Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/R3vROmQAOgLbxQ7Imd7i1Ur2G9M.roa
File:                     R3vROmQAOgLbxQ7Imd7i1Ur2G9M.roa (raw, json)
Hash identifier:          aRDyI1ny3mJEQVg0rObRaJvmoKIvZ0/lhRBL6bfvEZQ=
Subject key identifier:   47:7B:D1:3A:64:00:3A:02:DB:C5:0E:C8:99:DE:E2:D5:4A:F6:1B:D3
Certificate issuer:       /CN=380099a81b346f9abcaf26056f5b77094d1cf113
Certificate serial:       018CCA96EA7B8FC6495107D672BE94E879DD
Authority key identifier: 38:00:99:A8:1B:34:6F:9A:BC:AF:26:05:6F:5B:77:09:4D:1C:F1:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/R3vROmQAOgLbxQ7Imd7i1Ur2G9M.roa
Signing time:             Tue 02 Jan 2024 14:32:17 +0000
ROA not before:           Tue 02 Jan 2024 14:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56791
IP address blocks:        94.243.224.0/21 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:ea:7b:8f:c6:49:51:07:d6:72:be:94:e8:79:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380099a81b346f9abcaf26056f5b77094d1cf113
        Validity
            Not Before: Jan  2 14:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=477bd13a64003a02dbc50ec899dee2d54af61bd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a6:23:00:ab:39:16:bf:ed:ee:1f:e3:e4:05:
                    b5:64:c0:29:28:e8:04:df:28:06:71:4e:b8:e3:5c:
                    c5:47:4b:67:a9:26:8a:34:55:7f:74:a4:a8:26:90:
                    86:30:0a:7a:f9:32:87:b1:c9:12:ae:ce:c2:64:44:
                    8b:8e:94:a6:d1:b5:58:ae:89:4e:ae:5e:0e:23:2d:
                    17:ed:21:48:6a:9a:9d:75:5b:9e:0b:45:87:99:85:
                    48:f9:47:d3:15:e4:31:f1:43:f3:22:b0:5c:f3:ac:
                    b6:0b:93:13:54:d9:d2:83:4b:fc:53:5f:2f:10:2c:
                    20:f4:05:7b:54:87:49:b9:ca:b6:1a:13:e3:db:91:
                    6e:44:af:55:e6:9a:57:b0:04:86:d4:4a:06:02:a2:
                    04:e2:5d:ea:a1:40:bf:d6:99:68:9e:f6:1f:ae:c2:
                    df:62:56:f4:3f:9c:13:4b:e6:ac:41:1a:79:3b:97:
                    be:38:33:d6:b5:5b:9f:62:62:05:72:3c:17:82:58:
                    35:1a:51:27:c5:77:63:57:b1:da:55:5e:25:f6:d6:
                    cb:f1:75:97:18:13:00:81:1f:f1:9c:e4:18:cb:80:
                    08:e7:e3:65:bf:f6:31:af:12:0d:25:67:f0:07:6f:
                    9d:fd:75:ad:ca:d7:98:86:03:e5:c8:71:f6:b4:19:
                    0a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:7B:D1:3A:64:00:3A:02:DB:C5:0E:C8:99:DE:E2:D5:4A:F6:1B:D3
            X509v3 Authority Key Identifier:
                keyid:38:00:99:A8:1B:34:6F:9A:BC:AF:26:05:6F:5B:77:09:4D:1C:F1:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/R3vROmQAOgLbxQ7Imd7i1Ur2G9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.243.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3c:2f:51:04:09:fb:bf:1c:f9:c2:3d:e9:aa:78:74:3e:27:2b:
