Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/3266f1-7c88-4f59-b566-1ac4a4007db4/1/XvfSLjhoVhrDWlKhd4RiYCrFulQ.roa
File:                     XvfSLjhoVhrDWlKhd4RiYCrFulQ.roa (raw, json)
Hash identifier:          2ezV8CQoOgrFf84zgF805ts2yAkrNGR0+Vkdd61ZSco=
Subject key identifier:   5E:F7:D2:2E:38:68:56:1A:C3:5A:52:A1:77:84:62:60:2A:C5:BA:54
Certificate issuer:       /CN=8741ec17dc0309b13d88a67ea22dcbbb26a4e3a1
Certificate serial:       018EA35C6505D05C4F26289CC8353E90A0E4
Authority key identifier: 87:41:EC:17:DC:03:09:B1:3D:88:A6:7E:A2:2D:CB:BB:26:A4:E3:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0HsF9wDCbE9iKZ-oi3Luyak46E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/3266f1-7c88-4f59-b566-1ac4a4007db4/1/XvfSLjhoVhrDWlKhd4RiYCrFulQ.roa
Signing time:             Wed 03 Apr 2024 09:48:45 +0000
ROA not before:           Wed 03 Apr 2024 09:48:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200233
IP address blocks:        138.124.176.0/24 maxlen: 24
                          147.87.0.0/16 maxlen: 24
                          193.5.80.0/21 maxlen: 24
                          2a07:6b40::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/3266f1-7c88-4f59-b566-1ac4a4007db4/1/h0HsF9wDCbE9iKZ-oi3Luyak46E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/3266f1-7c88-4f59-b566-1ac4a4007db4/1/h0HsF9wDCbE9iKZ-oi3Luyak46E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0HsF9wDCbE9iKZ-oi3Luyak46E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:5c:65:05:d0:5c:4f:26:28:9c:c8:35:3e:90:a0:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8741ec17dc0309b13d88a67ea22dcbbb26a4e3a1
        Validity
            Not Before: Apr  3 09:48:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ef7d22e3868561ac35a52a1778462602ac5ba54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:11:c6:48:43:cd:b4:7b:3d:b9:69:2b:cc:0e:
                    6a:f1:6a:09:53:3a:33:64:7f:47:f5:8d:7e:9f:b5:
                    1e:f3:66:42:70:0c:27:27:ec:7e:86:44:b5:af:2f:
                    07:8e:6d:14:ed:30:17:08:20:05:9b:67:26:31:2f:
                    7c:3a:e0:48:cb:04:56:91:96:76:70:20:04:c8:2f:
                    47:44:01:1f:1d:46:1e:73:2d:2e:58:2d:0c:77:35:
                    64:38:fc:ac:37:c0:65:2a:9d:41:ce:44:72:5e:90:
                    93:c8:5d:09:69:c3:2d:12:dc:92:dc:b6:46:65:27:
                    f9:81:b9:27:b2:90:69:15:8a:07:bd:03:43:7c:e2:
                    fb:65:9c:4b:3c:7d:d9:b1:eb:8e:c6:9e:16:30:7f:
                    52:b0:cd:c4:17:87:3a:b7:bd:cc:cd:93:03:4c:0e:
                    7f:20:6b:18:28:4c:c3:9a:26:a6:3d:aa:75:48:74:
                    a1:bb:b7:de:9b:b9:15:ec:e3:68:68:87:f3:0c:2d:
                    3f:93:95:bb:71:6a:00:12:f6:1d:d6:69:e8:f9:e2:
                    62:da:6d:d8:b7:8f:1d:8f:07:b9:37:f0:eb:cf:20:
                    11:b4:7b:0b:ae:d7:4c:f7:de:ae:73:8b:23:70:8b:
                    79:fb:93:a1:fe:a1:1d:16:f8:97:f3:d0:99:37:82:
                    8d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:F7:D2:2E:38:68:56:1A:C3:5A:52:A1:77:84:62:60:2A:C5:BA:54
            X509v3 Authority Key Identifier:
