Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/mhB12lXY2a3jUgSFL4bSa2h9rKg.roa
File:                     mhB12lXY2a3jUgSFL4bSa2h9rKg.roa (raw, json)
Hash identifier:          j8X8rYfjvGBtOZ/YrreMykJaSBOVJVshKVO5sCsh/S0=
Subject key identifier:   9A:10:75:DA:55:D8:D9:AD:E3:52:04:85:2F:86:D2:6B:68:7D:AC:A8
Certificate issuer:       /CN=4fd6646c93c2974789ecef7b444656ee64161729
Certificate serial:       018CC5DC7986940471AEEB4789A38A221242
Authority key identifier: 4F:D6:64:6C:93:C2:97:47:89:EC:EF:7B:44:46:56:EE:64:16:17:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/mhB12lXY2a3jUgSFL4bSa2h9rKg.roa
Signing time:             Mon 01 Jan 2024 16:30:09 +0000
ROA not before:           Mon 01 Jan 2024 16:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        193.19.92.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:79:86:94:04:71:ae:eb:47:89:a3:8a:22:12:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fd6646c93c2974789ecef7b444656ee64161729
        Validity
            Not Before: Jan  1 16:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a1075da55d8d9ade35204852f86d26b687daca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1c:16:02:75:10:d0:ec:02:7c:37:f3:f1:70:
                    95:a5:d2:07:ea:af:6c:1d:73:ca:f4:47:3e:83:4b:
                    84:ac:dc:aa:e3:d9:bb:13:e2:31:3c:2d:65:bf:e2:
                    c5:99:29:8c:30:42:af:48:1c:ac:2d:88:51:fe:f0:
                    d4:5e:7d:86:ce:8b:af:96:1f:b6:26:20:df:05:81:
                    ea:c1:f0:12:aa:a7:4d:f4:b4:39:02:84:d7:62:95:
                    d1:92:b8:f9:f0:38:04:08:50:b4:b5:81:30:fc:38:
                    c9:e4:82:9a:39:81:08:95:eb:39:19:39:26:db:a6:
                    24:da:dc:5f:fb:1f:b7:7c:50:bb:a9:4e:6f:2f:f0:
                    fe:07:ea:a5:1b:73:f0:60:d9:de:90:e6:73:31:07:
                    a6:13:a4:e7:d1:4e:cb:e6:9c:1f:81:43:e4:6a:97:
                    1f:67:3a:e6:2c:5e:e7:34:92:0e:0b:44:cf:56:74:
                    cd:47:fa:16:6d:e8:f5:cf:36:99:49:7a:a7:e1:f0:
                    21:0a:77:f8:5d:e7:10:81:0f:f4:cb:41:ba:de:7a:
                    37:08:81:d8:c8:34:eb:e9:16:d4:49:d3:07:d9:c9:
                    dd:1e:e8:79:ae:29:c8:64:4e:32:2c:f8:2e:83:94:
                    a3:89:f7:e4:e8:f2:a8:74:08:82:51:3f:29:13:6e:
                    2b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:10:75:DA:55:D8:D9:AD:E3:52:04:85:2F:86:D2:6B:68:7D:AC:A8
            X509v3 Authority Key Identifier:
                keyid:4F:D6:64:6C:93:C2:97:47:89:EC:EF:7B:44:46:56:EE:64:16:17:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/mhB12lXY2a3jUgSFL4bSa2h9rKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:50:fb:66:f9:c0:94:30:ba:10:56:f0:7c:41:79:0c:90:f8:
         9b:97:5a:7a:e2:6f:c4:51:e2:af:e4:89:22:44:9f:99:1c:8a:
         be:a6:ac:db:bd:b6:db:3f:46:22:45:f3:a9:fb:16:99:4d:54:
         82:53:3e:5b:e4:c7:01:29:3c:34:eb:7a:3c:8a:1b:a5:ad:3c:
         ab:6d:c6:40:cf:5f:6d:64:fe:5d:fe:c6:38:ec:0b:7c:90:de:
         16:22:7d:fd:1c:82:f7:ab:b9:6e:ae:31:98:b0:c5:b3:92:5b:
         02:17:1a:3a:78:77:d9:d1:a7:07:54:9d:a7:eb:b9:0e:aa:0d:
         00:97:2e:17:d0:c2:fd:c0:4d:8b:72:0d:24:8f:ec:32:b0:84:
         fe:ee:0b:a5:07:a4:ef:99:3a:36:68:ef:8a:04:80:65:7f:fe:
         ad:af:c5:c4:fe:50:18:6e:15:c4:41:92:ee:dd:ee:56:f7:a6:
         9f:71:40:4b:18:20:10:80:bf:1e:a3:27:cd:d8:37:3a:0d:7a:
         be:2a:98:c9:6a:7f:fa:be:b7:81:f9:0a:78:f2:7d:1e:36:6b:
         d5:31:89:93:f7:34:0f:2d:24:12:c9:f2:82:9b:8f:c0:8f:ac:
         dc:4d:40:f6:11:62:29:cc:c1:52:ca:0f:7c:d0:fb:e2:c9:39:
         9e:08:78:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3HmGlARxrutHiaOKIhJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmZDY2NDZjOTNjMjk3NDc4OWVjZWY3YjQ0NDY1NmVlNjQx
NjE3MjkwHhcNMjQwMTAxMTYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTEwNzVkYTU1ZDhkOWFkZTM1MjA0ODUyZjg2ZDI2YjY4N2RhY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRwWAnUQ0OwCfDfz8XCVpdIH6q9s
HXPK9Ec+g0uErNyq49m7E+IxPC1lv+LFmSmMMEKvSBysLYhR/vDUXn2Gzouvlh+2
JiDfBYHqwfASqqdN9LQ5AoTXYpXRkrj58DgECFC0tYEw/DjJ5IKaOYEIles5GTkm
26Yk2txf+x+3fFC7qU5vL/D+B+qlG3PwYNnekOZzMQemE6Tn0U7L5pwfgUPkapcf
ZzrmLF7nNJIOC0TPVnTNR/oWbej1zzaZSXqn4fAhCnf4XecQgQ/0y0G63no3CIHY
yDTr6RbUSdMH2cndHuh5rinIZE4yLPgug5Sjiffk6PKodAiCUT8pE24rTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJoQddpV2Nmt41IEhS+G0mtofayoMB8GA1UdIwQY
MBaAFE/WZGyTwpdHiezve0RGVu5kFhcpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDlaa2JKUENsMGVKN085N1JFWlc3bVFXRnlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8zMzgxNmItMTQ1Yi00N2Y4LTg1ZmEt
NzZhNTM4NWM1MTVhLzEvbWhCMTJsWFkyYTNqVWdTRkw0YlNhMmg5cktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8zMzgxNmItMTQ1Yi00N2Y4LTg1ZmEtNzZhNTM4NWM1MTVh
LzEvVDlaa2JKUENsMGVKN085N1JFWlc3bVFXRnlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRNcMA0G
CSqGSIb3DQEBCwUAA4IBAQCHUPtm+cCUMLoQVvB8QXkMkPibl1p64m/EUeKv5Iki
RJ+ZHIq+pqzbvbbbP0YiRfOp+xaZTVSCUz5b5McBKTw063o8ihulrTyrbcZAz19t
ZP5d/sY47At8kN4WIn39HIL3q7lurjGYsMWzklsCFxo6eHfZ0acHVJ2n67kOqg0A
ly4X0ML9wE2Lcg0kj+wysIT+7gulB6TvmTo2aO+KBIBlf/6tr8XE/lAYbhXEQZLu
3e5W96afcUBLGCAQgL8eoyfN2Dc6DXq+KpjJan/6vreB+Qp48n0eNmvVMYmT9zQP
LSQSyfKCm4/Aj6zcTUD2EWIpzMFSyg980PviyTmeCHiB
-----END CERTIFICATE-----
Generated at Sun Nov 24 22:40:30 2024 by rpki-client on console-fra.rpki-client.org