Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aBaOKo47TOxJ-kjT7_xi_TVf_ck.roa
File:                     aBaOKo47TOxJ-kjT7_xi_TVf_ck.roa (raw, json)
Hash identifier:          m5qj02ckKk5LrLE8WnMnfUTmqpfNFdFYsdobbQgIbEY=
Subject key identifier:   68:16:8E:2A:8E:3B:4C:EC:49:FA:48:D3:EF:FC:62:FD:35:5F:FD:C9
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018FEDFACD581B0B45E33787EA5F27734F63
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aBaOKo47TOxJ-kjT7_xi_TVf_ck.roa
Signing time:             Thu 06 Jun 2024 14:36:27 +0000
ROA not before:           Thu 06 Jun 2024 14:36:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213035
IP address blocks:        194.87.132.0/24 maxlen: 24
                          195.133.16.0/24 maxlen: 24
                          212.192.216.0/24 maxlen: 24
                          212.192.218.0/24 maxlen: 24
                          212.192.219.0/24 maxlen: 24
                          212.192.240.0/24 maxlen: 24
                          212.192.243.0/24 maxlen: 24
                          212.193.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ed:fa:cd:58:1b:0b:45:e3:37:87:ea:5f:27:73:4f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  6 14:36:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68168e2a8e3b4cec49fa48d3effc62fd355ffdc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f8:94:c8:99:03:e8:9a:91:4b:23:3d:a8:34:
                    2e:53:f6:70:f3:dc:3a:31:43:50:f3:09:d3:09:cc:
                    22:45:63:b9:5a:b0:a9:f5:de:95:46:ff:6b:ba:2e:
                    e5:36:c6:2c:fb:f9:5e:6f:73:20:15:7b:63:fe:b8:
                    4c:f2:f0:46:6b:5e:46:ae:2b:40:e1:86:58:ab:70:
                    66:dd:0f:19:95:df:f8:bf:df:58:9f:08:6b:55:0d:
                    d1:c6:5d:ae:9a:9d:a7:56:a1:aa:56:63:52:37:2c:
                    5c:a6:39:d1:70:e8:f4:91:02:cf:ea:ab:5c:25:54:
                    3c:ed:be:6d:b6:fd:cc:ff:28:e6:3f:43:8d:d7:35:
                    5f:d2:b3:d8:8f:0f:7d:87:4c:37:e5:da:4f:29:6d:
                    77:17:c1:4a:d2:5f:10:bd:15:9e:33:ee:a3:4a:da:
                    bb:a1:86:d0:93:1e:06:4c:31:13:e4:09:28:8c:a8:
                    47:7f:84:ce:5c:3d:35:b9:24:e3:13:3d:ef:ee:94:
                    e3:e8:96:ab:1f:9e:80:0a:70:8b:5b:57:4a:32:fa:
                    97:f0:c9:57:bc:0e:2e:e6:cf:c7:26:db:d8:d8:f6:
                    fe:ff:80:34:d7:5a:be:7d:44:b3:06:0f:95:e1:f3:
                    55:a4:a5:f7:ef:32:37:f9:51:70:ac:d0:b8:59:eb:
                    c2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:16:8E:2A:8E:3B:4C:EC:49:FA:48:D3:EF:FC:62:FD:35:5F:FD:C9
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aBaOKo47TOxJ-kjT7_xi_TVf_ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.132.0/24
                  195.133.16.0/24
                  212.192.216.0/24
                  212.192.218.0/23
                  212.192.240.0/24
                  212.192.243.0/24
                  212.193.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:6b:7e:98:fd:6c:f1:58:19:cc:16:9a:af:77:0a:dd:8d:aa:
         0b:12:9e:6b:7b:93:ea:28:b5:51:d3:ca:fc:81:8c:d2:56:77:
         4d:43:84:24:b2:5e:d0:22:f5:28:f5:b6:88:a5:73:2e:d1:13:
         cf:6b:4c:1a:54:34:67:72:8a:cd:fd:71:90:7c:9d:7b:74:31:
         7d:19:e1:31:ec:7f:35:c9:26:75:96:3e:51:79:cc:58:59:e7:
         26:f1:98:b5:3a:f4:43:e6:34:50:d1:1a:b7:bb:ed:08:77:fd:
         07:89:ee:62:bc:31:b2:5d:d8:a6:1f:7c:59:c2:27:ab:6c:0e:
         0a:33:32:c9:80:f3:58:09:a5:1e:71:57:7b:0e:05:d5:50:21:
         41:49:6d:46:34:b8:63:ce:36:e7:38:97:5c:0e:d6:c5:1d:44:
         92:bc:cd:eb:57:78:07:4c:93:5b:58:6f:6d:64:ec:11:b3:4e:
         48:ff:26:17:43:f7:81:4c:76:37:d7:af:04:5d:55:4f:d8:de:
         e2:a2:e3:b1:c0:25:3d:d6:3b:47:85:f7:26:ac:63:ec:5b:00:
         90:26:9a:49:fd:db:dc:08:45:b8:8b:71:30:7d:78:da:e5:70:
         ed:16:48:41:16:bb:ce:85:7d:8c:b6:59:d4:28:de:f5:6f:e9:
         05:83:c9:78
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY/t+s1YGwtF4zeH6l8nc09jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNjA2MTQzNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODE2OGUyYThlM2I0Y2VjNDlmYTQ4ZDNlZmZjNjJmZDM1NWZmZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPiUyJkD6JqRSyM9qDQuU/Zw89w6
MUNQ8wnTCcwiRWO5WrCp9d6VRv9rui7lNsYs+/leb3MgFXtj/rhM8vBGa15GritA
4YZYq3Bm3Q8Zld/4v99YnwhrVQ3Rxl2ump2nVqGqVmNSNyxcpjnRcOj0kQLP6qtc
JVQ87b5ttv3M/yjmP0ON1zVf0rPYjw99h0w35dpPKW13F8FK0l8QvRWeM+6jStq7
oYbQkx4GTDET5AkojKhHf4TOXD01uSTjEz3v7pTj6JarH56ACnCLW1dKMvqX8MlX
vA4u5s/HJtvY2Pb+/4A011q+fUSzBg+V4fNVpKX37zI3+VFwrNC4WevCdQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGgWjiqOO0zsSfpI0+/8Yv01X/3JMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYUJhT0tvNDdUT3hKLWtqVDdfeGlfVFZmX2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwleEAwQA
w4UQAwQA1MDYAwQB1MDaAwQA1MDwAwQA1MDzAwQA1MEdMA0GCSqGSIb3DQEBCwUA
A4IBAQAVa36Y/WzxWBnMFpqvdwrdjaoLEp5re5PqKLVR08r8gYzSVndNQ4Qksl7Q
IvUo9baIpXMu0RPPa0waVDRncorN/XGQfJ17dDF9GeEx7H81ySZ1lj5RecxYWecm
8Zi1OvRD5jRQ0Rq3u+0Id/0Hie5ivDGyXdimH3xZwierbA4KMzLJgPNYCaUecVd7
DgXVUCFBSW1GNLhjzjbnOJdcDtbFHUSSvM3rV3gHTJNbWG9tZOwRs05I/yYXQ/eB
THY3168EXVVP2N7iouOxwCU91jtHhfcmrGPsWwCQJppJ/dvcCEW4i3EwfXja5XDt
FkhBFrvOhX2MtlnUKN71b+kFg8l4
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:13:10 2024 by rpki-client on console-fra.rpki-client.org