Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/lNW2x8mM4glX65qlMZOsBg1FBMw.roa
File:                     lNW2x8mM4glX65qlMZOsBg1FBMw.roa (raw, json)
Hash identifier:          zQTLwLpNyagHzRBxmUMq+sPhdcMmtaYNYbPJ+BNqKjg=
Subject key identifier:   94:D5:B6:C7:C9:8C:E2:09:57:EB:9A:A5:31:93:AC:06:0D:45:04:CC
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018D165D5D95D02984F79CCFC50872457EC7
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/lNW2x8mM4glX65qlMZOsBg1FBMw.roa
Signing time:             Wed 17 Jan 2024 07:40:34 +0000
ROA not before:           Wed 17 Jan 2024 07:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3218
IP address blocks:        193.232.0.0/22 maxlen: 22
                          193.232.2.0/24 maxlen: 24
                          193.232.4.0/23 maxlen: 23
                          193.232.6.0/24 maxlen: 24
                          193.232.8.0/21 maxlen: 21
                          193.232.16.0/22 maxlen: 22
                          193.232.22.0/23 maxlen: 23
                          193.232.24.0/21 maxlen: 21
                          193.232.192.0/22 maxlen: 22
                          193.232.196.0/23 maxlen: 23
                          193.232.207.0/24 maxlen: 24
                          193.232.208.0/23 maxlen: 23
                          193.232.212.0/24 maxlen: 24
                          193.232.218.0/23 maxlen: 23
                          194.85.208.0/23 maxlen: 23
                          194.85.212.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:5d:5d:95:d0:29:84:f7:9c:cf:c5:08:72:45:7e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan 17 07:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94d5b6c7c98ce20957eb9aa53193ac060d4504cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bd:54:a2:6a:ef:db:51:7e:07:12:1a:a3:bb:
                    a7:76:f9:3e:d8:25:4b:d6:7e:b9:59:48:09:d5:57:
                    6c:05:84:d6:04:6e:fe:4e:4e:ef:f7:95:32:ec:f2:
                    2d:3c:2e:eb:13:66:f2:23:dc:db:e0:7c:13:32:42:
                    40:10:67:3a:6a:51:de:1d:eb:98:1d:bc:84:09:f2:
                    e6:47:e4:12:a3:41:df:4a:50:31:05:13:b1:b4:ff:
                    43:88:bf:f9:8d:be:73:05:9c:55:33:27:b4:e3:9b:
                    c8:13:2b:b3:7e:a5:45:be:b9:ad:5b:5c:0b:14:da:
                    8f:58:4a:bb:fe:b3:b1:17:b7:70:75:bd:d6:c1:0c:
                    a6:a8:56:22:e0:c3:35:73:9e:ff:0b:70:c0:be:f2:
                    1b:68:b2:94:4b:c3:ba:5a:1a:ac:dd:87:2e:e6:de:
                    2d:c7:57:3c:59:92:04:0d:9a:38:c1:77:63:e0:50:
                    16:1a:e0:b5:b4:0d:d5:a9:b8:b0:79:18:f3:26:22:
                    9a:93:58:c6:f2:36:32:f2:01:41:a4:d6:d3:cf:fb:
                    55:cd:58:ff:55:06:34:94:45:ed:25:63:e2:5c:47:
                    01:bf:f2:c6:5c:13:69:d0:6e:58:bb:48:fd:2b:06:
                    50:73:a8:ad:91:ee:f5:b8:95:43:f6:12:7c:fb:94:
                    b4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D5:B6:C7:C9:8C:E2:09:57:EB:9A:A5:31:93:AC:06:0D:45:04:CC
