Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/ilIazBLCWMrLR4XVHrPv7DdkpsY.roa
File:                     ilIazBLCWMrLR4XVHrPv7DdkpsY.roa (raw, json)
Hash identifier:          ZHG/RSGxIc1A9mWmfB3rC+TW0IMv3EtwwzKfH1kAlR4=
Subject key identifier:   8A:52:1A:CC:12:C2:58:CA:CB:47:85:D5:1E:B3:EF:EC:37:64:A6:C6
Certificate issuer:       /CN=093ad08ad73c2ac438ac69816381e7aa3e86579a
Certificate serial:       018D0CB3EADD7ED2EB3D42507C49035E9E67
Authority key identifier: 09:3A:D0:8A:D7:3C:2A:C4:38:AC:69:81:63:81:E7:AA:3E:86:57:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/ilIazBLCWMrLR4XVHrPv7DdkpsY.roa
Signing time:             Mon 15 Jan 2024 10:38:54 +0000
ROA not before:           Mon 15 Jan 2024 10:38:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34412
IP address blocks:        193.37.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:b3:ea:dd:7e:d2:eb:3d:42:50:7c:49:03:5e:9e:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093ad08ad73c2ac438ac69816381e7aa3e86579a
        Validity
            Not Before: Jan 15 10:38:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a521acc12c258cacb4785d51eb3efec3764a6c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:be:7d:10:32:c1:03:9f:8f:cf:90:42:bd:28:
                    9d:53:87:a3:00:fb:71:d8:1d:d2:32:83:39:5f:2a:
                    72:11:8f:1f:2f:b4:db:05:59:fe:e7:52:e4:77:b6:
                    c0:49:59:17:6e:1d:2c:a2:14:ec:ce:53:73:62:e1:
                    dc:b1:8c:49:f1:18:e7:9c:96:8e:e9:01:ac:ed:eb:
                    95:45:3d:63:f6:d8:cf:7d:52:ef:b2:c6:ed:c5:65:
                    50:54:20:3f:ed:19:c6:69:8e:81:2c:3a:39:a2:31:
                    e4:dc:f0:7d:f0:72:af:df:03:14:f9:91:03:46:06:
                    51:be:e3:bf:a9:ad:a3:ae:22:09:98:8b:97:21:41:
                    32:f6:4e:fb:ee:4a:09:74:fd:e2:64:b3:f7:7c:29:
                    93:d6:4f:05:7d:3f:a1:e7:10:bb:24:d2:c2:e9:8e:
                    98:2a:78:bf:aa:03:99:89:9f:3a:3a:a1:b8:3d:2e:
                    8f:49:e8:36:e4:cb:27:15:48:d4:d6:2f:ed:fa:a5:
                    f0:82:a5:eb:11:d0:6c:f7:87:ab:3b:9d:d3:76:26:
                    ea:ea:c0:af:24:17:34:42:f8:74:cb:e8:52:4e:ec:
                    4b:b7:b1:97:b9:0d:6e:d6:16:29:bc:a4:7e:a4:a9:
                    f2:73:9e:b3:7b:04:82:30:77:49:5c:c1:5b:f0:f0:
                    dd:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:52:1A:CC:12:C2:58:CA:CB:47:85:D5:1E:B3:EF:EC:37:64:A6:C6
            X509v3 Authority Key Identifier:
                keyid:09:3A:D0:8A:D7:3C:2A:C4:38:AC:69:81:63:81:E7:AA:3E:86:57:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/ilIazBLCWMrLR4XVHrPv7DdkpsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/095985-d0dc-4d41-98eb-41aa475d15b8/1/CTrQitc8KsQ4rGmBY4Hnqj6GV5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:be:1c:d9:7f:38:62:85:ad:74:f6:4d:6f:57:e7:85:2b:51:
         e7:21:ad:9f:72:21:26:c0:4c:8d:70:2f:ee:47:e3:2a:88:63:
         20:04:42:c9:73:05:b4:d6:a0:78:9e:7b:45:e1:bd:ce:64:71:
         4e:69:0a:e7:7a:7e:4a:68:11:b9:dd:0f:05:0c:50:23:e0:f9:
         47:79:73:b4:56:3b:91:2e:86:b2:d2:4c:8a:91:06:c1:c7:92:
         9c:ce:e7:75:d7:df:81:0d:7b:52:1e:7e:30:2e:99:21:5f:92:
         c1:4b:7a:08:83:fe:91:e3:75:8e:d5:19:c1:d7:ba:52:08:e4:
         6f:8d:e7:8a:67:8e:16:cb:df:cf:46:61:94:33:f4:b0:bc:5a:
         6e:e7:71:c2:da:96:ec:04:ce:4f:04:47:76:37:8b:52:31:79:
         13:94:1e:69:04:8b:e2:6a:a6:2b:35:5e:7d:e2:32:b4:69:b2:
         93:30:ff:c1:47:a9:e0:02:25:06:c7:c1:8a:5b:fd:8b:36:23:
         18:ef:c2:9e:59:ab:4d:09:37:1a:41:fd:a9:f6:ee:93:79:eb:
         09:50:19:7c:f4:ac:50:f4:3d:c6:b2:a1:36:9f:f0:40:66:2c:
         98:3e:aa:50:96:d5:dc:3a:21:b4:dd:11:ff:24:63:53:e2:81:
         fc:d2:f5:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0Ms+rdftLrPUJQfEkDXp5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5M2FkMDhhZDczYzJhYzQzOGFjNjk4MTYzODFlN2FhM2U4
NjU3OWEwHhcNMjQwMTE1MTAzODU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTUyMWFjYzEyYzI1OGNhY2I0Nzg1ZDUxZWIzZWZlYzM3NjRhNmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz759EDLBA5+Pz5BCvSidU4ejAPtx
2B3SMoM5XypyEY8fL7TbBVn+51Lkd7bASVkXbh0sohTszlNzYuHcsYxJ8RjnnJaO
6QGs7euVRT1j9tjPfVLvssbtxWVQVCA/7RnGaY6BLDo5ojHk3PB98HKv3wMU+ZED
RgZRvuO/qa2jriIJmIuXIUEy9k777koJdP3iZLP3fCmT1k8FfT+h5xC7JNLC6Y6Y
Kni/qgOZiZ86OqG4PS6PSeg25MsnFUjU1i/t+qXwgqXrEdBs94erO53Tdibq6sCv
JBc0Qvh0y+hSTuxLt7GXuQ1u1hYpvKR+pKnyc56zewSCMHdJXMFb8PDdJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpSGswSwljKy0eF1R6z7+w3ZKbGMB8GA1UdIwQY
MBaAFAk60IrXPCrEOKxpgWOB56o+hleaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1RyUWl0YzhLc1E0ckdtQlk0SG5xajZHVjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wOTU5ODUtZDBkYy00ZDQxLTk4ZWIt
NDFhYTQ3NWQxNWI4LzEvaWxJYXpCTENXTXJMUjRYVkhyUHY3RGRrcHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wOTU5ODUtZDBkYy00ZDQxLTk4ZWItNDFhYTQ3NWQxNWI4
LzEvQ1RyUWl0YzhLc1E0ckdtQlk0SG5xajZHVjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSUmMA0G
CSqGSIb3DQEBCwUAA4IBAQB2vhzZfzhiha109k1vV+eFK1HnIa2fciEmwEyNcC/u
R+MqiGMgBELJcwW01qB4nntF4b3OZHFOaQrnen5KaBG53Q8FDFAj4PlHeXO0VjuR
Loay0kyKkQbBx5Kczud119+BDXtSHn4wLpkhX5LBS3oIg/6R43WO1RnB17pSCORv
jeeKZ44Wy9/PRmGUM/SwvFpu53HC2pbsBM5PBEd2N4tSMXkTlB5pBIviaqYrNV59
4jK0abKTMP/BR6ngAiUGx8GKW/2LNiMY78KeWatNCTcaQf2p9u6TeesJUBl89KxQ
9D3GsqE2n/BAZiyYPqpQltXcOiG03RH/JGNT4oH80vXm
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:11:58 2024 by rpki-client on console-fra.rpki-client.org