Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/CHf_cTzmdkF7qew1AeAbjle7obM.roa
File:                     CHf_cTzmdkF7qew1AeAbjle7obM.roa (raw, json)
Hash identifier:          nSTP6U8yrh3e16Uz96q7ugRBm6vla5/AWu0XzV84wUg=
Subject key identifier:   08:77:FF:71:3C:E6:76:41:7B:A9:EC:35:01:E0:1B:8E:57:BB:A1:B3
Certificate issuer:       /CN=adac830ccaa74783dd961fab241a228d7cc6f808
Certificate serial:       018CC3B74898F668B8B70FD5BACE1C421EF0
Authority key identifier: AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/CHf_cTzmdkF7qew1AeAbjle7obM.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197333
IP address blocks:        62.33.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:48:98:f6:68:b8:b7:0f:d5:ba:ce:1c:42:1e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adac830ccaa74783dd961fab241a228d7cc6f808
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0877ff713ce676417ba9ec3501e01b8e57bba1b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:20:67:c9:b6:e8:9a:b8:c3:9f:84:7e:06:f1:
                    79:7b:03:99:e6:32:c0:0d:cb:61:fd:cd:15:d9:00:
                    ae:5e:5a:a9:01:aa:65:4e:d1:17:81:48:e2:e0:4f:
                    e8:56:a3:14:31:09:c5:44:39:9a:a5:27:67:77:8d:
                    60:50:d2:42:be:d8:88:f9:9c:4b:0d:f7:8f:f5:40:
                    13:5b:63:67:fc:0a:4d:cc:c7:c2:4c:82:ad:50:09:
                    c9:4e:f1:c5:af:38:28:e9:b8:2e:e6:81:35:5a:98:
                    1b:68:76:cf:c8:8e:7d:d1:28:94:e1:34:fa:c2:9c:
                    da:30:c6:4a:ae:ae:14:e2:bf:e3:63:4e:52:65:80:
                    13:df:ac:a5:47:2e:65:cb:c1:ec:d8:f3:82:76:0d:
                    43:69:3b:ea:f0:ae:0b:94:b7:d9:f0:49:d5:80:75:
                    16:0f:bc:2c:92:2f:b4:a8:bb:d3:c4:0e:33:63:a1:
                    98:7a:a6:7d:33:b0:f6:a1:b5:c6:4e:91:53:93:72:
                    94:e5:78:7c:d8:de:48:87:9b:e7:18:ef:ac:b1:e8:
                    94:e5:b7:c9:73:a2:34:b5:90:ee:93:79:16:4a:e3:
                    db:87:50:fd:65:4b:92:ab:03:fa:f4:b2:fe:67:d6:
                    27:a6:ce:d8:e5:db:cf:67:5e:4b:94:10:46:c8:cb:
                    9c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:77:FF:71:3C:E6:76:41:7B:A9:EC:35:01:E0:1B:8E:57:BB:A1:B3
            X509v3 Authority Key Identifier:
                keyid:AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/CHf_cTzmdkF7qew1AeAbjle7obM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.33.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:a0:09:2b:8a:46:25:04:c3:53:ee:2b:00:c9:fd:c9:14:1f:
         c4:b0:81:a0:72:67:1d:7f:f8:96:08:df:1c:03:a0:b5:1e:c0:
         fe:fd:53:85:36:e4:e7:29:c5:7a:d9:ce:29:b1:91:2c:9b:f2:
         21:23:dd:dc:bc:b1:66:84:25:5d:61:28:f3:31:bd:a9:0b:4e:
         d2:77:f0:0c:f3:34:6c:7a:d1:b1:f6:c3:a4:b0:8f:ed:e0:5e:
         04:ea:9f:f1:e6:52:97:9a:1d:c0:43:16:a0:35:ab:bf:27:16:
         0a:6c:5f:ac:58:7a:3b:49:0e:86:60:f8:21:57:37:40:f3:d9:
         32:99:bc:bc:f6:11:7c:26:cb:dd:67:87:27:56:57:80:12:19:
         cd:56:c7:4d:5d:45:75:a8:2f:65:0e:56:69:65:57:d2:e3:63:
         83:22:e7:d4:19:41:f3:c0:fa:d6:b3:54:ed:16:ef:55:a3:d0:
         36:14:fa:0d:b3:20:1e:73:08:12:1d:ce:90:68:e8:b8:db:26:
         ef:bf:41:28:a9:6e:26:c2:c4:4f:15:d6:46:38:19:37:a1:62:
         ad:41:2a:3e:07:ce:67:7f:79:f4:de:b9:21:f6:3d:98:f5:95:
         3c:19:ef:b4:60:94:23:57:b1:08:13:c4:d9:99:ae:78:8e:2e:
         e2:b6:1a:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0iY9mi4tw/Vus4cQh7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYWM4MzBjY2FhNzQ3ODNkZDk2MWZhYjI0MWEyMjhkN2Nj
NmY4MDgwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODc3ZmY3MTNjZTY3NjQxN2JhOWVjMzUwMWUwMWI4ZTU3YmJhMWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSBnybbomrjDn4R+BvF5ewOZ5jLA
Dcth/c0V2QCuXlqpAaplTtEXgUji4E/oVqMUMQnFRDmapSdnd41gUNJCvtiI+ZxL
DfeP9UATW2Nn/ApNzMfCTIKtUAnJTvHFrzgo6bgu5oE1WpgbaHbPyI590SiU4TT6
wpzaMMZKrq4U4r/jY05SZYAT36ylRy5ly8Hs2POCdg1DaTvq8K4LlLfZ8EnVgHUW
D7wski+0qLvTxA4zY6GYeqZ9M7D2obXGTpFTk3KU5Xh82N5Ih5vnGO+sseiU5bfJ
c6I0tZDuk3kWSuPbh1D9ZUuSqwP69LL+Z9Ynps7Y5dvPZ15LlBBGyMuc9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAh3/3E85nZBe6nsNQHgG45Xu6GzMB8GA1UdIwQY
MBaAFK2sgwzKp0eD3ZYfqyQaIo18xvgIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgt
OTI5ZjdkNjM1ZjRiLzEvQ0hmX2NUem1ka0Y3cWV3MUFlQWJqbGU3b2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgtOTI5ZjdkNjM1ZjRi
LzEvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPiEYMA0G
CSqGSIb3DQEBCwUAA4IBAQB9oAkrikYlBMNT7isAyf3JFB/EsIGgcmcdf/iWCN8c
A6C1HsD+/VOFNuTnKcV62c4psZEsm/IhI93cvLFmhCVdYSjzMb2pC07Sd/AM8zRs
etGx9sOksI/t4F4E6p/x5lKXmh3AQxagNau/JxYKbF+sWHo7SQ6GYPghVzdA89ky
mby89hF8JsvdZ4cnVleAEhnNVsdNXUV1qC9lDlZpZVfS42ODIufUGUHzwPrWs1Tt
Fu9Vo9A2FPoNsyAecwgSHc6QaOi42ybvv0EoqW4mwsRPFdZGOBk3oWKtQSo+B85n
f3n03rkh9j2Y9ZU8Ge+0YJQjV7EIE8TZma54ji7ithrp
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:22:25 2024 by rpki-client on console-ams.rpki-client.org