Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/3ebe30-ee89-48de-874c-b469db10b68a/1/R-s3SqkIcxrQAlUsiSw5hg8lK_M.roa
File:                     R-s3SqkIcxrQAlUsiSw5hg8lK_M.roa (raw, json)
Hash identifier:          XJ6263TEuQHs8Xl5XS5jB7PJ/ROzAkqReOIG8HHjpLE=
Subject key identifier:   47:EB:37:4A:A9:08:73:1A:D0:02:55:2C:89:2C:39:86:0F:25:2B:F3
Certificate issuer:       /CN=654d96672a59ec3895fc15847aca1b29db791244
Certificate serial:       018DA8A0410B8EF63581AF72811FAFA01251
Authority key identifier: 65:4D:96:67:2A:59:EC:38:95:FC:15:84:7A:CA:1B:29:DB:79:12:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZU2WZypZ7DiV_BWEesobKdt5EkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/3ebe30-ee89-48de-874c-b469db10b68a/1/R-s3SqkIcxrQAlUsiSw5hg8lK_M.roa
Signing time:             Wed 14 Feb 2024 17:18:11 +0000
ROA not before:           Wed 14 Feb 2024 17:18:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     327909
IP address blocks:        193.151.244.0/24 maxlen: 24
                          2a13:6040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/3ebe30-ee89-48de-874c-b469db10b68a/1/ZU2WZypZ7DiV_BWEesobKdt5EkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/3ebe30-ee89-48de-874c-b469db10b68a/1/ZU2WZypZ7DiV_BWEesobKdt5EkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZU2WZypZ7DiV_BWEesobKdt5EkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:a0:41:0b:8e:f6:35:81:af:72:81:1f:af:a0:12:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=654d96672a59ec3895fc15847aca1b29db791244
        Validity
            Not Before: Feb 14 17:18:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47eb374aa908731ad002552c892c39860f252bf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:47:53:6d:8a:5a:06:b7:8a:02:65:c7:c9:4a:
                    b7:dd:04:51:91:0b:05:c5:b9:1a:20:58:5f:c3:df:
                    7d:77:9f:31:68:fc:1f:bf:bd:16:d8:96:ec:4f:a0:
                    1e:c4:08:ae:d8:96:24:50:3b:12:85:ba:86:bf:16:
                    be:50:15:e1:6b:49:09:fa:34:b7:60:83:ed:67:e7:
                    57:31:1e:7b:6a:3f:61:75:0a:dd:b7:78:c4:23:d6:
                    d5:56:5c:e6:a9:46:b4:c6:70:2f:97:86:49:cd:4d:
                    07:8e:85:f9:03:05:d1:a2:f4:57:14:66:0c:a1:f4:
                    7e:ae:79:72:0a:1d:d7:02:a3:45:62:a9:30:14:d0:
                    48:fe:8c:29:cb:85:1e:60:2e:b2:90:3a:87:a3:86:
                    c7:84:17:93:91:09:cd:3b:6b:9d:d9:47:f5:56:26:
                    6a:76:61:a5:4d:94:fd:2a:b7:73:f5:f9:58:71:64:
                    dc:52:0e:25:53:32:a7:d1:f5:ff:19:24:70:a9:08:
                    db:02:4d:66:bc:07:53:cf:0f:7b:dd:bf:1a:56:f0:
                    2a:63:34:29:c0:a3:e3:6a:d1:30:c3:37:74:8d:b9:
                    d1:0e:08:ee:5f:c3:0b:07:0d:e4:2f:72:53:c6:6c:
                    ae:8c:b8:c5:ba:62:0d:ff:27:0b:fa:72:41:95:ad:
                    ff:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:EB:37:4A:A9:08:73:1A:D0:02:55:2C:89:2C:39:86:0F:25:2B:F3
            X509v3 Authority Key Identifier:
