Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/3OmNIoiiapFg1p4ooZN28WxH3kY.roa
File:                     3OmNIoiiapFg1p4ooZN28WxH3kY.roa (raw, json)
Hash identifier:          waSU7aHw+6khCb7BGI/FjrEVHVnh5FHwSfYCJxXx+RY=
Subject key identifier:   DC:E9:8D:22:88:A2:6A:91:60:D6:9E:28:A1:93:76:F1:6C:47:DE:46
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       018CC7958A1A4810B78E10CEE9BA382FF159
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/3OmNIoiiapFg1p4ooZN28WxH3kY.roa
Signing time:             Tue 02 Jan 2024 00:31:55 +0000
ROA not before:           Tue 02 Jan 2024 00:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56534
IP address blocks:        92.255.96.0/21 maxlen: 21
                          45.135.215.0/24 maxlen: 24
                          93.174.72.0/21 maxlen: 21
                          185.47.52.0/22 maxlen: 22
                          185.47.54.0/24 maxlen: 24
                          92.255.60.0/24 maxlen: 24
                          89.223.80.0/21 maxlen: 21
                          92.255.88.0/21 maxlen: 32
                          2a04:ac00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8a:1a:48:10:b7:8e:10:ce:e9:ba:38:2f:f1:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 00:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dce98d2288a26a9160d69e28a19376f16c47de46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:0d:a2:47:a8:59:75:cd:ab:d3:a0:60:32:bb:
                    bf:06:6e:f6:81:09:e2:de:df:e6:09:6c:0c:4d:58:
                    c3:db:a4:e9:a6:fd:47:ee:26:2f:66:93:5a:bd:0f:
                    b6:bc:87:49:e4:15:70:f9:56:ac:4c:7b:97:e2:c2:
                    1f:49:4e:81:68:66:5e:f5:d8:5d:52:ef:f3:21:0d:
                    e4:82:3e:9c:94:4d:12:ba:7d:e4:c5:95:d2:9a:31:
                    b7:5d:c6:aa:92:f6:1f:99:c9:c1:37:fc:1f:7a:25:
                    f5:a5:b1:16:9a:ac:f6:c3:e8:56:7b:c4:6a:23:9a:
                    7c:74:16:e1:ba:17:d9:b6:70:5d:16:72:b3:ce:a6:
                    2a:db:9e:8f:b2:51:a8:75:14:76:ab:3e:b2:21:d9:
                    35:48:9c:79:7f:ab:0a:0d:cd:84:ec:42:c9:8c:0a:
                    1b:0f:5b:03:5a:5c:cc:0a:d4:f5:42:c4:a1:f7:2b:
                    3c:7c:c6:4c:a0:64:08:b2:76:00:24:01:70:f9:b4:
                    3f:94:ee:f7:2c:e6:08:bd:bb:e0:a4:90:5e:70:b8:
                    53:1b:90:b1:fb:9c:78:47:b9:f5:99:87:40:a5:a3:
                    f1:6e:62:7c:eb:4b:f8:44:58:6e:d6:08:c3:f9:ec:
                    0b:6d:d2:75:e8:0e:58:88:1a:07:50:df:cd:02:39:
                    a0:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E9:8D:22:88:A2:6A:91:60:D6:9E:28:A1:93:76:F1:6C:47:DE:46
