Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/3d4c46-7545-4b3d-8f1c-2a63402bec66/1/ljRLFUNQbVQjBBx8QYNbnOij7Ao.roa
File:                     ljRLFUNQbVQjBBx8QYNbnOij7Ao.roa (raw, json)
Hash identifier:          tdZhlGYlhzJ+Ocu5nU8c7K0jWByKiIHNIevyo9VB49o=
Subject key identifier:   96:34:4B:15:43:50:6D:54:23:04:1C:7C:41:83:5B:9C:E8:A3:EC:0A
Certificate issuer:       /CN=b4810d7c9bfc58b9e0a1e59169c3dd322de9f737
Certificate serial:       018CC492DF29471C8B54393F10A7EBBFA4C9
Authority key identifier: B4:81:0D:7C:9B:FC:58:B9:E0:A1:E5:91:69:C3:DD:32:2D:E9:F7:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIENfJv8WLngoeWRacPdMi3p9zc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/3d4c46-7545-4b3d-8f1c-2a63402bec66/1/ljRLFUNQbVQjBBx8QYNbnOij7Ao.roa
Signing time:             Mon 01 Jan 2024 10:30:08 +0000
ROA not before:           Mon 01 Jan 2024 10:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29050
IP address blocks:        46.182.152.0/21 maxlen: 24
                          185.14.76.0/22 maxlen: 24
                          213.243.192.0/18 maxlen: 24
                          5.43.232.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/3d4c46-7545-4b3d-8f1c-2a63402bec66/1/tIENfJv8WLngoeWRacPdMi3p9zc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/3d4c46-7545-4b3d-8f1c-2a63402bec66/1/tIENfJv8WLngoeWRacPdMi3p9zc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIENfJv8WLngoeWRacPdMi3p9zc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:df:29:47:1c:8b:54:39:3f:10:a7:eb:bf:a4:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4810d7c9bfc58b9e0a1e59169c3dd322de9f737
        Validity
            Not Before: Jan  1 10:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96344b1543506d5423041c7c41835b9ce8a3ec0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e2:a2:f6:ca:ba:c8:51:55:15:29:3c:eb:89:
                    d6:b2:77:b5:b3:a6:86:aa:8d:c2:14:5d:59:6f:bf:
                    e6:a6:19:b3:71:83:1c:db:71:88:92:4f:41:75:32:
                    f6:23:97:58:76:1a:cd:ed:3b:be:be:ea:68:e1:c6:
                    97:b9:0e:d0:8d:6a:1e:41:c8:b4:2a:e7:93:66:71:
                    5a:36:cb:85:3a:55:b8:cc:4e:df:87:0b:a5:83:25:
                    1e:1c:b3:8e:08:0d:90:fa:21:3c:85:83:af:a5:49:
                    4e:d7:a8:d0:6b:e6:dd:ca:cf:64:5e:65:a6:0a:44:
                    f1:bf:7a:24:f8:f4:d5:a2:a9:63:ed:08:df:f8:f6:
                    25:d0:41:18:62:1c:e1:26:54:45:b8:94:d6:92:21:
                    5f:06:2f:5a:c1:51:65:e6:91:0f:0f:6b:df:20:f0:
                    31:9c:74:eb:fc:ad:10:6c:33:b6:e3:05:9e:c4:5e:
                    d1:a3:2b:da:4a:28:61:03:d4:5c:e0:54:4c:ca:91:
                    4e:61:91:d2:03:00:0f:07:69:2e:e3:65:73:6b:70:
                    dc:fa:17:a1:c9:89:74:54:8d:08:b8:38:39:e4:29:
                    67:5c:ad:ce:d4:7b:ea:04:14:a1:52:cf:21:89:e8:
                    b7:4a:40:3c:df:e4:d1:95:5d:d7:86:51:95:84:e9:
                    0d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:34:4B:15:43:50:6D:54:23:04:1C:7C:41:83:5B:9C:E8:A3:EC:0A
            X509v3 Authority Key Identifier:
                keyid:B4:81:0D:7C:9B:FC:58:B9:E0:A1:E5:91:69:C3:DD:32:2D:E9:F7:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIENfJv8WLngoeWRacPdMi3p9zc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/3d4c46-7545-4b3d-8f1c-2a63402bec66/1/ljRLFUNQbVQjBBx8QYNbnOij7Ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/3d4c46-7545-4b3d-8f1c-2a63402bec66/1/tIENfJv8WLngoeWRacPdMi3p9zc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.43.232.0/21
                  46.182.152.0/21
                  185.14.76.0/22
                  213.243.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5c:3b:c8:c0:dc:e3:4e:fd:20:0a:10:b1:89:0f:8c:b1:f2:f5:
         f7:df:fe:24:4d:54:94:2d:0c:6b:df:77:be:46:c2:e4:21:57:
         8a:56:27:a1:38:46:25:0f:a7:1d:bf:da:fe:4b:1e:2f:8d:3d:
         30:f0:93:5a:cd:47:28:4e:e8:70:0e:b8:52:bf:6d:49:4f:eb:
         81:1e:d8:ba:cf:40:c3:62:ec:3b:d5:01:7b:e8:39:0d:9d:f3:
         32:a5:18:0a:12:bf:6e:b5:6a:40:9b:c7:15:09:26:6a:65:86:
         bb:5b:5b:91:9e:e7:5f:8e:57:29:59:b2:54:48:70:58:d7:00:
         7e:e4:c9:6f:4c:ee:78:f7:02:e8:4f:39:3e:9b:cb:03:31:5c:
         6b:26:74:f8:e5:c3:55:6d:fc:b6:8f:64:92:5b:d2:42:45:79:
         26:6c:68:90:c0:cd:05:5f:94:9e:ed:a3:b8:04:a2:c2:70:32:
         7a:d0:02:9e:75:2b:15:3d:90:95:95:6f:f3:6e:3a:c5:fc:a7:
         19:70:9d:9c:e7:92:6c:be:5a:4a:ec:aa:03:88:56:e8:fb:e8:
         f1:7c:a0:aa:a7:9a:7f:d0:07:19:b2:dc:1e:e0:12:08:69:8d:
         09:1e:c2:fd:19:65:73:cc:a9:03:7f:5c:78:b8:4d:96:11:4c:
         17:eb:d3:98
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEkt8pRxyLVDk/EKfrv6TJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODEwZDdjOWJmYzU4YjllMGExZTU5MTY5YzNkZDMyMmRl
OWY3MzcwHhcNMjQwMTAxMTAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjM0NGIxNTQzNTA2ZDU0MjMwNDFjN2M0MTgzNWI5Y2U4YTNlYzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOKi9sq6yFFVFSk864nWsne1s6aG
qo3CFF1Zb7/mphmzcYMc23GIkk9BdTL2I5dYdhrN7Tu+vupo4caXuQ7QjWoeQci0
KueTZnFaNsuFOlW4zE7fhwulgyUeHLOOCA2Q+iE8hYOvpUlO16jQa+bdys9kXmWm
CkTxv3ok+PTVoqlj7Qjf+PYl0EEYYhzhJlRFuJTWkiFfBi9awVFl5pEPD2vfIPAx
nHTr/K0QbDO24wWexF7RoyvaSihhA9Rc4FRMypFOYZHSAwAPB2ku42Vza3Dc+heh
yYl0VI0IuDg55ClnXK3O1HvqBBShUs8hiei3SkA83+TRlV3XhlGVhOkNMQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJY0SxVDUG1UIwQcfEGDW5zoo+wKMB8GA1UdIwQY
MBaAFLSBDXyb/Fi54KHlkWnD3TIt6fc3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElFTmZKdjhXTG5nb2VXUmFjUGRNaTNwOXpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8zZDRjNDYtNzU0NS00YjNkLThmMWMt
MmE2MzQwMmJlYzY2LzEvbGpSTEZVTlFiVlFqQkJ4OFFZTmJuT2lqN0FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8zZDRjNDYtNzU0NS00YjNkLThmMWMtMmE2MzQwMmJlYzY2
LzEvdElFTmZKdjhXTG5nb2VXUmFjUGRNaTNwOXpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBSvoAwQD
LraYAwQCuQ5MAwQG1fPAMA0GCSqGSIb3DQEBCwUAA4IBAQBcO8jA3ONO/SAKELGJ
D4yx8vX33/4kTVSULQxr33e+RsLkIVeKViehOEYlD6cdv9r+Sx4vjT0w8JNazUco
TuhwDrhSv21JT+uBHti6z0DDYuw71QF76DkNnfMypRgKEr9utWpAm8cVCSZqZYa7
W1uRnudfjlcpWbJUSHBY1wB+5MlvTO549wLoTzk+m8sDMVxrJnT45cNVbfy2j2SS
W9JCRXkmbGiQwM0FX5Se7aO4BKLCcDJ60AKedSsVPZCVlW/zbjrF/KcZcJ2c55Js
vlpK7KoDiFbo++jxfKCqp5p/0AcZstwe4BIIaY0JHsL9GWVzzKkDf1x4uE2WEUwX
69OY
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:15:24 2024 by rpki-client on console-fra.rpki-client.org