Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/eX3uwQ2TPk0pcGf-IlqLjdsRFbg.roa
File:                     eX3uwQ2TPk0pcGf-IlqLjdsRFbg.roa (raw, json)
Hash identifier:          DTM4fXfQJ4S/hnTLfiNjQOA9uGDWyuqyJOlMo5qDrQ0=
Subject key identifier:   79:7D:EE:C1:0D:93:3E:4D:29:70:67:FE:22:5A:8B:8D:DB:11:15:B8
Certificate issuer:       /CN=004a758a2b0a7e938a9f0dee642cec5e410276b5
Certificate serial:       018CCA28432471607FF6BC2F48D52FA443D3
Authority key identifier: 00:4A:75:8A:2B:0A:7E:93:8A:9F:0D:EE:64:2C:EC:5E:41:02:76:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AEp1iisKfpOKnw3uZCzsXkECdrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/eX3uwQ2TPk0pcGf-IlqLjdsRFbg.roa
Signing time:             Tue 02 Jan 2024 12:31:25 +0000
ROA not before:           Tue 02 Jan 2024 12:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31103
IP address blocks:        195.160.228.0/24 maxlen: 24
                          195.160.231.0/24 maxlen: 24
                          195.160.230.0/24 maxlen: 24
                          195.160.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/AEp1iisKfpOKnw3uZCzsXkECdrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/AEp1iisKfpOKnw3uZCzsXkECdrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AEp1iisKfpOKnw3uZCzsXkECdrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:43:24:71:60:7f:f6:bc:2f:48:d5:2f:a4:43:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=004a758a2b0a7e938a9f0dee642cec5e410276b5
        Validity
            Not Before: Jan  2 12:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=797deec10d933e4d297067fe225a8b8ddb1115b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6c:0e:bc:eb:11:2d:48:d4:34:0f:91:b0:f4:
                    37:cc:ac:b3:70:50:dc:01:e2:16:4a:57:65:c7:04:
                    b6:d8:10:b0:66:d7:9b:41:5a:f9:72:04:5e:9f:31:
                    57:0d:b9:11:02:ba:56:4f:b5:7c:19:7a:d4:70:ff:
                    95:6f:56:20:b9:39:79:2e:85:80:3f:e8:4a:33:fd:
                    6e:4c:46:a0:99:2a:f0:dc:bc:38:fe:36:4b:e3:4c:
                    e5:0d:1b:00:bb:22:d7:e8:b1:c9:b7:46:e9:61:d5:
                    a7:b4:ad:63:ce:95:c8:8f:11:c5:41:9b:d5:16:14:
                    07:24:21:d4:73:27:ee:e5:21:87:f2:ef:fb:91:1d:
                    6f:a4:1e:a5:7b:b7:22:e5:0f:65:c3:56:2f:40:97:
                    56:08:34:ba:44:6f:b9:9c:f7:80:84:24:21:3f:ec:
                    57:27:72:e2:d6:b3:ae:b6:58:9a:a5:d6:22:93:1a:
                    f0:a8:35:b9:48:4d:f8:c2:1a:d8:d3:2b:8a:6a:f1:
                    76:cf:d6:98:ef:8d:8d:c7:b0:b7:b5:2f:41:e6:cf:
                    55:f8:e5:ce:cd:78:9a:48:f8:ef:57:94:43:97:35:
                    3e:21:20:b4:e6:c3:36:fa:da:68:91:8e:27:f2:ba:
                    d2:2d:6c:28:35:0f:2b:c5:7a:e7:cc:c8:19:df:26:
                    03:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:7D:EE:C1:0D:93:3E:4D:29:70:67:FE:22:5A:8B:8D:DB:11:15:B8
            X509v3 Authority Key Identifier:
