Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/h18W3JFl9abAppxRKMNIpxAh_1s.roa
File:                     h18W3JFl9abAppxRKMNIpxAh_1s.roa (raw, json)
Hash identifier:          Vqr7+W+eecZUuXPF1duBYVzo8eKxvx1St03Ue0refjc=
Subject key identifier:   87:5F:16:DC:91:65:F5:A6:C0:A6:9C:51:28:C3:48:A7:10:21:FF:5B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A8D41F4B101E68EB9A1421492499B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/h18W3JFl9abAppxRKMNIpxAh_1s.roa
Signing time:             Tue 02 Jan 2024 12:33:55 +0000
ROA not before:           Tue 02 Jan 2024 12:33:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210715
IP address blocks:        212.192.28.0/24 maxlen: 24
                          212.192.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Oct 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:8d:41:f4:b1:01:e6:8e:b9:a1:42:14:92:49:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=875f16dc9165f5a6c0a69c5128c348a71021ff5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d4:c4:d9:57:17:3a:a8:68:27:2b:a9:e2:cd:
                    5e:a8:94:c8:bf:81:21:32:90:3f:29:bb:52:5d:a8:
                    94:b4:5a:f6:df:5d:27:6f:51:58:a5:34:56:54:ca:
                    10:e3:21:08:9e:90:42:8f:c0:ca:fa:f5:11:ee:fd:
                    e7:84:46:e5:18:7e:6d:42:65:e2:3b:34:49:3a:19:
                    ef:4c:c4:44:fb:8e:9b:87:89:ac:93:a6:a6:1f:f1:
                    a3:fc:3f:33:14:f5:ad:ce:31:8a:f2:b0:3a:e4:e6:
                    f9:89:4b:38:7a:6c:ec:12:10:1b:96:f0:f7:3f:f6:
                    a1:ba:eb:fd:86:f5:0b:dc:d6:63:50:a9:67:35:17:
                    c5:e9:0a:0a:d5:a5:af:c2:1e:fe:bd:c2:15:3f:75:
                    cc:86:65:d1:fe:c4:04:b3:f7:8b:16:8f:51:5d:41:
                    d9:bf:de:c1:68:d0:b1:3f:5e:f8:31:b8:e8:c7:9c:
                    96:d2:b3:07:c5:cf:75:bd:1e:b9:c4:9a:a7:5c:2e:
                    35:d4:04:b8:09:48:fc:e6:62:6e:b8:c4:f6:c4:c1:
                    e5:b8:84:5a:6d:1b:c3:59:93:a8:ab:c7:74:33:a0:
                    22:24:52:90:d8:92:5a:47:4e:0d:d4:c3:8b:8f:01:
                    b1:b9:6b:fd:9f:3a:00:50:19:88:00:c0:b4:20:b6:
                    66:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:5F:16:DC:91:65:F5:A6:C0:A6:9C:51:28:C3:48:A7:10:21:FF:5B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/h18W3JFl9abAppxRKMNIpxAh_1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:b0:7f:b3:32:71:79:88:09:df:3b:7c:a9:4a:3e:dd:1c:78:
         d9:06:1d:01:af:eb:0a:a3:87:c8:97:8a:5f:ce:23:df:c8:0f:
         55:91:d9:88:24:a4:df:6e:f2:64:c2:f0:6d:3d:1f:55:7e:c6:
         23:c4:58:d5:d8:d4:e1:9b:b7:ab:77:a3:a5:f2:d5:0a:a0:41:
         5c:e5:cc:04:03:08:bb:03:ca:d7:ee:82:70:46:8d:09:89:f9:
         04:25:da:9a:e1:31:4a:3b:ef:50:7d:24:25:78:57:75:74:31:
         24:b7:f7:37:aa:b1:2b:9f:2f:d0:fc:71:7f:bc:17:b3:bc:28:
         fb:ce:c9:3d:52:43:b3:a7:93:09:25:65:a5:3d:7c:66:4f:ed:
         2e:5c:f0:0e:a8:66:be:b4:fd:8f:82:b0:d1:f7:a0:55:e2:60:
         d6:87:e8:de:34:af:5a:dc:64:0f:41:13:d6:99:13:6e:e3:bb:
         0c:1f:5e:6c:1e:1b:3d:80:a5:ab:36:7c:c7:ec:b2:4b:46:cd:
         a3:ac:e6:77:db:77:05:18:10:05:13:22:d0:dd:b9:b8:1d:95:
         2e:6b:a8:1e:00:b0:e1:c9:7c:6f:56:ab:92:07:00:3a:d2:83:
         eb:4a:3f:9f:48:ce:6b:a2:27:c8:9f:5b:0b:35:22:47:ac:37:
         c3:a8:6d:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKo1B9LEB5o65oUIUkkmbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzVmMTZkYzkxNjVmNWE2YzBhNjljNTEyOGMzNDhhNzEwMjFmZjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9TE2VcXOqhoJyup4s1eqJTIv4Eh
MpA/KbtSXaiUtFr2310nb1FYpTRWVMoQ4yEInpBCj8DK+vUR7v3nhEblGH5tQmXi
OzRJOhnvTMRE+46bh4msk6amH/Gj/D8zFPWtzjGK8rA65Ob5iUs4emzsEhAblvD3
P/ahuuv9hvUL3NZjUKlnNRfF6QoK1aWvwh7+vcIVP3XMhmXR/sQEs/eLFo9RXUHZ
v97BaNCxP174Mbjox5yW0rMHxc91vR65xJqnXC411AS4CUj85mJuuMT2xMHluIRa
bRvDWZOoq8d0M6AiJFKQ2JJaR04N1MOLjwGxuWv9nzoAUBmIAMC0ILZmmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdfFtyRZfWmwKacUSjDSKcQIf9bMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaDE4VzNKRmw5YWJBcHB4UktNTklweEFoXzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1MAcMA0G
CSqGSIb3DQEBCwUAA4IBAQCNsH+zMnF5iAnfO3ypSj7dHHjZBh0Br+sKo4fIl4pf
ziPfyA9VkdmIJKTfbvJkwvBtPR9VfsYjxFjV2NThm7erd6Ol8tUKoEFc5cwEAwi7
A8rX7oJwRo0JifkEJdqa4TFKO+9QfSQleFd1dDEkt/c3qrErny/Q/HF/vBezvCj7
zsk9UkOzp5MJJWWlPXxmT+0uXPAOqGa+tP2PgrDR96BV4mDWh+jeNK9a3GQPQRPW
mRNu47sMH15sHhs9gKWrNnzH7LJLRs2jrOZ323cFGBAFEyLQ3bm4HZUua6geALDh
yXxvVquSBwA60oPrSj+fSM5roifIn1sLNSJHrDfDqG2n
-----END CERTIFICATE-----
Generated at Wed Oct 9 22:45:39 2024 by rpki-client on console-ams.rpki-client.org