Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/UUp4BPdc5o0QcvWjt9-NsAPX_KU.roa
File:                     UUp4BPdc5o0QcvWjt9-NsAPX_KU.roa (raw, json)
Hash identifier:          gEtHLp/61GHRvJljAb8EqVWKmr5+H9hm9HeAfiHUPKY=
Subject key identifier:   51:4A:78:04:F7:5C:E6:8D:10:72:F5:A3:B7:DF:8D:B0:03:D7:FC:A5
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018EA3D9D1FB38316228863C37DF263E9623
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/UUp4BPdc5o0QcvWjt9-NsAPX_KU.roa
Signing time:             Wed 03 Apr 2024 12:05:45 +0000
ROA not before:           Wed 03 Apr 2024 12:05:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24620
IP address blocks:        78.154.128.0/20 maxlen: 24
                          84.237.212.0/24 maxlen: 24
                          213.175.84.0/23 maxlen: 24
                          213.175.88.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:d9:d1:fb:38:31:62:28:86:3c:37:df:26:3e:96:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Apr  3 12:05:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=514a7804f75ce68d1072f5a3b7df8db003d7fca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b6:cf:a8:61:02:d7:ea:d3:89:19:8c:89:ec:
                    ca:a3:0d:64:49:db:47:6c:53:3c:63:75:71:86:2a:
                    9b:50:38:6b:15:9f:3e:25:a9:4a:f7:96:cc:dc:6b:
                    91:50:18:a4:a5:01:2b:f9:ae:b0:99:ad:82:37:7b:
                    0e:7e:69:7b:11:1c:e9:ae:b5:86:bc:30:3f:0f:c1:
                    d7:40:99:0d:76:52:c7:c9:60:74:3c:cc:a3:26:ce:
                    cb:e3:20:10:b8:61:7c:65:9a:bd:f0:72:c5:c1:c3:
                    56:ef:3a:bb:22:51:2b:44:f6:ca:93:91:28:c3:6f:
                    f7:a3:4b:f8:e4:90:fc:e1:f5:b7:76:f4:6f:9d:c7:
                    0d:01:b5:6f:fe:7a:66:ef:c2:12:34:89:f9:8f:46:
                    69:57:25:55:58:56:7d:5b:45:cb:7e:9d:b2:fa:3a:
                    02:f4:6e:04:5d:e2:bf:54:06:97:76:9f:e0:71:3a:
                    df:eb:02:7d:43:33:e0:30:42:3f:08:62:bd:a9:3e:
                    b0:04:2d:08:e6:03:46:f3:30:b8:f5:7a:a0:be:ef:
                    23:33:b5:2b:be:65:e1:2d:47:c9:91:be:f4:87:15:
                    52:43:d2:54:d5:b1:e3:9a:26:f9:8e:7f:9e:0c:b9:
                    bd:a4:11:43:37:80:51:8c:df:63:e3:68:a0:41:cb:
                    9a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:4A:78:04:F7:5C:E6:8D:10:72:F5:A3:B7:DF:8D:B0:03:D7:FC:A5
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/UUp4BPdc5o0QcvWjt9-NsAPX_KU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.154.128.0/20
                  84.237.212.0/24
                  213.175.84.0/23
                  213.175.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:2a:1b:35:ba:ed:7b:c6:d5:11:96:d5:03:1b:c9:bc:b8:89:
         44:dc:91:99:eb:ab:8e:e3:35:72:67:73:df:b6:0a:ff:05:2b:
         5a:e9:d4:a2:e6:c6:af:d5:16:26:96:a8:99:17:9b:0d:98:06:
         d6:80:4c:19:04:4b:c9:4b:35:4a:11:13:ef:cc:6a:66:05:8b:
         f7:ca:b2:13:43:5c:83:e4:e5:b5:9b:05:12:12:59:49:a8:0a:
         ae:19:c9:4d:f8:fc:54:71:e3:4f:d2:59:99:83:05:7e:e4:bf:
         9b:9a:ac:84:4a:6d:49:d6:1e:c5:96:b9:2e:91:ff:86:45:31:
         ae:99:59:b3:ab:71:86:b9:ea:a3:6c:a7:f1:7f:34:70:ff:9e:
         d4:bb:86:07:98:6f:32:85:c8:0c:d9:f6:55:ea:bd:ae:b7:16:
         02:e1:00:e8:de:05:b8:20:04:a5:ad:72:be:23:9a:5a:95:e0:
         ba:6c:c9:ad:54:ec:9d:a3:ff:67:f1:2b:ca:01:85:eb:df:18:
         78:96:72:06:c6:81:e1:c6:95:08:60:2c:8c:9e:5a:7b:07:c8:
         78:69:b8:f2:ed:8f:a1:9d:4a:3e:0b:e7:9c:93:e7:3a:0d:6d:
         50:23:78:98:40:14:cd:f5:5b:53:99:a7:1d:42:02:93:85:09:
         3d:7b:29:25
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY6j2dH7ODFiKIY8N98mPpYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwNDAzMTIwNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTRhNzgwNGY3NWNlNjhkMTA3MmY1YTNiN2RmOGRiMDAzZDdmY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7bPqGEC1+rTiRmMiezKow1kSdtH
bFM8Y3VxhiqbUDhrFZ8+JalK95bM3GuRUBikpQEr+a6wma2CN3sOfml7ERzprrWG
vDA/D8HXQJkNdlLHyWB0PMyjJs7L4yAQuGF8ZZq98HLFwcNW7zq7IlErRPbKk5Eo
w2/3o0v45JD84fW3dvRvnccNAbVv/npm78ISNIn5j0ZpVyVVWFZ9W0XLfp2y+joC
9G4EXeK/VAaXdp/gcTrf6wJ9QzPgMEI/CGK9qT6wBC0I5gNG8zC49Xqgvu8jM7Ur
vmXhLUfJkb70hxVSQ9JU1bHjmib5jn+eDLm9pBFDN4BRjN9j42igQcuafwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFFKeAT3XOaNEHL1o7ffjbAD1/ylMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvVVVwNEJQZGM1bzBRY3ZXanQ5LU5zQVBYX0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQETpqAAwQA
VO3UAwQB1a9UAwQD1a9YMA0GCSqGSIb3DQEBCwUAA4IBAQAEKhs1uu17xtURltUD
G8m8uIlE3JGZ66uO4zVyZ3Pftgr/BSta6dSi5sav1RYmlqiZF5sNmAbWgEwZBEvJ
SzVKERPvzGpmBYv3yrITQ1yD5OW1mwUSEllJqAquGclN+PxUceNP0lmZgwV+5L+b
mqyESm1J1h7Flrkukf+GRTGumVmzq3GGueqjbKfxfzRw/57Uu4YHmG8yhcgM2fZV
6r2utxYC4QDo3gW4IASlrXK+I5paleC6bMmtVOydo/9n8SvKAYXr3xh4lnIGxoHh
xpUIYCyMnlp7B8h4abjy7Y+hnUo+C+eck+c6DW1QI3iYQBTN9VtTmacdQgKThQk9
eykl
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:23:24 2024 by rpki-client on console-fra.rpki-client.org