Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/283e8f-bda2-49dc-8afe-af137ccb2b69/1/lrMCvmJxGZfUztx9Xp5v3zCxSWM.roa
File:                     lrMCvmJxGZfUztx9Xp5v3zCxSWM.roa (raw, json)
Hash identifier:          TaOCrg+O0qiRF/QGFtrnPePFsZ6Ct0ehMHvmxqVrfQo=
Subject key identifier:   96:B3:02:BE:62:71:19:97:D4:CE:DC:7D:5E:9E:6F:DF:30:B1:49:63
Certificate issuer:       /CN=b5c398c07325c40e7d76d2396a1be85c42fdc2c8
Certificate serial:       018DB0FDD5A8CA5013D96075073C43105924
Authority key identifier: B5:C3:98:C0:73:25:C4:0E:7D:76:D2:39:6A:1B:E8:5C:42:FD:C2:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcOYwHMlxA59dtI5ahvoXEL9wsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/283e8f-bda2-49dc-8afe-af137ccb2b69/1/lrMCvmJxGZfUztx9Xp5v3zCxSWM.roa
Signing time:             Fri 16 Feb 2024 08:17:21 +0000
ROA not before:           Fri 16 Feb 2024 08:17:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51499
IP address blocks:        46.30.248.0/21 maxlen: 24
                          185.233.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/283e8f-bda2-49dc-8afe-af137ccb2b69/1/tcOYwHMlxA59dtI5ahvoXEL9wsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/283e8f-bda2-49dc-8afe-af137ccb2b69/1/tcOYwHMlxA59dtI5ahvoXEL9wsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcOYwHMlxA59dtI5ahvoXEL9wsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b0:fd:d5:a8:ca:50:13:d9:60:75:07:3c:43:10:59:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5c398c07325c40e7d76d2396a1be85c42fdc2c8
        Validity
            Not Before: Feb 16 08:17:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96b302be62711997d4cedc7d5e9e6fdf30b14963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:52:2f:2f:2f:8c:60:a1:e9:4a:c0:37:5a:14:
                    40:b3:dd:6e:d8:32:da:51:ed:bf:ab:1e:66:64:7e:
                    86:fd:78:36:0c:a7:0c:22:ec:47:a6:ea:56:d7:cf:
                    27:b4:4a:ac:31:a1:17:77:16:49:6f:fd:46:ae:02:
                    e0:3c:5d:54:2c:7e:6b:23:93:10:fa:56:c2:bc:c5:
                    ce:38:d5:27:a3:54:7e:b1:93:e0:54:97:ec:c9:63:
                    22:bb:68:87:ff:ee:b7:51:05:cf:c1:52:c9:6b:c7:
                    52:5e:95:ca:3c:86:56:2c:31:cc:a3:54:df:d1:94:
                    fe:c7:05:8c:db:82:13:82:4a:5b:bd:7e:08:0a:47:
                    d7:5a:1b:70:d6:bc:f7:66:6d:be:1b:23:53:67:05:
                    2c:20:ae:27:6e:1a:f8:b5:1c:6c:30:d8:71:81:f7:
                    e9:fe:c4:34:53:12:e6:e1:59:3a:c9:4b:81:88:09:
                    df:fe:11:78:cc:83:b4:f9:a9:28:e7:45:c0:1d:4b:
                    fe:d5:0a:c2:9a:ee:76:f5:6b:08:a6:5e:d6:9e:bb:
                    6a:43:0b:5b:92:a1:c1:5e:c0:16:50:02:a9:20:13:
                    b9:13:20:03:2d:d7:6c:0b:f8:78:ff:66:02:8e:48:
                    1d:5c:e4:ff:76:50:f4:38:90:bf:b7:24:9a:f6:a4:
                    99:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B3:02:BE:62:71:19:97:D4:CE:DC:7D:5E:9E:6F:DF:30:B1:49:63
            X509v3 Authority Key Identifier:
                keyid:B5:C3:98:C0:73:25:C4:0E:7D:76:D2:39:6A:1B:E8:5C:42:FD:C2:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcOYwHMlxA59dtI5ahvoXEL9wsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/283e8f-bda2-49dc-8afe-af137ccb2b69/1/lrMCvmJxGZfUztx9Xp5v3zCxSWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/283e8f-bda2-49dc-8afe-af137ccb2b69/1/tcOYwHMlxA59dtI5ahvoXEL9wsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.248.0/21
                  185.233.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:38:07:9d:55:c3:8a:42:04:92:45:dc:3e:20:48:fc:7c:12:
         b0:b7:9c:20:0b:f7:59:c0:f6:7f:b1:0e:5e:a8:c8:aa:d6:e1:
         d4:75:a0:25:28:a1:65:e7:ca:5a:ab:ce:15:57:f4:c2:3d:f8:
         1e:c0:5d:27:d2:8b:64:8b:c5:62:02:81:bf:b2:3c:8a:6c:36:
         51:64:cd:af:07:8e:07:68:be:14:bd:dc:e5:d2:41:56:cb:ed:
         4b:84:bd:ea:87:10:74:be:15:ce:94:81:b9:0f:4d:1b:93:a5:
         6b:8e:66:52:cb:f8:ee:8f:7e:de:b4:c1:ab:5e:df:f0:8f:36:
         4e:00:1d:76:b1:2f:7e:d3:80:b4:02:b1:b6:5f:9c:6b:7f:78:
         b2:f3:89:5b:27:5f:36:f1:88:2e:ea:28:57:f5:ec:77:f8:8b:
         0b:bd:11:91:c2:07:81:ce:31:10:d1:20:5b:86:83:0d:2a:ad:
         b3:c1:46:b7:d9:2d:e9:e9:90:13:78:9f:63:e2:72:7d:b5:45:
         b9:a2:5f:7e:1b:82:2f:78:c6:db:5f:a2:83:21:c3:3e:48:8d:
         42:4c:9c:9b:ab:ac:22:cd:f2:2c:43:2d:52:37:b4:b0:73:f2:
         62:fb:2e:79:7d:9e:e7:08:58:5a:04:03:ca:bb:09:92:51:28:
         94:e1:7c:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2w/dWoylAT2WB1BzxDEFkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YzM5OGMwNzMyNWM0MGU3ZDc2ZDIzOTZhMWJlODVjNDJm
ZGMyYzgwHhcNMjQwMjE2MDgxNzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmIzMDJiZTYyNzExOTk3ZDRjZWRjN2Q1ZTllNmZkZjMwYjE0OTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1IvLy+MYKHpSsA3WhRAs91u2DLa
Ue2/qx5mZH6G/Xg2DKcMIuxHpupW188ntEqsMaEXdxZJb/1GrgLgPF1ULH5rI5MQ
+lbCvMXOONUno1R+sZPgVJfsyWMiu2iH/+63UQXPwVLJa8dSXpXKPIZWLDHMo1Tf
0ZT+xwWM24ITgkpbvX4ICkfXWhtw1rz3Zm2+GyNTZwUsIK4nbhr4tRxsMNhxgffp
/sQ0UxLm4Vk6yUuBiAnf/hF4zIO0+ako50XAHUv+1QrCmu529WsIpl7WnrtqQwtb
kqHBXsAWUAKpIBO5EyADLddsC/h4/2YCjkgdXOT/dlD0OJC/tySa9qSZ9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJazAr5icRmX1M7cfV6eb98wsUljMB8GA1UdIwQY
MBaAFLXDmMBzJcQOfXbSOWob6FxC/cLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNPWXdITWx4QTU5ZHRJNWFodm9YRUw5d3NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yODNlOGYtYmRhMi00OWRjLThhZmUt
YWYxMzdjY2IyYjY5LzEvbHJNQ3ZtSnhHWmZVenR4OVhwNXYzekN4U1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yODNlOGYtYmRhMi00OWRjLThhZmUtYWYxMzdjY2IyYjY5
LzEvdGNPWXdITWx4QTU5ZHRJNWFodm9YRUw5d3NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLh74AwQC
uen4MA0GCSqGSIb3DQEBCwUAA4IBAQBWOAedVcOKQgSSRdw+IEj8fBKwt5wgC/dZ
wPZ/sQ5eqMiq1uHUdaAlKKFl58paq84VV/TCPfgewF0n0otki8ViAoG/sjyKbDZR
ZM2vB44HaL4Uvdzl0kFWy+1LhL3qhxB0vhXOlIG5D00bk6VrjmZSy/juj37etMGr
Xt/wjzZOAB12sS9+04C0ArG2X5xrf3iy84lbJ1828Ygu6ihX9ex3+IsLvRGRwgeB
zjEQ0SBbhoMNKq2zwUa32S3p6ZATeJ9j4nJ9tUW5ol9+G4IveMbbX6KDIcM+SI1C
TJybq6wizfIsQy1SN7Swc/Ji+y55fZ7nCFhaBAPKuwmSUSiU4Xws
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:45:19 2024 by rpki-client on console-fra.rpki-client.org