Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/LrF3ewaN8xxSarIZBXtlZ64Mqeg.roa
File:                     LrF3ewaN8xxSarIZBXtlZ64Mqeg.roa (raw, json)
Hash identifier:          a9UBgfue1DKLR8rhYrlpbM0Y6A4cQI95IYECkqL8JtM=
Subject key identifier:   2E:B1:77:7B:06:8D:F3:1C:52:6A:B2:19:05:7B:65:67:AE:0C:A9:E8
Certificate issuer:       /CN=74d7da63929999603395877448ce50ac6e0213a9
Certificate serial:       018CC801EC8F599A70710F0AEC08397F72A7
Authority key identifier: 74:D7:DA:63:92:99:99:60:33:95:87:74:48:CE:50:AC:6E:02:13:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dNfaY5KZmWAzlYd0SM5QrG4CE6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/LrF3ewaN8xxSarIZBXtlZ64Mqeg.roa
Signing time:             Tue 02 Jan 2024 02:30:18 +0000
ROA not before:           Tue 02 Jan 2024 02:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.16.56.0/22 maxlen: 22
                          193.16.60.0/23 maxlen: 23
                          193.16.62.0/24 maxlen: 24
                          193.16.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/dNfaY5KZmWAzlYd0SM5QrG4CE6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/dNfaY5KZmWAzlYd0SM5QrG4CE6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dNfaY5KZmWAzlYd0SM5QrG4CE6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ec:8f:59:9a:70:71:0f:0a:ec:08:39:7f:72:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74d7da63929999603395877448ce50ac6e0213a9
        Validity
            Not Before: Jan  2 02:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eb1777b068df31c526ab219057b6567ae0ca9e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:5c:16:ff:68:6d:c0:54:05:2e:b5:f9:05:fc:
                    aa:4d:c5:e9:08:b4:b9:e6:e9:6a:d2:ea:97:b8:de:
                    a6:77:dd:7b:1a:2f:5c:c9:95:77:05:97:ea:93:90:
                    3d:47:39:b8:00:6a:4b:cd:f2:7b:8c:b5:24:b7:e7:
                    bb:88:39:4d:75:ce:2a:49:e0:29:d2:37:27:91:4b:
                    0f:e0:bd:c6:66:c2:85:a7:d9:92:b7:5e:6e:3c:fd:
                    43:e3:6e:a9:38:da:ec:38:9e:2b:b0:db:9d:67:fa:
                    4c:a3:b2:3b:be:b4:7d:97:c0:64:11:de:58:e7:89:
                    4f:95:35:67:e7:c1:e4:d7:92:59:e8:f0:41:7d:07:
                    24:3b:28:73:94:70:c6:f9:52:1c:57:2f:72:e5:ec:
                    ec:26:a1:7c:61:46:30:ce:92:d8:bd:5f:f7:d3:f1:
                    5c:56:1d:0e:b9:f6:4c:c7:06:e7:e8:e0:d5:92:1b:
                    e6:e0:16:4c:c2:3b:bf:9e:cf:4d:a7:7c:0e:0c:be:
                    a3:04:17:f3:15:10:a2:a9:c9:57:a1:d7:c0:b3:f2:
                    6a:78:37:c5:9e:ad:d7:34:83:27:5d:b8:33:62:94:
                    26:a8:3e:ee:51:6b:38:88:e7:4b:56:92:5b:41:26:
                    78:e7:ac:da:d8:fe:43:6a:8b:c8:67:ff:4f:b0:82:
                    63:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B1:77:7B:06:8D:F3:1C:52:6A:B2:19:05:7B:65:67:AE:0C:A9:E8
            X509v3 Authority Key Identifier:
