Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X0yh9gJgbrZRK3mMuVUWxAFXuqQ.roa
File:                     X0yh9gJgbrZRK3mMuVUWxAFXuqQ.roa (raw, json)
Hash identifier:          VPvKNF+MN/LPEUcrCHUSMEINo/xjU9RFhRYJGu7mtos=
Subject key identifier:   5F:4C:A1:F6:02:60:6E:B6:51:2B:79:8C:B9:55:16:C4:01:57:BA:A4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A80D8719DA41DDEE839EEA37D354E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X0yh9gJgbrZRK3mMuVUWxAFXuqQ.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199654
IP address blocks:        195.58.58.0/24 maxlen: 24
                          194.87.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:80:d8:71:9d:a4:1d:de:e8:39:ee:a3:7d:35:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f4ca1f602606eb6512b798cb95516c40157baa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:df:c5:ba:3e:84:df:3e:f8:14:e6:f4:c5:09:
                    d2:1a:aa:e3:40:6d:0c:b1:4a:a4:e7:62:53:a4:3e:
                    bd:12:bf:20:9d:db:7c:8b:a0:9b:ff:12:f0:e7:52:
                    c4:b9:c8:9f:5a:86:8f:54:a8:6f:e7:1a:78:0c:a4:
                    db:07:bd:8f:3f:b5:98:e8:64:20:a8:01:78:4b:88:
                    3e:70:58:9f:a3:49:fd:8b:d2:06:5a:be:d6:0c:16:
                    ce:84:3f:bb:a4:a5:65:5c:b8:2e:e2:1c:e5:73:22:
                    eb:bc:3d:54:e9:01:ea:f1:7b:31:4d:cb:69:4d:4b:
                    6f:dd:da:82:fb:c8:3b:e2:6f:df:10:5b:90:03:32:
                    d9:2d:93:a8:63:d5:6e:39:dd:49:3c:31:42:b6:19:
                    4b:2e:9f:73:6c:a5:5f:66:6d:d4:d6:49:a0:82:f6:
                    1e:e0:f5:45:d2:ec:ee:2b:c0:cc:f1:26:a6:61:b0:
                    e6:54:4c:5f:61:75:81:91:2a:17:4a:93:82:14:ac:
                    02:a1:7d:5a:69:98:6e:11:82:bd:e9:34:b0:2d:de:
                    b4:35:1e:59:35:20:61:96:c5:1f:ab:0f:ca:e1:91:
                    cc:be:ee:60:6f:07:fc:fc:55:13:12:83:b4:3e:87:
                    54:55:a1:fc:e7:38:a0:03:7c:b6:9f:30:72:f8:b8:
                    d6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:4C:A1:F6:02:60:6E:B6:51:2B:79:8C:B9:55:16:C4:01:57:BA:A4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X0yh9gJgbrZRK3mMuVUWxAFXuqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.87.0/24
                  195.58.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:10:4b:46:5d:41:ab:73:a8:f8:6f:ef:82:d3:62:fb:42:0b:
         44:c1:8e:91:d7:73:40:a6:06:51:de:a0:3b:d1:7d:82:ee:bf:
         d4:1f:64:e5:a7:34:f4:e2:d7:a8:9f:7f:67:04:fe:3d:37:73:
         ef:65:4b:96:a7:44:03:60:f2:ed:05:71:bf:a9:93:a8:40:26:
         ea:ae:e7:7a:7d:67:fa:f2:51:22:e0:18:29:83:34:25:31:16:
         58:0a:76:79:4d:12:65:83:e3:d5:13:fb:c3:d5:7b:19:db:13:
         b1:d0:1f:26:c4:c5:47:20:63:b7:3e:f7:35:5d:8b:00:ff:89:
         d5:b8:5d:7d:3b:07:ef:bc:87:31:2e:8e:ef:4d:9e:0c:81:e3:
         5e:32:a8:fe:bb:79:3c:14:7d:64:04:c2:9c:50:01:2a:c6:f9:
         70:1c:62:01:88:af:31:fc:8b:63:8c:0b:5f:9b:77:89:15:be:
         ad:d7:df:c2:41:e6:ac:fd:d5:17:02:b2:57:15:49:72:a9:da:
         56:00:85:23:5e:6f:bb:04:52:8d:55:d5:aa:7b:27:02:63:c0:
         65:53:a4:51:a1:3a:03:87:23:e7:37:10:2d:52:48:a2:97:db:
         b3:71:ac:dc:5b:d9:85:3d:1b:47:23:f6:df:0a:15:e4:f3:3f:
         35:2a:b3:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKoDYcZ2kHd7oOe6jfTVOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjRjYTFmNjAyNjA2ZWI2NTEyYjc5OGNiOTU1MTZjNDAxNTdiYWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgN/Fuj6E3z74FOb0xQnSGqrjQG0M
sUqk52JTpD69Er8gndt8i6Cb/xLw51LEucifWoaPVKhv5xp4DKTbB72PP7WY6GQg
qAF4S4g+cFifo0n9i9IGWr7WDBbOhD+7pKVlXLgu4hzlcyLrvD1U6QHq8XsxTctp
TUtv3dqC+8g74m/fEFuQAzLZLZOoY9VuOd1JPDFCthlLLp9zbKVfZm3U1kmggvYe
4PVF0uzuK8DM8SamYbDmVExfYXWBkSoXSpOCFKwCoX1aaZhuEYK96TSwLd60NR5Z
NSBhlsUfqw/K4ZHMvu5gbwf8/FUTEoO0PodUVaH85zigA3y2nzBy+LjWswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF9MofYCYG62USt5jLlVFsQBV7qkMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWDB5aDlnSmdiclpSSzNtTXVWVVd4QUZYdXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwldXAwQA
wzo6MA0GCSqGSIb3DQEBCwUAA4IBAQBIEEtGXUGrc6j4b++C02L7QgtEwY6R13NA
pgZR3qA70X2C7r/UH2TlpzT04teon39nBP49N3PvZUuWp0QDYPLtBXG/qZOoQCbq
rud6fWf68lEi4BgpgzQlMRZYCnZ5TRJlg+PVE/vD1XsZ2xOx0B8mxMVHIGO3Pvc1
XYsA/4nVuF19OwfvvIcxLo7vTZ4MgeNeMqj+u3k8FH1kBMKcUAEqxvlwHGIBiK8x
/ItjjAtfm3eJFb6t19/CQeas/dUXArJXFUlyqdpWAIUjXm+7BFKNVdWqeycCY8Bl
U6RRoToDhyPnNxAtUkiil9uzcazcW9mFPRtHI/bfChXk8z81KrOz
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:13:10 2024 by rpki-client on console-fra.rpki-client.org