Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/F1ByviSvsntk1zPlJz7Gnxw7QtQ.roa
File:                     F1ByviSvsntk1zPlJz7Gnxw7QtQ.roa (raw, json)
Hash identifier:          Ea003nLquOKONUVzB2y9GP1MpyozsaQ3+S0/mXsYMWI=
Subject key identifier:   17:50:72:BE:24:AF:B2:7B:64:D7:33:E5:27:3E:C6:9F:1C:3B:42:D4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F66ED45FE4FEC31B3A25BB648A36B666D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/F1ByviSvsntk1zPlJz7Gnxw7QtQ.roa
Signing time:             Sat 11 May 2024 09:12:56 +0000
ROA not before:           Sat 11 May 2024 09:12:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2118
IP address blocks:        194.58.46.0/23 maxlen: 24
                          194.87.208.0/23 maxlen: 24
                          194.87.222.0/23 maxlen: 24
                          195.58.56.0/21 maxlen: 24
                          212.192.0.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:66:ed:45:fe:4f:ec:31:b3:a2:5b:b6:48:a3:6b:66:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 11 09:12:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=175072be24afb27b64d733e5273ec69f1c3b42d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:12:13:84:02:10:8c:bb:bd:26:84:4c:88:d0:
                    e6:64:44:b1:10:63:a0:2a:79:7b:78:d4:11:6d:50:
                    74:11:e5:4f:81:82:96:dd:28:13:5a:a0:97:e0:39:
                    bd:bb:72:53:f8:e0:11:b8:c2:d0:62:0e:3e:6d:ec:
                    fe:99:d8:1f:09:0b:20:fe:96:cf:d4:a3:2f:00:c3:
                    b9:69:0c:ee:63:cd:e4:c4:8e:f7:09:6c:e7:dd:9a:
                    9c:16:f4:39:ff:4c:9c:84:51:26:8e:a6:c1:cc:26:
                    5b:3c:74:dd:9a:93:3c:a7:3d:47:0b:18:2a:8c:5b:
                    31:5d:a8:a5:42:a9:b5:a6:66:1d:33:e5:4f:b9:37:
                    f9:77:72:fe:78:f6:62:db:b4:6b:bb:b7:c7:c0:66:
                    77:1e:c6:03:62:f0:f8:1a:5d:40:ff:03:ea:4b:a7:
                    e4:c0:ca:31:57:b5:06:d2:74:14:23:a8:f5:4a:68:
                    81:eb:3c:2e:96:46:8f:33:f7:ed:29:ae:c6:66:8a:
                    12:aa:cd:40:50:e0:57:99:ec:9b:e2:42:ee:89:18:
                    1d:5c:fd:3d:3d:69:a4:be:e9:96:70:bb:cb:b4:6b:
                    0f:b5:bb:70:48:3d:12:60:92:71:f2:07:1f:22:c3:
                    0e:70:cc:64:44:4c:6b:a9:a9:b8:dd:5c:31:26:ce:
                    a3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:50:72:BE:24:AF:B2:7B:64:D7:33:E5:27:3E:C6:9F:1C:3B:42:D4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/F1ByviSvsntk1zPlJz7Gnxw7QtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.46.0/23
                  194.87.208.0/23
                  194.87.222.0/23
                  195.58.56.0/21
                  212.192.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:f0:0c:8d:53:94:bb:25:53:47:db:ae:7f:03:f9:05:c0:c3:
         6d:33:be:78:cf:df:8a:4e:82:d3:fa:58:0c:56:22:43:73:a9:
         01:d7:42:2c:9c:66:19:4f:16:e3:54:a9:99:68:32:02:6b:be:
         e7:79:3c:8b:b8:a8:e9:90:f3:35:ec:0c:18:70:cb:2f:e1:21:
         51:40:b5:35:c3:af:53:c6:fe:ea:88:29:79:f4:d7:17:65:3d:
         d4:d2:4a:9d:44:e1:49:c6:1e:db:d7:2b:45:f9:f8:f4:d6:2e:
         52:0f:36:e1:58:5a:61:32:19:1d:ba:63:c8:1b:f2:65:51:e1:
         d2:3c:d2:94:0a:78:a6:83:da:07:0e:d7:3a:b5:c5:be:e8:a8:
         52:3f:0b:ce:0e:72:cd:0b:fb:66:a6:7d:53:07:3b:49:ff:de:
         1c:ac:8a:c3:c2:dc:e9:d3:b8:05:2c:24:ac:6d:1a:1a:06:6c:
         68:2c:76:07:86:f1:4c:2e:87:df:fd:32:ff:65:75:ed:9f:77:
         33:00:56:bc:ab:da:f1:e6:a5:2d:45:48:d9:1c:f9:b2:4c:7c:
         fc:5a:9c:1f:78:1f:e5:ca:32:77:1b:de:83:a1:b0:57:8f:1a:
         1d:c5:7f:77:02:05:45:8f:4a:c1:12:d4:b5:d1:00:79:22:e9:
         70:a2:2b:8c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY9m7UX+T+wxs6Jbtkija2ZtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNTExMDkxMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzUwNzJiZTI0YWZiMjdiNjRkNzMzZTUyNzNlYzY5ZjFjM2I0MmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohIThAIQjLu9JoRMiNDmZESxEGOg
Knl7eNQRbVB0EeVPgYKW3SgTWqCX4Dm9u3JT+OARuMLQYg4+bez+mdgfCQsg/pbP
1KMvAMO5aQzuY83kxI73CWzn3ZqcFvQ5/0ychFEmjqbBzCZbPHTdmpM8pz1HCxgq
jFsxXailQqm1pmYdM+VPuTf5d3L+ePZi27Rru7fHwGZ3HsYDYvD4Gl1A/wPqS6fk
wMoxV7UG0nQUI6j1SmiB6zwulkaPM/ftKa7GZooSqs1AUOBXmeyb4kLuiRgdXP09
PWmkvumWcLvLtGsPtbtwSD0SYJJx8gcfIsMOcMxkRExrqam43VwxJs6jQwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBdQcr4kr7J7ZNcz5Sc+xp8cO0LUMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRjFCeXZpU3ZzbnRrMXpQbEp6N0dueHc3UXRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBwjouAwQB
wlfQAwQBwlfeAwQDwzo4AwQB1MAAMA0GCSqGSIb3DQEBCwUAA4IBAQBi8AyNU5S7
JVNH265/A/kFwMNtM754z9+KToLT+lgMViJDc6kB10IsnGYZTxbjVKmZaDICa77n
eTyLuKjpkPM17AwYcMsv4SFRQLU1w69Txv7qiCl59NcXZT3U0kqdROFJxh7b1ytF
+fj01i5SDzbhWFphMhkdumPIG/JlUeHSPNKUCnimg9oHDtc6tcW+6KhSPwvODnLN
C/tmpn1TBztJ/94crIrDwtzp07gFLCSsbRoaBmxoLHYHhvFMLoff/TL/ZXXtn3cz
AFa8q9rx5qUtRUjZHPmyTHz8WpwfeB/lyjJ3G96DobBXjxodxX93AgVFj0rBEtS1
0QB5IulwoiuM
-----END CERTIFICATE-----
Generated at Tue Oct 15 03:26:42 2024 by rpki-client on console-fra.rpki-client.org