Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/RRa6Vbh6hjX_EYh-MJ4Ywutz4Fw.roa
File:                     RRa6Vbh6hjX_EYh-MJ4Ywutz4Fw.roa (raw, json)
Hash identifier:          uNclefwtA+nzHLVnvXYQXkttdsnBtyv4xcnl8VOUg7E=
Subject key identifier:   45:16:BA:55:B8:7A:86:35:FF:11:88:7E:30:9E:18:C2:EB:73:E0:5C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019088F5F538815FD73ECF3A4C5720CAAFB0
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/RRa6Vbh6hjX_EYh-MJ4Ywutz4Fw.roa
Signing time:             Sat 06 Jul 2024 16:52:18 +0000
ROA not before:           Sat 06 Jul 2024 16:52:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399471
IP address blocks:        194.85.250.0/24 maxlen: 24
                          212.192.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:88:f5:f5:38:81:5f:d7:3e:cf:3a:4c:57:20:ca:af:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  6 16:52:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4516ba55b87a8635ff11887e309e18c2eb73e05c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b4:93:4b:e6:7c:18:a8:b8:a0:4e:cd:9b:c8:
                    8d:ca:80:a5:0c:6c:38:2a:4a:60:a7:e2:4a:f0:b2:
                    b7:9e:b3:6f:75:b1:44:16:13:0b:89:83:07:bd:13:
                    24:e8:dc:4b:17:0b:cf:99:17:81:3f:ee:cb:33:aa:
                    d0:ae:25:73:58:73:30:ee:94:4e:5b:af:1d:96:78:
                    b2:9a:4c:53:f9:af:b9:9e:3e:e4:2c:aa:76:96:ac:
                    b7:8a:06:d4:c3:15:72:79:0d:29:ca:63:00:86:d3:
                    ae:6f:d5:a0:8c:70:1e:53:9f:6d:3a:72:06:b7:31:
                    c7:ed:63:60:ad:91:d3:c1:2c:ab:20:07:26:ea:12:
                    44:34:58:d4:a2:35:01:4a:41:c3:b0:0e:df:eb:b2:
                    9b:87:5b:0a:c6:78:dc:5e:92:2a:22:6d:7f:9f:bf:
                    57:bd:25:34:c5:fc:da:a9:ac:6d:70:00:ed:6c:b5:
                    52:67:3c:f9:ae:11:e3:d7:c7:3e:ef:db:3b:c8:ec:
                    1d:46:fc:66:8f:e6:9a:3d:e7:4d:07:54:9a:19:7f:
                    b9:da:9c:88:90:a7:fa:dd:ff:86:fe:8e:fb:8e:e6:
                    56:48:21:e7:51:52:0d:fe:6b:9b:2b:c6:f9:ef:4c:
                    dd:55:ef:5e:a6:2f:71:1f:f4:a7:85:75:08:e2:ad:
                    ad:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:16:BA:55:B8:7A:86:35:FF:11:88:7E:30:9E:18:C2:EB:73:E0:5C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/RRa6Vbh6hjX_EYh-MJ4Ywutz4Fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.250.0/24
                  212.192.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:84:29:4c:3f:4f:0f:9c:db:b5:3a:bd:41:15:2b:39:03:89:
         ac:66:be:51:c8:19:b9:f3:09:c3:ad:61:b4:73:d3:c6:4c:d0:
         43:59:ee:93:02:82:0e:74:5d:91:97:b6:a8:c7:bc:29:f6:68:
         e1:bc:11:01:9e:21:3b:e9:bb:a9:8b:03:f7:95:49:4e:d9:28:
         b6:0b:ab:39:36:ac:b6:51:b9:b8:24:14:f6:e8:3d:35:6e:66:
         41:59:3d:52:c2:27:2c:51:b5:0c:87:20:cf:de:ff:c8:5e:9b:
         57:48:df:aa:34:d6:34:24:e7:54:e9:bd:44:60:91:4c:c1:02:
         a5:c5:a0:a2:8b:4e:42:93:e0:e8:23:b4:a0:ef:fd:2a:01:fe:
         30:f5:7f:11:c8:d3:1b:79:f7:c7:1e:9c:ed:0e:d6:48:84:2c:
         82:b3:e1:07:43:bd:b2:7a:b8:98:a0:1d:15:4c:c6:57:69:5f:
         b7:e1:a7:3e:f8:f9:16:c9:23:79:db:64:da:f9:34:e5:67:a8:
         dd:e0:3c:6c:06:2a:3e:ee:bb:2b:cf:7e:70:d3:e4:05:ae:24:
         1a:66:2c:5f:0c:40:f3:3e:30:c6:b7:c4:aa:da:45:ce:e7:73:
         74:35:29:86:73:28:b3:d0:67:ee:a5:94:b3:74:c4:5a:a7:bc:
         3f:d9:b9:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCI9fU4gV/XPs86TFcgyq+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNzA2MTY1MjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTE2YmE1NWI4N2E4NjM1ZmYxMTg4N2UzMDllMThjMmViNzNlMDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7STS+Z8GKi4oE7Nm8iNyoClDGw4
Kkpgp+JK8LK3nrNvdbFEFhMLiYMHvRMk6NxLFwvPmReBP+7LM6rQriVzWHMw7pRO
W68dlniymkxT+a+5nj7kLKp2lqy3igbUwxVyeQ0pymMAhtOub9WgjHAeU59tOnIG
tzHH7WNgrZHTwSyrIAcm6hJENFjUojUBSkHDsA7f67Kbh1sKxnjcXpIqIm1/n79X
vSU0xfzaqaxtcADtbLVSZzz5rhHj18c+79s7yOwdRvxmj+aaPedNB1SaGX+52pyI
kKf63f+G/o77juZWSCHnUVIN/mubK8b570zdVe9epi9xH/SnhXUI4q2tCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEUWulW4eoY1/xGIfjCeGMLrc+BcMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUlJhNlZiaDZoalhfRVloLU1KNFl3dXR6NEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwlX6AwQA
1MD1MA0GCSqGSIb3DQEBCwUAA4IBAQAshClMP08PnNu1Or1BFSs5A4msZr5RyBm5
8wnDrWG0c9PGTNBDWe6TAoIOdF2Rl7aox7wp9mjhvBEBniE76bupiwP3lUlO2Si2
C6s5Nqy2Ubm4JBT26D01bmZBWT1SwicsUbUMhyDP3v/IXptXSN+qNNY0JOdU6b1E
YJFMwQKlxaCii05Ck+DoI7Sg7/0qAf4w9X8RyNMbeffHHpztDtZIhCyCs+EHQ72y
eriYoB0VTMZXaV+34ac++PkWySN522Ta+TTlZ6jd4DxsBio+7rsrz35w0+QFriQa
ZixfDEDzPjDGt8Sq2kXO53N0NSmGcyiz0GfupZSzdMRap7w/2bn6
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:01:41 2024 by rpki-client on console-ams.rpki-client.org