Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/AH8AgRASXNYcKLVHRA08ovFKA7s.roa
File:                     AH8AgRASXNYcKLVHRA08ovFKA7s.roa (raw, json)
Hash identifier:          e8e9mDa+IC4KnIQfNfHdZMTOE4cPiBn9KU83IVPOTWY=
Subject key identifier:   00:7F:00:81:10:12:5C:D6:1C:28:B5:47:44:0D:3C:A2:F1:4A:03:BB
Certificate issuer:       /CN=3eb1788fe220e46434692d1cc437072d792d7888
Certificate serial:       018CC26D10323C363A9B09090DB93672DEF1
Authority key identifier: 3E:B1:78:8F:E2:20:E4:64:34:69:2D:1C:C4:37:07:2D:79:2D:78:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/AH8AgRASXNYcKLVHRA08ovFKA7s.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34878
IP address blocks:        141.52.0.0/16 maxlen: 16
                          129.13.0.0/16 maxlen: 16
                          141.3.0.0/16 maxlen: 16
                          2a00:1398::/29 maxlen: 29
                          2a00:1398::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:10:32:3c:36:3a:9b:09:09:0d:b9:36:72:de:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb1788fe220e46434692d1cc437072d792d7888
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=007f008110125cd61c28b547440d3ca2f14a03bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f2:ba:6e:4d:0e:5f:af:62:5d:3a:02:27:9e:
                    5e:0a:35:89:20:8e:ec:e4:f9:05:01:1b:31:af:58:
                    9e:8f:dd:3f:11:7d:c8:7d:32:93:1a:04:9a:db:22:
                    49:1a:1e:b3:1d:92:b6:41:30:2f:d1:33:ca:c8:2c:
                    4e:dd:ac:af:1a:08:76:50:d9:05:97:ca:4a:76:85:
                    ed:f4:ed:62:d0:39:3e:29:b2:42:22:af:5e:32:d8:
                    43:31:ad:f1:c0:77:16:3b:41:40:52:fe:bf:3a:b4:
                    03:c2:84:14:1a:a6:50:1f:d0:fd:9e:5d:d4:4f:c6:
                    2f:0f:4e:54:cf:85:1f:e1:f2:c3:0b:57:25:ad:60:
                    e2:4b:00:d8:b0:7a:7a:90:4b:65:14:7a:c2:a5:ec:
                    26:b2:3a:39:90:f7:b7:c0:43:e1:62:13:64:4c:81:
                    20:bd:aa:80:db:51:bd:ae:af:95:3f:2a:13:b0:a1:
                    1e:bb:e7:b1:20:06:5d:89:91:77:d0:76:76:53:0d:
                    93:2e:03:33:d8:89:19:02:6e:8f:c6:36:71:81:61:
                    b6:77:bf:30:f0:51:36:62:df:21:67:45:67:ca:05:
                    c8:24:42:12:df:a7:4c:04:13:7e:56:0f:16:7d:17:
                    9d:9f:d6:e2:db:61:1b:05:51:61:48:3a:41:89:de:
                    59:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:7F:00:81:10:12:5C:D6:1C:28:B5:47:44:0D:3C:A2:F1:4A:03:BB
            X509v3 Authority Key Identifier:
                keyid:3E:B1:78:8F:E2:20:E4:64:34:69:2D:1C:C4:37:07:2D:79:2D:78:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/AH8AgRASXNYcKLVHRA08ovFKA7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.13.0.0/16
                  141.3.0.0/16
