Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/dhlPVUM3wk2hWa1-gjuRxUCRIqY.roa
File:                     dhlPVUM3wk2hWa1-gjuRxUCRIqY.roa (raw, json)
Hash identifier:          CNzD72FeBrNhFxcICiHnLjua5N0STHUk06NOb/MrDso=
Subject key identifier:   76:19:4F:55:43:37:C2:4D:A1:59:AD:7E:82:3B:91:C5:40:91:22:A6
Certificate issuer:       /CN=f0150b3a9419627fdbcdb6580e878a1c9fa0cc58
Certificate serial:       018CC3B73B5BA30BA919FBF4777B616E1AC5
Authority key identifier: F0:15:0B:3A:94:19:62:7F:DB:CD:B6:58:0E:87:8A:1C:9F:A0:CC:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8BULOpQZYn_bzbZYDoeKHJ-gzFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/dhlPVUM3wk2hWa1-gjuRxUCRIqY.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42451
IP address blocks:        77.242.1.0/24 maxlen: 24
                          77.242.4.0/24 maxlen: 24
                          77.242.2.0/24 maxlen: 24
                          77.242.3.0/24 maxlen: 24
                          77.242.0.0/24 maxlen: 24
                          77.242.8.0/24 maxlen: 24
                          77.242.5.0/24 maxlen: 24
                          77.242.6.0/24 maxlen: 24
                          77.242.7.0/24 maxlen: 24
                          2a02:5c40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/8BULOpQZYn_bzbZYDoeKHJ-gzFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/8BULOpQZYn_bzbZYDoeKHJ-gzFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8BULOpQZYn_bzbZYDoeKHJ-gzFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3b:5b:a3:0b:a9:19:fb:f4:77:7b:61:6e:1a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0150b3a9419627fdbcdb6580e878a1c9fa0cc58
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76194f554337c24da159ad7e823b91c5409122a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c8:f0:00:50:e8:f7:c8:93:53:5c:cc:e3:af:
                    9b:48:03:75:c8:61:eb:4c:a9:df:d7:fa:2a:00:18:
                    9a:0f:4b:9f:c7:31:2f:29:c4:81:56:7b:a6:00:69:
                    48:aa:34:93:84:a2:00:8d:e0:58:5e:38:86:7f:ea:
                    4c:b7:de:e7:59:0c:c4:0e:84:e2:58:47:78:36:40:
                    ee:0c:62:20:fa:3b:9a:ff:09:3a:a3:ab:c5:b4:d0:
                    06:87:73:7a:ac:37:30:05:d7:80:40:90:af:c5:2e:
                    a5:66:3c:0f:3e:98:6c:37:43:43:5d:74:7c:68:48:
                    85:89:c7:5f:62:c7:09:a9:af:af:0e:eb:07:84:b6:
                    01:9f:c9:1a:73:46:a1:79:35:c0:05:c7:0d:6e:9c:
                    86:52:6c:49:31:3c:2e:7b:6f:21:27:7b:61:2f:fa:
                    12:ee:73:5d:5d:c6:7b:77:b7:71:a2:32:be:a5:6a:
                    7b:06:be:cf:a6:28:72:74:db:a4:20:b3:45:de:36:
                    08:08:25:55:ff:c2:e5:eb:6b:e6:2e:33:2b:d2:e9:
                    8b:f7:94:63:74:76:72:7f:3b:a3:25:b5:92:d9:a5:
                    58:21:5e:6e:05:a0:87:d0:25:5c:ee:f5:6a:83:c8:
                    40:24:0b:de:e9:dc:60:be:e2:68:0c:0d:9b:59:0c:
                    6a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:19:4F:55:43:37:C2:4D:A1:59:AD:7E:82:3B:91:C5:40:91:22:A6
            X509v3 Authority Key Identifier:
