Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/3waXek4Hdr5smn7q9L85HkP5gMU.roa
File:                     3waXek4Hdr5smn7q9L85HkP5gMU.roa (raw, json)
Hash identifier:          nfqi3Uh/aMwv7IDxnPZzPN8aQWH83k2ECg8j1g6wepQ=
Subject key identifier:   DF:06:97:7A:4E:07:76:BE:6C:9A:7E:EA:F4:BF:39:1E:43:F9:80:C5
Certificate issuer:       /CN=ced2d800dc6c33b69fa47291e2f15b335ea3600f
Certificate serial:       018CC348F8038E631C112425082013BCB3FE
Authority key identifier: CE:D2:D8:00:DC:6C:33:B6:9F:A4:72:91:E2:F1:5B:33:5E:A3:60:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ztLYANxsM7afpHKR4vFbM16jYA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/3waXek4Hdr5smn7q9L85HkP5gMU.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        51.149.8.0/24 maxlen: 24
                          51.149.14.0/24 maxlen: 24
                          51.149.252.0/24 maxlen: 24
                          51.149.251.0/24 maxlen: 24
                          51.149.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/ztLYANxsM7afpHKR4vFbM16jYA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/ztLYANxsM7afpHKR4vFbM16jYA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ztLYANxsM7afpHKR4vFbM16jYA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f8:03:8e:63:1c:11:24:25:08:20:13:bc:b3:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ced2d800dc6c33b69fa47291e2f15b335ea3600f
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df06977a4e0776be6c9a7eeaf4bf391e43f980c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ae:a1:2f:93:35:0a:8d:4f:12:49:fd:a4:20:
                    9a:59:dd:33:7b:0a:82:16:21:f5:18:8a:01:fd:25:
                    55:d9:e5:71:01:68:1d:70:77:cc:7c:76:84:d3:3a:
                    b3:0d:0b:2a:fd:ca:23:8e:d1:d3:0d:f6:6a:e1:34:
                    6b:bd:c8:8e:c9:34:4d:df:73:04:75:3e:8c:99:a1:
                    09:e6:5e:5d:ca:ed:38:aa:02:df:8a:7d:bc:03:dc:
                    08:e8:e0:3e:c7:ea:30:71:29:23:8f:e8:b0:aa:42:
                    4b:5f:31:20:a7:7b:b8:c9:28:f8:8a:fc:15:3c:94:
                    bc:dc:cb:a0:6f:a2:57:9b:9e:d9:0b:a5:1e:07:b0:
                    09:b2:2d:4a:01:d9:e3:28:8f:05:ac:05:a2:81:37:
                    69:2d:26:ef:12:22:e0:6e:58:16:ff:45:aa:05:5e:
                    a6:a3:e2:67:33:8b:bb:8c:d6:de:12:61:f4:66:97:
                    83:90:a3:74:18:f2:a6:00:00:36:f1:90:ad:5d:66:
                    70:68:8c:bf:08:49:b8:f3:d6:86:6b:d6:17:f6:67:
                    3d:23:ec:da:2e:f2:9f:f1:7c:ee:cc:ef:c5:37:28:
                    27:bb:f3:e2:13:51:d7:4b:80:fd:d5:38:45:ca:3c:
                    a2:e9:9b:f5:b6:4c:d4:91:28:ed:3a:4c:a5:78:51:
                    30:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:06:97:7A:4E:07:76:BE:6C:9A:7E:EA:F4:BF:39:1E:43:F9:80:C5
            X509v3 Authority Key Identifier:
                keyid:CE:D2:D8:00:DC:6C:33:B6:9F:A4:72:91:E2:F1:5B:33:5E:A3:60:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ztLYANxsM7afpHKR4vFbM16jYA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/3waXek4Hdr5smn7q9L85HkP5gMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f88857-cc05-4bdb-91e6-ed4f0643bf25/1/ztLYANxsM7afpHKR4vFbM16jYA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.149.8.0/24
                  51.149.14.0/24
                  51.149.250.0-51.149.252.255

    Signature Algorithm: sha256WithRSAEncryption
         37:86:86:ed:49:e9:20:1e:3a:7d:dd:12:bc:f6:2a:82:30:1c:
         56:db:e9:7e:7f:32:99:05:82:fa:e6:fd:4a:66:5c:3c:0a:36:
         ca:5c:94:7f:16:dd:c3:e4:b7:46:c5:7c:d8:6c:68:da:4f:9e:
         63:2d:f5:af:7d:73:98:f4:48:18:aa:10:9b:9e:fd:ad:65:bf:
         26:80:c8:93:06:ab:70:d7:ac:58:af:cd:55:89:04:01:b8:eb:
         fa:ee:82:ef:85:f3:2a:6c:97:83:d0:f7:db:cd:13:10:c8:94:
         86:69:01:65:d8:76:16:e3:4c:ac:9f:f1:b1:80:09:bb:84:a6:
         9b:64:d2:f3:9d:5e:68:d8:3b:53:99:36:ce:4a:9b:0a:6f:f5:
         2f:2d:0c:5f:13:dd:df:09:44:ce:1d:12:fc:8f:6c:14:85:fd:
         69:8f:85:f8:71:a4:ee:1d:9e:1d:f7:26:5a:a2:79:79:3a:e9:
         62:2a:c3:15:4e:0e:af:0a:2e:20:42:84:3a:11:92:82:b1:42:
         a1:47:6b:61:cd:77:1e:88:c3:de:45:ff:bb:00:75:d2:76:25:
         46:1a:46:0e:60:92:6f:b6:4e:18:2f:d0:90:62:b8:7e:d7:57:
         4d:23:df:32:8e:b4:09:0f:3a:3d:fe:23:58:b0:3b:16:49:5b:
         a4:aa:ef:33
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzDSPgDjmMcESQlCCATvLP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZDJkODAwZGM2YzMzYjY5ZmE0NzI5MWUyZjE1YjMzNWVh
MzYwMGYwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjA2OTc3YTRlMDc3NmJlNmM5YTdlZWFmNGJmMzkxZTQzZjk4MGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn66hL5M1Co1PEkn9pCCaWd0zewqC
FiH1GIoB/SVV2eVxAWgdcHfMfHaE0zqzDQsq/cojjtHTDfZq4TRrvciOyTRN33ME
dT6MmaEJ5l5dyu04qgLfin28A9wI6OA+x+owcSkjj+iwqkJLXzEgp3u4ySj4ivwV
PJS83Mugb6JXm57ZC6UeB7AJsi1KAdnjKI8FrAWigTdpLSbvEiLgblgW/0WqBV6m
o+JnM4u7jNbeEmH0ZpeDkKN0GPKmAAA28ZCtXWZwaIy/CEm489aGa9YX9mc9I+za
LvKf8XzuzO/FNygnu/PiE1HXS4D91ThFyjyi6Zv1tkzUkSjtOkyleFEwHwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFN8Gl3pOB3a+bJp+6vS/OR5D+YDFMB8GA1UdIwQY
MBaAFM7S2ADcbDO2n6RykeLxWzNeo2APMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenRMWUFOeHNNN2FmcEhLUjR2RmJNMTZqWUE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9mODg4NTctY2MwNS00YmRiLTkxZTYt
ZWQ0ZjA2NDNiZjI1LzEvM3dhWGVrNEhkcjVzbW43cTlMODVIa1A1Z01VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9mODg4NTctY2MwNS00YmRiLTkxZTYtZWQ0ZjA2NDNiZjI1
LzEvenRMWUFOeHNNN2FmcEhLUjR2RmJNMTZqWUE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAM5UIAwQA
M5UOMAwDBAEzlfoDBAAzlfwwDQYJKoZIhvcNAQELBQADggEBADeGhu1J6SAeOn3d
Erz2KoIwHFbb6X5/MpkFgvrm/UpmXDwKNspclH8W3cPkt0bFfNhsaNpPnmMt9a99
c5j0SBiqEJue/a1lvyaAyJMGq3DXrFivzVWJBAG46/rugu+F8ypsl4PQ99vNExDI
lIZpAWXYdhbjTKyf8bGACbuEpptk0vOdXmjYO1OZNs5Kmwpv9S8tDF8T3d8JRM4d
EvyPbBSF/WmPhfhxpO4dnh33JlqieXk66WIqwxVODq8KLiBChDoRkoKxQqFHa2HN
dx6Iw95F/7sAddJ2JUYaRg5gkm+2Thgv0JBiuH7XV00j3zKOtAkPOj3+I1iwOxZJ
W6Sq7zM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:53:57 2024 by rpki-client on console-fra.rpki-client.org