Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/rhbaRMvCqMCITfAkVJLYWci199U.roa
File:                     rhbaRMvCqMCITfAkVJLYWci199U.roa (raw, json)
Hash identifier:          ZCuhkdhraoVyA0M0qcITk5DIbywv8sE0xWeMYnpyU+8=
Subject key identifier:   AE:16:DA:44:CB:C2:A8:C0:88:4D:F0:24:54:92:D8:59:C8:B5:F7:D5
Certificate issuer:       /CN=351a14ce9d25239b92fe5abce532515044c1aba4
Certificate serial:       018CC3B71CA87AE3F48AA515C1074537D856
Authority key identifier: 35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/rhbaRMvCqMCITfAkVJLYWci199U.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42405
IP address blocks:        89.42.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1c:a8:7a:e3:f4:8a:a5:15:c1:07:45:37:d8:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a14ce9d25239b92fe5abce532515044c1aba4
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae16da44cbc2a8c0884df0245492d859c8b5f7d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:39:15:00:0b:1d:d4:91:a9:f3:c4:cc:c8:d5:
                    03:76:cb:ed:ed:21:6d:c2:91:cc:99:99:05:b3:d6:
                    53:03:55:a9:88:e2:42:24:91:e6:cb:ef:03:27:2a:
                    1f:6b:a4:88:35:ce:84:44:55:0a:54:81:56:9a:b0:
                    f1:0c:f9:5c:63:02:e1:be:fa:ac:c9:99:38:54:cd:
                    3a:f9:36:71:36:e0:e1:19:de:00:0d:b8:30:bf:60:
                    99:7c:15:2a:49:3b:23:66:27:c4:f8:f9:0c:6c:6e:
                    c1:c4:42:89:fb:ff:f4:27:0e:e8:ea:63:68:a2:a2:
                    da:a5:63:04:b9:ba:49:a4:44:e4:de:2e:09:5c:64:
                    db:8e:b8:92:08:2f:75:da:b6:23:d7:f7:1c:5d:25:
                    77:1e:fd:e4:63:36:61:ff:6d:9f:ee:6b:ad:ba:d7:
                    1b:5e:c7:0e:af:f0:af:aa:5f:fb:31:af:e1:45:11:
                    44:3c:15:3b:17:23:33:34:b9:ec:6a:23:5b:6d:ce:
                    81:a2:51:55:94:40:ea:96:1e:49:c7:f5:d7:50:53:
                    83:55:14:c6:0b:78:b8:83:1d:08:a1:2f:1b:6f:5a:
                    b9:93:cb:79:0a:f5:90:70:f1:09:e1:36:ad:06:55:
                    4c:7c:0b:a1:d5:54:ce:b7:ed:fd:ad:66:5f:45:e0:
                    6c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:16:DA:44:CB:C2:A8:C0:88:4D:F0:24:54:92:D8:59:C8:B5:F7:D5
            X509v3 Authority Key Identifier:
                keyid:35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/rhbaRMvCqMCITfAkVJLYWci199U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:1c:ba:5f:09:a1:6d:16:3f:a8:0e:d6:23:db:32:5b:3b:fb:
         4c:f7:82:0b:17:98:47:31:b9:27:90:e9:ab:b8:12:b6:0b:2c:
         a4:cb:0a:ff:33:54:15:3f:aa:5e:5f:55:69:de:21:07:2d:93:
         52:33:5c:ad:82:0b:c3:a0:36:22:73:8d:90:ca:e1:51:2a:02:
         74:c8:b0:80:2e:21:83:76:fe:03:c9:f0:78:3d:63:3d:f8:4c:
         6d:f9:b4:c4:31:89:ff:63:b1:da:a2:aa:82:73:b5:55:ca:0c:
         81:88:a7:5d:1a:36:cf:69:cc:11:41:8d:a0:2d:4d:ac:ac:4a:
         c5:af:aa:4f:68:e9:0c:33:b6:77:50:df:39:22:03:02:7c:92:
         59:65:db:89:a1:f0:f4:43:7f:fe:c5:b8:ed:75:45:75:a3:fc:
         23:bb:c0:af:ef:0e:99:2a:7f:cf:5b:c1:4e:a5:23:7f:5e:1a:
         a4:24:59:cf:cb:4f:ea:cb:a9:f4:d8:0c:75:da:6b:98:e3:83:
         b1:31:19:7e:4d:4c:79:cd:30:6c:f7:83:e0:1b:69:0f:8e:ac:
         4f:40:b2:0f:ab:3e:ef:4c:77:c0:db:b2:55:b1:82:5f:e3:ec:
         60:2a:1d:b1:ce:26:cd:e4:93:fb:19:02:24:c7:47:ed:c4:fa:
         54:e7:48:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxyoeuP0iqUVwQdFN9hWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWExNGNlOWQyNTIzOWI5MmZlNWFiY2U1MzI1MTUwNDRj
MWFiYTQwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE2ZGE0NGNiYzJhOGMwODg0ZGYwMjQ1NDkyZDg1OWM4YjVmN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjkVAAsd1JGp88TMyNUDdsvt7SFt
wpHMmZkFs9ZTA1WpiOJCJJHmy+8DJyofa6SINc6ERFUKVIFWmrDxDPlcYwLhvvqs
yZk4VM06+TZxNuDhGd4ADbgwv2CZfBUqSTsjZifE+PkMbG7BxEKJ+//0Jw7o6mNo
oqLapWMEubpJpETk3i4JXGTbjriSCC912rYj1/ccXSV3Hv3kYzZh/22f7mututcb
XscOr/Cvql/7Ma/hRRFEPBU7FyMzNLnsaiNbbc6BolFVlEDqlh5Jx/XXUFODVRTG
C3i4gx0IoS8bb1q5k8t5CvWQcPEJ4TatBlVMfAuh1VTOt+39rWZfReBsiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4W2kTLwqjAiE3wJFSS2FnItffVMB8GA1UdIwQY
MBaAFDUaFM6dJSObkv5avOUyUVBEwaukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEt
Mjk1Mzg5NGIxZjZkLzEvcmhiYVJNdkNxTUNJVGZBa1ZKTFlXY2kxOTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEtMjk1Mzg5NGIxZjZk
LzEvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWSrIMA0G
CSqGSIb3DQEBCwUAA4IBAQArHLpfCaFtFj+oDtYj2zJbO/tM94ILF5hHMbknkOmr
uBK2Cyykywr/M1QVP6peX1Vp3iEHLZNSM1ytggvDoDYic42QyuFRKgJ0yLCALiGD
dv4DyfB4PWM9+Ext+bTEMYn/Y7HaoqqCc7VVygyBiKddGjbPacwRQY2gLU2srErF
r6pPaOkMM7Z3UN85IgMCfJJZZduJofD0Q3/+xbjtdUV1o/wju8Cv7w6ZKn/PW8FO
pSN/XhqkJFnPy0/qy6n02Ax12muY44OxMRl+TUx5zTBs94PgG2kPjqxPQLIPqz7v
THfA27JVsYJf4+xgKh2xzibN5JP7GQIkx0ftxPpU50gh
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:27:45 2024 by rpki-client on console-fra.rpki-client.org