                keyid:74:D7:DA:63:92:99:99:60:33:95:87:74:48:CE:50:AC:6E:02:13:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dNfaY5KZmWAzlYd0SM5QrG4CE6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/LrF3ewaN8xxSarIZBXtlZ64Mqeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/0eb852-af34-4cb9-872e-4b5d5d5f8699/1/dNfaY5KZmWAzlYd0SM5QrG4CE6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.48.0-193.16.62.255

    Signature Algorithm: sha256WithRSAEncryption
         3e:76:45:b2:e6:50:46:92:36:4e:e7:f1:ed:81:c8:31:a1:68:
         2c:3b:08:44:52:ec:81:ea:61:af:af:ca:73:63:c4:87:23:be:
         15:99:95:05:c1:94:33:1f:cf:dc:8a:df:9e:4b:82:b9:eb:6c:
         8b:dc:15:9f:cf:0d:ae:ba:4e:58:8b:c1:6d:aa:94:a0:92:6c:
         fb:b2:fa:3c:ca:38:6a:62:07:3c:ed:49:9a:bd:8b:49:c8:de:
         9d:80:ec:aa:fa:6e:20:fe:15:e1:53:01:12:e1:86:62:6e:7e:
         15:4f:a1:06:a5:40:ad:3f:35:94:f0:7e:8c:af:1c:fb:97:de:
         fa:a6:d3:6a:bd:91:65:52:fa:7d:c4:88:3a:ee:c6:59:75:09:
         8d:1c:56:da:ca:8b:25:e1:a2:53:62:90:57:56:3a:ff:71:87:
         bb:16:83:d4:12:f0:ce:d5:3b:fe:12:10:df:a2:12:71:1e:7c:
         30:70:47:4d:0c:cb:24:08:e9:05:b4:c7:c9:72:56:5a:fe:f4:
         f8:b9:90:4a:38:4c:1f:54:2f:55:61:98:63:80:3e:e1:c5:d7:
         1e:9f:49:26:ac:29:f8:b5:32:27:39:0c:78:18:12:75:d3:4c:
         26:9c:a0:0c:b5:0c:dc:dd:59:4f:14:ba:b4:49:e2:04:2d:b0:
         7d:a2:1f:52
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIAeyPWZpwcQ8K7Ag5f3KnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZDdkYTYzOTI5OTk5NjAzMzk1ODc3NDQ4Y2U1MGFjNmUw
MjEzYTkwHhcNMjQwMTAyMDIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWIxNzc3YjA2OGRmMzFjNTI2YWIyMTkwNTdiNjU2N2FlMGNhOWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1wW/2htwFQFLrX5BfyqTcXpCLS5
5ulq0uqXuN6md917Gi9cyZV3BZfqk5A9Rzm4AGpLzfJ7jLUkt+e7iDlNdc4qSeAp
0jcnkUsP4L3GZsKFp9mSt15uPP1D426pONrsOJ4rsNudZ/pMo7I7vrR9l8BkEd5Y
54lPlTVn58Hk15JZ6PBBfQckOyhzlHDG+VIcVy9y5ezsJqF8YUYwzpLYvV/30/Fc
Vh0OufZMxwbn6ODVkhvm4BZMwju/ns9Np3wODL6jBBfzFRCiqclXodfAs/JqeDfF
nq3XNIMnXbgzYpQmqD7uUWs4iOdLVpJbQSZ456za2P5DaovIZ/9PsIJjQQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC6xd3sGjfMcUmqyGQV7ZWeuDKnoMB8GA1UdIwQY
MBaAFHTX2mOSmZlgM5WHdEjOUKxuAhOpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE5mYVk1S1ptV0F6bFlkMFNNNVFyRzRDRTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wZWI4NTItYWYzNC00Y2I5LTg3MmUt
NGI1ZDVkNWY4Njk5LzEvTHJGM2V3YU44eHhTYXJJWkJYdGxaNjRNcWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wZWI4NTItYWYzNC00Y2I5LTg3MmUtNGI1ZDVkNWY4Njk5
LzEvZE5mYVk1S1ptV0F6bFlkMFNNNVFyRzRDRTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATBEDAD
BADBED4wDQYJKoZIhvcNAQELBQADggEBAD52RbLmUEaSNk7n8e2ByDGhaCw7CERS
7IHqYa+vynNjxIcjvhWZlQXBlDMfz9yK355LgrnrbIvcFZ/PDa66TliLwW2qlKCS
bPuy+jzKOGpiBzztSZq9i0nI3p2A7Kr6biD+FeFTARLhhmJufhVPoQalQK0/NZTw
foyvHPuX3vqm02q9kWVS+n3EiDruxll1CY0cVtrKiyXholNikFdWOv9xh7sWg9QS
8M7VO/4SEN+iEnEefDBwR00MyyQI6QW0x8lyVlr+9Pi5kEo4TB9UL1VhmGOAPuHF
1x6fSSasKfi1Mic5DHgYEnXTTCacoAy1DNzdWU8UurRJ4gQtsH2iH1I=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:46:20 2024 by rpki-client on console-ams.rpki-client.org