Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/kh0s0CIDLRKrxAkVDtjYE50Bpsc.roa
File:                     kh0s0CIDLRKrxAkVDtjYE50Bpsc.roa (raw, json)
Hash identifier:          h3UFiNAvDRD9QwHV9jv5CP8JVrp9MyCgy9MnnhaLtls=
Subject key identifier:   92:1D:2C:D0:22:03:2D:12:AB:C4:09:15:0E:D8:D8:13:9D:01:A6:C7
Certificate issuer:       /CN=f93ac6cd2240249bba60171f086e9101cc87ca24
Certificate serial:       018CC5DC890C27F2B90C0BF89A0BBD8498CB
Authority key identifier: F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/kh0s0CIDLRKrxAkVDtjYE50Bpsc.roa
Signing time:             Mon 01 Jan 2024 16:30:13 +0000
ROA not before:           Mon 01 Jan 2024 16:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53340
IP address blocks:        176.111.222.0/24 maxlen: 24
                          193.8.194.0/24 maxlen: 24
                          147.189.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:89:0c:27:f2:b9:0c:0b:f8:9a:0b:bd:84:98:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f93ac6cd2240249bba60171f086e9101cc87ca24
        Validity
            Not Before: Jan  1 16:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=921d2cd022032d12abc409150ed8d8139d01a6c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cb:f9:a9:f8:87:07:a3:72:24:2e:e1:65:25:
                    b9:c6:4b:ec:ab:be:31:b5:46:0b:17:05:24:11:49:
                    5c:eb:b6:bb:77:69:ad:1d:2d:c7:89:41:8b:c9:b9:
                    a6:d4:90:f6:5d:69:26:75:76:f1:68:99:37:8a:3c:
                    fa:c2:90:a0:e8:13:1e:f2:31:3c:32:8d:d3:2b:33:
                    e6:93:14:de:ae:4f:5f:03:e8:05:16:8a:6f:5b:1f:
                    51:79:12:6f:07:6d:2b:54:14:33:78:62:fe:0d:cc:
                    1e:b5:e8:b6:f3:b1:70:46:d3:7f:f0:8d:c6:60:77:
                    de:2e:7a:ec:23:46:81:23:99:e7:4d:22:86:35:48:
                    39:43:83:dc:ff:00:07:db:4f:a7:f8:1a:7d:30:57:
                    1a:75:be:0c:6d:39:60:a1:64:b7:7a:a0:f9:49:7c:
                    f1:a7:ee:94:1f:3a:35:df:d4:5c:df:6e:b3:a8:7b:
                    78:2b:3f:c5:15:57:b1:4f:f7:29:b2:07:07:e4:5f:
                    24:a2:74:ee:81:ad:56:e2:ff:17:b0:95:c8:b5:16:
                    97:dd:31:4e:6b:e6:9b:01:18:f5:65:2b:3a:be:ba:
                    60:55:9b:95:8b:20:87:67:53:4e:20:b1:e7:11:6f:
                    56:84:fd:8e:08:dd:26:d8:4f:d9:71:ee:03:bf:32:
                    24:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:1D:2C:D0:22:03:2D:12:AB:C4:09:15:0E:D8:D8:13:9D:01:A6:C7
            X509v3 Authority Key Identifier:
                keyid:F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/kh0s0CIDLRKrxAkVDtjYE50Bpsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.133.0/24
