Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LXt0WjL8rzr-9_TPmu_JpFoi4zc.roa
File:                     LXt0WjL8rzr-9_TPmu_JpFoi4zc.roa (raw, json)
Hash identifier:          8qcXHbBwPWwZYHo9eyAG5Xs61iotyFljr3hyAWtAD10=
Subject key identifier:   2D:7B:74:5A:32:FC:AF:3A:FE:F7:F4:CF:9A:EF:C9:A4:5A:22:E3:37
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCE08AC219A3068FEAC1E3C239D02A16A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LXt0WjL8rzr-9_TPmu_JpFoi4zc.roa
Signing time:             Wed 03 Jan 2024 06:35:24 +0000
ROA not before:           Wed 03 Jan 2024 06:35:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210974
IP address blocks:        212.192.2.0/24 maxlen: 24
                          212.192.3.0/24 maxlen: 24
                          212.192.11.0/24 maxlen: 24
                          195.133.55.0/24 maxlen: 24
                          212.193.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:08:ac:21:9a:30:68:fe:ac:1e:3c:23:9d:02:a1:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  3 06:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d7b745a32fcaf3afef7f4cf9aefc9a45a22e337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:79:33:a2:ab:0f:98:b1:b9:0e:f9:d5:cf:c9:
                    66:35:c3:da:40:b0:ea:22:67:59:86:e7:dc:96:21:
                    f1:c2:f2:68:d9:92:3e:3b:81:e1:5f:f6:53:67:b1:
                    71:1a:8a:3f:fc:0b:bc:a9:a1:14:0a:93:83:5c:c5:
                    b1:e6:00:91:e2:e8:7e:07:5d:e4:e6:4a:ba:e3:14:
                    32:20:7e:0e:69:18:b0:a8:6e:b3:ce:c7:8c:68:71:
                    8b:75:f9:fc:b5:df:61:2e:6e:56:84:86:de:d8:5b:
                    f7:25:9d:0b:0f:ca:43:f0:f1:08:b2:65:d4:7e:5b:
                    3d:c0:42:88:ec:05:6f:84:f9:02:9d:5f:2b:fe:cd:
                    dc:61:41:43:c7:b5:b9:cf:65:62:ec:f5:0a:f7:0b:
                    34:50:23:51:29:14:5a:88:90:95:1b:eb:60:4f:77:
                    a0:85:97:b4:fc:21:87:f2:0e:7d:4c:f9:27:5f:d4:
                    0a:8e:54:31:75:89:01:54:56:de:63:bf:74:32:e1:
                    d6:5a:6f:84:db:3d:9f:a1:95:18:20:ff:75:fa:99:
                    24:e3:27:38:30:d8:fa:4b:e0:1a:66:8a:23:50:b8:
                    74:da:6f:2b:9b:38:79:a1:35:54:d5:d5:7a:8e:ca:
                    46:61:7e:3e:65:9e:0f:7b:a8:24:75:bf:45:de:bc:
                    3c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:7B:74:5A:32:FC:AF:3A:FE:F7:F4:CF:9A:EF:C9:A4:5A:22:E3:37
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LXt0WjL8rzr-9_TPmu_JpFoi4zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.55.0/24
                  212.192.2.0/23
                  212.192.11.0/24
                  212.193.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:42:71:4f:32:dc:df:f6:9e:44:58:fe:46:db:fe:5f:a4:4a:
         64:b7:62:17:89:76:29:c3:58:d5:40:71:2c:6b:8b:8b:1b:7a:
         66:3d:6e:85:73:a8:c5:5e:70:40:bd:ff:6e:e2:49:5c:87:dd:
         20:ad:40:d9:b1:33:a6:59:72:89:e7:0b:cf:a2:74:2e:ea:82:
         a3:4b:c7:6f:64:55:07:c5:f9:0e:f0:43:eb:39:00:52:49:d6:
         65:64:7c:eb:76:d1:8f:38:4e:7c:49:37:84:1b:80:71:b5:49:
         f1:15:b1:16:4a:8c:86:10:7f:bd:7a:49:44:1b:17:07:d0:9a:
         eb:60:5a:a3:e7:9a:d5:ff:87:ba:b5:52:6b:dc:b7:e2:4d:d9:
         2d:42:d6:ed:c6:df:37:a3:0b:db:c2:84:cc:fa:b5:4c:bc:5e:
         1e:7a:79:8c:d9:14:44:5f:23:b5:6d:ac:ac:d2:6e:ca:d2:9f:
         68:e6:b2:13:70:62:36:aa:b1:12:73:97:5a:92:90:39:9d:9b:
         8a:1c:50:6d:3d:f7:80:eb:d0:5e:5a:d1:65:ea:ca:30:d1:10:
         78:66:af:1c:d1:dc:94:ec:d9:b9:71:4c:08:62:7f:69:21:ad:
         7e:3c:f8:31:ec:c7:a9:39:e2:db:ca:1f:d3:86:bc:2a:b0:7c:
         73:6f:27:27
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzOCKwhmjBo/qwePCOdAqFqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAzMDYzNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDdiNzQ1YTMyZmNhZjNhZmVmN2Y0Y2Y5YWVmYzlhNDVhMjJlMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXkzoqsPmLG5DvnVz8lmNcPaQLDq
ImdZhufcliHxwvJo2ZI+O4HhX/ZTZ7FxGoo//Au8qaEUCpODXMWx5gCR4uh+B13k
5kq64xQyIH4OaRiwqG6zzseMaHGLdfn8td9hLm5WhIbe2Fv3JZ0LD8pD8PEIsmXU
fls9wEKI7AVvhPkCnV8r/s3cYUFDx7W5z2Vi7PUK9ws0UCNRKRRaiJCVG+tgT3eg
hZe0/CGH8g59TPknX9QKjlQxdYkBVFbeY790MuHWWm+E2z2foZUYIP91+pkk4yc4
MNj6S+AaZoojULh02m8rmzh5oTVU1dV6jspGYX4+ZZ4Pe6gkdb9F3rw8mwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFC17dFoy/K86/vf0z5rvyaRaIuM3MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTFh0MFdqTDhyenItOV9UUG11X0pwRm9pNHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAw4U3AwQB
1MACAwQA1MALAwQA1MEIMA0GCSqGSIb3DQEBCwUAA4IBAQAOQnFPMtzf9p5EWP5G
2/5fpEpkt2IXiXYpw1jVQHEsa4uLG3pmPW6Fc6jFXnBAvf9u4klch90grUDZsTOm
WXKJ5wvPonQu6oKjS8dvZFUHxfkO8EPrOQBSSdZlZHzrdtGPOE58STeEG4BxtUnx
FbEWSoyGEH+9eklEGxcH0JrrYFqj55rV/4e6tVJr3LfiTdktQtbtxt83owvbwoTM
+rVMvF4eenmM2RREXyO1bays0m7K0p9o5rITcGI2qrESc5dakpA5nZuKHFBtPfeA
69BeWtFl6sow0RB4Zq8c0dyU7Nm5cUwIYn9pIa1+PPgx7MepOeLbyh/ThrwqsHxz
bycn
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:01:41 2024 by rpki-client on console-ams.rpki-client.org