                keyid:00:4A:75:8A:2B:0A:7E:93:8A:9F:0D:EE:64:2C:EC:5E:41:02:76:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AEp1iisKfpOKnw3uZCzsXkECdrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/eX3uwQ2TPk0pcGf-IlqLjdsRFbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/AEp1iisKfpOKnw3uZCzsXkECdrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:c5:6f:ce:0c:d6:ca:6b:32:6c:36:83:1b:6f:53:b9:8a:65:
         5d:7f:8f:40:07:bb:73:1a:65:7d:83:aa:4e:0e:55:dc:38:e8:
         a7:28:6f:7c:91:1c:45:3d:4d:5e:7d:9c:84:ea:b1:7e:f9:ac:
         c3:41:bb:f0:41:23:b9:3c:b1:50:0b:8e:98:04:78:44:8f:75:
         63:92:8b:81:ef:ad:66:0e:a2:95:59:20:dd:47:8d:bb:61:06:
         74:79:7b:74:42:56:f4:36:45:c7:f1:c8:33:18:c9:5f:86:0a:
         79:55:d8:49:12:3a:99:5a:8a:77:bf:90:87:d6:85:76:50:94:
         56:71:aa:ba:53:8d:9c:d3:b7:7e:e7:3b:d9:05:a8:ae:27:29:
         f2:a3:06:09:7c:29:63:ad:21:36:aa:fe:f0:6a:9a:75:ce:25:
         7a:64:01:a9:c5:c7:f3:0a:8b:d9:b8:03:ee:d9:2e:fd:32:0a:
         35:6a:32:03:e1:16:4d:2f:dd:a4:f3:ac:d2:dd:e9:4a:0f:cc:
         6a:ac:c9:6e:24:bc:4a:21:9f:31:0d:53:58:ba:79:51:d7:14:
         cd:fd:3b:25:f3:da:bb:ee:02:d6:8b:2d:e6:7c:5c:97:3c:c8:
         6d:36:4b:7b:3d:8f:ed:1c:f3:ff:6a:83:53:c4:1c:a3:87:d8:
         b7:a5:08:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKEMkcWB/9rwvSNUvpEPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNGE3NThhMmIwYTdlOTM4YTlmMGRlZTY0MmNlYzVlNDEw
Mjc2YjUwHhcNMjQwMTAyMTIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTdkZWVjMTBkOTMzZTRkMjk3MDY3ZmUyMjVhOGI4ZGRiMTExNWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGwOvOsRLUjUNA+RsPQ3zKyzcFDc
AeIWSldlxwS22BCwZtebQVr5cgRenzFXDbkRArpWT7V8GXrUcP+Vb1YguTl5LoWA
P+hKM/1uTEagmSrw3Lw4/jZL40zlDRsAuyLX6LHJt0bpYdWntK1jzpXIjxHFQZvV
FhQHJCHUcyfu5SGH8u/7kR1vpB6le7ci5Q9lw1YvQJdWCDS6RG+5nPeAhCQhP+xX
J3Li1rOutliapdYikxrwqDW5SE34whrY0yuKavF2z9aY742Nx7C3tS9B5s9V+OXO
zXiaSPjvV5RDlzU+ISC05sM2+tpokY4n8rrSLWwoNQ8rxXrnzMgZ3yYDnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHl97sENkz5NKXBn/iJai43bERW4MB8GA1UdIwQY
MBaAFABKdYorCn6Tip8N7mQs7F5BAna1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUVwMWlpc0tmcE9LbnczdVpDenNYa0VDZHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9iZjU5MTUtOTZhYS00ZGFkLWFmMmEt
MDExMDI3MmRlYzE3LzEvZVgzdXdRMlRQazBwY0dmLUlscUxqZHNSRmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9iZjU5MTUtOTZhYS00ZGFkLWFmMmEtMDExMDI3MmRlYzE3
LzEvQUVwMWlpc0tmcE9LbnczdVpDenNYa0VDZHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw6DkMA0G
CSqGSIb3DQEBCwUAA4IBAQApxW/ODNbKazJsNoMbb1O5imVdf49AB7tzGmV9g6pO
DlXcOOinKG98kRxFPU1efZyE6rF++azDQbvwQSO5PLFQC46YBHhEj3VjkouB761m
DqKVWSDdR427YQZ0eXt0Qlb0NkXH8cgzGMlfhgp5VdhJEjqZWop3v5CH1oV2UJRW
caq6U42c07d+5zvZBaiuJynyowYJfCljrSE2qv7wapp1ziV6ZAGpxcfzCovZuAPu
2S79Mgo1ajID4RZNL92k86zS3elKD8xqrMluJLxKIZ8xDVNYunlR1xTN/Tsl89q7
7gLWiy3mfFyXPMhtNkt7PY/tHPP/aoNTxByjh9i3pQir
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:28:51 2024 by rpki-client on console-ams.rpki-client.org