Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-cGOQ2eHs-6idvC8lchWuJBB3dQ.roa
File:                     1-cGOQ2eHs-6idvC8lchWuJBB3dQ.roa (raw, json)
Hash identifier:          a1rT2IEZG0QTMa3ia3WBnviU2iftzwo7y97vhSn4Q9g=
Subject key identifier:   F9:C1:8E:43:67:87:B3:EE:A2:76:F0:BC:95:C8:56:B8:90:41:DD:D4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019137BA0AE7B89525C9CDD36A44CB109ED3
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-cGOQ2eHs-6idvC8lchWuJBB3dQ.roa
Signing time:             Fri 09 Aug 2024 15:20:24 +0000
ROA not before:           Fri 09 Aug 2024 15:20:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198037
IP address blocks:        192.124.189.0/24 maxlen: 24
                          193.124.89.0/24 maxlen: 24
                          194.58.41.0/24 maxlen: 24
                          194.87.25.0/24 maxlen: 24
                          194.87.73.0/24 maxlen: 24
                          195.133.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:37:ba:0a:e7:b8:95:25:c9:cd:d3:6a:44:cb:10:9e:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug  9 15:20:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9c18e436787b3eea276f0bc95c856b89041ddd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6f:93:e6:63:bd:e3:3a:b7:36:0a:19:7e:2c:
                    da:94:b7:ad:1e:54:f7:bc:79:67:f8:80:46:9b:f4:
                    d2:0e:61:69:5d:52:35:c4:d7:cc:41:9e:8c:e5:72:
                    3c:b7:7a:9c:3d:95:91:c7:84:9c:10:c1:32:1e:94:
                    75:f5:1a:25:60:b5:38:5b:4f:01:94:fb:93:4b:c6:
                    10:7d:43:cb:7f:60:bf:61:e7:3c:d1:a0:26:c5:8c:
                    12:fb:89:af:f8:24:89:60:a6:5c:f3:67:ec:40:c2:
                    c3:5e:91:af:c2:ea:f8:3a:ba:b9:66:0b:c5:6f:b1:
                    a5:08:b8:86:74:c4:38:9f:4f:64:f6:cd:c8:0d:b2:
                    cb:1e:b5:ac:9c:ff:44:f6:1f:de:31:7e:ba:31:23:
                    9a:86:85:5e:67:f9:9e:25:90:80:71:5f:b3:5a:15:
                    35:17:03:51:9b:5b:01:6a:83:82:41:62:7c:50:42:
                    5c:96:3e:53:68:1c:be:3c:8b:b3:0c:79:6f:15:40:
                    b4:33:b8:bb:65:67:0a:3e:30:08:3a:d2:eb:a0:0b:
                    ce:0a:49:ae:c3:f7:30:78:3f:8d:93:01:5b:76:ce:
                    b9:ec:9a:83:a4:ec:49:fa:2c:dd:a7:91:fe:63:eb:
                    9c:0e:dd:a0:2e:ce:bf:ea:91:5d:ad:a7:08:ed:d1:
                    3b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C1:8E:43:67:87:B3:EE:A2:76:F0:BC:95:C8:56:B8:90:41:DD:D4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1-cGOQ2eHs-6idvC8lchWuJBB3dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.189.0/24
                  193.124.89.0/24
                  194.58.41.0/24
                  194.87.25.0/24
                  194.87.73.0/24
                  195.133.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ac:17:49:80:6f:78:8d:51:5b:09:fb:b5:2f:04:b8:f4:18:
         5c:2f:86:72:69:06:8e:ed:82:b7:ad:04:b6:31:3c:c9:20:4b:
         6b:32:77:af:48:f8:fe:aa:55:19:35:a4:7b:b6:6c:cb:40:50:
         c5:3a:68:cd:c6:90:23:3e:36:8a:fc:dd:96:b5:05:14:fc:d1:
         04:db:33:6a:5b:2c:78:c7:61:e4:ca:87:92:e8:75:e3:92:dd:
         57:11:0a:ee:3e:d7:2a:aa:5e:12:a4:ae:bc:08:39:ff:9a:d2:
         76:45:b7:eb:e9:e8:f7:63:3b:b3:91:3e:3b:6f:b1:6d:9c:28:
         e8:d2:1d:76:e3:08:eb:76:86:e6:74:f6:f2:a7:3c:f8:2f:2a:
         3e:07:da:0e:83:d0:0a:12:1f:9c:3b:c3:9e:4e:34:22:e2:0a:
         6d:ab:2d:27:13:64:71:d6:86:88:cf:23:50:07:ca:f3:0e:cb:
         2a:33:98:8c:61:b3:20:66:f1:9d:95:48:4d:98:b6:03:41:e4:
         07:04:59:3e:da:33:83:cb:6b:9a:3e:ae:9b:68:be:e1:4e:57:
         e3:80:60:a8:03:a9:84:3b:15:50:3a:c8:9d:6d:ab:d7:ed:50:
         8b:9f:3f:a1:23:88:0e:e8:fa:91:bc:c1:60:04:ef:93:06:5c:
         a7:fa:98:4b
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZE3ugrnuJUlyc3TakTLEJ7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwODA5MTUyMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWMxOGU0MzY3ODdiM2VlYTI3NmYwYmM5NWM4NTZiODkwNDFkZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW+T5mO94zq3NgoZfizalLetHlT3
vHln+IBGm/TSDmFpXVI1xNfMQZ6M5XI8t3qcPZWRx4ScEMEyHpR19RolYLU4W08B
lPuTS8YQfUPLf2C/Yec80aAmxYwS+4mv+CSJYKZc82fsQMLDXpGvwur4Orq5ZgvF
b7GlCLiGdMQ4n09k9s3IDbLLHrWsnP9E9h/eMX66MSOahoVeZ/meJZCAcV+zWhU1
FwNRm1sBaoOCQWJ8UEJclj5TaBy+PIuzDHlvFUC0M7i7ZWcKPjAIOtLroAvOCkmu
w/cweD+NkwFbds657JqDpOxJ+izdp5H+Y+ucDt2gLs6/6pFdracI7dE72wIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFPnBjkNnh7PuonbwvJXIVriQQd3UMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMS1jR09RMmVIcy02aWR2QzhsY2hXdUpCQjNkUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDAvZTE0NDdhLThmMTgtNGE4MC1hNDIyLTVhNDI0MjhmMTE0
My8xL05Xa1BYakxWeUdyeDRUU2RfVTZNN3JjT0dzYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA9BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAMB8vQME
AMF8WQMEAMI6KQMEAMJXGQMEAMJXSQMEAMOFVDANBgkqhkiG9w0BAQsFAAOCAQEA
SKwXSYBveI1RWwn7tS8EuPQYXC+GcmkGju2Ct60EtjE8ySBLazJ3r0j4/qpVGTWk
e7Zsy0BQxTpozcaQIz42ivzdlrUFFPzRBNszalsseMdh5MqHkuh145LdVxEK7j7X
KqpeEqSuvAg5/5rSdkW36+no92M7s5E+O2+xbZwo6NIdduMI63aG5nT28qc8+C8q
PgfaDoPQChIfnDvDnk40IuIKbastJxNkcdaGiM8jUAfK8w7LKjOYjGGzIGbxnZVI
TZi2A0HkBwRZPtozg8trmj6um2i+4U5X44BgqAOphDsVUDrInW2r1+1Qi58/oSOI
Duj6kbzBYATvkwZcp/qYSw==
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:01:40 2024 by rpki-client on console-ams.rpki-client.org