Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/3wDQdXWW-RPqBxe9JJ_tbcZYRwY.roa
File:                     3wDQdXWW-RPqBxe9JJ_tbcZYRwY.roa (raw, json)
Hash identifier:          6FpfyEua8oeKWr61vWSYnWWtcw88eHGxKmS6WFmk3Uw=
Subject key identifier:   DF:00:D0:75:75:96:F9:13:EA:07:17:BD:24:9F:ED:6D:C6:58:47:06
Certificate issuer:       /CN=385cf4939beeeaeaf4409c2840eb344cab0850e0
Certificate serial:       018CC26D3B63EB9D9ED58EDDB0A8D2965470
Authority key identifier: 38:5C:F4:93:9B:EE:EA:EA:F4:40:9C:28:40:EB:34:4C:AB:08:50:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OFz0k5vu6ur0QJwoQOs0TKsIUOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/3wDQdXWW-RPqBxe9JJ_tbcZYRwY.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31510
IP address blocks:        193.228.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/OFz0k5vu6ur0QJwoQOs0TKsIUOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/OFz0k5vu6ur0QJwoQOs0TKsIUOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OFz0k5vu6ur0QJwoQOs0TKsIUOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3b:63:eb:9d:9e:d5:8e:dd:b0:a8:d2:96:54:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385cf4939beeeaeaf4409c2840eb344cab0850e0
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df00d0757596f913ea0717bd249fed6dc6584706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e5:13:73:2c:cc:07:b2:e2:10:a7:ea:df:72:
                    8d:ba:2b:ea:60:b5:c4:0e:7a:f3:20:78:9c:d5:c4:
                    f6:1f:e5:14:5b:31:9b:50:bf:6a:f7:5b:58:a9:1b:
                    e5:76:22:10:e1:02:02:cb:6b:b5:47:92:32:1f:0b:
                    ae:3e:f4:4e:15:e6:04:34:d1:2e:e4:de:c5:33:57:
                    a0:ee:6f:93:5c:e0:95:4e:fa:2f:f7:e8:5e:da:3a:
                    bc:15:70:36:ef:05:61:34:84:68:6b:55:9d:96:30:
                    c8:55:af:57:9a:36:87:82:c2:58:75:d4:27:11:74:
                    0a:c8:cd:32:c7:30:0e:a7:fc:c8:3b:a5:57:58:f9:
                    0c:95:0f:05:ab:ad:46:42:17:79:5f:78:7f:e6:42:
                    fc:da:fe:34:47:fb:a0:25:35:2e:41:a2:33:2b:d3:
                    af:4d:3c:14:64:10:24:23:68:0e:c7:c9:41:cc:5c:
                    b7:7b:b9:51:96:09:28:38:f7:5d:cb:50:c7:c4:df:
                    e9:3d:67:64:2d:d3:02:52:a4:a0:b6:84:d5:63:8e:
                    0c:6a:b6:f5:8f:79:7d:6f:64:57:6d:59:92:1d:dd:
                    14:44:03:c2:88:56:af:5f:5c:3a:2e:47:ee:de:c7:
                    9d:30:65:d0:62:af:04:28:36:ea:b3:6c:ca:64:b9:
                    a4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:00:D0:75:75:96:F9:13:EA:07:17:BD:24:9F:ED:6D:C6:58:47:06
            X509v3 Authority Key Identifier:
                keyid:38:5C:F4:93:9B:EE:EA:EA:F4:40:9C:28:40:EB:34:4C:AB:08:50:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OFz0k5vu6ur0QJwoQOs0TKsIUOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/3wDQdXWW-RPqBxe9JJ_tbcZYRwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/35b6bd-14b6-43dc-8384-7b7615ff0e96/1/OFz0k5vu6ur0QJwoQOs0TKsIUOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:50:f5:06:da:54:b7:b0:0c:75:22:fc:94:b3:4e:9a:1f:0e:
         4e:7e:68:7b:17:eb:22:d7:a5:7a:eb:aa:fb:63:c1:46:20:1c:
         ca:c4:e9:f2:d1:22:a3:a0:01:43:d4:8c:ea:e1:b8:07:b4:ef:
         05:ea:da:98:3a:8f:e3:48:61:24:9e:6c:a9:63:51:7e:cf:30:
         44:aa:13:c9:55:ab:69:45:c3:ad:55:e2:9f:35:e8:04:60:fe:
         e2:82:41:16:88:06:2b:a2:90:21:8e:b1:6d:d7:7c:62:ea:4b:
         15:1f:c9:17:d1:7e:cd:cd:8a:d7:10:4f:f3:c2:cc:6a:69:b1:
         ec:64:61:71:49:3b:e0:62:19:f5:24:6e:8b:6c:99:df:82:8a:
         c5:62:63:8a:c7:56:d5:e7:ad:34:20:99:58:53:f9:6f:f3:80:
         84:72:62:39:e6:ac:2e:1b:83:53:e7:55:d7:c7:72:14:35:4c:
         57:04:a5:44:39:00:01:b6:c7:55:2e:e7:ac:6a:5e:00:ce:32:
         74:ef:67:1f:98:38:8e:d9:59:a5:81:39:5e:b9:7b:13:ef:c1:
         22:70:45:c6:fa:41:ca:69:9d:3d:40:49:45:03:6f:dc:77:09:
         c9:b9:19:ef:e7:91:ff:2a:74:a7:67:f2:7a:10:a7:dd:77:fb:
         ce:51:f6:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTtj652e1Y7dsKjSllRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NWNmNDkzOWJlZWVhZWFmNDQwOWMyODQwZWIzNDRjYWIw
ODUwZTAwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjAwZDA3NTc1OTZmOTEzZWEwNzE3YmQyNDlmZWQ2ZGM2NTg0NzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuUTcyzMB7LiEKfq33KNuivqYLXE
DnrzIHic1cT2H+UUWzGbUL9q91tYqRvldiIQ4QICy2u1R5IyHwuuPvROFeYENNEu
5N7FM1eg7m+TXOCVTvov9+he2jq8FXA27wVhNIRoa1WdljDIVa9XmjaHgsJYddQn
EXQKyM0yxzAOp/zIO6VXWPkMlQ8Fq61GQhd5X3h/5kL82v40R/ugJTUuQaIzK9Ov
TTwUZBAkI2gOx8lBzFy3e7lRlgkoOPddy1DHxN/pPWdkLdMCUqSgtoTVY44Marb1
j3l9b2RXbVmSHd0URAPCiFavX1w6Lkfu3sedMGXQYq8EKDbqs2zKZLmkWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8A0HV1lvkT6gcXvSSf7W3GWEcGMB8GA1UdIwQY
MBaAFDhc9JOb7urq9ECcKEDrNEyrCFDgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Z6MGs1dnU2dXIwUUp3b1FPczBUS3NJVU9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8zNWI2YmQtMTRiNi00M2RjLTgzODQt
N2I3NjE1ZmYwZTk2LzEvM3dEUWRYV1ctUlBxQnhlOUpKX3RiY1pZUndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8zNWI2YmQtMTRiNi00M2RjLTgzODQtN2I3NjE1ZmYwZTk2
LzEvT0Z6MGs1dnU2dXIwUUp3b1FPczBUS3NJVU9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweRdMA0G
CSqGSIb3DQEBCwUAA4IBAQB7UPUG2lS3sAx1IvyUs06aHw5Ofmh7F+si16V666r7
Y8FGIBzKxOny0SKjoAFD1Izq4bgHtO8F6tqYOo/jSGEknmypY1F+zzBEqhPJVatp
RcOtVeKfNegEYP7igkEWiAYropAhjrFt13xi6ksVH8kX0X7NzYrXEE/zwsxqabHs
ZGFxSTvgYhn1JG6LbJnfgorFYmOKx1bV5600IJlYU/lv84CEcmI55qwuG4NT51XX
x3IUNUxXBKVEOQABtsdVLuesal4AzjJ072cfmDiO2VmlgTleuXsT78EicEXG+kHK
aZ09QElFA2/cdwnJuRnv55H/KnSnZ/J6EKfdd/vOUfZA
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:59:07 2024 by rpki-client on console-fra.rpki-client.org