Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vVWKKs-junshz1en-393FXMLQW0.roa
File:                     vVWKKs-junshz1en-393FXMLQW0.roa (raw, json)
Hash identifier:          XojQkN0lPOD7OuGEnhlIyyrgcORo1Ko7H4MH5+uAn1Q=
Subject key identifier:   BD:55:8A:2A:CF:A3:BA:7B:21:CF:57:A7:FB:7F:77:15:73:0B:41:6D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0191BD982A1AE8B74F4ED2D1B0B618AD5110
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vVWKKs-junshz1en-393FXMLQW0.roa
Signing time:             Wed 04 Sep 2024 15:12:31 +0000
ROA not before:           Wed 04 Sep 2024 15:12:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205007
IP address blocks:        194.87.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:98:2a:1a:e8:b7:4f:4e:d2:d1:b0:b6:18:ad:51:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep  4 15:12:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd558a2acfa3ba7b21cf57a7fb7f7715730b416d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a0:c7:5c:b2:85:6e:e6:df:bd:c2:97:aa:0a:
                    1f:9b:97:9c:9f:a0:68:b3:2a:27:13:70:8e:34:a8:
                    ea:95:25:35:1d:1a:2f:cb:85:bb:e9:45:49:59:8d:
                    10:16:ac:48:a6:07:a9:c6:9c:78:28:6e:69:1d:ae:
                    71:93:d7:98:99:88:aa:9c:91:59:20:4b:75:e4:e3:
                    e9:a4:b1:e5:40:c7:b7:b6:73:26:05:ee:36:0e:b3:
                    d3:40:c4:7a:2d:1b:18:14:7b:a7:fa:30:02:9e:ab:
                    1f:08:b2:f9:20:32:b0:aa:e2:c9:19:6a:16:10:c1:
                    4d:aa:79:47:06:a9:e4:08:68:5f:ff:37:1a:ef:a6:
                    fb:0d:61:c9:91:57:c6:d7:89:13:80:3c:30:ef:96:
                    11:58:74:12:71:85:a3:dc:3d:e9:f0:91:b1:47:43:
                    7e:be:54:37:83:c0:7d:51:2b:15:a8:9c:3c:2a:b2:
                    96:74:2b:b4:35:bd:26:18:56:40:85:aa:6b:00:b2:
                    b5:5e:20:2c:96:de:b3:3b:90:34:93:2e:46:7d:34:
                    4d:f5:3f:cb:c3:98:8e:32:d6:74:6b:ac:46:fe:84:
                    c8:c8:5a:a3:30:e5:79:be:a0:0a:7f:3b:44:8d:9a:
                    69:cb:0a:0e:a6:69:2a:14:25:e2:9a:a6:84:1b:e2:
                    46:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:55:8A:2A:CF:A3:BA:7B:21:CF:57:A7:FB:7F:77:15:73:0B:41:6D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/vVWKKs-junshz1en-393FXMLQW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:ca:42:28:b1:f7:42:8e:49:79:92:b2:d4:00:76:09:b7:1c:
         69:02:c1:6a:04:5e:96:0e:e1:00:c2:fe:c3:9c:a9:f9:2c:8b:
         39:69:b6:10:3b:4c:22:66:c9:ae:44:37:34:87:65:1a:c6:cb:
         95:e7:c4:84:c1:97:b3:c5:f1:1f:0c:1f:a3:69:3c:a8:e1:51:
         be:a6:4b:7e:cf:ca:cc:fb:7d:a6:8d:70:2d:d1:6e:de:ea:95:
         40:8b:48:94:ee:a9:3d:a5:ee:32:c4:c2:93:cf:ee:90:09:85:
         42:cb:ed:4c:8a:b7:dd:7c:37:ae:9c:51:16:fb:aa:bc:fe:43:
         c3:3f:b6:d7:72:a8:03:5c:bf:4b:b7:b7:33:11:6a:7e:01:eb:
         0a:b4:dd:98:b7:74:5f:3f:f2:d7:bb:0d:48:88:d2:c1:1a:b2:
         bc:d9:11:ec:2f:9e:7f:c2:b5:72:33:3f:f6:c6:1c:b1:7e:02:
         2a:c8:32:4d:a6:8c:9e:0d:08:87:87:e7:03:51:6d:f9:4c:2b:
         f0:61:d4:25:35:4c:c9:19:f6:1b:06:0d:32:88:80:e1:33:4a:
         8f:62:22:11:c8:00:27:bf:18:52:bf:ca:b1:4d:2e:f8:cd:04:
         b8:00:bf:b9:8e:e6:55:fa:8f:7d:11:5a:5e:3f:c5:e1:6e:8f:
         82:64:4c:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG9mCoa6LdPTtLRsLYYrVEQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTA0MTUxMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDU1OGEyYWNmYTNiYTdiMjFjZjU3YTdmYjdmNzcxNTczMGI0MTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6DHXLKFbubfvcKXqgofm5ecn6Bo
syonE3CONKjqlSU1HRovy4W76UVJWY0QFqxIpgepxpx4KG5pHa5xk9eYmYiqnJFZ
IEt15OPppLHlQMe3tnMmBe42DrPTQMR6LRsYFHun+jACnqsfCLL5IDKwquLJGWoW
EMFNqnlHBqnkCGhf/zca76b7DWHJkVfG14kTgDww75YRWHQScYWj3D3p8JGxR0N+
vlQ3g8B9USsVqJw8KrKWdCu0Nb0mGFZAhaprALK1XiAslt6zO5A0ky5GfTRN9T/L
w5iOMtZ0a6xG/oTIyFqjMOV5vqAKfztEjZppywoOpmkqFCXimqaEG+JG5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1ViirPo7p7Ic9Xp/t/dxVzC0FtMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdlZXS0tzLWp1bnNoejFlbi0zOTNGWE1MUVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlfwMA0G
CSqGSIb3DQEBCwUAA4IBAQBhykIosfdCjkl5krLUAHYJtxxpAsFqBF6WDuEAwv7D
nKn5LIs5abYQO0wiZsmuRDc0h2UaxsuV58SEwZezxfEfDB+jaTyo4VG+pkt+z8rM
+32mjXAt0W7e6pVAi0iU7qk9pe4yxMKTz+6QCYVCy+1MirfdfDeunFEW+6q8/kPD
P7bXcqgDXL9Lt7czEWp+AesKtN2Yt3RfP/LXuw1IiNLBGrK82RHsL55/wrVyMz/2
xhyxfgIqyDJNpoyeDQiHh+cDUW35TCvwYdQlNUzJGfYbBg0yiIDhM0qPYiIRyAAn
vxhSv8qxTS74zQS4AL+5juZV+o99EVpeP8Xhbo+CZExu
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:13:10 2024 by rpki-client on console-fra.rpki-client.org