Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/A11XLFwHF_VeOr-pUXUe_dHPOmU.roa
File:                     A11XLFwHF_VeOr-pUXUe_dHPOmU.roa (raw, json)
Hash identifier:          93D6PfkjAC+TpuJjI7/QUMhhwL1gfvYtJAjTGLDMV7w=
Subject key identifier:   03:5D:57:2C:5C:07:17:F5:5E:3A:BF:A9:51:75:1E:FD:D1:CF:3A:65
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018EA4966C9F1E1D211179B2F6D13CB358B0
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/A11XLFwHF_VeOr-pUXUe_dHPOmU.roa
Signing time:             Wed 03 Apr 2024 15:31:45 +0000
ROA not before:           Wed 03 Apr 2024 15:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        193.124.16.0/24 maxlen: 24
                          194.87.38.0/24 maxlen: 24
                          194.87.72.0/24 maxlen: 24
                          194.87.114.0/24 maxlen: 24
                          194.87.127.0/24 maxlen: 24
                          212.193.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Oct 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:96:6c:9f:1e:1d:21:11:79:b2:f6:d1:3c:b3:58:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr  3 15:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=035d572c5c0717f55e3abfa951751efdd1cf3a65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ff:80:c1:42:d2:09:d4:19:49:f7:6c:c7:d7:
                    f2:3c:28:75:d6:9c:7a:10:71:3a:e1:91:24:f2:4d:
                    87:1e:df:c5:fc:f0:56:e6:a9:90:d7:ef:5e:3f:af:
                    e1:61:83:7b:6d:14:b2:05:23:00:0c:2f:a4:0f:06:
                    07:77:9c:98:3f:78:b2:63:f2:cc:70:7a:ac:9c:9b:
                    1a:f3:f5:2b:ca:e2:b1:6b:1c:65:ae:da:5e:1b:16:
                    21:b0:27:f5:c1:52:12:c6:d1:45:12:21:2d:a8:81:
                    fe:cf:e7:1f:71:d3:f3:18:40:e9:29:67:42:ad:94:
                    7f:23:e2:79:27:7b:a4:c0:1d:bf:40:c9:25:24:2b:
                    56:4e:be:6c:18:6b:fa:9f:ca:66:8d:5c:70:b0:98:
                    2f:93:e9:b6:a7:9e:a4:03:fa:72:c2:25:ed:0a:6d:
                    fb:ff:89:6d:0c:57:b5:e0:2f:2d:60:4e:0a:19:66:
                    89:02:19:3d:fd:f2:65:49:15:10:36:1b:cb:16:b2:
                    22:3e:12:dc:18:9e:5b:43:39:d8:3e:aa:6e:b9:81:
                    09:f7:74:d9:12:b5:b9:66:8c:93:fb:77:71:00:d2:
                    38:98:c2:47:7a:35:b2:78:ad:28:5c:7a:ae:5b:e5:
                    db:82:dc:d0:68:08:88:a5:6b:d7:0c:e5:73:43:6c:
                    f7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:5D:57:2C:5C:07:17:F5:5E:3A:BF:A9:51:75:1E:FD:D1:CF:3A:65
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/A11XLFwHF_VeOr-pUXUe_dHPOmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.16.0/24
                  194.87.38.0/24
                  194.87.72.0/24
                  194.87.114.0/24
                  194.87.127.0/24
                  212.193.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c4:7e:89:6c:24:a8:42:35:80:5f:ba:61:39:3a:04:4a:df:
         af:cd:58:67:5f:68:3c:a6:95:17:a1:ca:88:8d:65:76:fc:16:
         e3:cc:5d:c7:8b:c5:e2:d7:78:84:be:6a:7b:b5:68:b2:3f:38:
         1a:a5:62:67:b3:fc:e9:ca:30:68:d2:ca:3f:29:40:49:fb:32:
         c4:d8:05:ef:01:0b:09:6d:ba:e3:8c:18:ee:b1:b6:4a:04:b3:
         3c:c1:ee:94:bb:01:92:da:d2:f3:93:8a:6b:b4:92:35:c3:86:
         cf:cd:49:4c:e9:f8:dc:1f:60:62:42:90:05:75:af:2c:c1:3a:
         ac:41:87:70:a0:88:2f:77:cb:00:f0:c3:4c:a0:5d:f7:c9:97:
         f7:53:20:18:14:3a:8f:34:64:8f:8b:d9:d5:ad:e5:70:9d:f9:
         df:a7:a5:38:8c:89:2e:94:f9:50:1c:e5:f4:b7:ea:b0:87:6a:
         34:bf:d7:c2:fd:09:54:da:98:60:6f:f5:95:b9:6f:a7:35:f1:
         31:e8:2b:a5:1b:cc:9b:26:c0:e7:c2:ee:ce:62:d9:e1:80:2e:
         c2:e6:f4:87:97:c5:68:c1:c9:d9:ef:0f:d6:6d:c8:c4:e5:9c:
         2f:f8:39:c8:f5:d6:dc:af:0e:7f:e8:74:eb:77:82:91:11:96:
         61:05:2b:be
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY6klmyfHh0hEXmy9tE8s1iwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNDAzMTUzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzVkNTcyYzVjMDcxN2Y1NWUzYWJmYTk1MTc1MWVmZGQxY2YzYTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/+AwULSCdQZSfdsx9fyPCh11px6
EHE64ZEk8k2HHt/F/PBW5qmQ1+9eP6/hYYN7bRSyBSMADC+kDwYHd5yYP3iyY/LM
cHqsnJsa8/UryuKxaxxlrtpeGxYhsCf1wVISxtFFEiEtqIH+z+cfcdPzGEDpKWdC
rZR/I+J5J3ukwB2/QMklJCtWTr5sGGv6n8pmjVxwsJgvk+m2p56kA/pywiXtCm37
/4ltDFe14C8tYE4KGWaJAhk9/fJlSRUQNhvLFrIiPhLcGJ5bQznYPqpuuYEJ93TZ
ErW5ZoyT+3dxANI4mMJHejWyeK0oXHquW+XbgtzQaAiIpWvXDOVzQ2z3ZQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFANdVyxcBxf1Xjq/qVF1Hv3RzzplMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQTExWExGd0hGX1ZlT3ItcFVYVWVfZEhQT21VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwXwQAwQA
wlcmAwQAwldIAwQAwldyAwQAwld/AwQA1MEHMA0GCSqGSIb3DQEBCwUAA4IBAQAj
xH6JbCSoQjWAX7phOToESt+vzVhnX2g8ppUXocqIjWV2/BbjzF3Hi8Xi13iEvmp7
tWiyPzgapWJns/zpyjBo0so/KUBJ+zLE2AXvAQsJbbrjjBjusbZKBLM8we6UuwGS
2tLzk4prtJI1w4bPzUlM6fjcH2BiQpAFda8swTqsQYdwoIgvd8sA8MNMoF33yZf3
UyAYFDqPNGSPi9nVreVwnfnfp6U4jIkulPlQHOX0t+qwh2o0v9fC/QlU2phgb/WV
uW+nNfEx6CulG8ybJsDnwu7OYtnhgC7C5vSHl8VowcnZ7w/WbcjE5Zwv+DnI9dbc
rw5/6HTrd4KREZZhBSu+
-----END CERTIFICATE-----
Generated at Wed Oct 9 22:45:39 2024 by rpki-client on console-ams.rpki-client.org