Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/Bx3iRg-o0boXaBuFXVqjsb4dZrE.roa
File:                     Bx3iRg-o0boXaBuFXVqjsb4dZrE.roa (raw, json)
Hash identifier:          JyZOMGDkfZ66Wm1VswqXuv/BCbUfkOcYKzVoTz9PL0w=
Subject key identifier:   07:1D:E2:46:0F:A8:D1:BA:17:68:1B:85:5D:5A:A3:B1:BE:1D:66:B1
Certificate issuer:       /CN=03f3f8259b30ec03722f942035a94e209f882861
Certificate serial:       018CC2DB257A12BE7FF906BCE5B8FEDC9C14
Authority key identifier: 03:F3:F8:25:9B:30:EC:03:72:2F:94:20:35:A9:4E:20:9F:88:28:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A_P4JZsw7ANyL5QgNalOIJ-IKGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/Bx3iRg-o0boXaBuFXVqjsb4dZrE.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208985
IP address blocks:        193.46.36.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/A_P4JZsw7ANyL5QgNalOIJ-IKGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/A_P4JZsw7ANyL5QgNalOIJ-IKGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A_P4JZsw7ANyL5QgNalOIJ-IKGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:25:7a:12:be:7f:f9:06:bc:e5:b8:fe:dc:9c:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03f3f8259b30ec03722f942035a94e209f882861
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=071de2460fa8d1ba17681b855d5aa3b1be1d66b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:15:24:f2:66:eb:4c:8f:ae:45:11:15:ed:cc:
                    9b:98:20:cf:71:59:6f:66:d1:8d:10:89:4e:f8:19:
                    4a:5d:6f:0d:52:c9:f6:d0:f0:9b:65:75:5f:1b:02:
                    75:ea:b1:c4:49:51:0d:0b:3a:d2:82:db:33:cf:0e:
                    af:91:89:1f:21:2b:f0:a5:14:65:72:e1:ef:29:a3:
                    9a:c5:13:a5:4a:0f:5e:06:ea:fe:3b:7f:b9:d6:0e:
                    de:66:88:df:24:3e:2f:ec:68:e2:21:73:7a:d7:2d:
                    f2:e4:85:2b:95:7b:21:dd:73:26:d7:98:67:75:b3:
                    b2:1f:f5:b1:eb:a4:a8:a5:a9:40:57:d3:22:07:1f:
                    a8:a4:13:f6:7f:0c:54:42:89:b2:2d:20:8c:23:d1:
                    0b:32:50:9f:c1:eb:4b:d5:20:6c:b1:41:64:a9:0f:
                    c6:4f:8a:17:3e:f6:a9:f9:b4:16:dc:dd:6c:c9:79:
                    8f:6f:05:e0:b7:44:e6:14:8f:d3:7e:05:be:42:51:
                    b7:1f:8d:b3:6a:44:e8:34:71:04:5f:a8:b5:30:72:
                    97:76:a0:b3:e9:94:61:33:de:27:35:82:17:30:5a:
                    99:71:eb:90:6e:00:8b:73:97:cf:69:01:81:12:f3:
                    06:eb:56:4d:0c:2d:0a:32:e0:9a:0f:41:bc:0c:56:
                    af:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:1D:E2:46:0F:A8:D1:BA:17:68:1B:85:5D:5A:A3:B1:BE:1D:66:B1
            X509v3 Authority Key Identifier:
