Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/0xwLNVwWjhjeovq_nf0f-DeXIls.roa
File:                     0xwLNVwWjhjeovq_nf0f-DeXIls.roa (raw, json)
Hash identifier:          fq4Nfj++baJRi6TQevoaMtbSB0RLEB1CAzpBILbzHPs=
Subject key identifier:   D3:1C:0B:35:5C:16:8E:18:DE:A2:FA:BF:9D:FD:1F:F8:37:97:22:5B
Certificate issuer:       /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial:       018CC94CA0128D21C367DAA7D698B5E2C464
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/0xwLNVwWjhjeovq_nf0f-DeXIls.roa
Signing time:             Tue 02 Jan 2024 08:31:31 +0000
ROA not before:           Tue 02 Jan 2024 08:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49178
IP address blocks:        213.162.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a0:12:8d:21:c3:67:da:a7:d6:98:b5:e2:c4:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
        Validity
            Not Before: Jan  2 08:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d31c0b355c168e18dea2fabf9dfd1ff83797225b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:60:d7:23:e4:f3:35:86:93:5f:6e:22:14:9b:
                    c3:3c:66:4c:4d:ed:2d:2a:a7:05:fb:4a:18:cb:a8:
                    3e:c4:ed:c3:fd:31:2b:39:ed:c2:6d:d0:4b:23:f2:
                    39:37:82:4f:92:53:17:08:ff:66:f8:23:36:95:da:
                    18:d1:96:b8:d2:88:3e:86:16:83:69:47:c2:d2:9d:
                    19:52:b3:9a:b1:28:83:7d:cf:61:fd:91:7b:b2:9b:
                    ea:a9:1d:d5:d6:3c:c0:03:fa:f3:1d:c5:cd:0f:9f:
                    c2:46:d4:e8:d4:1f:5a:d7:58:c4:e4:27:0d:bb:f8:
                    89:e2:3b:95:c1:bf:96:3b:9d:39:fb:5e:2e:3b:85:
                    9f:40:ea:24:ac:e0:fd:e3:63:d2:3b:8f:7f:7d:dc:
                    0c:55:a1:25:e8:eb:ef:76:a5:71:18:09:b1:44:79:
                    67:89:2f:cd:35:8b:81:3a:ae:e6:cb:e4:0e:87:f4:
                    52:c0:aa:cd:f6:6d:c5:71:53:ec:ab:48:2c:76:1c:
                    62:bd:30:93:d3:2d:e1:ad:02:92:3a:ba:11:5d:eb:
                    ca:1b:24:2f:38:8f:4d:a7:bf:2c:3e:d3:1d:2e:37:
                    ff:aa:6c:b3:14:9a:76:34:4d:a1:1f:8e:fd:c4:5a:
                    69:bd:cf:42:7d:11:19:b0:5a:73:00:cd:66:96:79:
                    8d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:1C:0B:35:5C:16:8E:18:DE:A2:FA:BF:9D:FD:1F:F8:37:97:22:5B
            X509v3 Authority Key Identifier:
                keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/0xwLNVwWjhjeovq_nf0f-DeXIls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.162.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:72:d6:11:5c:bb:bc:32:e7:66:c8:7b:75:76:fb:ca:69:f3:
         dc:69:0a:05:e3:b2:3a:bd:76:8a:7e:56:74:b2:5a:bb:8f:c8:
         59:b5:75:a4:cd:dd:d5:c1:69:e2:d6:8c:ff:92:7c:e9:91:22:
         d2:69:f2:a8:57:d8:a5:b9:48:79:91:7f:f1:b7:f6:91:2f:18:
         80:db:05:fb:c5:0f:d0:86:e6:67:b4:3c:02:86:59:72:dc:ca:
         72:0e:54:2b:ff:3c:31:0b:c9:6d:24:86:e8:10:76:f3:ce:08:
         19:d7:bf:37:e4:d7:27:82:11:7e:b2:bc:8f:3c:2d:2e:fd:24:
         a5:00:be:91:14:5f:0d:12:81:16:74:09:16:7d:4e:db:e0:62:
         c9:19:0e:f6:4e:df:d4:75:b5:f2:0d:70:58:89:22:a0:0f:b4:
         03:66:62:d0:8c:87:a2:f0:76:e0:8c:64:6f:d1:34:85:7c:b2:
         9a:08:d3:ed:ea:5f:04:1d:c8:c2:c8:e3:30:7b:db:43:15:85:
         29:6a:9c:61:56:62:c5:cd:1a:d0:53:8c:25:4e:81:34:09:88:
         ef:17:9f:90:e5:60:b6:9a:fa:b3:30:f7:13:c4:d0:d2:23:8c:
         6e:49:d0:b7:75:c4:7d:89:1a:7e:08:18:65:91:6d:3b:71:e0:
         8a:e3:33:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKASjSHDZ9qn1pi14sRkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjQwMTAyMDgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzFjMGIzNTVjMTY4ZTE4ZGVhMmZhYmY5ZGZkMWZmODM3OTcyMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2DXI+TzNYaTX24iFJvDPGZMTe0t
KqcF+0oYy6g+xO3D/TErOe3CbdBLI/I5N4JPklMXCP9m+CM2ldoY0Za40og+hhaD
aUfC0p0ZUrOasSiDfc9h/ZF7spvqqR3V1jzAA/rzHcXND5/CRtTo1B9a11jE5CcN
u/iJ4juVwb+WO505+14uO4WfQOokrOD942PSO49/fdwMVaEl6OvvdqVxGAmxRHln
iS/NNYuBOq7my+QOh/RSwKrN9m3FcVPsq0gsdhxivTCT0y3hrQKSOroRXevKGyQv
OI9Np78sPtMdLjf/qmyzFJp2NE2hH479xFppvc9CfREZsFpzAM1mlnmN4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMcCzVcFo4Y3qL6v539H/g3lyJbMB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvMHh3TE5Wd1dqaGplb3ZxX25mMGYtRGVYSWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYtNmZkOTc4OTIwNWJh
LzEvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aLMMA0G
CSqGSIb3DQEBCwUAA4IBAQBtctYRXLu8MudmyHt1dvvKafPcaQoF47I6vXaKflZ0
slq7j8hZtXWkzd3VwWni1oz/knzpkSLSafKoV9iluUh5kX/xt/aRLxiA2wX7xQ/Q
huZntDwChlly3MpyDlQr/zwxC8ltJIboEHbzzggZ17835NcnghF+sryPPC0u/SSl
AL6RFF8NEoEWdAkWfU7b4GLJGQ72Tt/UdbXyDXBYiSKgD7QDZmLQjIei8HbgjGRv
0TSFfLKaCNPt6l8EHcjCyOMwe9tDFYUpapxhVmLFzRrQU4wlToE0CYjvF5+Q5WC2
mvqzMPcTxNDSI4xuSdC3dcR9iRp+CBhlkW07ceCK4zPd
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:22:55 2024 by rpki-client on console-fra.rpki-client.org