                keyid:F0:15:0B:3A:94:19:62:7F:DB:CD:B6:58:0E:87:8A:1C:9F:A0:CC:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8BULOpQZYn_bzbZYDoeKHJ-gzFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/dhlPVUM3wk2hWa1-gjuRxUCRIqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/575172-f7a2-4e43-962c-edc5ab995dbf/1/8BULOpQZYn_bzbZYDoeKHJ-gzFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.0.0-77.242.8.255
                IPv6:
                  2a02:5c40::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:18:ff:5f:a4:07:ba:78:f2:d8:e0:63:00:65:3a:1a:7d:08:
         48:01:35:b3:4d:83:25:f2:22:c3:91:88:b6:77:79:e9:86:d6:
         7f:f7:60:b0:07:15:01:3b:40:a6:24:5c:f2:6c:ca:ad:63:11:
         40:ad:0d:91:f8:cc:38:f1:fc:8c:a6:0d:e4:da:ec:1d:c5:4b:
         81:1d:57:c0:f9:32:34:e6:7f:f3:4a:32:27:be:81:11:5b:95:
         73:a3:73:3a:42:25:45:9a:c8:c7:42:52:b7:6a:27:87:d4:68:
         4a:f3:8b:32:d5:b7:fe:4a:14:60:33:a0:b3:f5:cf:38:56:13:
         0f:3b:37:28:af:69:c2:0b:e1:ee:d9:d6:12:4d:00:41:45:a9:
         c0:10:5c:1c:f6:a7:a5:5e:61:02:69:b3:64:64:bc:0f:e0:be:
         bb:18:76:b4:e7:c4:4e:ba:43:05:07:df:43:32:ee:b9:40:52:
         13:52:81:c3:4f:84:d5:d5:3b:f2:1a:b2:bb:f3:4c:8e:42:08:
         89:54:9d:4e:9f:64:40:65:7b:39:3a:0c:8a:67:55:a2:b3:49:
         b7:df:f7:ef:dd:e6:ac:4b:d8:9b:4d:84:48:7f:ee:b6:a9:dd:
         cb:a5:dd:0e:33:43:64:dd:05:a5:5f:a5:7c:f2:a4:d9:e3:3a:
         f2:e3:de:9a
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzDtztbowupGfv0d3thbhrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMTUwYjNhOTQxOTYyN2ZkYmNkYjY1ODBlODc4YTFjOWZh
MGNjNTgwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjE5NGY1NTQzMzdjMjRkYTE1OWFkN2U4MjNiOTFjNTQwOTEyMmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMjwAFDo98iTU1zM46+bSAN1yGHr
TKnf1/oqABiaD0ufxzEvKcSBVnumAGlIqjSThKIAjeBYXjiGf+pMt97nWQzEDoTi
WEd4NkDuDGIg+jua/wk6o6vFtNAGh3N6rDcwBdeAQJCvxS6lZjwPPphsN0NDXXR8
aEiFicdfYscJqa+vDusHhLYBn8kac0aheTXABccNbpyGUmxJMTwue28hJ3thL/oS
7nNdXcZ7d7dxojK+pWp7Br7PpihydNukILNF3jYICCVV/8Ll62vmLjMr0umL95Rj
dHZyfzujJbWS2aVYIV5uBaCH0CVc7vVqg8hAJAve6dxgvuJoDA2bWQxqawIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFHYZT1VDN8JNoVmtfoI7kcVAkSKmMB8GA1UdIwQY
MBaAFPAVCzqUGWJ/2822WA6HihyfoMxYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEJVTE9wUVpZbl9iemJaWURvZUtISi1nekZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81NzUxNzItZjdhMi00ZTQzLTk2MmMt
ZWRjNWFiOTk1ZGJmLzEvZGhsUFZVTTN3azJoV2ExLWdqdVJ4VUNSSXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81NzUxNzItZjdhMi00ZTQzLTk2MmMtZWRjNWFiOTk1ZGJm
LzEvOEJVTE9wUVpZbl9iemJaWURvZUtISi1nekZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDATBAIAATANMAsDAwFN8gME
AE3yCDANBAIAAjAHAwUAKgJcQDANBgkqhkiG9w0BAQsFAAOCAQEAhxj/X6QHunjy
2OBjAGU6Gn0ISAE1s02DJfIiw5GItnd56YbWf/dgsAcVATtApiRc8mzKrWMRQK0N
kfjMOPH8jKYN5NrsHcVLgR1XwPkyNOZ/80oyJ76BEVuVc6NzOkIlRZrIx0JSt2on
h9RoSvOLMtW3/koUYDOgs/XPOFYTDzs3KK9pwgvh7tnWEk0AQUWpwBBcHPanpV5h
AmmzZGS8D+C+uxh2tOfETrpDBQffQzLuuUBSE1KBw0+E1dU78hqyu/NMjkIIiVSd
Tp9kQGV7OToMimdVorNJt9/3793mrEvYm02ESH/utqndy6XdDjNDZN0FpV+lfPKk
2eM68uPemg==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:54:56 2024 by rpki-client on console-ams.rpki-client.org