Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/7LwiIUHTXxTpNTialU1oryFd93s.roa
File:                     7LwiIUHTXxTpNTialU1oryFd93s.roa (raw, json)
Hash identifier:          iHHSAXirX6rf2ndwNr4HGChYKeidTQaU2dJya5GJ/9g=
Subject key identifier:   EC:BC:22:21:41:D3:5F:14:E9:35:38:9A:95:4D:68:AF:21:5D:F7:7B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018E5166573B125FCFABD8E1601A0C2E2FFF
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/7LwiIUHTXxTpNTialU1oryFd93s.roa
Signing time:             Mon 18 Mar 2024 11:50:45 +0000
ROA not before:           Mon 18 Mar 2024 11:50:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207633
IP address blocks:        194.87.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:66:57:3b:12:5f:cf:ab:d8:e1:60:1a:0c:2e:2f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 18 11:50:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecbc222141d35f14e935389a954d68af215df77b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:49:87:89:95:49:48:6b:1e:3d:27:dd:31:12:
                    14:bf:7f:7f:3f:30:74:44:04:eb:b1:dd:21:fd:75:
                    b4:3f:af:89:f6:98:76:c1:db:02:86:f0:12:71:00:
                    2e:80:b7:83:95:d1:5e:60:d7:96:af:65:ce:9f:b2:
                    e2:e2:3e:a1:2d:96:14:ec:45:7c:4e:09:66:6f:2b:
                    e8:44:2d:4c:f8:8d:22:3b:25:9b:98:ee:cb:be:8a:
                    54:c4:65:ae:21:f9:bd:98:22:cb:27:dd:03:e0:f8:
                    2f:e8:5f:74:ff:50:be:35:b3:c2:ef:b8:8a:d3:96:
                    0b:2f:2e:e2:87:c9:8b:f5:56:21:8a:e5:b3:79:c1:
                    ca:84:bf:79:eb:66:85:91:77:b9:8e:7e:20:e9:8e:
                    5e:40:c6:bf:cd:cd:f4:c4:1f:ae:8d:eb:64:45:e3:
                    52:d2:49:47:11:f8:d4:b0:bc:22:54:8f:5f:99:bd:
                    e5:31:58:fc:18:0f:f9:81:8d:68:d7:9a:63:1a:06:
                    7e:38:b6:15:64:92:24:6a:57:22:e4:a1:95:fa:75:
                    10:0d:48:12:36:ca:76:96:cf:a3:47:3b:1d:9d:d2:
                    b3:50:aa:ed:89:2e:97:78:3d:c1:2d:53:18:1d:67:
                    dc:e3:11:60:9c:09:fe:9a:a2:3d:b1:c6:00:17:60:
                    0a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:BC:22:21:41:D3:5F:14:E9:35:38:9A:95:4D:68:AF:21:5D:F7:7B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/7LwiIUHTXxTpNTialU1oryFd93s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:5d:6a:34:ff:bb:ff:7b:90:87:23:a5:91:43:22:0e:a9:be:
         56:35:44:e9:4b:ef:39:c9:70:24:81:b1:52:53:56:de:47:41:
         01:f1:53:c1:a4:23:be:84:86:26:90:16:5a:38:01:f8:a8:a5:
         a4:f5:cf:f8:51:19:4f:ad:55:a2:cf:70:be:53:ed:38:71:c5:
         d6:3e:af:50:99:bc:93:a5:91:5f:64:72:e9:f7:b3:b5:e9:36:
         47:72:30:db:5f:d0:11:16:71:a2:49:6c:fc:48:69:48:c7:6c:
         aa:ed:c2:2c:81:58:fd:71:47:4f:ba:9e:71:1f:b2:d2:cf:d0:
         35:fa:4a:c2:76:ab:a2:3d:96:4d:29:a2:01:95:7e:8b:ce:f0:
         ec:4a:35:a9:58:2b:c5:8c:43:f3:20:f3:54:3f:bb:71:92:94:
         64:79:11:b5:38:20:29:fd:f2:64:30:07:0f:1a:f7:fb:7e:0b:
         42:d3:15:67:c8:c5:80:a2:57:93:8a:e4:1b:20:1a:21:63:9e:
         ac:f0:f0:47:6d:22:77:f7:d7:5e:51:ac:fe:d2:3c:94:65:ea:
         b2:bb:aa:80:e5:21:1c:a2:b5:d2:22:ae:ff:7f:1d:82:54:9f:
         bd:0c:aa:a9:44:7f:db:48:6e:2e:d9:0b:d1:6d:8c:75:89:02:
         5c:48:89:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5RZlc7El/Pq9jhYBoMLi//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMzE4MTE1MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2JjMjIyMTQxZDM1ZjE0ZTkzNTM4OWE5NTRkNjhhZjIxNWRmNzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEmHiZVJSGsePSfdMRIUv39/PzB0
RATrsd0h/XW0P6+J9ph2wdsChvAScQAugLeDldFeYNeWr2XOn7Li4j6hLZYU7EV8
TglmbyvoRC1M+I0iOyWbmO7LvopUxGWuIfm9mCLLJ90D4Pgv6F90/1C+NbPC77iK
05YLLy7ih8mL9VYhiuWzecHKhL9562aFkXe5jn4g6Y5eQMa/zc30xB+ujetkReNS
0klHEfjUsLwiVI9fmb3lMVj8GA/5gY1o15pjGgZ+OLYVZJIkalci5KGV+nUQDUgS
Nsp2ls+jRzsdndKzUKrtiS6XeD3BLVMYHWfc4xFgnAn+mqI9scYAF2AKsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOy8IiFB018U6TU4mpVNaK8hXfd7MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvN0x3aUlVSFRYeFRwTlRpYWxVMW9yeUZkOTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwle8MA0G
CSqGSIb3DQEBCwUAA4IBAQAtXWo0/7v/e5CHI6WRQyIOqb5WNUTpS+85yXAkgbFS
U1beR0EB8VPBpCO+hIYmkBZaOAH4qKWk9c/4URlPrVWiz3C+U+04ccXWPq9QmbyT
pZFfZHLp97O16TZHcjDbX9ARFnGiSWz8SGlIx2yq7cIsgVj9cUdPup5xH7LSz9A1
+krCdquiPZZNKaIBlX6LzvDsSjWpWCvFjEPzIPNUP7txkpRkeRG1OCAp/fJkMAcP
Gvf7fgtC0xVnyMWAoleTiuQbIBohY56s8PBHbSJ399deUaz+0jyUZeqyu6qA5SEc
orXSIq7/fx2CVJ+9DKqpRH/bSG4u2QvRbYx1iQJcSIlZ
-----END CERTIFICATE-----
Generated at Tue Oct 15 03:26:42 2024 by rpki-client on console-fra.rpki-client.org