                keyid:65:4D:96:67:2A:59:EC:38:95:FC:15:84:7A:CA:1B:29:DB:79:12:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZU2WZypZ7DiV_BWEesobKdt5EkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3ebe30-ee89-48de-874c-b469db10b68a/1/R-s3SqkIcxrQAlUsiSw5hg8lK_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3ebe30-ee89-48de-874c-b469db10b68a/1/ZU2WZypZ7DiV_BWEesobKdt5EkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.244.0/24
                IPv6:
                  2a13:6040::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:63:36:e3:4f:7e:69:90:04:7c:6b:31:7c:e0:f7:27:37:4f:
         1c:67:75:35:34:9d:13:9b:da:18:28:60:f0:94:79:f5:47:a0:
         7b:3c:80:5c:5d:58:98:99:17:25:ca:5b:1e:6e:30:ca:52:24:
         da:39:e7:5b:07:97:6c:50:ff:85:c6:5c:9f:ef:f1:81:a2:ad:
         c8:f1:a1:60:03:ac:bc:22:3e:6e:a5:e4:69:1d:72:d3:ee:85:
         95:23:36:62:15:2f:38:d7:c2:af:f9:72:ef:28:62:09:fb:c0:
         08:41:2c:b1:cc:bc:1a:c3:89:07:37:7a:2d:b7:a9:2e:c5:b4:
         15:a6:8f:5b:f1:eb:15:bd:3c:d8:fb:85:c1:f2:1e:70:f3:96:
         ac:9e:d6:34:dc:86:4f:9e:12:12:73:27:a3:e3:d4:43:c9:c7:
         6b:0c:0f:d7:f1:68:8f:6d:e8:40:df:5c:21:5f:87:22:80:8f:
         e1:a8:fe:0a:48:6d:55:e0:2f:35:16:97:c8:1a:14:32:ff:1d:
         a2:4b:cb:14:88:b7:71:ca:32:0c:9e:14:75:f7:3e:c2:6e:b3:
         82:97:0a:a1:4f:16:60:f6:a6:79:d1:fb:dd:33:f2:4b:81:13:
         6a:17:4a:02:d2:34:b3:ca:1e:df:6a:23:84:f7:7a:8b:47:f5:
         7e:c9:68:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2ooEELjvY1ga9ygR+voBJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NGQ5NjY3MmE1OWVjMzg5NWZjMTU4NDdhY2ExYjI5ZGI3
OTEyNDQwHhcNMjQwMjE0MTcxODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2ViMzc0YWE5MDg3MzFhZDAwMjU1MmM4OTJjMzk4NjBmMjUyYmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0dTbYpaBreKAmXHyUq33QRRkQsF
xbkaIFhfw999d58xaPwfv70W2JbsT6AexAiu2JYkUDsShbqGvxa+UBXha0kJ+jS3
YIPtZ+dXMR57aj9hdQrdt3jEI9bVVlzmqUa0xnAvl4ZJzU0HjoX5AwXRovRXFGYM
ofR+rnlyCh3XAqNFYqkwFNBI/owpy4UeYC6ykDqHo4bHhBeTkQnNO2ud2Uf1ViZq
dmGlTZT9Krdz9flYcWTcUg4lUzKn0fX/GSRwqQjbAk1mvAdTzw973b8aVvAqYzQp
wKPjatEwwzd0jbnRDgjuX8MLBw3kL3JTxmyujLjFumIN/ycL+nJBla3/sQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEfrN0qpCHMa0AJVLIksOYYPJSvzMB8GA1UdIwQY
MBaAFGVNlmcqWew4lfwVhHrKGynbeRJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlUyV1p5cFo3RGlWX0JXRWVzb2JLZHQ1RWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zZWJlMzAtZWU4OS00OGRlLTg3NGMt
YjQ2OWRiMTBiNjhhLzEvUi1zM1Nxa0ljeHJRQWxVc2lTdzVoZzhsS19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zZWJlMzAtZWU4OS00OGRlLTg3NGMtYjQ2OWRiMTBiNjhh
LzEvWlUyV1p5cFo3RGlWX0JXRWVzb2JLZHQ1RWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwZf0MA0E
AgACMAcDBQMqE2BAMA0GCSqGSIb3DQEBCwUAA4IBAQAfYzbjT35pkAR8azF84Pcn
N08cZ3U1NJ0Tm9oYKGDwlHn1R6B7PIBcXViYmRclylsebjDKUiTaOedbB5dsUP+F
xlyf7/GBoq3I8aFgA6y8Ij5upeRpHXLT7oWVIzZiFS8418Kv+XLvKGIJ+8AIQSyx
zLwaw4kHN3ott6kuxbQVpo9b8esVvTzY+4XB8h5w85asntY03IZPnhIScyej49RD
ycdrDA/X8WiPbehA31whX4cigI/hqP4KSG1V4C81FpfIGhQy/x2iS8sUiLdxyjIM
nhR19z7CbrOClwqhTxZg9qZ50fvdM/JLgRNqF0oC0jSzyh7faiOE93qLR/V+yWhL
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:46:46 2024 by rpki-client on console-ams.rpki-client.org