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/3OmNIoiiapFg1p4ooZN28WxH3kY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.215.0/24
                  89.223.80.0/21
                  92.255.60.0/24
                  92.255.88.0-92.255.103.255
                  93.174.72.0/21
                  185.47.52.0/22
                IPv6:
                  2a04:ac00::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:48:18:0b:7d:7f:bb:74:1c:41:6a:13:58:86:1e:f8:f2:7d:
         92:7e:8a:76:be:5a:2a:e3:b0:19:ae:fa:66:e5:3d:57:ca:d3:
         43:78:44:4a:45:d7:01:a3:3e:15:85:92:91:cc:bd:f9:37:77:
         3c:32:1f:5c:be:c3:aa:13:95:e0:e3:68:d5:be:81:e4:bd:32:
         5d:5d:d5:22:08:b8:0c:ef:7c:1b:69:1a:9a:65:09:25:be:c0:
         92:c4:b0:fa:a4:ee:f1:27:30:f9:9b:81:6b:ba:f1:5f:90:31:
         b7:53:79:9e:e4:49:b2:d5:4d:46:2a:ba:14:db:a8:d0:6a:d2:
         6f:80:63:14:7a:91:32:53:b7:61:21:92:5f:25:78:d9:d3:8d:
         ea:8d:82:aa:50:03:47:63:11:a3:5b:b3:4a:a9:7b:93:ab:f0:
         a2:2e:d3:16:9a:74:d5:c2:29:d4:73:75:fc:8d:82:a0:9b:3e:
         ab:c5:e5:2b:29:82:28:0b:43:90:fe:6d:57:a9:5b:cc:a7:49:
         71:12:d5:dc:ef:35:36:0b:6c:1e:46:4d:50:13:52:c4:1d:c2:
         31:75:3e:3d:46:6f:3d:a9:b4:02:fd:ec:70:b7:21:6d:76:60:
         23:cc:49:81:41:0b:15:85:aa:2a:26:66:d0:56:73:ef:4d:dd:
         2b:78:63:ce
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYzHlYoaSBC3jhDO6bo4L/FZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjQwMTAyMDAzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2U5OGQyMjg4YTI2YTkxNjBkNjllMjhhMTkzNzZmMTZjNDdkZTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQ2iR6hZdc2r06BgMru/Bm72gQni
3t/mCWwMTVjD26Tppv1H7iYvZpNavQ+2vIdJ5BVw+VasTHuX4sIfSU6BaGZe9dhd
Uu/zIQ3kgj6clE0Sun3kxZXSmjG3XcaqkvYfmcnBN/wfeiX1pbEWmqz2w+hWe8Rq
I5p8dBbhuhfZtnBdFnKzzqYq256PslGodRR2qz6yIdk1SJx5f6sKDc2E7ELJjAob
D1sDWlzMCtT1QsSh9ys8fMZMoGQIsnYAJAFw+bQ/lO73LOYIvbvgpJBecLhTG5Cx
+5x4R7n1mYdApaPxbmJ860v4RFhu1gjD+ewLbdJ16A5YiBoHUN/NAjmgJwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFNzpjSKIomqRYNaeKKGTdvFsR95GMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvM09tTklvaWlhcEZnMXA0b29aTjI4V3hIM2tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQALYfXAwQD
Wd9QAwQAXP88MAwDBANc/1gDBANc/2ADBANdrkgDBAK5LzQwDQQCAAIwBwMFAyoE
rAAwDQYJKoZIhvcNAQELBQADggEBAAVIGAt9f7t0HEFqE1iGHvjyfZJ+ina+Wirj
sBmu+mblPVfK00N4REpF1wGjPhWFkpHMvfk3dzwyH1y+w6oTleDjaNW+geS9Ml1d
1SIIuAzvfBtpGpplCSW+wJLEsPqk7vEnMPmbgWu68V+QMbdTeZ7kSbLVTUYquhTb
qNBq0m+AYxR6kTJTt2Ehkl8leNnTjeqNgqpQA0djEaNbs0qpe5Or8KIu0xaadNXC
KdRzdfyNgqCbPqvF5SspgigLQ5D+bVepW8ynSXES1dzvNTYLbB5GTVATUsQdwjF1
Pj1Gbz2ptAL97HC3IW12YCPMSYFBCxWFqiomZtBWc+9N3St4Y84=
-----END CERTIFICATE-----
Generated at Sat Jun 15 13:17:02 2024 by rpki-client on console-fra.rpki-client.org