Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/n-Va9du71H74BI0Azy1rrrSNYvM.roa
File:                     n-Va9du71H74BI0Azy1rrrSNYvM.roa (raw, json)
Hash identifier:          A7l1XW8d6bmVYB4gKJq504Mu6AFYxxabr+CcIN0Wq4I=
Subject key identifier:   9F:E5:5A:F5:DB:BB:D4:7E:F8:04:8D:00:CF:2D:6B:AE:B4:8D:62:F3
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A88CFBA58786D7ACE9EC2C1C685E6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/n-Va9du71H74BI0Azy1rrrSNYvM.roa
Signing time:             Tue 02 Jan 2024 12:33:54 +0000
ROA not before:           Tue 02 Jan 2024 12:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206446
IP address blocks:        194.87.211.0/24 maxlen: 24
                          195.133.95.0/24 maxlen: 24
                          195.133.33.0/24 maxlen: 24
                          194.87.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:88:cf:ba:58:78:6d:7a:ce:9e:c2:c1:c6:85:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fe55af5dbbbd47ef8048d00cf2d6baeb48d62f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3b:b6:7f:8e:7f:4c:52:f4:63:2c:af:9a:ac:
                    28:55:5d:1d:27:e4:62:4e:6f:a6:f1:6e:1e:5b:6b:
                    7c:12:ae:0e:ac:a0:e4:21:11:f9:ac:4d:a0:04:7a:
                    5b:eb:8a:0e:9a:71:52:10:1a:35:19:52:e0:80:3f:
                    0b:b0:85:a1:7b:5b:80:b5:98:b6:9c:65:0e:2f:bb:
                    82:28:cb:f9:c9:4e:ac:86:2e:62:50:7e:4c:61:0a:
                    b7:55:a2:92:52:68:a7:c8:0a:25:64:5c:df:c0:00:
                    03:42:a4:8b:dd:23:b5:4b:32:f1:4b:8c:99:bd:b6:
                    ff:01:92:0b:30:a2:38:a3:69:56:34:79:9e:47:e3:
                    9b:e9:eb:d5:8b:ef:6a:90:a9:3e:41:aa:2a:1a:ed:
                    d6:7b:14:0b:e2:4d:4b:b4:6b:96:f2:ac:ba:dd:7a:
                    7c:af:2d:31:26:5b:aa:b3:08:56:7b:32:5a:2f:67:
                    4e:a7:64:2a:4d:d6:58:16:86:30:74:78:41:00:38:
                    78:dd:75:ee:6b:2d:26:2c:ea:3c:7e:e5:64:56:79:
                    2b:cb:7d:0f:41:e1:89:e5:64:41:d6:54:b0:9c:08:
                    b3:03:d8:db:d6:9f:f5:4f:7f:47:38:19:66:02:57:
                    f7:1a:0f:77:8e:58:4b:20:5d:c8:56:b2:47:7f:3c:
                    50:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:E5:5A:F5:DB:BB:D4:7E:F8:04:8D:00:CF:2D:6B:AE:B4:8D:62:F3
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/n-Va9du71H74BI0Azy1rrrSNYvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.183.0/24
                  194.87.211.0/24
                  195.133.33.0/24
                  195.133.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:9f:62:59:b9:26:3e:a7:9f:32:b9:d4:39:c8:21:01:3c:4f:
         c0:fa:1f:24:90:75:4b:30:0a:d7:45:24:d2:ee:ac:7b:92:e0:
         d4:57:18:33:06:d5:d4:58:f7:5b:df:26:40:da:67:04:99:f9:
         bd:10:1f:c3:dd:e9:e1:36:5d:c7:be:f5:7e:38:aa:67:21:35:
         77:c7:47:67:e2:ed:50:a1:04:ac:87:de:6b:56:b3:ad:a8:bf:
         34:ab:b8:ac:19:3e:0e:fd:ef:33:d0:42:ec:1f:81:93:4c:27:
         30:4f:9c:94:7f:d3:dc:fe:de:59:0a:f3:d2:f1:20:14:cf:a8:
         31:15:06:2a:f5:27:0a:0a:57:4f:0a:50:16:6a:f7:64:e8:67:
         57:5f:1a:4b:2b:63:60:01:0c:c1:9c:4f:38:46:b7:8a:28:7d:
         21:b3:85:5c:d6:2b:8c:19:3e:d3:94:8e:ac:2f:93:46:6f:93:
         e6:51:30:f1:5f:5a:16:5d:d2:c9:66:de:91:cc:4a:c1:54:2f:
         78:e0:34:b4:48:2a:66:c3:a9:71:43:97:97:f5:79:eb:e6:5d:
         cc:03:ab:0b:9b:c2:c7:79:fe:6e:77:da:3c:50:31:0f:1b:77:
         62:33:54:e2:53:23:ac:2f:9e:08:b8:e2:02:70:62:a9:48:d1:
         6d:ec:8e:13
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzKKojPulh4bXrOnsLBxoXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmU1NWFmNWRiYmJkNDdlZjgwNDhkMDBjZjJkNmJhZWI0OGQ2MmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDu2f45/TFL0YyyvmqwoVV0dJ+Ri
Tm+m8W4eW2t8Eq4OrKDkIRH5rE2gBHpb64oOmnFSEBo1GVLggD8LsIWhe1uAtZi2
nGUOL7uCKMv5yU6shi5iUH5MYQq3VaKSUminyAolZFzfwAADQqSL3SO1SzLxS4yZ
vbb/AZILMKI4o2lWNHmeR+Ob6evVi+9qkKk+QaoqGu3WexQL4k1LtGuW8qy63Xp8
ry0xJluqswhWezJaL2dOp2QqTdZYFoYwdHhBADh43XXuay0mLOo8fuVkVnkry30P
QeGJ5WRB1lSwnAizA9jb1p/1T39HOBlmAlf3Gg93jlhLIF3IVrJHfzxQYQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJ/lWvXbu9R++ASNAM8ta660jWLzMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbi1WYTlkdTcxSDc0QkkwQXp5MXJyclNOWXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwle3AwQA
wlfTAwQAw4UhAwQAw4VfMA0GCSqGSIb3DQEBCwUAA4IBAQCSn2JZuSY+p58yudQ5
yCEBPE/A+h8kkHVLMArXRSTS7qx7kuDUVxgzBtXUWPdb3yZA2mcEmfm9EB/D3enh
Nl3HvvV+OKpnITV3x0dn4u1QoQSsh95rVrOtqL80q7isGT4O/e8z0ELsH4GTTCcw
T5yUf9Pc/t5ZCvPS8SAUz6gxFQYq9ScKCldPClAWavdk6GdXXxpLK2NgAQzBnE84
RreKKH0hs4Vc1iuMGT7TlI6sL5NGb5PmUTDxX1oWXdLJZt6RzErBVC944DS0SCpm
w6lxQ5eX9Xnr5l3MA6sLm8LHef5ud9o8UDEPG3diM1TiUyOsL54IuOICcGKpSNFt
7I4T
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:13:10 2024 by rpki-client on console-fra.rpki-client.org