                keyid:87:41:EC:17:DC:03:09:B1:3D:88:A6:7E:A2:2D:CB:BB:26:A4:E3:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0HsF9wDCbE9iKZ-oi3Luyak46E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/3266f1-7c88-4f59-b566-1ac4a4007db4/1/XvfSLjhoVhrDWlKhd4RiYCrFulQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/3266f1-7c88-4f59-b566-1ac4a4007db4/1/h0HsF9wDCbE9iKZ-oi3Luyak46E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.176.0/24
                  147.87.0.0/16
                  193.5.80.0/21
                IPv6:
                  2a07:6b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:77:c2:8e:c0:cb:8c:72:a3:56:f9:3b:5f:92:0b:48:df:57:
         61:5b:36:c2:c9:1c:30:61:d5:4d:b2:8c:7e:cd:13:a0:38:50:
         c7:7b:8e:8a:93:6c:bb:6b:7b:f3:77:37:7d:ee:b6:2b:d8:72:
         67:7e:10:a3:a8:05:c9:4a:6f:5c:2d:0e:66:6e:30:1c:7c:24:
         fa:59:bd:a9:d6:79:f4:9b:ef:c9:b9:81:9b:d7:32:f8:bb:59:
         1a:2f:56:e4:72:1d:59:4e:28:a9:ef:1f:8c:c0:ec:30:dd:34:
         75:82:da:96:cf:6b:60:85:7b:98:af:00:98:e1:6c:d5:62:85:
         10:7e:b4:48:5d:ce:5e:1a:22:9a:8c:ce:43:30:c4:fc:29:45:
         19:72:fb:72:d3:d8:3e:9f:9f:7a:9b:2f:83:cc:20:03:a6:0d:
         14:8c:3b:41:b5:a4:ad:f2:2c:51:7e:fc:1d:4f:72:7e:69:f4:
         7f:32:68:5d:f2:8b:85:dc:2f:08:2a:3d:a8:72:83:4c:d1:6e:
         c8:33:3d:11:2a:92:21:9c:26:b4:ef:d4:2a:35:a4:14:8a:2b:
         fb:89:18:59:21:87:18:c9:04:ad:a3:a1:1c:f9:e0:c9:72:bc:
         7e:78:fa:f4:63:2d:68:a6:a5:51:78:80:89:1b:6c:aa:6d:54:
         65:96:d3:72
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY6jXGUF0FxPJiicyDU+kKDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NDFlYzE3ZGMwMzA5YjEzZDg4YTY3ZWEyMmRjYmJiMjZh
NGUzYTEwHhcNMjQwNDAzMDk0ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWY3ZDIyZTM4Njg1NjFhYzM1YTUyYTE3Nzg0NjI2MDJhYzViYTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBHGSEPNtHs9uWkrzA5q8WoJUzoz
ZH9H9Y1+n7Ue82ZCcAwnJ+x+hkS1ry8Hjm0U7TAXCCAFm2cmMS98OuBIywRWkZZ2
cCAEyC9HRAEfHUYecy0uWC0MdzVkOPysN8BlKp1BzkRyXpCTyF0JacMtEtyS3LZG
ZSf5gbknspBpFYoHvQNDfOL7ZZxLPH3ZseuOxp4WMH9SsM3EF4c6t73MzZMDTA5/
IGsYKEzDmiamPap1SHShu7fem7kV7ONoaIfzDC0/k5W7cWoAEvYd1mno+eJi2m3Y
t48djwe5N/DrzyARtHsLrtdM996uc4sjcIt5+5Oh/qEdFviX89CZN4KNnwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFF730i44aFYaw1pSoXeEYmAqxbpUMB8GA1UdIwQY
MBaAFIdB7BfcAwmxPYimfqIty7smpOOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDBIc0Y5d0RDYkU5aUtaLW9pM0x1eWFrNDZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8zMjY2ZjEtN2M4OC00ZjU5LWI1NjYt
MWFjNGE0MDA3ZGI0LzEvWHZmU0xqaG9WaHJEV2xLaGQ0UmlZQ3JGdWxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8zMjY2ZjEtN2M4OC00ZjU5LWI1NjYtMWFjNGE0MDA3ZGI0
LzEvaDBIc0Y5d0RDYkU5aUtaLW9pM0x1eWFrNDZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAXBAIAATARAwQAinywAwMA
k1cDBAPBBVAwDQQCAAIwBwMFAyoHa0AwDQYJKoZIhvcNAQELBQADggEBABt3wo7A
y4xyo1b5O1+SC0jfV2FbNsLJHDBh1U2yjH7NE6A4UMd7joqTbLtre/N3N33utivY
cmd+EKOoBclKb1wtDmZuMBx8JPpZvanWefSb78m5gZvXMvi7WRovVuRyHVlOKKnv
H4zA7DDdNHWC2pbPa2CFe5ivAJjhbNVihRB+tEhdzl4aIpqMzkMwxPwpRRly+3LT
2D6fn3qbL4PMIAOmDRSMO0G1pK3yLFF+/B1Pcn5p9H8yaF3yi4XcLwgqPahyg0zR
bsgzPREqkiGcJrTv1Co1pBSKK/uJGFkhhxjJBK2joRz54MlyvH54+vRjLWimpVF4
gIkbbKptVGWW03I=
-----END CERTIFICATE-----
Generated at Tue Nov 26 21:28:30 2024 by rpki-client on console-fra.rpki-client.org