Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/A9wYrvO50DRhZWKabXV1mFtqD30.roa
File:                     A9wYrvO50DRhZWKabXV1mFtqD30.roa (raw, json)
Hash identifier:          jGQWI9bfxGRiQEjS1utYcp1Ix2jbcLG97nAcvAJkDkc=
Subject key identifier:   03:DC:18:AE:F3:B9:D0:34:61:65:62:9A:6D:75:75:98:5B:6A:0F:7D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0192D9229D361A8AB0D847D0DC464E6C3D63
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/A9wYrvO50DRhZWKabXV1mFtqD30.roa
Signing time:             Tue 29 Oct 2024 16:36:17 +0000
ROA not before:           Tue 29 Oct 2024 16:36:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203172
IP address blocks:        194.87.20.0/23 maxlen: 23
                          194.87.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Dec 2024 15:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:22:9d:36:1a:8a:b0:d8:47:d0:dc:46:4e:6c:3d:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 29 16:36:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03dc18aef3b9d0346165629a6d7575985b6a0f7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:39:66:28:f1:9b:c8:ed:95:cb:51:cb:99:52:
                    4e:87:d4:2b:57:a6:d1:41:d0:95:74:49:01:2a:c9:
                    14:6c:4f:c4:97:a6:14:3b:80:a8:9f:79:fa:7e:e0:
                    c8:81:5b:fd:f0:89:03:bf:bf:4b:4c:ce:5a:16:6a:
                    c9:44:88:b8:25:57:fc:e2:74:01:7a:c7:9c:ea:5b:
                    52:5b:a2:75:b2:03:f7:2d:78:a1:7e:12:95:d8:69:
                    b5:ac:d0:bb:80:b2:80:41:bd:7a:1c:4a:6f:49:cd:
                    18:bd:57:08:fb:2f:3e:4e:45:23:5f:d1:6b:79:15:
                    f1:93:28:a7:51:7f:e2:65:fa:72:a6:50:27:7c:a4:
                    4f:e7:98:79:09:0b:32:94:ba:72:1e:d0:49:24:0a:
                    a2:53:0a:ca:14:96:87:83:8e:d2:28:f5:09:fc:cf:
                    78:b2:49:2c:2f:84:2b:42:c5:6b:27:ed:16:5d:c2:
                    94:d7:0b:4d:3a:fb:18:f8:4a:a0:0d:13:cc:a9:7c:
                    23:43:89:6f:0e:a3:39:98:98:d4:d3:21:12:a7:d7:
                    1e:d9:64:93:16:34:45:0a:ea:be:45:ab:b7:39:e7:
                    c2:04:48:94:ca:cb:8e:d1:79:fe:49:cf:4f:8b:cf:
                    12:e5:89:b2:29:6f:f7:8d:09:24:4e:53:d8:43:ec:
                    9d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:DC:18:AE:F3:B9:D0:34:61:65:62:9A:6D:75:75:98:5B:6A:0F:7D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/A9wYrvO50DRhZWKabXV1mFtqD30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.20.0/23
                  194.87.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:aa:9d:27:58:53:8e:61:f2:17:2c:58:18:7c:cb:dd:a0:a0:
         e6:1d:a7:7b:38:fa:65:51:38:b7:b2:21:04:4d:a0:9c:f2:e5:
         a1:00:8b:1c:3a:fd:f9:60:a4:b7:86:72:da:48:cc:a7:34:1f:
         2d:48:d9:14:e3:5d:30:f1:fe:4e:8b:ef:b1:40:29:9f:bd:43:
         f8:29:e9:2c:d7:61:9f:4b:b8:f4:73:f0:07:f5:ae:7c:05:5c:
         f1:dc:74:f1:c3:4f:72:3c:e5:4a:8f:fd:27:62:ac:95:16:07:
         b3:0a:90:6d:36:cd:a2:78:e1:a0:e8:20:81:f3:1d:cf:b6:71:
         23:09:13:6a:21:e9:49:28:42:a3:cb:ae:91:b7:23:54:d2:46:
         1a:35:19:2f:37:59:3b:11:9a:af:08:62:89:e1:4c:a3:ac:df:
         9f:ef:45:01:1c:e3:53:fd:fb:d8:71:a1:de:90:42:2f:ee:96:
         95:df:67:f1:17:8a:e4:22:4e:af:a0:6e:8c:d8:4d:7b:94:61:
         a1:2e:68:26:d9:f6:2d:f0:4a:2d:ed:1d:b6:56:5f:4a:9e:e5:
         66:cf:40:84:2c:a2:79:fd:87:0a:a1:53:bc:ec:e1:47:ab:4b:
         59:52:b1:0b:6c:24:e9:6a:d3:d0:02:d6:7e:43:cd:7a:d9:f1:
         8b:3e:14:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLZIp02Goqw2EfQ3EZObD1jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMDI5MTYzNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2RjMThhZWYzYjlkMDM0NjE2NTYyOWE2ZDc1NzU5ODViNmEwZjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTlmKPGbyO2Vy1HLmVJOh9QrV6bR
QdCVdEkBKskUbE/El6YUO4Con3n6fuDIgVv98IkDv79LTM5aFmrJRIi4JVf84nQB
esec6ltSW6J1sgP3LXihfhKV2Gm1rNC7gLKAQb16HEpvSc0YvVcI+y8+TkUjX9Fr
eRXxkyinUX/iZfpyplAnfKRP55h5CQsylLpyHtBJJAqiUwrKFJaHg47SKPUJ/M94
skksL4QrQsVrJ+0WXcKU1wtNOvsY+EqgDRPMqXwjQ4lvDqM5mJjU0yESp9ce2WST
FjRFCuq+Rau3OefCBEiUysuO0Xn+Sc9Pi88S5YmyKW/3jQkkTlPYQ+yd9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAPcGK7zudA0YWVimm11dZhbag99MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQTl3WXJ2TzUwRFJoWldLYWJYVjFtRnRxRDMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwlcUAwQA
wlffMA0GCSqGSIb3DQEBCwUAA4IBAQCXqp0nWFOOYfIXLFgYfMvdoKDmHad7OPpl
UTi3siEETaCc8uWhAIscOv35YKS3hnLaSMynNB8tSNkU410w8f5Oi++xQCmfvUP4
Keks12GfS7j0c/AH9a58BVzx3HTxw09yPOVKj/0nYqyVFgezCpBtNs2ieOGg6CCB
8x3PtnEjCRNqIelJKEKjy66RtyNU0kYaNRkvN1k7EZqvCGKJ4UyjrN+f70UBHONT
/fvYcaHekEIv7paV32fxF4rkIk6voG6M2E17lGGhLmgm2fYt8Eot7R22Vl9KnuVm
z0CELKJ5/YcKoVO87OFHq0tZUrELbCTpatPQAtZ+Q8162fGLPhSD
-----END CERTIFICATE-----
Generated at Tue Dec 10 22:40:42 2024 by rpki-client on console-ams.rpki-client.org