         80:00:f1:a5:36:68:8c:48:f4:f5:14:29:4a:e7:18:f9:05:75:
         c1:ac:f5:53:58:00:9a:b8:19:ec:b1:ee:e1:58:02:f6:be:ce:
         58:0e:09:b7:9c:4d:af:80:e3:48:8b:31:3f:6e:37:de:2c:b0:
         1f:65:42:69:df:5c:bf:fc:88:3f:54:16:c1:19:61:88:6a:9a:
         63:97:f9:55:0c:89:b2:b7:1d:00:b2:c6:bf:03:f3:47:d3:2c:
         96:92:34:30:65:41:94:0d:39:25:ac:30:01:fc:e2:de:5a:eb:
         bd:ed:86:f2:13:f7:35:28:39:05:ec:4b:83:59:25:85:57:94:
         be:0a:8b:0c:20:e6:ac:89:42:97:bf:a1:46:45:84:ce:6a:2a:
         6b:16:6f:38:96:55:5e:0f:f0:94:46:e1:5c:b8:7d:42:30:6b:
         65:7f:b2:5f:c3:df:ee:a4:d0:94:c5:b0:ab:7a:fc:9a:9c:6f:
         de:97:6b:96:b8:3d:cc:ba:80:3a:44:d9:da:55:55:52:2a:9b:
         08:67:8d:3f:bf:54:80:6c:ab:ee:17:ba:82:2f:d8:28:11:7c:
         92:79:d8:16:a8:c4:ef:63:4d:87:b1:d2:b9:1f:bf:e0:ac:f1:
         5a:86:4c:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKlup7j8ZJUQfWcr6U6HndMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MDA5OWE4MWIzNDZmOWFiY2FmMjYwNTZmNWI3NzA5NGQx
Y2YxMTMwHhcNMjQwMTAyMTQzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzdiZDEzYTY0MDAzYTAyZGJjNTBlYzg5OWRlZTJkNTRhZjYxYmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqYjAKs5Fr/t7h/j5AW1ZMApKOgE
3ygGcU6441zFR0tnqSaKNFV/dKSoJpCGMAp6+TKHsckSrs7CZESLjpSm0bVYrolO
rl4OIy0X7SFIapqddVueC0WHmYVI+UfTFeQx8UPzIrBc86y2C5MTVNnSg0v8U18v
ECwg9AV7VIdJucq2GhPj25FuRK9V5ppXsASG1EoGAqIE4l3qoUC/1plonvYfrsLf
Ylb0P5wTS+asQRp5O5e+ODPWtVufYmIFcjwXglg1GlEnxXdjV7HaVV4l9tbL8XWX
GBMAgR/xnOQYy4AI5+Nlv/YxrxINJWfwB2+d/XWtyteYhgPlyHH2tBkKwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEd70TpkADoC28UOyJne4tVK9hvTMB8GA1UdIwQY
MBaAFDgAmagbNG+avK8mBW9bdwlNHPETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0FDWnFCczBiNXE4cnlZRmIxdDNDVTBjOFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84ZTUwMWQtYzA4OC00ODk1LWFlZTMt
NDUwZmUzMzU5NWQxLzEvUjN2Uk9tUUFPZ0xieFE3SW1kN2kxVXIyRzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84ZTUwMWQtYzA4OC00ODk1LWFlZTMtNDUwZmUzMzU5NWQx
LzEvT0FDWnFCczBiNXE4cnlZRmIxdDNDVTBjOFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXvPgMA0G
CSqGSIb3DQEBCwUAA4IBAQA8L1EECfu/HPnCPemqeHQ+JyuAAPGlNmiMSPT1FClK
5xj5BXXBrPVTWACauBnsse7hWAL2vs5YDgm3nE2vgONIizE/bjfeLLAfZUJp31y/
/Ig/VBbBGWGIappjl/lVDImytx0Assa/A/NH0yyWkjQwZUGUDTklrDAB/OLeWuu9
7YbyE/c1KDkF7EuDWSWFV5S+CosMIOasiUKXv6FGRYTOaiprFm84llVeD/CURuFc
uH1CMGtlf7Jfw9/upNCUxbCrevyanG/el2uWuD3MuoA6RNnaVVVSKpsIZ40/v1SA
bKvuF7qCL9goEXySedgWqMTvY02HsdK5H7/grPFahkw9
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:42:34 2024 by rpki-client on console-ams.rpki-client.org