Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/aO3HEGKjv8AeWrQT61P_Z9tmcBI.roa
File:                     aO3HEGKjv8AeWrQT61P_Z9tmcBI.roa (raw, json)
Hash identifier:          OCb8CVfk5GzbYb70pBJx4zCvJ7m6iNXDH4uxtiuPCLs=
Subject key identifier:   68:ED:C7:10:62:A3:BF:C0:1E:5A:B4:13:EB:53:FF:67:DB:66:70:12
Certificate issuer:       /CN=77bc534ba44e9d3cba2f2446d4a3dd6eea9b8f61
Certificate serial:       018F1A5B600DDF7A0A1FA5BF5BBFC69ECBD2
Authority key identifier: 77:BC:53:4B:A4:4E:9D:3C:BA:2F:24:46:D4:A3:DD:6E:EA:9B:8F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d7xTS6ROnTy6LyRG1KPdbuqbj2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/aO3HEGKjv8AeWrQT61P_Z9tmcBI.roa
Signing time:             Fri 26 Apr 2024 12:22:26 +0000
ROA not before:           Fri 26 Apr 2024 12:22:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212217
IP address blocks:        46.253.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/d7xTS6ROnTy6LyRG1KPdbuqbj2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/d7xTS6ROnTy6LyRG1KPdbuqbj2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d7xTS6ROnTy6LyRG1KPdbuqbj2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1a:5b:60:0d:df:7a:0a:1f:a5:bf:5b:bf:c6:9e:cb:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77bc534ba44e9d3cba2f2446d4a3dd6eea9b8f61
        Validity
            Not Before: Apr 26 12:22:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68edc71062a3bfc01e5ab413eb53ff67db667012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f0:a3:e7:71:ab:b9:9f:01:18:d4:39:67:5d:
                    4b:7e:ad:2c:22:42:69:71:8b:97:aa:8a:e7:e2:e6:
                    e1:bd:47:23:37:fc:17:4a:22:88:e9:fc:e7:b4:f8:
                    37:1e:69:1b:ce:6e:5f:31:a4:5f:5d:fe:a0:1e:e4:
                    1c:45:12:f1:b6:29:36:02:80:24:87:b5:4d:5b:d5:
                    8e:e8:06:c7:29:9c:41:9f:ff:98:9c:db:14:41:0f:
                    71:6b:6f:ff:9d:fb:02:07:19:85:ee:a5:59:8b:f7:
                    f4:4c:2f:1c:27:57:2d:d7:4e:65:d7:e7:15:df:f3:
                    ff:a0:15:7c:d9:48:43:a5:9f:c6:d0:d7:b6:a2:cd:
                    36:dc:ff:22:16:9e:c7:46:43:b1:3d:5e:98:d9:a4:
                    5e:17:fb:cd:e4:b4:8d:c3:50:76:a3:49:ea:ea:8a:
                    d5:e7:40:ba:47:40:4b:e3:5d:2e:03:e7:7b:68:ee:
                    f5:e2:e9:51:3f:4e:6c:a4:c8:19:7a:16:c6:ed:1d:
                    b0:f3:cc:25:06:fd:81:8b:09:c7:84:f5:09:44:e9:
                    9f:03:bc:f2:c2:d0:67:da:3f:e6:15:5c:3d:cb:90:
                    aa:91:e0:06:ac:47:b9:27:d6:6f:cc:2a:f8:b0:51:
                    dc:38:83:63:de:6a:90:23:a4:00:4e:10:dd:92:4a:
                    63:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:ED:C7:10:62:A3:BF:C0:1E:5A:B4:13:EB:53:FF:67:DB:66:70:12
            X509v3 Authority Key Identifier:
                keyid:77:BC:53:4B:A4:4E:9D:3C:BA:2F:24:46:D4:A3:DD:6E:EA:9B:8F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7xTS6ROnTy6LyRG1KPdbuqbj2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/aO3HEGKjv8AeWrQT61P_Z9tmcBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/d7xTS6ROnTy6LyRG1KPdbuqbj2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:56:a3:f5:28:8a:c2:20:76:3d:29:a4:62:15:43:3e:64:e2:
         49:2b:e1:57:cc:f3:77:89:a4:9d:0c:4d:11:a7:94:3c:71:95:
         d3:c2:1f:9f:cd:ea:c3:ad:70:b4:12:f5:9f:fe:e1:f7:ba:6e:
         18:2e:bb:67:25:2f:ad:08:ef:74:76:d1:01:f8:f6:b2:bc:ba:
         24:7e:67:99:72:55:44:d5:85:4b:64:2c:71:2e:b8:8e:33:99:
         7d:a5:4c:e1:a4:95:25:e5:d0:74:b0:3b:74:8f:34:57:65:7d:
         19:15:c8:b6:47:49:91:09:96:a7:0a:06:83:14:5d:66:cc:ab:
         f2:98:50:c7:5a:dd:3d:dc:18:41:5c:fc:b4:02:e4:35:f9:fa:
         a5:90:fe:a0:1e:bc:a3:95:9f:25:a9:cc:21:54:89:e9:27:2a:
         63:02:cd:79:0f:20:db:93:1a:c0:fe:0a:0a:b3:da:1a:6c:81:
         c4:ca:ec:e8:a5:b2:9d:81:b6:26:ed:15:af:9d:e0:fa:16:fc:
         b8:3f:6c:d6:e9:5d:7f:23:2b:c0:85:03:1d:49:37:65:8e:2d:
         49:cf:f3:65:b3:3e:32:51:fc:47:71:47:0e:ca:61:30:15:94:
         3a:7c:79:b6:36:e3:9a:2f:d8:04:d5:81:25:3d:78:c9:05:e2:
         82:cd:80:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8aW2AN33oKH6W/W7/GnsvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YmM1MzRiYTQ0ZTlkM2NiYTJmMjQ0NmQ0YTNkZDZlZWE5
YjhmNjEwHhcNMjQwNDI2MTIyMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGVkYzcxMDYyYTNiZmMwMWU1YWI0MTNlYjUzZmY2N2RiNjY3MDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/Cj53GruZ8BGNQ5Z11Lfq0sIkJp
cYuXqorn4ubhvUcjN/wXSiKI6fzntPg3Hmkbzm5fMaRfXf6gHuQcRRLxtik2AoAk
h7VNW9WO6AbHKZxBn/+YnNsUQQ9xa2//nfsCBxmF7qVZi/f0TC8cJ1ct105l1+cV
3/P/oBV82UhDpZ/G0Ne2os023P8iFp7HRkOxPV6Y2aReF/vN5LSNw1B2o0nq6orV
50C6R0BL410uA+d7aO714ulRP05spMgZehbG7R2w88wlBv2BiwnHhPUJROmfA7zy
wtBn2j/mFVw9y5CqkeAGrEe5J9ZvzCr4sFHcOINj3mqQI6QAThDdkkpjWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjtxxBio7/AHlq0E+tT/2fbZnASMB8GA1UdIwQY
MBaAFHe8U0ukTp08ui8kRtSj3W7qm49hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDd4VFM2Uk9uVHk2THlSRzFLUGRidXFiajJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8yZmRkNTYtYmEyYy00NmZiLTk4ODIt
OWIyNTdmNGZlYThkLzEvYU8zSEVHS2p2OEFlV3JRVDYxUF9aOXRtY0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8yZmRkNTYtYmEyYy00NmZiLTk4ODItOWIyNTdmNGZlYThk
LzEvZDd4VFM2Uk9uVHk2THlSRzFLUGRidXFiajJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALv2BMA0G
CSqGSIb3DQEBCwUAA4IBAQCWVqP1KIrCIHY9KaRiFUM+ZOJJK+FXzPN3iaSdDE0R
p5Q8cZXTwh+fzerDrXC0EvWf/uH3um4YLrtnJS+tCO90dtEB+PayvLokfmeZclVE
1YVLZCxxLriOM5l9pUzhpJUl5dB0sDt0jzRXZX0ZFci2R0mRCZanCgaDFF1mzKvy
mFDHWt093BhBXPy0AuQ1+fqlkP6gHryjlZ8lqcwhVInpJypjAs15DyDbkxrA/goK
s9oabIHEyuzopbKdgbYm7RWvneD6Fvy4P2zW6V1/IyvAhQMdSTdlji1Jz/Nlsz4y
UfxHcUcOymEwFZQ6fHm2NuOaL9gE1YElPXjJBeKCzYCn
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:15:42 2024 by rpki-client on console-fra.rpki-client.org