                keyid:03:F3:F8:25:9B:30:EC:03:72:2F:94:20:35:A9:4E:20:9F:88:28:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A_P4JZsw7ANyL5QgNalOIJ-IKGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/Bx3iRg-o0boXaBuFXVqjsb4dZrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a4582e-1a4d-4d4a-a5f4-ab13356e5fec/1/A_P4JZsw7ANyL5QgNalOIJ-IKGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:3e:e5:2f:26:33:d9:5f:21:82:e6:88:b5:92:27:d1:1e:37:
         e6:c2:48:1f:a6:1e:4a:b3:29:72:d9:60:b5:91:a6:06:1a:7f:
         77:ba:b5:74:a4:7d:02:39:3a:80:e5:df:ff:0a:09:2a:df:4c:
         13:91:08:da:86:8d:ac:6a:bd:f4:1a:ac:81:19:c1:41:d7:6e:
         55:9c:47:2e:cd:c3:62:50:5d:ad:41:69:ad:cf:4f:9d:80:42:
         9e:76:a6:fa:6e:f3:b4:8c:8a:e0:d1:fd:99:3c:45:02:65:d9:
         d0:f2:e9:aa:7e:5d:19:1d:b2:f9:6a:e1:14:ea:08:02:f6:5a:
         a1:ef:85:a3:8f:39:23:b9:80:6d:54:e9:d7:d8:bd:69:7b:83:
         07:5d:12:44:3e:7b:8c:d7:e8:0a:bf:96:ce:12:c9:49:09:c4:
         44:05:90:43:48:bb:dc:5d:a1:d0:0b:81:80:f8:2f:ba:13:3a:
         98:e6:7a:30:34:81:90:a6:b5:92:cd:b6:4c:f2:a0:44:5f:9d:
         88:81:3b:bd:43:c1:60:a0:0c:c1:76:b7:42:ad:aa:58:bf:83:
         ef:e1:eb:45:17:a5:e5:b0:d8:60:d0:1f:7f:08:81:4d:6f:b1:
         f7:87:4c:e9:9d:29:43:ac:96:38:05:70:55:da:4a:30:3f:9a:
         b3:67:20:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yV6Er5/+Qa85bj+3JwUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZjNmODI1OWIzMGVjMDM3MjJmOTQyMDM1YTk0ZTIwOWY4
ODI4NjEwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzFkZTI0NjBmYThkMWJhMTc2ODFiODU1ZDVhYTNiMWJlMWQ2NmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBUk8mbrTI+uRREV7cybmCDPcVlv
ZtGNEIlO+BlKXW8NUsn20PCbZXVfGwJ16rHESVENCzrSgtszzw6vkYkfISvwpRRl
cuHvKaOaxROlSg9eBur+O3+51g7eZojfJD4v7GjiIXN61y3y5IUrlXsh3XMm15hn
dbOyH/Wx66SopalAV9MiBx+opBP2fwxUQomyLSCMI9ELMlCfwetL1SBssUFkqQ/G
T4oXPvap+bQW3N1syXmPbwXgt0TmFI/TfgW+QlG3H42zakToNHEEX6i1MHKXdqCz
6ZRhM94nNYIXMFqZceuQbgCLc5fPaQGBEvMG61ZNDC0KMuCaD0G8DFav0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcd4kYPqNG6F2gbhV1ao7G+HWaxMB8GA1UdIwQY
MBaAFAPz+CWbMOwDci+UIDWpTiCfiChhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQV9QNEpac3c3QU55TDVRZ05hbE9JSi1JS0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9hNDU4MmUtMWE0ZC00ZDRhLWE1ZjQt
YWIxMzM1NmU1ZmVjLzEvQngzaVJnLW8wYm9YYUJ1RlhWcWpzYjRkWnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9hNDU4MmUtMWE0ZC00ZDRhLWE1ZjQtYWIxMzM1NmU1ZmVj
LzEvQV9QNEpac3c3QU55TDVRZ05hbE9JSi1JS0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwS4kMA0G
CSqGSIb3DQEBCwUAA4IBAQAXPuUvJjPZXyGC5oi1kifRHjfmwkgfph5Ksyly2WC1
kaYGGn93urV0pH0COTqA5d//Cgkq30wTkQjaho2sar30GqyBGcFB125VnEcuzcNi
UF2tQWmtz0+dgEKedqb6bvO0jIrg0f2ZPEUCZdnQ8umqfl0ZHbL5auEU6ggC9lqh
74WjjzkjuYBtVOnX2L1pe4MHXRJEPnuM1+gKv5bOEslJCcREBZBDSLvcXaHQC4GA
+C+6EzqY5nowNIGQprWSzbZM8qBEX52IgTu9Q8FgoAzBdrdCrapYv4Pv4etFF6Xl
sNhg0B9/CIFNb7H3h0zpnSlDrJY4BXBV2kowP5qzZyB4
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:52:28 2024 by rpki-client on console-ams.rpki-client.org