                  176.111.222.0/24
                  193.8.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:3b:f5:2f:57:33:fa:84:54:94:07:29:fd:e1:2a:a5:e6:99:
         1e:47:84:ff:fe:d7:75:d8:3e:0b:d7:e9:e1:f0:47:ae:e6:7c:
         dc:3a:af:3c:62:52:35:69:71:1c:38:30:ab:aa:5d:9c:92:2a:
         9a:e4:4b:00:0c:85:3b:64:f1:07:8e:ca:77:0b:a7:3e:f3:2d:
         61:47:29:45:4d:40:72:ba:65:85:b8:db:28:d6:57:68:23:04:
         06:41:de:66:e3:59:69:24:83:95:3b:bd:d2:f4:b3:96:fc:f1:
         82:8f:49:b5:f0:28:70:b9:78:47:42:04:93:68:88:96:01:d5:
         7a:90:0c:3c:56:b4:68:53:58:b4:b1:ee:82:21:bf:96:7a:92:
         16:b1:05:2b:74:92:22:34:eb:cd:d5:5d:d4:b3:ec:5c:df:0d:
         7e:b3:e7:fe:db:b2:72:3d:65:4e:1b:cb:69:29:68:48:4c:e0:
         17:05:55:58:11:c7:f3:16:f9:36:93:57:2e:dd:3b:66:81:87:
         99:eb:2c:87:07:7c:c6:10:d3:62:63:fc:bd:25:07:8a:81:73:
         5e:c6:05:1c:f8:fc:7d:d6:d0:88:76:0e:03:1a:0b:64:00:6d:
         e2:69:8d:b3:22:1a:4f:eb:49:94:5f:88:ea:13:73:21:2d:08:
         8e:74:b5:db
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzF3IkMJ/K5DAv4mgu9hJjLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5M2FjNmNkMjI0MDI0OWJiYTYwMTcxZjA4NmU5MTAxY2M4
N2NhMjQwHhcNMjQwMTAxMTYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjFkMmNkMDIyMDMyZDEyYWJjNDA5MTUwZWQ4ZDgxMzlkMDFhNmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8v5qfiHB6NyJC7hZSW5xkvsq74x
tUYLFwUkEUlc67a7d2mtHS3HiUGLybmm1JD2XWkmdXbxaJk3ijz6wpCg6BMe8jE8
Mo3TKzPmkxTerk9fA+gFFopvWx9ReRJvB20rVBQzeGL+Dcwetei287FwRtN/8I3G
YHfeLnrsI0aBI5nnTSKGNUg5Q4Pc/wAH20+n+Bp9MFcadb4MbTlgoWS3eqD5SXzx
p+6UHzo139Rc326zqHt4Kz/FFVexT/cpsgcH5F8konTuga1W4v8XsJXItRaX3TFO
a+abARj1ZSs6vrpgVZuViyCHZ1NOILHnEW9WhP2OCN0m2E/Zce4DvzIkjQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJIdLNAiAy0Sq8QJFQ7Y2BOdAabHMB8GA1UdIwQY
MBaAFPk6xs0iQCSbumAXHwhukQHMh8okMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Uckd6U0pBSkp1NllCY2ZDRzZSQWN5SHlpUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNl
LWY3NTJkODE2MDVmYi8xL2toMHMwQ0lETFJLcnhBa1ZEdGpZRTUwQnBzYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNlLWY3NTJkODE2MDVm
Yi8xLzEtVHJHelNKQUpKdTZZQmNmQ0c2UkFjeUh5aVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACTvYUD
BACwb94DBADBCMIwDQYJKoZIhvcNAQELBQADggEBAAU79S9XM/qEVJQHKf3hKqXm
mR5HhP/+13XYPgvX6eHwR67mfNw6rzxiUjVpcRw4MKuqXZySKprkSwAMhTtk8QeO
yncLpz7zLWFHKUVNQHK6ZYW42yjWV2gjBAZB3mbjWWkkg5U7vdL0s5b88YKPSbXw
KHC5eEdCBJNoiJYB1XqQDDxWtGhTWLSx7oIhv5Z6khaxBSt0kiI0683VXdSz7Fzf
DX6z5/7bsnI9ZU4by2kpaEhM4BcFVVgRx/MW+TaTVy7dO2aBh5nrLIcHfMYQ02Jj
/L0lB4qBc17GBRz4/H3W0Ih2DgMaC2QAbeJpjbMiGk/rSZRfiOoTcyEtCI50tds=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:18:48 2024 by rpki-client on console-ams.rpki-client.org