Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/0pq3_RjVbOLR3wab2RkMTrOIjUE.roa
File:                     0pq3_RjVbOLR3wab2RkMTrOIjUE.roa (raw, json)
Hash identifier:          ZHcf4Atqc0MQPSOcjaxzRosgvx9ICGC7QtNQKmI98jw=
Subject key identifier:   D2:9A:B7:FD:18:D5:6C:E2:D1:DF:06:9B:D9:19:0C:4E:B3:88:8D:41
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       01927A680CDD3242C90DD8F89AF8254CEB3F
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/0pq3_RjVbOLR3wab2RkMTrOIjUE.roa
Signing time:             Fri 11 Oct 2024 07:08:12 +0000
ROA not before:           Fri 11 Oct 2024 07:08:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213274
IP address blocks:        89.252.142.0/24 maxlen: 24
                          89.252.152.0/24 maxlen: 24
                          89.252.157.0/24 maxlen: 24
                          94.102.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:68:0c:dd:32:42:c9:0d:d8:f8:9a:f8:25:4c:eb:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Oct 11 07:08:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d29ab7fd18d56ce2d1df069bd9190c4eb3888d41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:49:25:21:5b:74:89:e4:c4:f2:5c:bd:12:21:
                    77:79:6b:c4:b4:93:1f:76:39:f7:65:90:12:93:ea:
                    48:a7:d4:e4:c7:28:8d:44:0c:63:6d:a0:a4:f5:a9:
                    30:5d:03:60:4e:fd:03:00:af:56:e4:ba:53:4b:c7:
                    b8:15:94:83:c3:2c:4b:63:3a:09:d8:f7:12:c2:e1:
                    59:47:31:54:a2:a8:29:df:a5:30:f6:b1:77:c0:09:
                    38:81:62:b5:6b:10:2f:3c:08:f4:db:1f:67:36:5b:
                    28:7d:3a:c4:3e:02:f5:50:c5:d0:c0:e5:ea:0b:78:
                    99:f3:17:86:ac:f8:7f:91:60:46:4f:c2:f6:7e:94:
                    60:08:d1:bf:a1:b2:9e:7b:29:88:a0:5e:94:fd:6c:
                    dd:d5:7b:c7:27:5e:fe:b8:a8:3f:c0:e2:cd:f1:b1:
                    79:4b:cf:11:11:68:16:c3:92:17:fc:4d:9c:e7:c3:
                    0e:5d:4d:eb:df:fb:97:62:15:22:69:51:7e:f7:c3:
                    2e:6d:48:fb:c0:04:72:43:ae:46:b2:b9:8e:5a:5a:
                    e7:51:a0:57:2f:af:34:43:02:4c:60:d6:95:12:cd:
                    9b:3a:a1:36:8a:d1:67:e3:aa:fc:36:5e:d2:a9:c2:
                    59:69:cf:4e:d6:af:a9:90:b7:28:3c:a4:67:85:f9:
                    83:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:9A:B7:FD:18:D5:6C:E2:D1:DF:06:9B:D9:19:0C:4E:B3:88:8D:41
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/0pq3_RjVbOLR3wab2RkMTrOIjUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.142.0/24
                  89.252.152.0/24
                  89.252.157.0/24
                  94.102.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:58:75:16:6f:12:08:d6:e8:1e:57:b8:83:04:80:8c:61:b9:
         17:17:5e:59:ee:7d:92:08:28:5d:09:2e:20:eb:30:c3:ea:fd:
         1a:32:73:5d:1c:b2:eb:ba:57:7f:2a:4c:bd:0e:b1:85:3c:70:
         bc:53:b1:e9:87:3e:21:81:e6:65:08:24:a2:24:a7:8f:19:ce:
         41:23:97:39:26:b2:1f:45:15:c8:64:8c:87:7a:38:28:6a:c5:
         cf:cc:0f:81:ee:d8:d8:da:75:4d:77:40:5e:c8:81:ff:29:28:
         18:6f:4b:dd:f8:00:6a:5a:67:c6:f2:0f:dc:93:47:09:cc:9f:
         d8:3b:f0:8c:b8:e2:7d:f6:db:a7:0b:e5:07:3f:74:ec:d5:0e:
         97:83:73:3d:2c:9c:2e:8a:c3:6c:f4:a2:8a:e3:d9:c9:2a:2b:
         b0:ba:53:2a:da:00:4c:e6:14:15:1c:e5:bc:fa:d0:a2:bd:71:
         1e:3c:e4:a2:a4:04:5b:45:da:16:f9:84:50:f8:55:a3:15:de:
         5d:1f:5a:fb:37:00:31:b9:5c:a1:22:8e:9c:63:40:b8:cc:59:
         cd:ee:5f:63:b0:b6:bc:21:15:56:29:7b:a9:ab:0c:b6:3c:17:
         26:07:a2:70:d3:72:71:6c:24:dc:fe:c0:cd:e0:c1:56:2d:cf:
         86:3c:fc:a6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZJ6aAzdMkLJDdj4mvglTOs/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjQxMDExMDcwODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjlhYjdmZDE4ZDU2Y2UyZDFkZjA2OWJkOTE5MGM0ZWIzODg4ZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEklIVt0ieTE8ly9EiF3eWvEtJMf
djn3ZZASk+pIp9TkxyiNRAxjbaCk9akwXQNgTv0DAK9W5LpTS8e4FZSDwyxLYzoJ
2PcSwuFZRzFUoqgp36Uw9rF3wAk4gWK1axAvPAj02x9nNlsofTrEPgL1UMXQwOXq
C3iZ8xeGrPh/kWBGT8L2fpRgCNG/obKeeymIoF6U/Wzd1XvHJ17+uKg/wOLN8bF5
S88REWgWw5IX/E2c58MOXU3r3/uXYhUiaVF+98MubUj7wARyQ65GsrmOWlrnUaBX
L680QwJMYNaVEs2bOqE2itFn46r8Nl7SqcJZac9O1q+pkLcoPKRnhfmD9QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNKat/0Y1Wzi0d8Gm9kZDE6ziI1BMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvMHBxM19SalZiT0xSM3dhYjJSa01Uck9JalVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWfyOAwQA
WfyYAwQAWfydAwQAXmYMMA0GCSqGSIb3DQEBCwUAA4IBAQCMWHUWbxII1ugeV7iD
BICMYbkXF15Z7n2SCChdCS4g6zDD6v0aMnNdHLLruld/Kky9DrGFPHC8U7Hphz4h
geZlCCSiJKePGc5BI5c5JrIfRRXIZIyHejgoasXPzA+B7tjY2nVNd0BeyIH/KSgY
b0vd+ABqWmfG8g/ck0cJzJ/YO/CMuOJ99tunC+UHP3Ts1Q6Xg3M9LJwuisNs9KKK
49nJKiuwulMq2gBM5hQVHOW8+tCivXEePOSipARbRdoW+YRQ+FWjFd5dH1r7NwAx
uVyhIo6cY0C4zFnN7l9jsLa8IRVWKXupqwy2PBcmB6Jw03JxbCTc/sDN4MFWLc+G
PPym
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:10:29 2024 by rpki-client on console-fra.rpki-client.org