Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/0a92df-c509-4e92-8e2b-24b8c02fa82a/1/hQxfl9VW1c9ff536F2XldmsJu-s.roa
File:                     hQxfl9VW1c9ff536F2XldmsJu-s.roa (raw, json)
Hash identifier:          FPuJJDHtsMyD9yMVp9zYylaCIHob1AWgrxMtsWNFxHA=
Subject key identifier:   85:0C:5F:97:D5:56:D5:CF:5F:7F:9D:FA:17:65:E5:76:6B:09:BB:EB
Certificate issuer:       /CN=b3b5d2b43acc0d9f07aa00aa90f025c96d5cec25
Certificate serial:       018CC9BC22BB1B7E2C016735A35DD71F2CAB
Authority key identifier: B3:B5:D2:B4:3A:CC:0D:9F:07:AA:00:AA:90:F0:25:C9:6D:5C:EC:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s7XStDrMDZ8HqgCqkPAlyW1c7CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/0a92df-c509-4e92-8e2b-24b8c02fa82a/1/hQxfl9VW1c9ff536F2XldmsJu-s.roa
Signing time:             Tue 02 Jan 2024 10:33:19 +0000
ROA not before:           Tue 02 Jan 2024 10:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207502
IP address blocks:        193.38.33.0/24 maxlen: 24
                          2a12:9e40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/0a92df-c509-4e92-8e2b-24b8c02fa82a/1/s7XStDrMDZ8HqgCqkPAlyW1c7CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/0a92df-c509-4e92-8e2b-24b8c02fa82a/1/s7XStDrMDZ8HqgCqkPAlyW1c7CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s7XStDrMDZ8HqgCqkPAlyW1c7CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:22:bb:1b:7e:2c:01:67:35:a3:5d:d7:1f:2c:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3b5d2b43acc0d9f07aa00aa90f025c96d5cec25
        Validity
            Not Before: Jan  2 10:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=850c5f97d556d5cf5f7f9dfa1765e5766b09bbeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:73:9a:5a:8b:7e:d3:2c:25:50:ac:3c:79:19:
                    a8:e0:6b:2d:0b:af:21:d7:a3:90:f8:07:22:6d:7a:
                    f2:0a:2d:80:25:66:98:a8:7c:81:d1:a2:36:bb:40:
                    ec:df:5f:47:ed:1e:1f:18:88:1f:1b:cb:83:bb:26:
                    1b:e0:f8:cc:81:a8:71:6b:9e:b9:25:f5:d3:ed:ae:
                    10:55:73:55:1e:26:ea:c5:1d:28:7a:f2:d0:2c:97:
                    32:71:ed:13:aa:42:f0:36:42:02:e8:12:ac:8c:13:
                    19:80:01:50:a8:26:7d:ea:fe:0b:b8:56:14:62:0d:
                    04:5f:9c:85:65:02:fb:8d:10:b3:39:0c:89:0f:47:
                    82:7b:24:d9:41:da:2e:00:63:72:33:ec:b5:5d:5e:
                    ac:94:8e:ae:b0:49:8e:57:1c:ec:81:e0:59:aa:11:
                    48:34:ce:51:1e:08:b0:17:a2:72:63:36:c4:97:5b:
                    ff:5f:58:a7:05:fb:c6:61:bc:91:06:73:7f:77:82:
                    32:b0:d3:df:05:90:09:77:94:67:9c:e7:56:a4:b5:
                    8b:b5:2b:b9:a1:55:0c:44:4c:45:9a:16:e9:c4:a8:
                    79:a0:5e:59:cc:f7:1a:c9:bb:22:b8:ab:4d:93:af:
                    43:25:49:0c:df:e8:98:fe:9e:d7:0b:fb:87:e0:14:
                    f0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:0C:5F:97:D5:56:D5:CF:5F:7F:9D:FA:17:65:E5:76:6B:09:BB:EB
            X509v3 Authority Key Identifier:
                keyid:B3:B5:D2:B4:3A:CC:0D:9F:07:AA:00:AA:90:F0:25:C9:6D:5C:EC:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7XStDrMDZ8HqgCqkPAlyW1c7CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0a92df-c509-4e92-8e2b-24b8c02fa82a/1/hQxfl9VW1c9ff536F2XldmsJu-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/0a92df-c509-4e92-8e2b-24b8c02fa82a/1/s7XStDrMDZ8HqgCqkPAlyW1c7CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.33.0/24
                IPv6:
                  2a12:9e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:85:63:49:43:bf:6f:57:b6:67:4e:a0:e7:0e:e7:4a:9a:32:
         ec:eb:48:fe:95:4a:42:c4:fa:f9:09:d1:18:f3:f8:2c:a4:45:
         2e:c1:ac:a7:f1:7e:3d:04:16:c7:7d:11:6e:07:b5:97:88:2b:
         31:a2:95:94:44:72:40:0a:49:78:d2:e9:06:e9:d7:26:20:d2:
         a3:49:96:46:b1:04:69:24:93:e1:c8:9b:35:a2:b0:4b:1c:fd:
         43:d4:b6:54:bf:f2:80:48:fc:42:9f:02:ef:8c:9d:02:2e:47:
         c9:de:5d:c4:0f:d8:8c:81:46:2a:9d:58:dd:68:90:a2:6a:60:
         60:c8:cc:2e:d9:ef:d1:27:4c:71:f1:a4:fe:03:23:46:17:54:
         d3:bc:bf:13:6d:0b:f7:4d:4a:a6:7a:dd:8d:42:5b:8c:35:4c:
         76:da:2e:7a:a1:72:0c:5f:37:9b:26:d4:7d:e8:89:ec:b6:43:
         a7:78:c8:cd:32:84:9e:cc:db:e5:20:8f:ad:d4:9c:f0:bc:d0:
         9d:0a:78:b0:e6:ce:c5:e0:b6:9a:e0:ef:a4:8b:5c:2f:1a:59:
         66:4f:a6:0d:c7:13:36:e7:47:50:a6:47:37:b7:15:fc:8c:24:
         ed:58:b4:5b:2d:4c:8d:33:41:f8:d3:1d:34:1a:f1:7f:2f:8c:
         4c:70:25:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvCK7G34sAWc1o13XHyyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYjVkMmI0M2FjYzBkOWYwN2FhMDBhYTkwZjAyNWM5NmQ1
Y2VjMjUwHhcNMjQwMTAyMTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTBjNWY5N2Q1NTZkNWNmNWY3ZjlkZmExNzY1ZTU3NjZiMDliYmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHOaWot+0ywlUKw8eRmo4GstC68h
16OQ+AcibXryCi2AJWaYqHyB0aI2u0Ds319H7R4fGIgfG8uDuyYb4PjMgahxa565
JfXT7a4QVXNVHibqxR0oevLQLJcyce0TqkLwNkIC6BKsjBMZgAFQqCZ96v4LuFYU
Yg0EX5yFZQL7jRCzOQyJD0eCeyTZQdouAGNyM+y1XV6slI6usEmOVxzsgeBZqhFI
NM5RHgiwF6JyYzbEl1v/X1inBfvGYbyRBnN/d4IysNPfBZAJd5RnnOdWpLWLtSu5
oVUMRExFmhbpxKh5oF5ZzPcaybsiuKtNk69DJUkM3+iY/p7XC/uH4BTw5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIUMX5fVVtXPX3+d+hdl5XZrCbvrMB8GA1UdIwQY
MBaAFLO10rQ6zA2fB6oAqpDwJcltXOwlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdYU3REck1EWjhIcWdDcWtQQWx5VzFjN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8wYTkyZGYtYzUwOS00ZTkyLThlMmIt
MjRiOGMwMmZhODJhLzEvaFF4Zmw5VlcxYzlmZjUzNkYyWGxkbXNKdS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8wYTkyZGYtYzUwOS00ZTkyLThlMmItMjRiOGMwMmZhODJh
LzEvczdYU3REck1EWjhIcWdDcWtQQWx5VzFjN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSYhMA0E
AgACMAcDBQMqEp5AMA0GCSqGSIb3DQEBCwUAA4IBAQB1hWNJQ79vV7ZnTqDnDudK
mjLs60j+lUpCxPr5CdEY8/gspEUuwayn8X49BBbHfRFuB7WXiCsxopWURHJACkl4
0ukG6dcmINKjSZZGsQRpJJPhyJs1orBLHP1D1LZUv/KASPxCnwLvjJ0CLkfJ3l3E
D9iMgUYqnVjdaJCiamBgyMwu2e/RJ0xx8aT+AyNGF1TTvL8TbQv3TUqmet2NQluM
NUx22i56oXIMXzebJtR96InstkOneMjNMoSezNvlII+t1JzwvNCdCniw5s7F4Laa
4O+ki1wvGllmT6YNxxM250dQpkc3txX8jCTtWLRbLUyNM0H40x00GvF/L4xMcCWy
-----END CERTIFICATE-----
Generated at Sat Nov 23 19:22:32 2024 by rpki-client on console-fra.rpki-client.org