Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LvLsPUeUkdamI0t9RabXU8CBYsw.roa
File:                     LvLsPUeUkdamI0t9RabXU8CBYsw.roa (raw, json)
Hash identifier:          B1P4wtzPQVkq3dfZrpuwT4uOCcub6Us8hzVOEK3aRag=
Subject key identifier:   2E:F2:EC:3D:47:94:91:D6:A6:23:4B:7D:45:A6:D7:53:C0:81:62:CC
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A960E7DC98A7FB7229F315E33ED70
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LvLsPUeUkdamI0t9RabXU8CBYsw.roa
Signing time:             Tue 02 Jan 2024 12:33:57 +0000
ROA not before:           Tue 02 Jan 2024 12:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     393521
IP address blocks:        212.192.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:96:0e:7d:c9:8a:7f:b7:22:9f:31:5e:33:ed:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ef2ec3d479491d6a6234b7d45a6d753c08162cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c6:60:7b:b1:23:51:75:a2:7f:2a:dc:f1:a1:
                    d6:3e:e6:c8:a2:15:5a:1f:a8:d5:27:ab:cd:08:13:
                    95:93:d7:16:c3:c2:62:2d:98:a5:c4:61:68:9a:ca:
                    1e:2f:05:46:be:f0:bd:15:48:17:de:b5:c2:24:6d:
                    df:22:b7:a1:d1:1c:8f:55:84:98:81:d4:73:6c:ca:
                    36:a4:84:73:ff:28:03:fe:b1:19:be:b9:49:0c:22:
                    d4:e6:dc:8b:5a:d2:ee:c3:00:dc:f3:3a:b1:11:39:
                    35:7f:74:ae:5c:5e:db:41:0e:ae:ad:47:26:42:ec:
                    63:af:df:81:36:e2:41:a0:82:e4:7f:02:3e:89:5f:
                    dc:d0:3b:22:88:7f:6e:00:8e:87:ac:93:0b:bc:a9:
                    6e:f3:8e:91:1a:3f:b8:f5:03:8d:3c:60:78:ad:bc:
                    a2:13:c0:42:38:6a:ce:87:b4:c5:09:f7:f3:ab:ce:
                    53:8e:ec:e6:84:e4:e5:e1:76:cd:d0:ff:58:41:44:
                    ce:b5:78:53:c2:7f:95:4d:c4:29:b2:34:2a:7b:1b:
                    7f:dd:09:22:4d:42:cc:49:01:bc:22:d5:94:03:e4:
                    ad:ec:5f:af:e4:f0:c9:08:eb:10:12:23:37:78:df:
                    17:75:ef:9a:12:66:68:06:d9:18:d0:90:2d:48:e9:
                    e4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F2:EC:3D:47:94:91:D6:A6:23:4B:7D:45:A6:D7:53:C0:81:62:CC
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LvLsPUeUkdamI0t9RabXU8CBYsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:56:89:f9:ac:a2:57:66:d8:5c:ca:f1:04:ab:da:9c:7f:cd:
         d3:9d:05:bb:d4:9f:ff:c1:a3:8f:6d:8d:a6:32:95:8a:ca:ef:
         d9:57:f2:83:58:50:37:02:5c:82:2e:38:5b:6b:05:5a:35:6c:
         68:3a:e2:cc:98:ae:a9:a7:66:c7:c9:81:d7:e7:4e:99:2b:1e:
         eb:85:aa:32:6e:ef:d5:bf:06:ca:64:c3:39:64:e8:21:38:36:
         29:d3:30:99:19:ff:ea:0e:cd:0b:25:50:2f:d8:0c:0e:96:d2:
         28:a8:e1:43:15:4c:85:35:93:b0:52:b2:31:1e:fb:2a:2b:86:
         7b:4c:b2:39:8d:18:63:45:93:26:12:ba:e9:03:72:58:12:7d:
         98:37:af:58:05:a2:c2:6b:43:66:c4:e2:67:3a:af:91:53:5e:
         7c:5a:4c:31:ed:7e:73:6f:a7:5e:be:99:00:81:03:e2:1e:63:
         ae:58:26:bf:65:2d:45:43:d4:29:16:5e:1a:1d:91:dc:1d:1b:
         32:6b:6d:70:e5:8d:fa:e9:81:a7:30:df:87:37:ff:14:b7:9c:
         ea:ef:c8:58:02:8b:90:51:6c:d8:75:d0:e7:3b:ae:54:73:cc:
         39:2e:17:fd:eb:f5:3d:76:37:bf:3d:81:57:34:13:cd:ef:af:
         97:43:33:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpYOfcmKf7cinzFeM+1wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWYyZWMzZDQ3OTQ5MWQ2YTYyMzRiN2Q0NWE2ZDc1M2MwODE2MmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcZge7EjUXWifyrc8aHWPubIohVa
H6jVJ6vNCBOVk9cWw8JiLZilxGFomsoeLwVGvvC9FUgX3rXCJG3fIreh0RyPVYSY
gdRzbMo2pIRz/ygD/rEZvrlJDCLU5tyLWtLuwwDc8zqxETk1f3SuXF7bQQ6urUcm
Quxjr9+BNuJBoILkfwI+iV/c0DsiiH9uAI6HrJMLvKlu846RGj+49QONPGB4rbyi
E8BCOGrOh7TFCffzq85TjuzmhOTl4XbN0P9YQUTOtXhTwn+VTcQpsjQqext/3Qki
TULMSQG8ItWUA+St7F+v5PDJCOsQEiM3eN8Xde+aEmZoBtkY0JAtSOnkkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7y7D1HlJHWpiNLfUWm11PAgWLMMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTHZMc1BVZVVrZGFtSTB0OVJhYlhVOENCWXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDRMA0G
CSqGSIb3DQEBCwUAA4IBAQBmVon5rKJXZthcyvEEq9qcf83TnQW71J//waOPbY2m
MpWKyu/ZV/KDWFA3AlyCLjhbawVaNWxoOuLMmK6pp2bHyYHX506ZKx7rhaoybu/V
vwbKZMM5ZOghODYp0zCZGf/qDs0LJVAv2AwOltIoqOFDFUyFNZOwUrIxHvsqK4Z7
TLI5jRhjRZMmErrpA3JYEn2YN69YBaLCa0NmxOJnOq+RU158Wkwx7X5zb6devpkA
gQPiHmOuWCa/ZS1FQ9QpFl4aHZHcHRsya21w5Y366YGnMN+HN/8Ut5zq78hYAouQ
UWzYddDnO65Uc8w5Lhf96/U9dje/PYFXNBPN76+XQzPT
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:01:41 2024 by rpki-client on console-ams.rpki-client.org