fe:41:7f:
                    0b:33:f4:88:a1:89:c0:c6:ac:f7:53:dd:2f:9e:f1:
                    78:50:26:dc:5c:6e:65:1e:e0:34:94:81:04:f8:0f:
                    38:b1:bc:c4:d7:f7:56:39:f0:7d:52:b2:95:64:f8:
                    b4:a0:25:5a:17:2b:37:8d:53:1b:69:99:61:bf:2f:
                    58:b1:0b:3a:24:1e:e1:f4:e4:4c:f0:f6:21:d3:c6:
                    c1:b2:fc:53:29:3b:83:fc:bb:e1:01:1b:53:76:32:
                    90:9e:81:f9:ec:31:53:6d:45:75:cb:e4:60:16:1c:
                    a9:04:8b:ce:c4:ed:47:ae:7f:85:eb:56:6b:40:3e:
                    59:c4:ea:85:da:28:44:54:8e:d2:77:50:3f:0c:ec:
                    d1:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:23:E9:3F:5F:D7:53:BC:B6:DF:6E:44:82:E2:43:4D:A8:C2:A0:BF
            X509v3 Authority Key Identifier:
                keyid:68:38:3F:FA:9F:20:BF:02:1C:09:02:62:99:42:12:D7:16:67:ED:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDg_-p8gvwIcCQJimUIS1xZn7QI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b8e940-2201-406e-8aaf-4060e9eeeb9e/1/3CPpP1_XU7y2325EguJDTajCoL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b8e940-2201-406e-8aaf-4060e9eeeb9e/1/aDg_-p8gvwIcCQJimUIS1xZn7QI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.90.128.0/20
                IPv6:
                  2a00:e20::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:de:31:cf:0a:03:18:f8:c5:6a:44:e3:dd:5c:73:39:72:f4:
         86:87:64:23:57:cc:b2:96:e8:ea:7a:be:11:4b:df:46:d5:ef:
         62:80:0b:41:42:a3:5e:b9:6b:7f:59:13:a0:c6:69:d9:dd:16:
         d2:fb:12:92:c8:14:49:06:ff:e7:c8:1b:75:bb:47:5c:7c:42:
         84:fa:3e:70:43:e8:79:e9:0f:6c:da:df:4b:ba:dd:40:c7:7b:
         f3:d9:43:61:d4:be:42:51:7e:15:47:db:41:d4:69:36:bd:5f:
         a2:22:b7:9c:41:8a:e7:ed:02:40:00:53:5b:e7:92:c9:fb:08:
         93:1e:5d:2f:04:5c:0e:f4:24:b7:6e:d3:a3:65:1d:9b:96:43:
         dc:a7:0d:e9:e2:d9:cf:d4:c0:a9:a6:16:f9:ce:51:4a:53:66:
         86:9f:d3:92:aa:d0:ee:3b:27:f7:12:1e:b9:58:36:25:b6:03:
         fc:1d:ed:46:e6:ad:2b:17:74:91:0f:32:ee:d7:4e:04:ad:42:
         f7:a9:35:31:66:23:1d:67:87:aa:36:80:4a:49:21:25:05:a3:
         07:00:5b:e8:63:8d:4a:be:d8:8c:ca:2e:68:4a:2a:c0:92:47:
         0d:57:ab:ff:fa:e4:a6:cb:59:c0:a0:77:71:21:a8:91:5b:34:
         d9:dc:cf:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk0t/ZvgPlTVzjNJ08OMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MzgzZmZhOWYyMGJmMDIxYzA5MDI2Mjk5NDIxMmQ3MTY2
N2VkMDIwHhcNMjQwMTAyMDAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzIzZTkzZjVmZDc1M2JjYjZkZjZlNDQ4MmUyNDM0ZGE4YzJhMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT9/4p+y4uSSna9duy8QtgVWWv0i
OqHu5yQZ2BVEychvdLQGX43i9vSQZw0+vIsPqUjvo1B5zd/ncxTom46hB9MYtHPo
MYwnBNZcJrGp7IneDindE3p4imRJlckRZwqgm4qwtaot7F35kmg/yHFd1+Msctv+
QX8LM/SIoYnAxqz3U90vnvF4UCbcXG5lHuA0lIEE+A84sbzE1/dWOfB9UrKVZPi0
oCVaFys3jVMbaZlhvy9YsQs6JB7h9ORM8PYh08bBsvxTKTuD/LvhARtTdjKQnoH5
7DFTbUV1y+RgFhypBIvOxO1Hrn+F61ZrQD5ZxOqF2ihEVI7Sd1A/DOzRzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNwj6T9f11O8tt9uRILiQ02owqC/MB8GA1UdIwQY
MBaAFGg4P/qfIL8CHAkCYplCEtcWZ+0CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURnXy1wOGd2d0ljQ1FKaW1VSVMxeFpuN1FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iOGU5NDAtMjIwMS00MDZlLThhYWYt
NDA2MGU5ZWVlYjllLzEvM0NQcFAxX1hVN3kyMzI1RWd1SkRUYWpDb0w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iOGU5NDAtMjIwMS00MDZlLThhYWYtNDA2MGU5ZWVlYjll
LzEvYURnXy1wOGd2d0ljQ1FKaW1VSVMxeFpuN1FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUVqAMA0E
AgACMAcDBQMqAA4gMA0GCSqGSIb3DQEBCwUAA4IBAQBj3jHPCgMY+MVqROPdXHM5
cvSGh2QjV8yylujqer4RS99G1e9igAtBQqNeuWt/WROgxmnZ3RbS+xKSyBRJBv/n
yBt1u0dcfEKE+j5wQ+h56Q9s2t9Lut1Ax3vz2UNh1L5CUX4VR9tB1Gk2vV+iIrec
QYrn7QJAAFNb55LJ+wiTHl0vBFwO9CS3btOjZR2blkPcpw3p4tnP1MCpphb5zlFK
U2aGn9OSqtDuOyf3Eh65WDYltgP8He1G5q0rF3SRDzLu104ErUL3qTUxZiMdZ4eq
NoBKSSElBaMHAFvoY41KvtiMyi5oSirAkkcNV6v/+uSmy1nAoHdxIaiRWzTZ3M94
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:39:26 2024 by rpki-client on console-ams.rpki-client.org