Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/e61985-b0b2-4e78-afbf-b5e4a6dce194/1/pAuPjj9q-k0PexnlF5olfjeENRM.roa
File:                     pAuPjj9q-k0PexnlF5olfjeENRM.roa (raw, json)
Hash identifier:          xVhnEHZLWAgaORYhg2oYkJluGkwPhPXFaYiliNUJi9g=
Subject key identifier:   A4:0B:8F:8E:3F:6A:FA:4D:0F:7B:19:E5:17:9A:25:7E:37:84:35:13
Certificate issuer:       /CN=38fee6c1f8cb22503925c1e9292bfd181ca95984
Certificate serial:       018DE4968D23ADD2D51E7B6E8A2953203F24
Authority key identifier: 38:FE:E6:C1:F8:CB:22:50:39:25:C1:E9:29:2B:FD:18:1C:A9:59:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OP7mwfjLIlA5JcHpKSv9GBypWYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/e61985-b0b2-4e78-afbf-b5e4a6dce194/1/pAuPjj9q-k0PexnlF5olfjeENRM.roa
Signing time:             Mon 26 Feb 2024 08:44:48 +0000
ROA not before:           Mon 26 Feb 2024 08:44:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52106
IP address blocks:        91.238.56.0/22 maxlen: 22
                          194.247.62.0/24 maxlen: 24
                          195.3.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/e61985-b0b2-4e78-afbf-b5e4a6dce194/1/OP7mwfjLIlA5JcHpKSv9GBypWYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/e61985-b0b2-4e78-afbf-b5e4a6dce194/1/OP7mwfjLIlA5JcHpKSv9GBypWYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OP7mwfjLIlA5JcHpKSv9GBypWYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e4:96:8d:23:ad:d2:d5:1e:7b:6e:8a:29:53:20:3f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38fee6c1f8cb22503925c1e9292bfd181ca95984
        Validity
            Not Before: Feb 26 08:44:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a40b8f8e3f6afa4d0f7b19e5179a257e37843513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b2:d5:86:23:d5:9f:1e:0c:06:a1:e1:03:3d:
                    3b:08:d7:fe:0e:38:e6:ba:88:51:85:63:a6:5f:80:
                    c7:53:47:9e:c1:c9:b1:6d:b3:0b:91:6c:5e:94:5d:
                    17:6f:c2:50:b9:8d:ec:ca:9a:04:9c:64:b5:7a:a8:
                    6c:3b:ba:87:d3:7d:17:08:29:ea:61:44:4c:92:4d:
                    bf:3f:a0:b7:3d:70:0b:2d:db:99:dd:63:99:ac:32:
                    c0:4a:4e:eb:ac:b2:00:69:2e:9b:a3:96:82:ae:b2:
                    f5:ad:a5:6b:1f:15:21:bf:fb:8c:a5:dc:26:67:46:
                    24:43:a4:cf:65:35:06:18:84:96:b1:33:17:e1:0d:
                    6f:af:2a:4a:69:e3:09:70:3c:89:80:15:6b:b4:7e:
                    dc:0a:be:ae:0b:61:38:d9:ff:ef:31:bb:8f:26:8a:
                    0e:27:6a:53:aa:d7:b9:b6:e5:4c:0d:6d:ca:fd:54:
                    e9:b4:59:40:0f:b9:28:12:54:60:3b:5c:33:7f:e3:
                    ae:62:da:be:48:53:fe:1d:d5:eb:32:69:4e:21:69:
                    d6:51:d3:8f:d5:47:f9:43:e9:b9:fd:a6:5b:9b:8b:
                    00:8f:5f:ba:06:31:54:2b:47:61:d8:7c:dc:c7:c1:
                    27:68:23:31:8e:d8:3b:7f:c3:15:65:b1:29:24:f6:
                    6d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:0B:8F:8E:3F:6A:FA:4D:0F:7B:19:E5:17:9A:25:7E:37:84:35:13
            X509v3 Authority Key Identifier:
                keyid:38:FE:E6:C1:F8:CB:22:50:39:25:C1:E9:29:2B:FD:18:1C:A9:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OP7mwfjLIlA5JcHpKSv9GBypWYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/e61985-b0b2-4e78-afbf-b5e4a6dce194/1/pAuPjj9q-k0PexnlF5olfjeENRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/e61985-b0b2-4e78-afbf-b5e4a6dce194/1/OP7mwfjLIlA5JcHpKSv9GBypWYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.56.0/22
                  194.247.62.0/24
                  195.3.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:b6:22:c8:b7:11:cd:6f:20:41:5f:e2:e3:23:08:e4:e8:a4:
         9f:79:a3:db:98:f6:8c:e1:31:20:58:a9:b0:6e:23:2e:85:ac:
         a8:ba:0f:1f:e1:07:10:d0:68:8b:c9:25:a3:94:10:d6:b2:29:
         2c:7e:5d:62:0d:33:25:b4:d1:75:d4:ee:92:cb:8d:06:9a:32:
         bb:eb:78:71:ce:4c:74:c1:6c:bf:8e:67:df:bd:ff:06:63:ef:
         4f:3c:58:30:ef:4c:6c:72:96:77:2d:1c:b3:a6:b6:8d:3e:ee:
         69:96:8d:5c:57:91:3d:e5:7e:95:c1:4b:ab:39:6e:9f:99:16:
         d8:7d:bc:2a:57:cf:91:41:de:0b:66:f5:41:be:10:9f:f4:82:
         0b:c1:4d:2b:13:59:b9:b4:f6:e1:c1:67:0b:50:fa:eb:94:c8:
         af:bb:7c:2a:9e:71:b8:b3:1e:6a:c4:ff:f3:16:2e:46:bc:be:
         68:eb:4d:7c:54:5b:bd:27:65:bb:42:a3:cf:33:73:1e:12:d9:
         e9:16:2f:14:21:5f:71:b6:73:6f:22:1b:72:48:d1:53:3d:2c:
         4c:24:c0:86:97:85:4c:3f:ca:45:7f:b3:83:c3:b2:57:72:72:
         2a:61:73:28:db:cb:e6:70:ef:97:b6:7b:51:4a:4c:de:e4:d8:
         b4:4d:28:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY3klo0jrdLVHntuiilTID8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZmVlNmMxZjhjYjIyNTAzOTI1YzFlOTI5MmJmZDE4MWNh
OTU5ODQwHhcNMjQwMjI2MDg0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDBiOGY4ZTNmNmFmYTRkMGY3YjE5ZTUxNzlhMjU3ZTM3ODQzNTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7LVhiPVnx4MBqHhAz07CNf+Djjm
uohRhWOmX4DHU0eewcmxbbMLkWxelF0Xb8JQuY3sypoEnGS1eqhsO7qH030XCCnq
YURMkk2/P6C3PXALLduZ3WOZrDLASk7rrLIAaS6bo5aCrrL1raVrHxUhv/uMpdwm
Z0YkQ6TPZTUGGISWsTMX4Q1vrypKaeMJcDyJgBVrtH7cCr6uC2E42f/vMbuPJooO
J2pTqte5tuVMDW3K/VTptFlAD7koElRgO1wzf+OuYtq+SFP+HdXrMmlOIWnWUdOP
1Uf5Q+m5/aZbm4sAj1+6BjFUK0dh2Hzcx8EnaCMxjtg7f8MVZbEpJPZtmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKQLj44/avpND3sZ5ReaJX43hDUTMB8GA1UdIwQY
MBaAFDj+5sH4yyJQOSXB6Skr/RgcqVmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1A3bXdmakxJbEE1SmNIcEtTdjlHQnlwV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9lNjE5ODUtYjBiMi00ZTc4LWFmYmYt
YjVlNGE2ZGNlMTk0LzEvcEF1UGpqOXEtazBQZXhubEY1b2xmamVFTlJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9lNjE5ODUtYjBiMi00ZTc4LWFmYmYtYjVlNGE2ZGNlMTk0
LzEvT1A3bXdmakxJbEE1SmNIcEtTdjlHQnlwV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW+44AwQA
wvc+AwQCwwOYMA0GCSqGSIb3DQEBCwUAA4IBAQBctiLItxHNbyBBX+LjIwjk6KSf
eaPbmPaM4TEgWKmwbiMuhayoug8f4QcQ0GiLySWjlBDWsiksfl1iDTMltNF11O6S
y40GmjK763hxzkx0wWy/jmffvf8GY+9PPFgw70xscpZ3LRyzpraNPu5plo1cV5E9
5X6VwUurOW6fmRbYfbwqV8+RQd4LZvVBvhCf9IILwU0rE1m5tPbhwWcLUPrrlMiv
u3wqnnG4sx5qxP/zFi5GvL5o6018VFu9J2W7QqPPM3MeEtnpFi8UIV9xtnNvIhty
SNFTPSxMJMCGl4VMP8pFf7ODw7JXcnIqYXMo28vmcO+XtntRSkze5Ni0TSjn
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:42:36 2024 by rpki-client on console-ams.rpki-client.org