Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1umTvTfv-5RoUw5NW2HDF8x1j5A.roa
File:                     1umTvTfv-5RoUw5NW2HDF8x1j5A.roa (raw, json)
Hash identifier:          djYWOGvi3LZ+zsJfP/lejmyjY070cZYYjrkkVtzUXzA=
Subject key identifier:   D6:E9:93:BD:37:EF:FB:94:68:53:0E:4D:5B:61:C3:17:CC:75:8F:90
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F671DCBADE8B4BA16B9B09E065B950EFB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1umTvTfv-5RoUw5NW2HDF8x1j5A.roa
Signing time:             Sat 11 May 2024 10:05:56 +0000
ROA not before:           Sat 11 May 2024 10:05:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        193.124.7.0/24 maxlen: 24
                          194.87.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:67:1d:cb:ad:e8:b4:ba:16:b9:b0:9e:06:5b:95:0e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 11 10:05:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6e993bd37effb9468530e4d5b61c317cc758f90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d6:d1:7a:2e:1a:70:92:f3:9f:29:86:64:c0:
                    50:09:61:13:5e:68:a5:ae:db:98:b0:5a:11:5f:6e:
                    f4:23:8d:ae:10:02:8c:8e:4a:27:24:81:91:49:77:
                    0d:dd:6f:7d:28:00:b1:75:90:fe:e6:0f:90:3e:5e:
                    56:ac:3c:36:45:ee:d1:e1:5e:0b:9c:ea:b1:d2:23:
                    d2:a0:ca:05:f9:4b:9d:29:9f:74:d0:a7:05:41:bb:
                    d7:00:16:ae:bc:5e:a4:46:ed:4c:25:85:fd:96:fe:
                    fa:5c:a3:a9:f5:6d:66:89:4c:cf:3d:49:68:00:dc:
                    2c:c1:b6:ff:72:25:39:e9:24:9b:a6:9b:ae:0b:41:
                    f8:d2:85:62:b2:79:65:61:7a:96:44:0e:23:ac:b0:
                    91:ed:eb:36:66:64:b5:97:cc:00:3b:d6:ff:28:ca:
                    0d:c3:ef:96:a7:f8:a8:35:c2:15:2b:16:c2:e4:95:
                    26:81:b3:68:a3:bb:01:a6:e7:9d:32:d6:08:69:ba:
                    69:ea:52:3a:61:b5:7b:69:40:c9:77:39:9c:4a:1d:
                    08:f5:3a:2c:b3:e5:b9:76:88:67:15:4e:6a:e9:5f:
                    2b:77:d9:6a:89:27:04:37:8a:17:33:84:da:82:16:
                    bc:db:80:15:91:40:3e:86:cc:bb:a3:f3:d0:44:3b:
                    6d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:E9:93:BD:37:EF:FB:94:68:53:0E:4D:5B:61:C3:17:CC:75:8F:90
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/1umTvTfv-5RoUw5NW2HDF8x1j5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  194.87.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:02:0e:29:ac:19:8d:a3:f2:51:da:ed:56:9f:d8:28:a3:49:
         88:4e:d7:95:dd:03:75:68:56:5b:a7:35:d9:f1:5b:29:fb:a0:
         7b:e3:ab:39:05:0c:c1:c3:0b:9d:3b:a1:f3:3d:6d:85:f2:8d:
         17:14:4c:e2:28:00:1a:d3:b7:e1:e3:bc:03:40:f5:f5:b0:7f:
         12:9f:b5:68:b8:b0:c1:ce:24:91:8b:5a:49:40:9a:87:df:ee:
         9c:3c:b1:0e:ce:c6:f2:1a:c3:29:98:b1:c1:4d:02:67:2e:53:
         60:92:d2:39:10:0e:88:1a:25:bc:8c:99:a0:7e:f6:ba:15:4c:
         cb:7f:31:cf:e9:d3:1d:f1:88:17:57:38:05:fc:46:17:a3:46:
         75:23:23:93:d4:79:7a:2a:4a:46:df:c6:60:36:c3:5a:01:dc:
         51:f7:b8:f7:41:07:52:bf:e7:b2:f1:3d:b9:ac:22:c8:3a:44:
         1e:d5:96:30:30:57:cc:0c:64:9a:9b:58:28:73:8c:bd:fa:11:
         f9:45:ec:e0:0b:28:9b:17:a5:7f:bd:74:82:ad:7c:c3:32:81:
         25:7c:62:25:cc:3e:95:9d:23:c8:88:06:b4:89:e7:c8:de:83:
         68:51:ef:f8:f6:28:a0:19:b7:14:02:64:20:6b:63:e9:8c:eb:
         03:b3:5a:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9nHcut6LS6FrmwngZblQ77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNTExMTAwNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmU5OTNiZDM3ZWZmYjk0Njg1MzBlNGQ1YjYxYzMxN2NjNzU4ZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytbRei4acJLznymGZMBQCWETXmil
rtuYsFoRX270I42uEAKMjkonJIGRSXcN3W99KACxdZD+5g+QPl5WrDw2Re7R4V4L
nOqx0iPSoMoF+UudKZ900KcFQbvXABauvF6kRu1MJYX9lv76XKOp9W1miUzPPUlo
ANwswbb/ciU56SSbppuuC0H40oVisnllYXqWRA4jrLCR7es2ZmS1l8wAO9b/KMoN
w++Wp/ioNcIVKxbC5JUmgbNoo7sBpuedMtYIabpp6lI6YbV7aUDJdzmcSh0I9Tos
s+W5dohnFU5q6V8rd9lqiScEN4oXM4Tagha824AVkUA+hsy7o/PQRDttJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNbpk7037/uUaFMOTVthwxfMdY+QMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMXVtVHZUZnYtNVJvVXc1TlcySERGOHgxajVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwXwHAwQA
wlf1MA0GCSqGSIb3DQEBCwUAA4IBAQBxAg4prBmNo/JR2u1Wn9goo0mITteV3QN1
aFZbpzXZ8Vsp+6B746s5BQzBwwudO6HzPW2F8o0XFEziKAAa07fh47wDQPX1sH8S
n7VouLDBziSRi1pJQJqH3+6cPLEOzsbyGsMpmLHBTQJnLlNgktI5EA6IGiW8jJmg
fva6FUzLfzHP6dMd8YgXVzgF/EYXo0Z1IyOT1Hl6KkpG38ZgNsNaAdxR97j3QQdS
v+ey8T25rCLIOkQe1ZYwMFfMDGSam1goc4y9+hH5RezgCyibF6V/vXSCrXzDMoEl
fGIlzD6VnSPIiAa0iefI3oNoUe/49iigGbcUAmQga2PpjOsDs1ry
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:01:40 2024 by rpki-client on console-ams.rpki-client.org