Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/4vcI6NHvW3RMuSQruKx7lA_pbpo.roa
File:                     4vcI6NHvW3RMuSQruKx7lA_pbpo.roa (raw, json)
Hash identifier:          dHO2G7CS6A8r2nsCkZYJMHVuQsbpHWlA/BqDHIFpTow=
Subject key identifier:   E2:F7:08:E8:D1:EF:5B:74:4C:B9:24:2B:B8:AC:7B:94:0F:E9:6E:9A
Certificate issuer:       /CN=c5de32bb9cc99e115ddbaf6b7fa23051789f2f61
Certificate serial:       018CC4244FC8CE66128257A25551A6D15BCF
Authority key identifier: C5:DE:32:BB:9C:C9:9E:11:5D:DB:AF:6B:7F:A2:30:51:78:9F:2F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xd4yu5zJnhFd269rf6IwUXifL2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/4vcI6NHvW3RMuSQruKx7lA_pbpo.roa
Signing time:             Mon 01 Jan 2024 08:29:23 +0000
ROA not before:           Mon 01 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.29.57.0/24 maxlen: 24
                          194.29.58.0/24 maxlen: 24
                          194.29.56.0/24 maxlen: 24
                          194.29.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/xd4yu5zJnhFd269rf6IwUXifL2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/xd4yu5zJnhFd269rf6IwUXifL2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xd4yu5zJnhFd269rf6IwUXifL2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4f:c8:ce:66:12:82:57:a2:55:51:a6:d1:5b:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5de32bb9cc99e115ddbaf6b7fa23051789f2f61
        Validity
            Not Before: Jan  1 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2f708e8d1ef5b744cb9242bb8ac7b940fe96e9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b9:a1:27:46:60:1f:f3:b0:9f:c2:36:44:1e:
                    99:a7:0f:5d:39:98:3e:85:79:f0:76:fe:bb:74:f1:
                    ce:5d:fb:55:55:ca:37:b0:4a:17:3f:36:80:56:ba:
                    16:21:bf:37:e1:74:1d:fc:e0:6c:ed:7f:cb:4a:33:
                    67:16:a4:85:9d:5c:96:dc:29:39:1f:f2:64:6f:70:
                    aa:05:5c:00:69:7f:09:a7:d7:23:e2:5b:82:b6:57:
                    cf:b3:88:b8:0f:49:a7:02:87:29:7f:7c:8e:e8:51:
                    de:d6:93:38:6f:eb:a9:fd:dd:43:9f:f1:8e:ab:9c:
                    b3:65:92:a7:88:f6:27:4e:0d:85:0c:a0:a8:99:68:
                    94:9d:92:7e:84:5c:cc:80:e2:00:bf:bb:85:f9:76:
                    61:06:56:8a:b5:fa:4f:ac:29:94:35:27:d7:71:5f:
                    42:60:d4:46:73:6a:5f:36:69:47:d0:ad:00:3b:0f:
                    51:df:21:e0:9a:a8:87:e4:f6:de:51:e5:c8:38:05:
                    bf:a1:83:67:04:f6:0a:63:a9:c7:5e:95:45:2b:43:
                    43:f5:b1:ce:3a:da:6b:64:b0:c0:cc:55:96:48:d2:
                    48:72:f3:45:9b:b7:01:72:82:c0:e2:7e:02:95:81:
                    ef:f5:15:94:17:a5:da:19:83:0f:d0:a4:e0:af:f0:
                    25:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:F7:08:E8:D1:EF:5B:74:4C:B9:24:2B:B8:AC:7B:94:0F:E9:6E:9A
            X509v3 Authority Key Identifier:
