Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/E_QSiPhW66TtAGsF4XpUCd8KZhA.roa
File:                     E_QSiPhW66TtAGsF4XpUCd8KZhA.roa (raw, json)
Hash identifier:          C+WxJAf1agxsivrGZKdU3qmUl5eBI+tDgsz0oQHsqAQ=
Subject key identifier:   13:F4:12:88:F8:56:EB:A4:ED:00:6B:05:E1:7A:54:09:DF:0A:66:10
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01906EBD4F32A2F98F446386A05CD804FF5F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/E_QSiPhW66TtAGsF4XpUCd8KZhA.roa
Signing time:             Mon 01 Jul 2024 14:40:18 +0000
ROA not before:           Mon 01 Jul 2024 14:40:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214639
IP address blocks:        194.87.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6e:bd:4f:32:a2:f9:8f:44:63:86:a0:5c:d8:04:ff:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  1 14:40:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13f41288f856eba4ed006b05e17a5409df0a6610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:73:40:56:e9:1f:34:05:89:38:92:2f:47:55:
                    9c:08:0f:2a:94:b7:a3:47:68:c1:1b:58:dc:d9:21:
                    41:f4:39:25:20:93:f6:23:f2:6e:36:a8:50:2c:a1:
                    40:15:f6:fd:9b:d4:87:2f:92:51:db:e3:08:8f:b2:
                    54:49:41:ce:58:a5:f3:21:35:5b:1d:8e:8c:38:f4:
                    60:c4:96:bf:e7:dd:5e:a0:94:b7:70:4f:cd:77:ff:
                    88:42:a5:9b:60:ae:e1:d1:35:bc:e9:81:fb:69:b9:
                    b6:1b:f7:32:96:5b:e9:95:4b:b9:58:5d:2e:06:fe:
                    de:59:d2:ec:45:49:67:a9:9e:6a:9e:82:2d:2f:0a:
                    ef:bf:26:7d:5f:35:0a:61:4c:20:48:f7:d4:df:35:
                    8c:ee:a5:96:98:86:dc:48:8a:e6:cb:1a:78:ed:6b:
                    10:6f:18:96:93:aa:9e:89:85:e7:61:60:a8:e0:02:
                    c6:f0:2a:58:a4:2f:f2:3f:3b:f1:60:af:d8:c4:4d:
                    8d:be:7b:78:46:c1:01:bf:93:89:a0:5a:18:2e:96:
                    0f:c9:8c:fe:6f:25:e6:5c:60:67:4f:44:38:36:58:
                    61:d2:c6:5e:74:2b:ae:5f:c8:1e:94:88:7b:9e:38:
                    33:d2:55:55:61:5a:a3:43:fa:f3:6d:78:94:e4:55:
                    46:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:F4:12:88:F8:56:EB:A4:ED:00:6B:05:E1:7A:54:09:DF:0A:66:10
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/E_QSiPhW66TtAGsF4XpUCd8KZhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:02:2e:e0:4b:51:b9:74:8b:ae:5c:4c:85:f7:a8:59:31:55:
         7d:1e:e3:e3:29:1b:a3:e6:7e:a1:a9:7e:1b:6d:3a:fa:06:ea:
         54:29:0e:38:75:9b:48:ff:4d:95:15:06:21:1e:a2:58:e7:7b:
         5c:87:dd:40:57:23:e1:1e:1b:8f:08:21:bd:5c:e6:79:5e:1d:
         5f:bb:2a:5d:e2:00:3f:08:46:de:5e:a0:8f:b9:fe:16:7b:7d:
         fd:dd:20:a4:31:ad:81:d0:d6:63:3c:10:eb:0d:d3:57:9f:af:
         e0:99:f5:3a:76:1e:eb:d0:9b:b3:93:41:60:46:0f:b0:de:2a:
         63:d2:ac:98:30:16:ee:9a:a3:86:f0:e5:70:07:c9:be:00:9e:
         b2:b0:7f:70:aa:5f:03:fb:86:5c:f6:e9:7c:42:54:3c:06:b6:
         fc:86:87:56:6a:69:fb:37:5a:50:49:6c:0e:e1:58:2c:70:e0:
         f7:dd:70:02:51:b3:f1:6d:69:97:2a:82:bd:1c:8f:0c:be:e8:
         8c:43:87:0d:f0:7f:33:e5:62:2d:bd:a5:60:c8:12:9a:03:f1:
         f8:ba:a9:4a:c2:14:77:d2:b3:06:0c:cb:68:cd:86:11:c0:5a:
         7c:34:e2:be:63:dd:04:7d:e6:86:cf:a5:02:72:54:b0:48:0a:
         39:13:e6:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBuvU8yovmPRGOGoFzYBP9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNzAxMTQ0MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2Y0MTI4OGY4NTZlYmE0ZWQwMDZiMDVlMTdhNTQwOWRmMGE2NjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHNAVukfNAWJOJIvR1WcCA8qlLej
R2jBG1jc2SFB9DklIJP2I/JuNqhQLKFAFfb9m9SHL5JR2+MIj7JUSUHOWKXzITVb
HY6MOPRgxJa/591eoJS3cE/Nd/+IQqWbYK7h0TW86YH7abm2G/cyllvplUu5WF0u
Bv7eWdLsRUlnqZ5qnoItLwrvvyZ9XzUKYUwgSPfU3zWM7qWWmIbcSIrmyxp47WsQ
bxiWk6qeiYXnYWCo4ALG8CpYpC/yPzvxYK/YxE2Nvnt4RsEBv5OJoFoYLpYPyYz+
byXmXGBnT0Q4Nlhh0sZedCuuX8gelIh7njgz0lVVYVqjQ/rzbXiU5FVGVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBP0Eoj4Vuuk7QBrBeF6VAnfCmYQMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRV9RU2lQaFc2NlR0QUdzRjRYcFVDZDhLWmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlcCMA0G
CSqGSIb3DQEBCwUAA4IBAQAGAi7gS1G5dIuuXEyF96hZMVV9HuPjKRuj5n6hqX4b
bTr6BupUKQ44dZtI/02VFQYhHqJY53tch91AVyPhHhuPCCG9XOZ5Xh1fuypd4gA/
CEbeXqCPuf4We3393SCkMa2B0NZjPBDrDdNXn6/gmfU6dh7r0Juzk0FgRg+w3ipj
0qyYMBbumqOG8OVwB8m+AJ6ysH9wql8D+4Zc9ul8QlQ8Brb8hodWamn7N1pQSWwO
4VgscOD33XACUbPxbWmXKoK9HI8MvuiMQ4cN8H8z5WItvaVgyBKaA/H4uqlKwhR3
0rMGDMtozYYRwFp8NOK+Y90EfeaGz6UCclSwSAo5E+br
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:13:09 2024 by rpki-client on console-fra.rpki-client.org