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/lNW2x8mM4glX65qlMZOsBg1FBMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.0.0-193.232.6.255
                  193.232.8.0-193.232.19.255
                  193.232.22.0-193.232.31.255
                  193.232.192.0-193.232.197.255
                  193.232.207.0-193.232.209.255
                  193.232.212.0/24
                  193.232.218.0/23
                  194.85.208.0/23
                  194.85.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:08:a7:ba:42:81:00:ce:8f:1d:80:9b:16:4f:d3:10:00:16:
         d3:10:d2:92:5b:75:b6:6b:24:92:5b:1b:c0:b0:0e:28:41:b6:
         5d:50:fb:ce:a0:79:77:55:29:be:e9:42:d5:e9:b4:cc:71:31:
         6f:b7:00:af:c1:23:96:cb:3d:5b:6b:0e:e2:65:d4:4b:29:90:
         4b:cd:6e:f7:bf:5d:2a:27:d3:07:4c:7c:b3:77:0a:69:3f:10:
         8b:21:c0:69:fb:68:88:78:7d:e3:f2:05:42:1a:da:1a:b8:d4:
         5c:e9:46:74:cb:9d:61:b9:ba:60:1f:fa:0c:f5:5a:90:f9:49:
         59:92:e9:4c:af:2e:97:b6:b2:b0:8d:43:4c:4a:3e:de:08:27:
         35:5b:37:c1:44:f0:d9:9f:70:49:f3:3d:b1:c9:c5:27:72:1a:
         81:fd:f5:3d:c3:c0:b6:5d:88:73:8b:33:18:36:f5:98:61:56:
         fe:74:b6:5c:45:24:ad:ec:94:12:56:71:a9:f5:a5:26:2b:4c:
         89:16:87:42:92:d5:b2:31:8a:12:b9:40:23:20:87:42:d2:5b:
         9d:fa:a8:4f:e4:e1:a6:da:e1:03:54:37:13:8e:a7:a6:61:06:
         93:a7:06:28:21:2f:dd:7e:40:b9:0c:fe:e7:2e:8a:f2:fc:f2:
         1c:3d:b9:c5
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAY0WXV2V0CmE95zPxQhyRX7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTE3MDc0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGQ1YjZjN2M5OGNlMjA5NTdlYjlhYTUzMTkzYWMwNjBkNDUwNGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs71Uomrv21F+BxIao7undvk+2CVL
1n65WUgJ1VdsBYTWBG7+Tk7v95Uy7PItPC7rE2byI9zb4HwTMkJAEGc6alHeHeuY
HbyECfLmR+QSo0HfSlAxBROxtP9DiL/5jb5zBZxVMye045vIEyuzfqVFvrmtW1wL
FNqPWEq7/rOxF7dwdb3WwQymqFYi4MM1c57/C3DAvvIbaLKUS8O6Whqs3Ycu5t4t
x1c8WZIEDZo4wXdj4FAWGuC1tA3VqbiweRjzJiKak1jG8jYy8gFBpNbTz/tVzVj/
VQY0lEXtJWPiXEcBv/LGXBNp0G5Yu0j9KwZQc6itke71uJVD9hJ8+5S09wIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFJTVtsfJjOIJV+uapTGTrAYNRQTMMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvbE5XMng4bU00Z2xYNjVxbE1aT3NCZzFGQk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHYGCCsGAQUFBwEHAQH/BGcwZTBjBAIAATBdMAsDAwPB6AME
AMHoBjAMAwQDwegIAwQCwegQMAwDBAHB6BYDBAXB6AAwDAMEBsHowAMEAcHoxDAM
AwQAwejPAwQBwejQAwQAwejUAwQBwejaAwQBwlXQAwQBwlXUMA0GCSqGSIb3DQEB
CwUAA4IBAQBcCKe6QoEAzo8dgJsWT9MQABbTENKSW3W2aySSWxvAsA4oQbZdUPvO
oHl3VSm+6ULV6bTMcTFvtwCvwSOWyz1baw7iZdRLKZBLzW73v10qJ9MHTHyzdwpp
PxCLIcBp+2iIeH3j8gVCGtoauNRc6UZ0y51hubpgH/oM9VqQ+UlZkulMry6XtrKw
jUNMSj7eCCc1WzfBRPDZn3BJ8z2xycUnchqB/fU9w8C2XYhzizMYNvWYYVb+dLZc
RSSt7JQSVnGp9aUmK0yJFodCktWyMYoSuUAjIIdC0lud+qhP5OGm2uEDVDcTjqem
YQaTpwYoIS/dfkC5DP7nLory/PIcPbnF
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:59:30 2024 by rpki-client on console-fra.rpki-client.org