Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hLi9Ri0kk7tZ-WNrwhLXRYYx_sw.roa
File:                     hLi9Ri0kk7tZ-WNrwhLXRYYx_sw.roa (raw, json)
Hash identifier:          0vsGzEdMpkPnyE4qg3mQ2pA4/ECQPRQ/Ih3qZyu5i1M=
Subject key identifier:   84:B8:BD:46:2D:24:93:BB:59:F9:63:6B:C2:12:D7:45:86:31:FE:CC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421443D87C2811A917F8AFD0C6692E788
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hLi9Ri0kk7tZ-WNrwhLXRYYx_sw.roa
Signing time:             Wed 01 Jan 2025 09:48:27 +0000
ROA not before:           Wed 01 Jan 2025 09:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400866
IP address blocks:        82.152.4.0/24 maxlen: 24
                          82.152.5.0/24 maxlen: 24
                          82.153.153.0/24 maxlen: 24
                          82.153.156.0/24 maxlen: 24
                          82.153.200.0/24 maxlen: 24
                          213.210.63.0/24 maxlen: 24
                          213.218.211.0/24 maxlen: 24
                          213.218.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Feb 2025 12:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3d:87:c2:81:1a:91:7f:8a:fd:0c:66:92:e7:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84b8bd462d2493bb59f9636bc212d7458631fecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fd:c0:b0:60:c1:a7:ea:54:74:6f:6b:6e:f4:
                    4b:2d:3c:7a:1f:84:39:aa:ea:4f:2a:44:ec:e9:28:
                    d9:c6:63:ba:f1:e0:5a:3c:a7:e4:89:f8:f0:2a:e7:
                    41:41:c3:d7:b5:e3:93:a5:62:12:12:a0:c6:90:ca:
                    0b:07:2f:05:a4:ca:c8:7c:36:7c:d2:8e:c7:29:f6:
                    9f:fb:c8:f0:80:7e:9e:55:95:a1:df:76:e3:57:fb:
                    f7:cf:a2:cd:3c:c2:ae:73:79:26:8f:07:6e:be:b4:
                    03:39:fc:05:50:e0:f8:7b:b8:22:cd:6b:32:97:7d:
                    fa:f6:f0:06:0a:e0:ef:23:20:e1:da:67:54:eb:f6:
                    8d:3c:07:33:33:00:3f:3e:59:c1:bc:24:c4:90:cc:
                    11:04:9c:cd:f5:cb:c3:27:b3:fa:5a:2d:00:1b:73:
                    27:b3:24:05:41:f4:5a:ff:64:65:58:32:f7:01:a1:
                    90:a6:b8:5f:52:4d:20:75:e3:f2:a0:91:3d:7e:9e:
                    cd:64:37:21:3b:71:45:74:56:b2:1c:0b:06:23:3e:
                    6d:71:6a:e5:28:68:38:ab:58:18:2a:e8:f4:e2:7c:
                    a3:8c:25:17:ae:a1:fa:bb:f6:d7:c8:a4:3a:c0:2a:
                    a3:1d:6b:6d:60:38:1a:53:84:d1:82:ae:21:c5:cd:
                    76:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B8:BD:46:2D:24:93:BB:59:F9:63:6B:C2:12:D7:45:86:31:FE:CC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hLi9Ri0kk7tZ-WNrwhLXRYYx_sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.4.0/23
                  82.153.153.0/24
                  82.153.156.0/24
                  82.153.200.0/24
                  213.210.63.0/24
                  213.218.211.0/24
                  213.218.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:b6:6a:b5:38:36:3a:6d:71:0a:f3:e1:2e:44:51:49:b3:ae:
         a5:f1:36:45:1a:33:c1:31:09:5a:3b:3d:86:9d:db:8a:33:08:
         c6:4b:01:e7:50:f0:97:75:a7:74:2c:01:df:eb:29:cc:d7:06:
         63:6a:bb:75:39:90:ad:86:2a:37:af:24:21:e2:3c:40:f6:f0:
         9b:98:a2:96:11:e3:01:45:bf:de:ce:67:70:2f:6b:57:d7:a7:
         9d:19:26:3a:14:55:1b:d5:4a:ec:06:cb:b1:cd:18:7a:75:f2:
         94:38:5c:f3:7a:2b:df:ea:e7:09:66:a7:42:d5:6f:8a:d2:65:
         64:60:0b:53:1a:35:d5:56:99:82:c9:9a:36:aa:f2:fd:85:01:
         e6:d3:af:33:5b:fb:a8:36:7e:12:9e:17:0f:46:c6:3c:f5:dd:
         5a:0c:67:1f:4b:86:5e:5f:df:67:18:b7:32:4d:49:81:8f:78:
         27:70:28:c0:85:ab:42:df:8f:68:66:1f:b2:10:8a:16:54:3f:
         04:7c:8e:fc:e7:f6:c0:c2:6c:79:52:70:8f:ab:24:74:c3:7a:
         9d:8b:90:54:c2:57:d8:7b:35:2d:7c:a0:98:19:74:94:1a:fd:
         d7:99:53:64:59:56:8b:21:01:7e:f8:1a:a0:93:16:5e:8b:aa:
         76:a1:78:de
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZQhRD2HwoEakX+K/QxmkueIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI4YmQ0NjJkMjQ5M2JiNTlmOTYzNmJjMjEyZDc0NTg2MzFmZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/3AsGDBp+pUdG9rbvRLLTx6H4Q5
qupPKkTs6SjZxmO68eBaPKfkifjwKudBQcPXteOTpWISEqDGkMoLBy8FpMrIfDZ8
0o7HKfaf+8jwgH6eVZWh33bjV/v3z6LNPMKuc3kmjwduvrQDOfwFUOD4e7gizWsy
l3369vAGCuDvIyDh2mdU6/aNPAczMwA/PlnBvCTEkMwRBJzN9cvDJ7P6Wi0AG3Mn
syQFQfRa/2RlWDL3AaGQprhfUk0gdePyoJE9fp7NZDchO3FFdFayHAsGIz5tcWrl
KGg4q1gYKuj04nyjjCUXrqH6u/bXyKQ6wCqjHWttYDgaU4TRgq4hxc12iQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFIS4vUYtJJO7Wflja8IS10WGMf7MMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaExpOVJpMGtrN3RaLVdOcndoTFhSWVl4X3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBUpgEAwQA
UpmZAwQAUpmcAwQAUpnIAwQA1dI/AwQA1drTAwQA1drpMA0GCSqGSIb3DQEBCwUA
A4IBAQB+tmq1ODY6bXEK8+EuRFFJs66l8TZFGjPBMQlaOz2GnduKMwjGSwHnUPCX
dad0LAHf6ynM1wZjart1OZCthio3ryQh4jxA9vCbmKKWEeMBRb/ezmdwL2tX16ed
GSY6FFUb1UrsBsuxzRh6dfKUOFzzeivf6ucJZqdC1W+K0mVkYAtTGjXVVpmCyZo2
qvL9hQHm068zW/uoNn4SnhcPRsY89d1aDGcfS4ZeX99nGLcyTUmBj3gncCjAhatC
349oZh+yEIoWVD8EfI785/bAwmx5UnCPqyR0w3qdi5BUwlfYezUtfKCYGXSUGv3X
mVNkWVaLIQF++BqgkxZei6p2oXje
-----END CERTIFICATE-----
Generated at Thu Feb 13 16:48:20 2025 by rpki-client