                keyid:C5:DE:32:BB:9C:C9:9E:11:5D:DB:AF:6B:7F:A2:30:51:78:9F:2F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xd4yu5zJnhFd269rf6IwUXifL2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/4vcI6NHvW3RMuSQruKx7lA_pbpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/xd4yu5zJnhFd269rf6IwUXifL2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.29.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:8d:6e:9f:8d:4f:1c:35:3a:1b:0e:f7:c0:6e:16:f5:7d:d9:
         68:73:6d:fb:b1:ee:4d:e8:a7:b0:25:86:e9:59:64:fd:2e:4a:
         07:65:4a:b9:f7:c7:63:45:54:6c:e6:07:fa:40:16:72:0d:4d:
         f0:72:0a:dc:89:b8:e6:53:e6:b7:a2:99:c0:89:1a:bb:32:63:
         2e:de:7b:3b:a6:28:84:d6:fe:a7:41:3d:1a:35:c3:d6:61:4d:
         d2:52:96:3d:cd:22:b2:0e:7d:fd:05:02:4a:4f:91:99:f7:d5:
         ee:ce:b2:67:22:40:c5:72:ab:88:7d:05:06:d3:6b:6a:f2:21:
         18:09:4d:3c:04:57:21:59:63:77:91:24:7f:a4:e9:57:d3:b8:
         c6:4e:be:b0:4f:80:7c:f6:89:92:ad:6d:c1:e4:d1:6b:dd:26:
         06:c5:88:8a:6e:8d:6b:c4:ce:75:d5:9f:06:10:e2:5e:fc:5e:
         52:07:bb:f4:00:48:45:aa:64:03:c6:a0:6b:48:b0:34:1e:2b:
         dc:7d:e9:ee:93:17:98:e2:e9:2d:4a:84:eb:0c:53:24:a9:ac:
         c8:47:45:a6:e5:62:41:4c:7f:5e:59:09:53:40:04:85:03:3e:
         d7:9f:67:e6:63:43:73:e0:d0:2c:1f:7c:d7:1f:b1:44:59:61:
         00:82:fd:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJE/IzmYSgleiVVGm0VvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZGUzMmJiOWNjOTllMTE1ZGRiYWY2YjdmYTIzMDUxNzg5
ZjJmNjEwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmY3MDhlOGQxZWY1Yjc0NGNiOTI0MmJiOGFjN2I5NDBmZTk2ZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubmhJ0ZgH/Own8I2RB6Zpw9dOZg+
hXnwdv67dPHOXftVVco3sEoXPzaAVroWIb834XQd/OBs7X/LSjNnFqSFnVyW3Ck5
H/Jkb3CqBVwAaX8Jp9cj4luCtlfPs4i4D0mnAocpf3yO6FHe1pM4b+up/d1Dn/GO
q5yzZZKniPYnTg2FDKComWiUnZJ+hFzMgOIAv7uF+XZhBlaKtfpPrCmUNSfXcV9C
YNRGc2pfNmlH0K0AOw9R3yHgmqiH5PbeUeXIOAW/oYNnBPYKY6nHXpVFK0ND9bHO
OtprZLDAzFWWSNJIcvNFm7cBcoLA4n4ClYHv9RWUF6XaGYMP0KTgr/AlwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOL3COjR71t0TLkkK7ise5QP6W6aMB8GA1UdIwQY
MBaAFMXeMrucyZ4RXduva3+iMFF4ny9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGQ0eXU1ekpuaEZkMjY5cmY2SXdVWGlmTDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9iZDA5ZTctYzQwYi00N2E2LThhMmUt
MDYzNjc1MzY3OWI2LzEvNHZjSTZOSHZXM1JNdVNRcnVLeDdsQV9wYnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9iZDA5ZTctYzQwYi00N2E2LThhMmUtMDYzNjc1MzY3OWI2
LzEveGQ0eXU1ekpuaEZkMjY5cmY2SXdVWGlmTDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwh04MA0G
CSqGSIb3DQEBCwUAA4IBAQCCjW6fjU8cNTobDvfAbhb1fdloc237se5N6KewJYbp
WWT9LkoHZUq598djRVRs5gf6QBZyDU3wcgrcibjmU+a3opnAiRq7MmMu3ns7piiE
1v6nQT0aNcPWYU3SUpY9zSKyDn39BQJKT5GZ99XuzrJnIkDFcquIfQUG02tq8iEY
CU08BFchWWN3kSR/pOlX07jGTr6wT4B89omSrW3B5NFr3SYGxYiKbo1rxM511Z8G
EOJe/F5SB7v0AEhFqmQDxqBrSLA0HivcfenukxeY4uktSoTrDFMkqazIR0Wm5WJB
TH9eWQlTQASFAz7Xn2fmY0Nz4NAsH3zXH7FEWWEAgv0Y
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:04:04 2024 by rpki-client on console-ams.rpki-client.org