                  141.52.0.0/16
                IPv6:
                  2a00:1398::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:50:bb:0f:87:b4:97:ed:22:78:8c:fe:ba:51:e3:72:cc:4d:
         1a:1c:b9:f5:28:51:8e:44:09:ce:73:3a:15:de:3f:ea:57:d6:
         47:15:19:be:95:c2:95:27:31:0e:8e:52:93:9e:91:65:e1:a4:
         bc:b5:32:47:7f:df:fb:b9:e2:cb:b6:10:8e:df:35:48:fe:dc:
         85:d5:06:8e:6e:eb:5e:92:ae:2c:5a:72:e7:4c:cd:05:50:27:
         ad:18:30:0e:ee:c4:30:1b:a8:01:be:bf:1d:90:3f:e2:1c:93:
         73:4e:9d:57:71:d0:06:6f:fc:ec:2b:f9:0f:9c:ba:2a:e3:90:
         f0:bf:6f:47:b9:d6:e4:e4:c9:3e:b8:af:71:fd:08:ef:33:53:
         bf:d3:cd:cb:8a:4d:43:ec:3b:78:6b:2e:2e:56:e8:cd:e7:89:
         63:87:f1:b5:59:bf:f8:d0:fb:25:63:11:c1:fe:90:b0:62:d6:
         c3:7c:98:a4:2d:ff:b1:e0:74:be:2e:46:27:c3:92:02:d9:4f:
         00:a4:8e:3c:d2:a1:2f:b5:86:3c:8e:3e:aa:78:de:83:83:fd:
         51:6f:6e:40:82:19:33:66:2e:8c:04:e8:7b:c3:bf:47:0a:18:
         7d:ff:ec:89:bc:3c:66:77:ab:98:58:27:90:aa:86:fa:0f:08:
         46:41:fe:35
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzCbRAyPDY6mwkJDbk2ct7xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjE3ODhmZTIyMGU0NjQzNDY5MmQxY2M0MzcwNzJkNzky
ZDc4ODgwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDdmMDA4MTEwMTI1Y2Q2MWMyOGI1NDc0NDBkM2NhMmYxNGEwM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/K6bk0OX69iXToCJ55eCjWJII7s
5PkFARsxr1iej90/EX3IfTKTGgSa2yJJGh6zHZK2QTAv0TPKyCxO3ayvGgh2UNkF
l8pKdoXt9O1i0Dk+KbJCIq9eMthDMa3xwHcWO0FAUv6/OrQDwoQUGqZQH9D9nl3U
T8YvD05Uz4Uf4fLDC1clrWDiSwDYsHp6kEtlFHrCpewmsjo5kPe3wEPhYhNkTIEg
vaqA21G9rq+VPyoTsKEeu+exIAZdiZF30HZ2Uw2TLgMz2IkZAm6PxjZxgWG2d78w
8FE2Yt8hZ0VnygXIJEIS36dMBBN+Vg8WfRedn9bi22EbBVFhSDpBid5ZIQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFAB/AIEQElzWHCi1R0QNPKLxSgO7MB8GA1UdIwQY
MBaAFD6xeI/iIORkNGktHMQ3By15LXiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJGNGotSWc1R1EwYVMwY3hEY0hMWGt0ZUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8yMmY1NzAtMGIyNi00MDA0LThlZDAt
ZDk1MDk0NzMwNzJjLzEvQUg4QWdSQVNYTlljS0xWSFJBMDhvdkZLQTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8yMmY1NzAtMGIyNi00MDA0LThlZDAtZDk1MDk0NzMwNzJj
LzEvUHJGNGotSWc1R1EwYVMwY3hEY0hMWGt0ZUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAVBAIAATAPAwMAgQ0DAwCN
AwMDAI00MA0EAgACMAcDBQMqABOYMA0GCSqGSIb3DQEBCwUAA4IBAQAGULsPh7SX
7SJ4jP66UeNyzE0aHLn1KFGORAnOczoV3j/qV9ZHFRm+lcKVJzEOjlKTnpFl4aS8
tTJHf9/7ueLLthCO3zVI/tyF1QaObutekq4sWnLnTM0FUCetGDAO7sQwG6gBvr8d
kD/iHJNzTp1XcdAGb/zsK/kPnLoq45Dwv29Hudbk5Mk+uK9x/QjvM1O/083Lik1D
7Dt4ay4uVujN54ljh/G1Wb/40PslYxHB/pCwYtbDfJikLf+x4HS+LkYnw5IC2U8A
pI480qEvtYY8jj6qeN6Dg/1Rb25AghkzZi6MBOh7w79HChh9/+yJvDxmd6uYWCeQ
qob6DwhGQf41
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:30:36 2024 by rpki-client on console-ams.rpki-client.org