Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/3Wm2ORAuZy-MJVTC7E_n_J8fZ5U.roa
File:                     3Wm2ORAuZy-MJVTC7E_n_J8fZ5U.roa (raw, json)
Hash identifier:          sxEPcIj3WfBFUJMVTs2yjIzVT1Ak94puatI22k0+XT4=
Subject key identifier:   DD:69:B6:39:10:2E:67:2F:8C:25:54:C2:EC:4F:E7:FC:9F:1F:67:95
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC727609B9CA236F57C49018ED0B18B47
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/3Wm2ORAuZy-MJVTC7E_n_J8fZ5U.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5588
IP address blocks:        217.8.160.0/19 maxlen: 19
                          94.42.0.0/16 maxlen: 16
                          195.94.192.0/19 maxlen: 19
                          78.133.128.0/17 maxlen: 17
                          85.219.128.0/17 maxlen: 17
                          89.174.0.0/16 maxlen: 16
                          89.174.23.0/24 maxlen: 24
                          217.153.0.0/16 maxlen: 16
                          157.25.0.0/16 maxlen: 16
                          2001:4190::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:60:9b:9c:a2:36:f5:7c:49:01:8e:d0:b1:8b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd69b639102e672f8c2554c2ec4fe7fc9f1f6795
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:96:93:f9:bb:85:f1:b1:97:f5:eb:f8:6f:d8:
                    48:b5:50:21:51:52:fb:b4:d4:12:f6:4c:b5:6e:e1:
                    90:5a:77:bf:65:d3:f1:53:1a:b0:d5:5b:44:aa:72:
                    58:a1:da:43:f2:40:31:79:a2:db:2d:30:98:a5:46:
                    ac:95:d2:92:06:ba:ba:bd:85:7e:2e:20:3c:a3:b0:
                    86:e6:df:c5:61:a6:3b:e2:5c:1e:76:50:5f:13:26:
                    82:56:9f:0e:bd:01:30:87:ca:d8:b1:62:60:5a:be:
                    60:f2:99:cd:63:76:1c:28:b6:2b:84:da:d2:3f:15:
                    cf:8a:d2:2f:d2:c8:d2:25:ea:3c:89:48:9b:75:aa:
                    bc:42:e6:89:d2:61:fe:e4:48:4d:fc:27:17:fd:7a:
                    26:38:aa:e0:4c:51:00:44:8d:cc:22:86:4a:89:b6:
                    e6:04:14:a1:e7:b6:e2:b9:eb:0e:26:41:17:69:13:
                    a1:aa:8b:f1:bd:d9:1a:cc:ce:09:fa:f9:db:16:f5:
                    3a:0d:10:96:78:b3:eb:6b:40:ee:60:3e:23:af:61:
                    34:cd:51:c6:3f:ca:e0:51:1d:b2:af:80:dc:09:fe:
                    80:50:59:eb:04:0d:8b:2e:56:fe:73:ee:5b:ee:f9:
                    5e:d2:9f:10:8e:3a:5e:8c:d0:ea:76:99:45:af:32:
                    2c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:69:B6:39:10:2E:67:2F:8C:25:54:C2:EC:4F:E7:FC:9F:1F:67:95
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/3Wm2ORAuZy-MJVTC7E_n_J8fZ5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.133.128.0/17
                  85.219.128.0/17
                  89.174.0.0/16
                  94.42.0.0/16
                  157.25.0.0/16
                  195.94.192.0/19
                  217.8.160.0/19
                  217.153.0.0/16
                IPv6:
                  2001:4190::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:84:56:c1:da:ee:c8:07:40:3e:45:38:dc:6c:d8:d8:ee:b2:
         7f:86:41:1e:bc:b3:8e:f3:c6:8f:af:6d:e0:b2:26:40:6a:88:
         fe:94:bb:7d:7c:8b:d7:96:83:69:18:92:3d:f5:05:fc:26:4e:
         be:f6:59:fd:f1:2c:12:f7:6a:d2:e7:b7:19:09:93:48:b5:e0:
         53:50:52:81:cf:62:1c:c0:58:ba:19:d3:95:17:f4:18:99:81:
         22:57:23:90:3c:6f:94:7f:32:8c:0c:e7:c7:ed:04:40:f0:e4:
         7c:8a:0d:41:d2:54:5f:9a:ca:12:83:cc:4e:ba:d5:97:ec:84:
         2e:57:a8:72:db:89:42:16:a1:f4:07:a5:f2:79:0b:89:2f:ac:
         29:df:2a:3b:df:5e:aa:21:14:e8:3e:f2:e5:79:85:d5:71:9d:
         4d:55:71:03:a4:9f:98:88:10:94:f5:ad:d1:a4:91:6a:a9:0f:
         e9:fb:79:d7:05:26:20:bf:f9:a9:cc:89:52:28:1f:de:c1:79:
         19:93:f3:e2:f8:13:0b:4b:91:8f:c7:20:37:cf:f1:a2:03:39:
         d9:b5:7c:8d:9d:88:08:f1:7d:95:58:84:63:97:1c:9c:0b:1e:
         8a:af:49:bd:2a:8d:b3:be:69:a5:ba:f3:13:a0:47:a8:66:16:
         fe:a4:da:10
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYzHJ2CbnKI29XxJAY7QsYtHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY5YjYzOTEwMmU2NzJmOGMyNTU0YzJlYzRmZTdmYzlmMWY2Nzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1paT+buF8bGX9ev4b9hItVAhUVL7
tNQS9ky1buGQWne/ZdPxUxqw1VtEqnJYodpD8kAxeaLbLTCYpUasldKSBrq6vYV+
LiA8o7CG5t/FYaY74lwedlBfEyaCVp8OvQEwh8rYsWJgWr5g8pnNY3YcKLYrhNrS
PxXPitIv0sjSJeo8iUibdaq8QuaJ0mH+5EhN/CcX/XomOKrgTFEARI3MIoZKibbm
BBSh57biuesOJkEXaROhqovxvdkazM4J+vnbFvU6DRCWeLPra0DuYD4jr2E0zVHG
P8rgUR2yr4DcCf6AUFnrBA2LLlb+c+5b7vle0p8QjjpejNDqdplFrzIsWQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFN1ptjkQLmcvjCVUwuxP5/yfH2eVMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvM1dtMk9SQXVaeS1NSlZUQzdFX25fSjhmWjVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQHToWAAwQH
VduAAwMAWa4DAwBeKgMDAJ0ZAwQFw17AAwQF2QigAwMA2ZkwDQQCAAIwBwMFACAB
QZAwDQYJKoZIhvcNAQELBQADggEBAHqEVsHa7sgHQD5FONxs2Njusn+GQR68s47z
xo+vbeCyJkBqiP6Uu318i9eWg2kYkj31BfwmTr72Wf3xLBL3atLntxkJk0i14FNQ
UoHPYhzAWLoZ05UX9BiZgSJXI5A8b5R/MowM58ftBEDw5HyKDUHSVF+ayhKDzE66
1ZfshC5XqHLbiUIWofQHpfJ5C4kvrCnfKjvfXqohFOg+8uV5hdVxnU1VcQOkn5iI
EJT1rdGkkWqpD+n7edcFJiC/+anMiVIoH97BeRmT8+L4EwtLkY/HIDfP8aIDOdm1
fI2diAjxfZVYhGOXHJwLHoqvSb0qjbO+aaW68xOgR6hmFv6k2hA=
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:48 2024 by rpki-client on console-ams.rpki-client.org