Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/f12551-20cc-4218-a426-f41d6c0c84b6/1/X3dyIGOpQtITHllmxWgQJpnMhDk.roa
File:                     X3dyIGOpQtITHllmxWgQJpnMhDk.roa (raw, json)
Hash identifier:          n3cpzsZSbYMKUN/zaDZI7gF3cG+prsQRz8zf0YWS6Yo=
Subject key identifier:   5F:77:72:20:63:A9:42:D2:13:1E:59:66:C5:68:10:26:99:CC:84:39
Certificate issuer:       /CN=42217a2d513a9fb0fce1a1cfc2b3c05c018bd8c1
Certificate serial:       018CC5DC9083537B75655CEAA34C8ED0DF6E
Authority key identifier: 42:21:7A:2D:51:3A:9F:B0:FC:E1:A1:CF:C2:B3:C0:5C:01:8B:D8:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QiF6LVE6n7D84aHPwrPAXAGL2ME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/f12551-20cc-4218-a426-f41d6c0c84b6/1/X3dyIGOpQtITHllmxWgQJpnMhDk.roa
Signing time:             Mon 01 Jan 2024 16:30:15 +0000
ROA not before:           Mon 01 Jan 2024 16:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        193.188.196.0/24 maxlen: 24
                          2001:67c:b80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/f12551-20cc-4218-a426-f41d6c0c84b6/1/QiF6LVE6n7D84aHPwrPAXAGL2ME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/f12551-20cc-4218-a426-f41d6c0c84b6/1/QiF6LVE6n7D84aHPwrPAXAGL2ME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QiF6LVE6n7D84aHPwrPAXAGL2ME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:90:83:53:7b:75:65:5c:ea:a3:4c:8e:d0:df:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42217a2d513a9fb0fce1a1cfc2b3c05c018bd8c1
        Validity
            Not Before: Jan  1 16:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f77722063a942d2131e5966c568102699cc8439
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:12:7a:67:cd:dc:2a:9e:b0:29:bc:31:43:8c:
                    cc:48:3b:d0:72:df:3e:c0:18:60:7f:14:65:de:ac:
                    ec:47:4c:ec:fc:4e:bd:b0:77:20:ef:a1:49:b4:46:
                    b4:be:39:ba:2d:6d:98:c9:d8:f6:02:75:47:ec:a4:
                    31:c6:20:72:eb:06:6f:9c:29:c2:e6:6a:b1:80:b1:
                    5a:65:ed:00:c4:35:00:be:2f:9c:11:95:c8:aa:de:
                    a4:22:5a:aa:bd:90:c5:45:48:e0:a7:5b:f9:86:4e:
                    0a:fa:d3:01:fa:90:34:8b:f7:cf:5f:47:56:2c:b8:
                    bf:48:6e:1c:dd:ad:3f:03:66:68:15:76:eb:a7:eb:
                    b8:87:46:eb:03:f9:00:0f:61:89:61:2e:38:5d:17:
                    a1:69:21:7f:f1:fa:94:2e:61:e8:e5:31:30:80:5d:
                    c5:61:7d:d0:c4:be:07:70:f2:2d:65:f1:c6:97:61:
                    ef:96:1b:ff:c7:60:ca:55:0c:13:b9:1b:48:53:bb:
                    9d:2a:79:62:36:70:96:52:4a:a2:9b:43:cd:d6:ce:
                    bc:77:de:5d:25:fb:4f:6a:ed:b0:f7:cd:7e:4e:5b:
                    39:53:51:da:56:51:0a:b3:91:6f:c7:dc:6a:20:d2:
                    b3:a2:e5:c4:e3:af:50:36:df:d4:85:3d:b0:0b:ea:
                    ec:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:77:72:20:63:A9:42:D2:13:1E:59:66:C5:68:10:26:99:CC:84:39
            X509v3 Authority Key Identifier:
                keyid:42:21:7A:2D:51:3A:9F:B0:FC:E1:A1:CF:C2:B3:C0:5C:01:8B:D8:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiF6LVE6n7D84aHPwrPAXAGL2ME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/f12551-20cc-4218-a426-f41d6c0c84b6/1/X3dyIGOpQtITHllmxWgQJpnMhDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/f12551-20cc-4218-a426-f41d6c0c84b6/1/QiF6LVE6n7D84aHPwrPAXAGL2ME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.196.0/24
                IPv6:
                  2001:67c:b80::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:ce:7e:b2:5a:51:27:75:91:e6:36:e2:e4:6a:7d:e7:6e:58:
         09:2d:70:03:63:72:ba:81:63:9d:f4:88:6b:84:9e:22:65:d6:
         b2:5c:c1:30:33:2c:bc:af:ff:58:96:06:c4:53:15:88:5d:59:
         b0:a8:31:9a:9d:3c:eb:a7:ee:40:40:5c:b2:d9:bd:b9:68:1d:
         8c:68:e7:6d:a7:32:09:95:54:0f:be:e3:3f:e2:42:fd:97:da:
         3d:7f:ec:75:5b:cc:04:db:4e:e8:19:e4:da:9e:f3:3f:1c:6d:
         b2:7b:ca:8d:2c:d0:c0:86:27:c7:02:59:5b:78:60:1b:30:a9:
         26:9c:a6:9a:19:22:b9:c7:10:70:54:d8:12:c3:9a:dc:18:b8:
         31:28:8c:f0:97:51:a6:67:fe:b9:13:fb:74:77:f8:58:fb:c2:
         9c:12:f9:b6:96:08:e6:ed:77:82:fe:a4:79:7c:42:9e:97:02:
         73:bd:ea:9b:e1:3f:16:9f:2b:5e:c9:7b:b7:fe:23:78:79:f5:
         af:94:d8:00:f1:a9:d2:23:3b:e3:74:1e:3a:45:93:d1:af:39:
         5c:02:72:07:7c:e6:52:19:a8:38:eb:34:ee:fa:53:70:7e:30:
         44:f1:82:f1:97:a1:9c:74:8c:fd:61:bd:83:6b:4c:13:67:36:
         3e:50:32:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3JCDU3t1ZVzqo0yO0N9uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjE3YTJkNTEzYTlmYjBmY2UxYTFjZmMyYjNjMDVjMDE4
YmQ4YzEwHhcNMjQwMTAxMTYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc3NzIyMDYzYTk0MmQyMTMxZTU5NjZjNTY4MTAyNjk5Y2M4NDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBJ6Z83cKp6wKbwxQ4zMSDvQct8+
wBhgfxRl3qzsR0zs/E69sHcg76FJtEa0vjm6LW2Yydj2AnVH7KQxxiBy6wZvnCnC
5mqxgLFaZe0AxDUAvi+cEZXIqt6kIlqqvZDFRUjgp1v5hk4K+tMB+pA0i/fPX0dW
LLi/SG4c3a0/A2ZoFXbrp+u4h0brA/kAD2GJYS44XRehaSF/8fqULmHo5TEwgF3F
YX3QxL4HcPItZfHGl2Hvlhv/x2DKVQwTuRtIU7udKnliNnCWUkqim0PN1s68d95d
JftPau2w981+Tls5U1HaVlEKs5Fvx9xqINKzouXE469QNt/UhT2wC+rs7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF93ciBjqULSEx5ZZsVoECaZzIQ5MB8GA1UdIwQY
MBaAFEIhei1ROp+w/OGhz8KzwFwBi9jBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlGNkxWRTZuN0Q4NGFIUHdyUEFYQUdMMk1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9mMTI1NTEtMjBjYy00MjE4LWE0MjYt
ZjQxZDZjMGM4NGI2LzEvWDNkeUlHT3BRdElUSGxsbXhXZ1FKcG5NaERrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9mMTI1NTEtMjBjYy00MjE4LWE0MjYtZjQxZDZjMGM4NGI2
LzEvUWlGNkxWRTZuN0Q4NGFIUHdyUEFYQUdMMk1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwbzEMA8E
AgACMAkDBwAgAQZ8C4AwDQYJKoZIhvcNAQELBQADggEBALPOfrJaUSd1keY24uRq
feduWAktcANjcrqBY530iGuEniJl1rJcwTAzLLyv/1iWBsRTFYhdWbCoMZqdPOun
7kBAXLLZvbloHYxo522nMgmVVA++4z/iQv2X2j1/7HVbzATbTugZ5Nqe8z8cbbJ7
yo0s0MCGJ8cCWVt4YBswqSacppoZIrnHEHBU2BLDmtwYuDEojPCXUaZn/rkT+3R3
+Fj7wpwS+baWCObtd4L+pHl8Qp6XAnO96pvhPxafK17Je7f+I3h59a+U2ADxqdIj
O+N0HjpFk9GvOVwCcgd85lIZqDjrNO76U3B+METxgvGXoZx0jP1hvYNrTBNnNj5Q
Mu8=
-----END CERTIFICATE-----
Generated at Sat Nov 23 08:45:50 2024 by rpki-client on console-fra.rpki-client.org