Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/3Hw8GzlixEbm36AiZslvs3-V0FY.roa
File:                     3Hw8GzlixEbm36AiZslvs3-V0FY.roa (raw, json)
Hash identifier:          adv13P7a7unuG4/Kw18uDjds8kwTZVlo1SAfLq0jdKE=
Subject key identifier:   DC:7C:3C:1B:39:62:C4:46:E6:DF:A0:22:66:C9:6F:B3:7F:95:D0:56
Certificate issuer:       /CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
Certificate serial:       018D7D1EEE34DBE34B5DB674A693ABC2D7C9
Authority key identifier: E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/3Hw8GzlixEbm36AiZslvs3-V0FY.roa
Signing time:             Tue 06 Feb 2024 06:33:15 +0000
ROA not before:           Tue 06 Feb 2024 06:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35392
IP address blocks:        94.188.142.0/24 maxlen: 24
                          94.188.198.0/24 maxlen: 24
                          94.188.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:1e:ee:34:db:e3:4b:5d:b6:74:a6:93:ab:c2:d7:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
        Validity
            Not Before: Feb  6 06:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc7c3c1b3962c446e6dfa02266c96fb37f95d056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7c:c7:dd:a8:96:6e:58:63:17:67:c9:04:b9:
                    01:ea:81:99:20:35:78:df:8b:23:7a:fa:e6:ac:3b:
                    b9:1b:f9:4b:08:94:6f:73:79:69:7c:20:46:35:af:
                    c5:9d:d6:55:2d:88:91:bd:62:8c:d7:6c:1c:a0:82:
                    0f:a9:ba:8f:9a:a0:74:57:36:ec:f9:63:f4:a8:be:
                    8d:1d:52:29:33:c0:b0:0f:bb:46:22:36:e6:e7:f9:
                    a8:36:3a:02:c2:24:e8:37:9d:9c:3f:48:e9:a5:92:
                    5f:c3:13:c7:8e:10:a1:30:dd:41:23:d6:a2:bf:88:
                    ca:80:3c:4a:ff:65:49:8f:1a:a6:f5:97:3c:a9:f9:
                    69:db:f6:62:7c:3f:93:73:b0:57:bc:31:dd:d7:06:
                    48:55:96:51:62:01:e6:01:bf:66:a2:e0:9e:ae:c9:
                    06:0b:16:c5:a3:90:37:86:ed:bf:06:6a:9b:96:12:
                    cc:8a:fc:c2:0d:ea:35:b6:f8:63:54:95:9b:6e:36:
                    f1:92:de:08:67:9a:ea:41:fb:1d:9d:9f:72:c0:9b:
                    d6:72:74:e2:89:19:b9:ab:04:7c:4a:55:a2:f7:01:
                    8f:da:5e:bf:36:3a:02:74:27:36:ab:db:b7:20:8e:
                    71:37:06:57:79:de:7b:78:d4:df:1c:85:c4:18:63:
                    56:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7C:3C:1B:39:62:C4:46:E6:DF:A0:22:66:C9:6F:B3:7F:95:D0:56
            X509v3 Authority Key Identifier:
                keyid:E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/3Hw8GzlixEbm36AiZslvs3-V0FY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.188.142.0/24
                  94.188.198.0/24
                  94.188.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:98:ac:d3:13:0b:5f:51:13:d7:62:e5:3e:aa:f0:64:66:40:
         79:19:e4:5e:bb:71:c5:c1:40:98:00:7a:13:f9:0a:71:2d:3c:
         17:3b:e9:c8:21:42:bf:07:d9:3e:ec:b0:63:1a:88:20:4c:b0:
         9a:04:b7:94:af:3c:27:ee:9c:3f:16:76:cd:f2:75:9b:a6:ba:
         54:99:c7:a1:72:34:de:af:02:8b:a5:7a:ed:52:e7:2e:1e:20:
         81:38:54:3c:9b:4c:53:c2:14:63:06:11:3d:2b:29:38:aa:b6:
         43:c4:0d:82:e3:03:83:d9:07:bd:ea:d1:61:75:26:4f:6b:1a:
         1d:34:29:39:52:bf:85:f5:f5:0b:47:84:27:aa:85:2e:fd:4f:
         84:80:6b:b5:48:aa:3d:5a:be:f6:7c:9f:14:a0:ad:0e:0f:7d:
         55:0a:67:4d:e6:2a:d7:4e:83:a7:89:1b:65:6b:0a:c6:70:91:
         66:2d:bd:09:bb:35:02:a2:41:43:a7:81:19:74:83:87:10:23:
         67:a8:6a:3d:66:32:cc:0c:cd:10:88:6e:a5:5c:22:49:da:b4:
         c2:ed:22:e0:d8:d1:79:11:97:0b:84:ed:05:fc:5a:90:ca:f9:
         f2:3c:17:3c:60:79:64:c8:b1:b6:64:36:46:a5:1d:d3:a7:8a:
         2c:82:cd:01
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY19Hu402+NLXbZ0ppOrwtfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDViYjQwMTE4MGU1NWY1YzE2NWQ0NzkwOGRmZjRmZTI5
YTBkODYwHhcNMjQwMjA2MDYzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzdjM2MxYjM5NjJjNDQ2ZTZkZmEwMjI2NmM5NmZiMzdmOTVkMDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXzH3aiWblhjF2fJBLkB6oGZIDV4
34sjevrmrDu5G/lLCJRvc3lpfCBGNa/FndZVLYiRvWKM12wcoIIPqbqPmqB0Vzbs
+WP0qL6NHVIpM8CwD7tGIjbm5/moNjoCwiToN52cP0jppZJfwxPHjhChMN1BI9ai
v4jKgDxK/2VJjxqm9Zc8qflp2/ZifD+Tc7BXvDHd1wZIVZZRYgHmAb9mouCerskG
CxbFo5A3hu2/BmqblhLMivzCDeo1tvhjVJWbbjbxkt4IZ5rqQfsdnZ9ywJvWcnTi
iRm5qwR8SlWi9wGP2l6/NjoCdCc2q9u3II5xNwZXed57eNTfHIXEGGNWiwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNx8PBs5YsRG5t+gImbJb7N/ldBWMB8GA1UdIwQY
MBaAFOLVu0ARgOVfXBZdR5CN/0/img2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEt
NDIxZTZiYzdlMmU4LzEvM0h3OEd6bGl4RWJtMzZBaVpzbHZzMy1WMEZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEtNDIxZTZiYzdlMmU4
LzEvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXryOAwQA
XrzGAwQAXrzcMA0GCSqGSIb3DQEBCwUAA4IBAQCCmKzTEwtfURPXYuU+qvBkZkB5
GeReu3HFwUCYAHoT+QpxLTwXO+nIIUK/B9k+7LBjGoggTLCaBLeUrzwn7pw/FnbN
8nWbprpUmcehcjTerwKLpXrtUucuHiCBOFQ8m0xTwhRjBhE9Kyk4qrZDxA2C4wOD
2Qe96tFhdSZPaxodNCk5Ur+F9fULR4QnqoUu/U+EgGu1SKo9Wr72fJ8UoK0OD31V
CmdN5irXToOniRtlawrGcJFmLb0JuzUCokFDp4EZdIOHECNnqGo9ZjLMDM0QiG6l
XCJJ2rTC7SLg2NF5EZcLhO0F/FqQyvnyPBc8YHlkyLG2ZDZGpR3Tp4osgs0B
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:58:19 2024 by rpki-client on console-ams.rpki-client.org