Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/OAdVmOgFkx8x5I0rGWyl0ftwTcw.roa
File:                     OAdVmOgFkx8x5I0rGWyl0ftwTcw.roa (raw, json)
Hash identifier:          5wgQYoBfcBy0B7vErkLCI2m5ocmPwqOfv53TfjP91/s=
Subject key identifier:   38:07:55:98:E8:05:93:1F:31:E4:8D:2B:19:6C:A5:D1:FB:70:4D:CC
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018EA3F3748BA773CD604F7A3FF96CB1E36C
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/OAdVmOgFkx8x5I0rGWyl0ftwTcw.roa
Signing time:             Wed 03 Apr 2024 12:33:45 +0000
ROA not before:           Wed 03 Apr 2024 12:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24921
IP address blocks:        81.198.189.0/24 maxlen: 24
                          87.246.168.0/24 maxlen: 24
                          87.246.169.0/24 maxlen: 24
                          87.246.170.0/24 maxlen: 24
                          87.246.171.0/24 maxlen: 24
                          194.8.22.0/24 maxlen: 24
                          213.175.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:f3:74:8b:a7:73:cd:60:4f:7a:3f:f9:6c:b1:e3:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Apr  3 12:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38075598e805931f31e48d2b196ca5d1fb704dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:31:22:b6:0f:dd:33:a9:a2:5d:eb:d6:58:38:
                    b4:12:93:4e:9b:27:d5:31:36:b2:03:85:82:06:3a:
                    5d:44:1b:b3:5b:a5:11:99:36:3b:5e:5f:27:79:f3:
                    4f:ca:34:01:39:9d:98:21:47:0c:c7:42:4b:f6:04:
                    f6:cc:c6:9a:0d:79:f4:9a:5e:68:aa:c5:61:6d:f6:
                    1c:99:a4:d2:b5:d2:d3:b0:85:4d:df:09:f4:95:4f:
                    88:c0:b7:22:08:df:c3:ec:2b:b5:d2:c0:1f:c0:ac:
                    bd:5c:6c:55:f1:05:08:f0:a1:e8:e7:68:f5:63:bd:
                    03:c7:5e:93:7b:ae:b0:9a:a5:f2:d6:03:d4:fb:d6:
                    fa:37:44:58:28:9e:c4:1a:85:c5:62:a5:46:cf:23:
                    1b:b7:6f:7a:ea:14:7f:8a:ca:be:f3:4e:38:d2:85:
                    d1:13:4a:0c:a3:ee:19:ee:02:97:34:70:ab:fc:2d:
                    44:7d:f7:5b:95:94:f3:fc:ad:77:6e:ea:a7:ab:1a:
                    32:14:e1:a9:f6:8b:41:5b:7d:39:12:20:ec:e5:c1:
                    8a:6f:6e:67:72:9e:d9:fd:3f:72:3d:17:2b:fc:3c:
                    52:4d:eb:a2:9f:e6:c8:c5:23:94:26:e3:21:ef:45:
                    24:e9:67:f1:fa:22:88:88:19:f7:ec:05:7b:0d:fb:
                    cb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:07:55:98:E8:05:93:1F:31:E4:8D:2B:19:6C:A5:D1:FB:70:4D:CC
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/OAdVmOgFkx8x5I0rGWyl0ftwTcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.198.189.0/24
                  87.246.168.0/22
                  194.8.22.0/24
                  213.175.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:75:a6:9f:15:5c:22:aa:df:98:3a:a9:ec:14:a1:45:15:33:
         87:57:ae:31:3a:ff:9f:ef:c9:bd:7c:09:2f:54:b0:cd:da:c5:
         8d:ba:c2:25:5a:83:9e:e9:63:69:a3:ea:ea:b0:61:71:9c:37:
         f6:b5:63:7d:cb:e5:db:46:72:fe:44:97:39:c1:b2:ab:1d:c6:
         82:16:b5:da:94:43:c0:d9:50:bb:43:c8:f4:60:e7:67:9b:fc:
         c5:42:c7:ea:d1:79:03:b0:ca:b0:eb:91:06:ee:d1:03:bf:4a:
         c0:9f:a0:10:11:90:66:fb:b4:8d:a9:f2:3f:5d:91:6c:64:a6:
         66:13:15:25:09:9e:e3:c6:3e:8b:95:13:b2:22:ca:17:b7:65:
         7c:3d:30:bd:87:36:7b:be:2a:f6:45:13:3d:1c:66:d4:2f:2d:
         d8:e8:f4:a1:aa:97:0c:b0:bd:0c:af:0d:33:15:4a:67:cb:0a:
         bd:04:94:70:80:80:7a:36:f8:54:dc:74:79:eb:80:37:06:69:
         92:e7:67:5a:ca:b8:c5:a3:f6:b0:94:fa:10:83:30:75:30:6a:
         08:c4:e6:af:19:4f:23:49:3d:cb:5a:de:8a:9d:ab:03:f4:4c:
         bf:3d:ab:dc:b8:69:d8:fd:bf:4c:a0:b1:7f:44:72:a6:89:74:
         11:6a:ea:0e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY6j83SLp3PNYE96P/lsseNsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwNDAzMTIzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODA3NTU5OGU4MDU5MzFmMzFlNDhkMmIxOTZjYTVkMWZiNzA0ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTEitg/dM6miXevWWDi0EpNOmyfV
MTayA4WCBjpdRBuzW6URmTY7Xl8nefNPyjQBOZ2YIUcMx0JL9gT2zMaaDXn0ml5o
qsVhbfYcmaTStdLTsIVN3wn0lU+IwLciCN/D7Cu10sAfwKy9XGxV8QUI8KHo52j1
Y70Dx16Te66wmqXy1gPU+9b6N0RYKJ7EGoXFYqVGzyMbt2966hR/isq+80440oXR
E0oMo+4Z7gKXNHCr/C1EffdblZTz/K13buqnqxoyFOGp9otBW305EiDs5cGKb25n
cp7Z/T9yPRcr/DxSTeuin+bIxSOUJuMh70Uk6Wfx+iKIiBn37AV7DfvLcwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDgHVZjoBZMfMeSNKxlspdH7cE3MMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvT0FkVm1PZ0ZreDh4NUkwckdXeWwwZnR3VGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUca9AwQC
V/aoAwQAwggWAwQA1a9PMA0GCSqGSIb3DQEBCwUAA4IBAQATdaafFVwiqt+YOqns
FKFFFTOHV64xOv+f78m9fAkvVLDN2sWNusIlWoOe6WNpo+rqsGFxnDf2tWN9y+Xb
RnL+RJc5wbKrHcaCFrXalEPA2VC7Q8j0YOdnm/zFQsfq0XkDsMqw65EG7tEDv0rA
n6AQEZBm+7SNqfI/XZFsZKZmExUlCZ7jxj6LlROyIsoXt2V8PTC9hzZ7vir2RRM9
HGbULy3Y6PShqpcMsL0Mrw0zFUpnywq9BJRwgIB6NvhU3HR564A3BmmS52dayrjF
o/awlPoQgzB1MGoIxOavGU8jST3LWt6KnasD9Ey/PavcuGnY/b9MoLF/RHKmiXQR
auoO
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:23:24 2024 by rpki-client on console-fra.rpki-client.org