Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JOMTba8cDRXE9jQmks-KXtk6_6g.roa
File:                     JOMTba8cDRXE9jQmks-KXtk6_6g.roa (raw, json)
Hash identifier:          jq1oB1aB3KWYS5W4HTMU29lCfEgK4KAjr4HTdIxRHVI=
Subject key identifier:   24:E3:13:6D:AF:1C:0D:15:C4:F6:34:26:92:CF:8A:5E:D9:3A:FF:A8
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01918EF9375FBAC59075DA59035F986B92EE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JOMTba8cDRXE9jQmks-KXtk6_6g.roa
Signing time:             Mon 26 Aug 2024 13:56:22 +0000
ROA not before:           Mon 26 Aug 2024 13:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210993
IP address blocks:        194.87.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:f9:37:5f:ba:c5:90:75:da:59:03:5f:98:6b:92:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 26 13:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24e3136daf1c0d15c4f6342692cf8a5ed93affa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e2:16:36:92:83:b8:38:97:64:6b:48:f4:da:
                    0f:9a:32:52:97:01:b2:d3:c0:58:fb:4e:05:44:80:
                    62:03:f0:b2:2e:8a:5b:32:07:de:e3:77:59:51:61:
                    8b:cc:4f:2e:85:f1:0f:fc:c5:12:4a:05:84:a2:a1:
                    9f:7b:44:f2:eb:d6:61:fb:32:a5:e7:96:d2:06:80:
                    c0:9f:b6:80:c5:b0:aa:c0:75:3e:4f:f8:ac:f8:ae:
                    47:36:12:e6:ac:de:09:f6:90:ea:00:15:25:1f:11:
                    a8:8a:20:4c:81:d3:08:3b:c2:95:02:f7:33:d4:d1:
                    f8:bd:0f:47:2e:be:cd:7b:2b:90:29:37:f5:46:3c:
                    16:1d:6d:0e:d5:b9:93:61:e8:82:62:40:18:f4:da:
                    f4:b4:92:61:79:64:f6:d7:14:b1:aa:a8:73:7f:27:
                    0c:54:d5:01:8d:96:c8:df:52:9f:a2:e0:5e:38:f7:
                    f2:32:2a:44:a5:76:30:27:5a:77:83:b3:6c:df:fe:
                    2f:3b:5d:d8:ba:e4:78:7d:ea:d2:44:1b:c3:fa:40:
                    53:f7:95:7b:86:b4:2d:b9:18:61:83:96:83:92:0d:
                    8e:1c:49:de:e1:73:87:9f:c8:55:1c:0b:01:e2:1d:
                    84:63:d7:58:fd:35:8b:47:d9:28:72:20:b8:fd:63:
                    8b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E3:13:6D:AF:1C:0D:15:C4:F6:34:26:92:CF:8A:5E:D9:3A:FF:A8
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JOMTba8cDRXE9jQmks-KXtk6_6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:e8:5e:c0:34:18:62:3e:be:ed:3b:8a:5f:b9:8d:ea:39:02:
         37:dd:91:24:f4:85:7f:35:82:1e:21:07:4f:55:18:21:fb:74:
         e9:dd:66:0d:46:23:ad:64:d2:09:32:38:a8:23:f9:69:9e:a1:
         55:ec:82:eb:52:12:cb:57:84:e1:31:b1:ea:3e:aa:86:99:45:
         70:65:a8:ca:e4:f9:b5:8e:e8:98:04:c0:54:3d:dd:ab:bf:48:
         97:9e:96:03:e9:06:c4:4f:bb:d3:dd:62:68:83:74:f5:a2:3c:
         63:dc:b5:d9:34:a5:ee:7d:c6:6e:c0:e1:ac:18:c8:a5:b8:b6:
         4f:e1:70:d2:28:19:0b:06:7f:46:b8:d0:5a:f7:18:ce:d8:e8:
         ba:00:71:fe:9f:df:5d:43:b1:58:49:8f:0a:94:fe:6e:9f:19:
         c0:8a:37:3d:33:f3:77:e7:47:45:ff:f5:aa:1f:81:5b:b0:e9:
         be:bb:51:c8:7d:13:1f:2f:a1:c7:43:81:a2:01:72:2f:4a:67:
         01:dd:cb:71:93:4f:4e:13:95:3e:96:c6:9c:83:34:f5:1d:10:
         b7:b9:9c:80:6b:9c:30:a5:41:77:1a:13:d7:1b:a4:a4:26:8c:
         eb:8e:8f:e9:82:56:b6:8c:3c:a0:be:9d:db:6f:58:48:6a:8b:
         84:fc:f5:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGO+TdfusWQddpZA1+Ya5LuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwODI2MTM1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGUzMTM2ZGFmMWMwZDE1YzRmNjM0MjY5MmNmOGE1ZWQ5M2FmZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveIWNpKDuDiXZGtI9NoPmjJSlwGy
08BY+04FRIBiA/CyLopbMgfe43dZUWGLzE8uhfEP/MUSSgWEoqGfe0Ty69Zh+zKl
55bSBoDAn7aAxbCqwHU+T/is+K5HNhLmrN4J9pDqABUlHxGoiiBMgdMIO8KVAvcz
1NH4vQ9HLr7NeyuQKTf1RjwWHW0O1bmTYeiCYkAY9Nr0tJJheWT21xSxqqhzfycM
VNUBjZbI31KfouBeOPfyMipEpXYwJ1p3g7Ns3/4vO13YuuR4ferSRBvD+kBT95V7
hrQtuRhhg5aDkg2OHEne4XOHn8hVHAsB4h2EY9dY/TWLR9kociC4/WOLGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTjE22vHA0VxPY0JpLPil7ZOv+oMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSk9NVGJhOGNEUlhFOWpRbWtzLUtYdGs2XzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlfRMA0G
CSqGSIb3DQEBCwUAA4IBAQCU6F7ANBhiPr7tO4pfuY3qOQI33ZEk9IV/NYIeIQdP
VRgh+3Tp3WYNRiOtZNIJMjioI/lpnqFV7ILrUhLLV4ThMbHqPqqGmUVwZajK5Pm1
juiYBMBUPd2rv0iXnpYD6QbET7vT3WJog3T1ojxj3LXZNKXufcZuwOGsGMiluLZP
4XDSKBkLBn9GuNBa9xjO2Oi6AHH+n99dQ7FYSY8KlP5unxnAijc9M/N350dF//Wq
H4FbsOm+u1HIfRMfL6HHQ4GiAXIvSmcB3ctxk09OE5U+lsacgzT1HRC3uZyAa5ww
pUF3GhPXG6SkJozrjo/pgla2jDygvp3bb1hIaouE/PX0
-----END CERTIFICATE-----
Generated at Tue Oct 15 03:48:46 2024 by rpki-client on console-ams.rpki-client.org