Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/b210f6-7ca1-47b1-9a5f-7cfdd84f734d/1/N3TbndfGUvkycvdp2Tfa4aoG_U0.roa
File:                     N3TbndfGUvkycvdp2Tfa4aoG_U0.roa (raw, json)
Hash identifier:          WnxU5jwJ8u1mIoeqJPOK5dBFCNE0dGVFlfGDh1mvj5A=
Subject key identifier:   37:74:DB:9D:D7:C6:52:F9:32:72:F7:69:D9:37:DA:E1:AA:06:FD:4D
Certificate issuer:       /CN=6211901227577807f4b68c8b8f25fbea9c720762
Certificate serial:       018CC6B88DB48D61020664EFEF89597C8575
Authority key identifier: 62:11:90:12:27:57:78:07:F4:B6:8C:8B:8F:25:FB:EA:9C:72:07:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhGQEidXeAf0toyLjyX76pxyB2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/b210f6-7ca1-47b1-9a5f-7cfdd84f734d/1/N3TbndfGUvkycvdp2Tfa4aoG_U0.roa
Signing time:             Mon 01 Jan 2024 20:30:32 +0000
ROA not before:           Mon 01 Jan 2024 20:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204835
IP address blocks:        195.138.204.0/24 maxlen: 24
                          91.231.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/b210f6-7ca1-47b1-9a5f-7cfdd84f734d/1/YhGQEidXeAf0toyLjyX76pxyB2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/b210f6-7ca1-47b1-9a5f-7cfdd84f734d/1/YhGQEidXeAf0toyLjyX76pxyB2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhGQEidXeAf0toyLjyX76pxyB2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:8d:b4:8d:61:02:06:64:ef:ef:89:59:7c:85:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6211901227577807f4b68c8b8f25fbea9c720762
        Validity
            Not Before: Jan  1 20:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3774db9dd7c652f93272f769d937dae1aa06fd4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:dc:14:92:4e:ca:ca:a2:9c:ef:5c:cd:43:04:
                    bb:89:ab:77:61:2d:60:5d:eb:32:3f:3c:88:78:b4:
                    54:dc:cb:31:b5:96:14:7b:b5:67:1c:6f:98:ae:a7:
                    c7:de:97:7f:57:80:a5:9c:07:98:4b:1d:e0:c5:bf:
                    da:ea:62:f9:48:eb:60:60:94:c2:5e:92:e1:b9:61:
                    52:a2:dd:ed:7c:1b:01:f6:4c:09:8b:56:74:46:7b:
                    f0:34:01:3f:71:c4:cf:66:e1:d6:70:7b:45:60:25:
                    01:db:cf:91:ae:e6:51:03:a9:d7:1b:a8:0f:d2:ea:
                    59:7f:96:0d:a3:46:37:59:73:8e:4a:00:a2:da:23:
                    5e:21:b0:2f:95:8b:05:b9:73:35:e4:06:5b:cf:0f:
                    7a:d8:6a:cb:75:7d:82:db:19:8f:33:dd:e8:db:2c:
                    f0:5a:2a:43:d4:5e:fd:ba:7e:36:00:58:71:f5:3d:
                    c2:b7:dc:4e:1b:b4:f5:78:ec:82:75:7a:4f:c0:4d:
                    b2:3b:68:ab:67:e9:e7:a1:0e:f6:f5:9b:4f:b7:8d:
                    1e:73:7a:69:17:26:3b:5e:a0:55:75:06:29:e8:dc:
                    62:1f:c7:41:62:e5:bf:cb:b1:8f:be:06:50:da:0e:
                    dc:93:c4:2b:35:ea:7c:b6:51:ea:9d:6b:75:7e:3d:
                    18:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:74:DB:9D:D7:C6:52:F9:32:72:F7:69:D9:37:DA:E1:AA:06:FD:4D
            X509v3 Authority Key Identifier:
                keyid:62:11:90:12:27:57:78:07:F4:B6:8C:8B:8F:25:FB:EA:9C:72:07:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhGQEidXeAf0toyLjyX76pxyB2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b210f6-7ca1-47b1-9a5f-7cfdd84f734d/1/N3TbndfGUvkycvdp2Tfa4aoG_U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b210f6-7ca1-47b1-9a5f-7cfdd84f734d/1/YhGQEidXeAf0toyLjyX76pxyB2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.174.0/24
                  195.138.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:06:cb:ea:46:7c:7d:ca:8b:4c:01:59:03:51:b4:e8:eb:7f:
         aa:f5:3d:1e:5b:0b:95:73:3c:15:15:a3:3f:50:a0:ee:5f:d0:
         68:b8:7b:c8:41:53:7a:98:51:52:95:eb:8f:35:6d:6e:57:24:
         2b:7a:57:01:94:a3:03:3a:e6:5b:9f:4c:e7:b1:16:12:cc:6b:
         d7:8f:5b:93:f3:22:b4:df:de:c4:0d:05:c3:37:55:56:84:bc:
         80:c2:e1:30:8f:a3:fc:4f:f7:7e:b6:b4:4c:1c:64:01:00:40:
         5f:5f:b3:3d:67:6c:78:35:82:81:64:11:ba:3f:95:1d:85:1c:
         63:73:71:35:51:6f:3d:36:47:31:9d:7c:63:a0:af:7f:f1:9a:
         f4:92:48:d0:aa:8c:e7:f3:47:cd:45:a1:f6:10:f5:39:5d:2b:
         56:c5:4b:c6:54:5c:29:94:dd:91:4e:4e:a8:eb:2e:a8:4b:76:
         d8:d6:99:90:47:c7:b1:e5:44:29:dd:f9:ab:fe:04:31:90:d8:
         79:5b:1a:a9:9c:5d:41:bf:6a:6d:59:cb:08:aa:86:a9:17:e9:
         67:78:26:1c:f1:65:40:dc:d1:9b:9b:67:bd:af:5b:c9:27:78:
         73:40:d0:ef:6d:be:85:8f:46:f9:a5:2b:fa:98:ef:25:bc:c0:
         fd:7c:8d:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuI20jWECBmTv74lZfIV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTE5MDEyMjc1Nzc4MDdmNGI2OGM4YjhmMjVmYmVhOWM3
MjA3NjIwHhcNMjQwMTAxMjAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzc0ZGI5ZGQ3YzY1MmY5MzI3MmY3NjlkOTM3ZGFlMWFhMDZmZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9wUkk7KyqKc71zNQwS7iat3YS1g
XesyPzyIeLRU3MsxtZYUe7VnHG+YrqfH3pd/V4ClnAeYSx3gxb/a6mL5SOtgYJTC
XpLhuWFSot3tfBsB9kwJi1Z0RnvwNAE/ccTPZuHWcHtFYCUB28+RruZRA6nXG6gP
0upZf5YNo0Y3WXOOSgCi2iNeIbAvlYsFuXM15AZbzw962GrLdX2C2xmPM93o2yzw
WipD1F79un42AFhx9T3Ct9xOG7T1eOyCdXpPwE2yO2irZ+nnoQ729ZtPt40ec3pp
FyY7XqBVdQYp6NxiH8dBYuW/y7GPvgZQ2g7ck8QrNep8tlHqnWt1fj0YOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDd0253XxlL5MnL3adk32uGqBv1NMB8GA1UdIwQY
MBaAFGIRkBInV3gH9LaMi48l++qccgdiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhHUUVpZFhlQWYwdG95TGp5WDc2cHh5QjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iMjEwZjYtN2NhMS00N2IxLTlhNWYt
N2NmZGQ4NGY3MzRkLzEvTjNUYm5kZkdVdmt5Y3ZkcDJUZmE0YW9HX1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iMjEwZjYtN2NhMS00N2IxLTlhNWYtN2NmZGQ4NGY3MzRk
LzEvWWhHUUVpZFhlQWYwdG95TGp5WDc2cHh5QjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+euAwQA
w4rMMA0GCSqGSIb3DQEBCwUAA4IBAQADBsvqRnx9yotMAVkDUbTo63+q9T0eWwuV
czwVFaM/UKDuX9BouHvIQVN6mFFSleuPNW1uVyQrelcBlKMDOuZbn0znsRYSzGvX
j1uT8yK0397EDQXDN1VWhLyAwuEwj6P8T/d+trRMHGQBAEBfX7M9Z2x4NYKBZBG6
P5UdhRxjc3E1UW89NkcxnXxjoK9/8Zr0kkjQqozn80fNRaH2EPU5XStWxUvGVFwp
lN2RTk6o6y6oS3bY1pmQR8ex5UQp3fmr/gQxkNh5WxqpnF1Bv2ptWcsIqoapF+ln
eCYc8WVA3NGbm2e9r1vJJ3hzQNDvbb6Fj0b5pSv6mO8lvMD9fI2g
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:43:04 2024 by rpki-client on console-fra.rpki-client.org