Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/gh3fblMNyshrfGAmsN5Iq-02wYA.roa
File:                     gh3fblMNyshrfGAmsN5Iq-02wYA.roa (raw, json)
Hash identifier:          WotLgxYRuUIuzqYrcsflemc460BpdnEOyFA+8rWy6YA=
Subject key identifier:   82:1D:DF:6E:53:0D:CA:C8:6B:7C:60:26:B0:DE:48:AB:ED:36:C1:80
Certificate issuer:       /CN=de92a1ac8910cf5c865de5b0231b09d04e1132f3
Certificate serial:       018CC5DC133E0C959A1AB0A807531CAFB6C8
Authority key identifier: DE:92:A1:AC:89:10:CF:5C:86:5D:E5:B0:23:1B:09:D0:4E:11:32:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/gh3fblMNyshrfGAmsN5Iq-02wYA.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201320
IP address blocks:        194.48.93.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:13:3e:0c:95:9a:1a:b0:a8:07:53:1c:af:b6:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de92a1ac8910cf5c865de5b0231b09d04e1132f3
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=821ddf6e530dcac86b7c6026b0de48abed36c180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:80:b6:0e:7f:dc:e4:b0:89:a1:02:e8:c3:d1:
                    f5:ca:dd:bf:b3:51:1c:63:3d:4f:8f:d1:c4:e1:2c:
                    d5:a8:5a:04:8d:8a:d6:89:68:41:b3:fa:58:5d:60:
                    8c:99:ed:40:fd:02:33:0d:66:24:f8:8a:95:b0:4f:
                    98:45:b6:54:67:2b:de:77:55:7c:19:23:d4:e2:39:
                    0d:3f:19:9d:b3:43:4c:27:7c:dc:bb:c1:a2:38:c5:
                    5f:62:bc:0f:c7:ec:31:ba:2a:73:6f:95:5f:1d:a5:
                    41:fd:fd:ab:d0:62:e6:9f:2f:83:25:f8:a8:d2:27:
                    a0:ee:04:a1:c9:ba:fb:8b:e4:fb:96:f4:69:37:5e:
                    c4:b4:94:19:21:32:be:17:75:d3:35:97:f4:84:28:
                    2a:93:e7:c3:47:9a:72:bc:af:a9:b6:77:94:5f:b1:
                    7a:0e:f7:ab:5b:2c:0f:c8:51:ec:15:42:88:c0:39:
                    95:cf:e8:07:e4:42:b8:28:fa:d3:17:fc:7c:54:7f:
                    e1:93:f5:bc:ce:c4:5f:1e:ff:a9:32:13:19:bc:80:
                    70:60:aa:7c:9d:7c:04:b7:bb:e1:9d:f8:0f:7f:9f:
                    1a:4e:48:12:80:c8:f3:d3:45:68:64:7f:8d:e4:53:
                    86:a0:c4:be:f3:83:3d:1e:d0:50:21:15:a8:53:60:
                    e1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1D:DF:6E:53:0D:CA:C8:6B:7C:60:26:B0:DE:48:AB:ED:36:C1:80
            X509v3 Authority Key Identifier:
                keyid:DE:92:A1:AC:89:10:CF:5C:86:5D:E5:B0:23:1B:09:D0:4E:11:32:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/gh3fblMNyshrfGAmsN5Iq-02wYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4377d6-515c-420a-9134-69e337884cc9/1/3pKhrIkQz1yGXeWwIxsJ0E4RMvM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:5a:2f:66:0e:3e:6e:9b:9e:fb:a7:a5:6e:86:19:3d:b9:61:
         ce:3c:eb:1e:5c:40:dd:58:ed:6a:03:a4:5b:56:b9:3f:32:6d:
         07:23:98:e9:1f:0c:d1:8b:14:f3:51:40:9a:69:12:6a:95:48:
         c0:94:76:3c:c7:87:27:fd:f7:06:3b:9b:b2:50:f3:d9:7e:f9:
         6e:53:44:df:02:56:5e:e1:f0:4b:74:e5:78:77:90:60:2e:33:
         f8:7d:78:8f:1c:b4:03:1a:8e:ed:45:99:3d:d9:aa:23:f9:42:
         9c:1d:61:6c:c4:3c:05:ef:3f:ea:b7:e6:2d:3f:91:aa:b4:31:
         e2:63:e4:c1:44:97:ba:7f:e1:dd:f2:89:20:9f:25:d1:67:24:
         7b:4b:b8:09:f6:d1:9b:6e:46:f4:7e:cc:ae:44:00:98:fd:b4:
         61:d4:2f:6f:71:af:7b:e1:39:ca:9e:2b:5a:a7:fd:a7:a5:bb:
         02:40:31:61:94:c2:73:df:07:aa:02:87:72:d2:7d:8c:bd:df:
         65:a7:b1:86:75:f4:d0:4c:7d:f2:cc:7e:c8:55:ac:3b:3f:a3:
         27:c3:b3:28:c0:5b:8f:9b:d0:29:a1:c6:2b:ce:10:48:27:47:
         8d:c9:e3:9f:ff:6e:56:38:01:7a:d9:37:37:74:fe:a4:07:6d:
         df:a9:bb:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BM+DJWaGrCoB1Mcr7bIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOTJhMWFjODkxMGNmNWM4NjVkZTViMDIzMWIwOWQwNGUx
MTMyZjMwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjFkZGY2ZTUzMGRjYWM4NmI3YzYwMjZiMGRlNDhhYmVkMzZjMTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoC2Dn/c5LCJoQLow9H1yt2/s1Ec
Yz1Pj9HE4SzVqFoEjYrWiWhBs/pYXWCMme1A/QIzDWYk+IqVsE+YRbZUZyved1V8
GSPU4jkNPxmds0NMJ3zcu8GiOMVfYrwPx+wxuipzb5VfHaVB/f2r0GLmny+DJfio
0ieg7gShybr7i+T7lvRpN17EtJQZITK+F3XTNZf0hCgqk+fDR5pyvK+ptneUX7F6
DverWywPyFHsFUKIwDmVz+gH5EK4KPrTF/x8VH/hk/W8zsRfHv+pMhMZvIBwYKp8
nXwEt7vhnfgPf58aTkgSgMjz00VoZH+N5FOGoMS+84M9HtBQIRWoU2DhVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIId325TDcrIa3xgJrDeSKvtNsGAMB8GA1UdIwQY
MBaAFN6SoayJEM9chl3lsCMbCdBOETLzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3BLaHJJa1F6MXlHWGVXd0l4c0owRTRSTXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80Mzc3ZDYtNTE1Yy00MjBhLTkxMzQt
NjllMzM3ODg0Y2M5LzEvZ2gzZmJsTU55c2hyZkdBbXNONUlxLTAyd1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80Mzc3ZDYtNTE1Yy00MjBhLTkxMzQtNjllMzM3ODg0Y2M5
LzEvM3BLaHJJa1F6MXlHWGVXd0l4c0owRTRSTXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjBdMA0G
CSqGSIb3DQEBCwUAA4IBAQBMWi9mDj5um577p6Vuhhk9uWHOPOseXEDdWO1qA6Rb
Vrk/Mm0HI5jpHwzRixTzUUCaaRJqlUjAlHY8x4cn/fcGO5uyUPPZfvluU0TfAlZe
4fBLdOV4d5BgLjP4fXiPHLQDGo7tRZk92aoj+UKcHWFsxDwF7z/qt+YtP5GqtDHi
Y+TBRJe6f+Hd8okgnyXRZyR7S7gJ9tGbbkb0fsyuRACY/bRh1C9vca974TnKnita
p/2npbsCQDFhlMJz3weqAody0n2Mvd9lp7GGdfTQTH3yzH7IVaw7P6Mnw7MowFuP
m9ApocYrzhBIJ0eNyeOf/25WOAF62Tc3dP6kB23fqbse
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:28:14 2024 by rpki-client on console-fra.rpki-client.org